
Interview with DuckDuckGo CEO Gabe Weinberg - denzil_correa
https://www.vox.com/recode/2019/5/27/18639284/duckduckgo-gabe-weinberg-do-not-track-privacy-legislation-kara-swisher-decode-podcast-interview
======
chr1xzy
Duckduckgo - Based in US / very weak privacy laws

Servers - hosted using Amazon (AWS)

Bangs aren't safe. For example typing “!g kittens in basket” and hitting
return, drops you off on the Google website to display your results (thus
logging your IP, search term and browser info immediately).

DuckDuckGo is owned by Gabriel Weinberg who is is the founder, current CEO and
controlling shareholder. Investors/shareholders include Union Square Ventures
and several others. DuckDuckGo generates it’s income from advertising (Bing
Ads) and collects affiliate revenue (Amazon, eBay).

Duckduckgo and Yahoo partnership
[https://web.archive.org/web/20160724030640/](https://web.archive.org/web/20160724030640/)

[https://duck.co/help/results/yahoo-technical-
implementation](https://duck.co/help/results/yahoo-technical-implementation)

[https://duck.co/blog/blog/post/311/yahoo-
partnership](https://duck.co/blog/blog/post/311/yahoo-partnership)

Duckduckgo has no audit

Duckduckgo gives out a HTTP header field that identifies the address of the
webpage.

Both companies were asked "if you were ordered to compromise your
service/customer privacy in any way would you"

DuckDuckGo – Gabriel Weinberg said: “No one is preventing me from doing that.”

~~~
hardwaresofton
As a fan of DDG (I use it daily), I had no idea there was this much risk -- I
was surprised enough to find out they offloaded search to Bing a while ago
(but also I don't blame them, it's probably pretty hard).

Even with these hangups, I still think any near-viable option to Google should
exist.

[EDIT] - just realized it's only been 20 minutes (not a day) -- looking
forward to DDG's response

~~~
rvnx
There is so much to say.

In practice, DDG revenues depends on tracking visitors.

DDG asks third-parties to track (Yahoo/Bing ads), so if someone asks "do you
track? NO! WE DON'T". They don't need to create a user profile, the keyword
based ads pay enough.

This is the catch, "we don't track, but we ask our partners to do it for us".

The same with Amazon affiliate revenue. Did you know that DuckDuckGo had
access to the whole history of items bought through their affiliate link ?

It's a detailed item list, like "3 x Happy Belly Dried Mango, 500 g" Every,
single, item.

No tracking (◠ ‿ ◠)

------
jedberg
AT&T tried this and it didn't go well. For a time you could get a discount on
your internet if you opted into their data tracking programs. From what I
heard, there was a lot of complaining and little uptake, which is backed up by
the fact that they cancelled the program less than a year later and just
started charging everyone the lower price (and claimed that they stopped the
tracking).

I think people don't want to be reminded that they're being tracked, which is
possibly why it went poorly, but this will be a problem with any company that
wants to do opt in tracking.

~~~
ehsankia
At 13m in, he uses the fact that around 10% have turned on DNT in theri
browser as a proof that people actually care about tracking, but haven't
multiple browsers started turning on DNT by default?

~~~
wyred
Safari is removing (or removed already?) DNT simply because websites are still
tracking visitors regardless if DNT was enabled or not.

~~~
dmitriid
And because DNT was used as an additional data point to fingerprint the
browser and enable more tracking.

------
0898
We use this term "personal data" so much. But what IS data?

If I happen to know that you like cheese sandwiches, is that really data? When
did we decide that knowing something about somebody else was such a big deal?

I feel like this whole brouhaha about data has left me behind.

~~~
badrabbit
It's a huge deal. I didn't tell you I like cheese sandwiches. You found out
against my consent. You violated my consent,which is a huge deal for me.

I get to decide who knows whether or not I like cheese sandwiches. If I am a
free person,equal with you under the law then how is it ok for you to violate
my consent and persistently stalk me to find information about me for your own
gain?

~~~
creato
If you order cheese sandwiches every time you eat out, and your friends
observe that you like cheese sandwiches without you telling them, did they
"violate your consent"?

If you eat lunch at the same place, and the guy who takes your order notices
you like cheese sandwiches, did he "violate your consent"?

If the same guy happens to be in line behind you a few days in a row and
notices that you always order cheese sandwiches, did he "violate your
consent"?

I agree the behavior is a bit creepy in the same way I (very) mildly dislike
it when the sandwich shop guy knows my order, but it is also unreasonable to
expect information you share with others to be kept private. It's not
"stalking" for someone to observe things about the world that were made
available to them. To change that would necessitate some pretty ugly
regulations that would infringe on the rights of everyone (including you).

~~~
badrabbit
I disagree with that. It's nit someone remembering I ate a
cheeseburger,they're writing down that I ate a cheeseburger and using that
information for profit or to keep tabs on me,you need consent for that. They
didn't notice I eat cheeseburgers as a matter of coincidence, they
intentionally set out to see what food i eat and use that information. There
is a term for that: stalking (which is illegal)

------
jhayward
Not only should we opt in but there should be a (digitally) signed chain of
custody showing the exact derivation of any information held by 3rd parties
that in itself, or when combined with others, can identify and reveal
information about individuals.

~~~
jolfdb
Be real. You are saying that data should not be collected at all.

~~~
coding123
I've long dreamed of a contract system in the world that does this. Every
contract you're apart of, becomes explicit. We get paid for our data based on
our preferences. Let's say the cost of showing me an ad is $51, so be it, it
that means I can't read a blog post - fine, at least I agreed to the the terms
for a price.

The system would be all encompassing but organized by agreement type - titles,
loans/mortgages, insurance, purchases/warranties, ad networks, bets, etc...
All managed by an open system but used by private parties. I don't advocate
for this to be done by say, etherium, I still think the classic system can be
used to decide disagreements, but at least all of what you agreed to will
become very explicit. And there can be ways to "break out" of agreements, with
whatever very explicit ground rules to be followed after that.

------
ocdtrekkie
The problem for businesses, of course, is that nobody would opt in. Data
collection is something literally nobody wants, and the only reason it
survives is because most people don't know what these companies are doing, or
aren't able to keep up with the ways to decline being included in it.

Data monetization is an inherently harmful and unwanted business practice.

~~~
SlowRobotAhead
No one would partake in something they don’t like if they’re made aware of it
and have a choice... well, good?

------
MikeLui
Let’s take it a step further and have AdBuddies from Maniac

~~~
giancarlostoro
I loved that part the most about Maniac. I hate ads but at least AdBuddy is
entirely more obvious. Its like sponsored living.

------
ianai
Or make a kind of asset out of a persons likeness and data. Endow individuals
with ownership of their likeness and data. Give them something they can demand
payment for storing, using, and selling.

I’m thinking something like the minimum civil court valuation per month of
storage or use. Likeness and data would be defined by a jury of their peers.

------
throw2016
If anyone is convinced what they are doing is good for end users they would
let them make the choice. But expending time and energy to design and code
deceptive dialogs with misinformation and avoid transparency betrays the
opposite. You don't need an ethics course for this, it's willful fraud and
deception.

Our societies are shaped as much by technology as by the incessant greed of a
few often couched in euphemisms like 'innovation' and 'drive' to justify their
value but these only accrue to a few. Behavioral targeting and surveillance
have negative externalities for everyone not making money from it, and even
for them in the wider societal and long term context.

If this is the behavior we are incentivizing then either we provide strong
regulations to counter greedy and unethical behavior or accept these as our
fundamental driving values without fabricating a 'feel good' alternative
reality as a fig leaf or feigning shock at mercenaries in our midst.

------
contingencies
TLDR; Most money made from advertising is still contextual, however because
it's possible for G/FB to monopolize behavioral advertising and there is no
regulation to prevent it, they do it anyway. Opt out is stupid: _I 'd like
food that isn't tainted, please_. Filter bubbles are bad news macro-
politically. Regulation is rarely effective but still a good idea. Corporate
fines should be two orders of magnitude larger. Instagram does evil things to
your brain.

------
tyiz
It’s already there. That’s one of the European GDPR core rules.

------
OrgNet
we should, but can we? of course not... it need to be a law

------
another-dave
What a badly copy-edited headline (from the original article). Maybe just me,
but my first reaction reading it was "Why is the CEO of Duck Duck Go
advocating opting-in to data tracking?

Actually, he was saying we should _have to_ opt in to data tracking, if it's
something you want. [/Pedant]

~~~
morrbo
This is why this is blatant clickbait

~~~
squarefoot
The only way to stop this is by starving their hunger for clicks.

It would be nice having a global clickbait variable to be attached to an URL
or a domain, so that it can be community updated when titles such as this one
are used, then a browser extension reads it and warns before clicking it.

Of course I would expect heavy abuses of such a tool...

------
wybiral
The irony here is that this article has at least 20 trackers.

PS: Firefox Quantum is great

~~~
dictum
There are at least two possible arguments behind this question.

One (which, to be clear, is not how I interpret your comment) is the tired
gotcha "if you hate society, why do you partake in it?", which is simply not
substantial enough to answer.

The other argument I've seen is actually worth some thought, though I'm not
ready to give a definitive answer in either this case or as a general
principle:

 _Entities that play a certain game effectively endorse that game by playing
it_.

The devil lies in the corollary to that observation: _whatever prizes are
awarded by that game will only go to entities that are willing to play that
game_.

~~~
wybiral
> There are at least two possible arguments behind this question.

What was the question?

~~~
dictum
"Question" as used here is closer to "matter" or "problem" than to asking.

I just can't find the right word to describe a _point raised about a
paradoxical relationship_. When I read it, I find an implicit question, though
I cannot put to words the exact inquiry. Maybe "Why?"

In a way, all replies on a public forum are implicit questions. (This is where
I get even more hand-wavy, sorry)

------
nellypat
The opt-in/opt-out arguments is a valid one and DDG IS my primary search
engine and I love it. BUT, I must say this pseudo-activisim by DDG has become
too much now, they're building this pure and altruistic image whereas
obviously they will directly benefit from regulation and hurting Google!

~~~
fghtr
What is "too much" and "pseudo" about their activism? Yes, they indeed
directly benefit from that. What is wrong with having a privacy-respecting
monetization?

~~~
nellypat
I think it could hurt their image in the long-term. I've already seen others
complain here and there about the pushy narrative, they just need to be more
subtle about it. Again, I'm using DDG and want them to expand so I want what's
best for them!

~~~
andrekandre
> I've already seen others complain here and there about the pushy narrative,
> they just need to be more subtle about it.

what should they do instead?

~~~
Zhyl
Have more of a sense of humour about it. I think most complaints I've seen
about people on this seem to mostly be tonal.

------
Yizahi
Does anyone remember outcry of advertisers after Microsoft made absolutely
useless and toothless Do-Not-Track option opt-in instead of opt-out? They were
stinking and whining for months and finally got what wanted. The answer is no,
unless some "communists" will regulate this spy community of advertisers they
will never agree to lessen data collection (including the switch to opt-in).

~~~
plushpuffin
Personally, I think even without Internet Explorer ruining Do-Not-Track (which
I also think Microsoft torpedoed on purpose by making it the default), the
tracking companies wouldn't have respected it. They were looking for an excuse
not to comply with DNT after promising Congress they would self-regulate, and
IE gave them a fig-leaf to go back on their word.

------
miguelrochefort
I don't think it's up to the user to decide how data about them gets used.

Regulation like GDPR only makes it more difficult (impossible) for competition
to emerge. It basically secures the future dominance of big players like
Google and Facebook.

Making people pay a monthly fee to get their data collected and analyzed seems
like the next big business model. We will soon reach a limit on the usefulness
of passively collected data and will need to switch to a more active model.

I would prefer to have complete access to data about myself, but it would be
unreasonable to expect a monopoly on it.

~~~
cameronbrown
> I don't think it's up to the user to decide how data about them gets used.

To a certain extent, I'd agree. Specifically in the case of things like
analytics data.

The real problem is people not knowing this data is being collected in the
first place where you can't make any kind of informed choice on opting in.

~~~
8bitsrule
Under the GDPR,

"the data is not available publicly without explicit, informed consent, and
cannot be used to identify a subject without additional information stored
separately. No personal data may be processed unless it is done under a lawful
basis specified by the regulation, or unless the data controller or processor
has received an unambiguous and individualized affirmation of consent from the
data subject. The data subject has the right to revoke this consent at any
time.... Data subjects have the right to request a portable copy of the data
collected by a processor in a common format... violators of the GDPR may be
fined up to €20 million ..."

[https://en.wikipedia.org/wiki/General_Data_Protection_Regula...](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)

Key phrases here: 'explicit, informed consent' ... 'lawful basis' ... 'right
to revoke this consent' ... 'fined'

~~~
cameronbrown
I know the regulation. That's not what I'm arguing here.

