
Privacy is at a crossroads. Choose wisely - edward
https://medium.com/@yegg/privacy-is-at-a-crossroads-choose-wisely-96bac0644ec1
======
justcommenting
I've also noticed the quality of DuckDuckGo search results has been steadily
improving, especially over the past year. I would encourage anyone who tried
it and went back to another search engine to consider giving DuckDuckGo
another shot--you may be pleasantly surprised!

~~~
antr
I just read Gabriel's post, and I pretty much agree (and do) with what he
says. Due to these shared believes I've been using DDG quite a bit, I even
deleted the Google search app from my phone, and instead been using DDG's iOS
app as my default mobile search engine.

However, every time I use DDG it hurts a bit. The quality of the results are
very far behind from that of Google's. I many times end up doing a Google
search in incognito mode because DDG just doesn't cut it. I hope DDG improves,
because I haven't seen that improvement during the past year.

~~~
yegg
Specific examples you're willing to share really help us improve. Feel free to
send them to us at inbound at duckduckgo.

~~~
rom16384
I find the auto-correct to be over-zealous. If DDG decides that what I've
entered is a typo, It will only show me results for the "corrected" word, so
I'll have to quote uncommonly searched words. This usually happens when the
search is similar to another one that is much more common.

~~~
saraid216
That isn't really different from Google, though, is it?

~~~
burkaman
It is, because sometimes DDG is so sure you made a typo, they don't bother to
mention it and just search the correction. Try searching "president ovama".
The first one or two pages of results are almost exactly the same as the
results for "president obama", with no mention of the correction. I know this
is sort of a contrived example, but you get the point.

As far as I can tell, Google will always tell you when it thinks you made a
mistake, and provide a link to search for your exact query.

------
AdmiralAsshat
_And there are indeed a few solutions that actually grant you partial relief
from the pains of online tracking. First, switch your search engine, email and
other major services where your personal information is heavily tracked to
good private alternatives. Second, add EFF’s HTTPS Everywhere plugin to your
browser, which will encrypt web site connections where possible. Third, add
EFF’s Privacy Badger plugin to your browser, which blocks third-party
trackers. These three simple changes will pretty seamlessly and significantly
reduce your digital footprint._

Since this is a quote from the article, I feel this is an appropriate space to
ask: does anyone have a page explaining how these various privacy extensions
interact/overlap with each other? I tend to install (or at least try out)
pretty much every popular one at some point or another, and I'm hoping to
reduce redundancies. Alot of these tools show up on recommended "Get These If
You're Serious About Privacy" lists without indicating what exactly each
extension does or how it might interact with another extension. These include:

\- Adblock Plus \- Ghostery \- Disconnect \- HTTPS Everywhere \- EFF Privacy
Badger \- uBlock \- NoScript

At this point, I've "slimmed" down to just HTTPS Everywhere and uBlock,
although I'm debating adding Privacy Badger. However, their own page mentions
that it's "based on ABP code" [0], so my thought is that uBlock is probably
also taking care of it.

Is that sufficient? Is there any _danger_ in installing Privacy Badger and
uBlock, for instance, if they serve the same function? Will they step on each
other's toes?

Some kind of comparison chart would be useful.

[0] -
[https://www.eff.org/privacybadger#how_is_it_different](https://www.eff.org/privacybadger#how_is_it_different)

~~~
falcolas
I have personally found that a hosts file can reduce the need for a bunch of
those addons - it can block not only ads, but also many forms of tracking.
I've found it very refreshing when surfing the web.

For reference, I use:
[http://someonewhocares.org/hosts/](http://someonewhocares.org/hosts/)

~~~
zipperhead
I've thought of using hosts file vs. plugins but have never really made the
switch. I'm a bit concerned that I'll run into cases like a website is broken
due to a hosts file setting, and I can't easily bypass it like I can with a
plugin. Do you ever run into situations like this?

~~~
stcredzero
Are there any utilities for management of the hosts file?

~~~
falcolas
I've never used one aside from a text editor. Plain text file with whitespace
delimited items; about as simple as it gets.

------
mgreg
I'm curious if data privacy & protection will ever emerge from its little
corner where a few passionate folks worry about it while the masses blithely
ignore how their personal data is used and abused.

Couple of other related items just from today indicate this _may_ be taking on
steam but we've seen this kind of blip before just to see it fade.

1\. Helping Prove Mr. Weinberg's going (CEO of DuckDuckGo) is an article on
how heath web sites share your search queries with 3rd parties found at
[http://motherboard.vice.com/read/looking-up-symptoms-
online-...](http://motherboard.vice.com/read/looking-up-symptoms-online-these-
companies-are-collecting-your-data) Nice to know that WebMD et al are sharing
your _assumed_ private searched for whatever itch you might have with others.

2\. Symantec published results of their European survey on the topic of Data
Privacy found at
[http://www.symantec.com/content/en/us/about/presskits/b-stat...](http://www.symantec.com/content/en/us/about/presskits/b-state-
of-privacy-report-2015.pdf) Not sure I believe a survey where the respondents
claim to read the terms of service 25% of the time.... My guess would have
been .25% of the time.

~~~
chestnut-tree
_"...health web sites share your search queries with 3rd parties..."_

For anyone looking for health information (in English), I recommend the NHS
website. (Start your search from there rather than Google if you're worried
about being tracked). It may not be the best-looking website, but the info is
written by medical professionals and there are no commercial interests since
the NHS is funded by the UK taxpayer.

They have an A-Z of conditions, a symptom checker, videos and much more. (I
presume this is all available to anyone outside the UK)

[http://www.nhs.uk](http://www.nhs.uk)

~~~
unprepare
Unfortunately This falls into the same trap as the US CDC site in the parents
linked article.

The NHS site you linked makes requests to google analytics, webtrends and
cloudfront. The point in the parents article applies here equally, since what
i'm searching will still be analyzed by Google at the very least.

I'm not sure how identifiable this information is though, but definitely
important to be aware of

------
fixermark
People are willing to trade personally-identifiable information for a Snickers
bar.* Until and unless that changes, privacy doesn't have sufficient value to
change the status quo very much.

*Really, they'll even trade it for intangible gold. [http://candycrushgametactics.com/get-free-gold-bars-in-candy...](http://candycrushgametactics.com/get-free-gold-bars-in-candy-crush-saga-surveys/)

~~~
kardos
Why is someone else's poor choice regarding privacy a justification for
abandoning the fight for privacy?

There's always a subset of people who don't care. There was a time when women
didn't have the right to vote, and although I wasn't around during that time,
I'm sure there was a subset of women who didn't care. Their apathy is not a
justification for withholding that right from the rest.

~~~
stcredzero
_There 's always a subset of people who don't care._

The problem is when it's the seeming majority who don't care.

~~~
OvidNaso
But this is the case in many social issues that are eventually "won". Only a
couple of years ago the vast majority of people in the US firmly believed
marijuana should remain illegal and that number has dropped enough to change
many state laws. How about gay, women or minority rights. All of them were
strongly opposed by the masses.

~~~
stcredzero
_Only a couple of years ago the vast majority of people in the US firmly
believed marijuana should remain illegal_

Really? In my circles, even when I lived in "red" states, the attitude was
more like it's a damn shame it's illegal, and too bad there isn't a prayer of
it changing.

 _How about gay, women or minority rights. All of them were strongly opposed
by the masses._

In the 1st and 3rd case, of course, because the subject group was a minority.
In the case of women, things only changed when enough of the subject group
started to demand change. In the case of privacy, the subject group isn't
distinct from the masses, it is everyone. So yes, it's a problem for progress
until everyone gets more clued in. (It will happen, when enough bad stuff has
happened.)

------
mirimir
I believe that prudent compartmentalization is the best way to control
tracking and reclaim privacy. Each compartment comprises interests,
relationships and activities that you want observers to track and interrelate.
For compartments where privacy is essential, it's best to use pseudonyms, and
to avoid cross-linking with public compartments.

Compartments are isolated in VMs, with separate network connectivity using
nested chains of VPNs, JonDonym and Tor. Particularly sensitive compartments
are isolated in separate computers. It's prudent to avoid cross-compartment
sharing of USB drives.

~~~
tacoman
This is incredibly hard to do well and takes a great deal of discipline.
Unless you're a Belgacom or Gemalto sysadmin, the consequences of cross-
contamination aren't grave. It's easy enough to burn an identity and create a
new one.

------
j2kun
There is a possibility to share statistical analysis of data privately. This
is the subfield of computer science known as differential privacy, and I bet
companies just looking for trend data (not specific targeting) would be able
to benefit from user data without compromising user privacy.

In other words, there are good and bad ways to use user data, some of the good
ones are provably private, and we shouldn't rule out all data sharing as
inherently evil.

~~~
oconnore
That's all fine, but there is zero evidence that any company is doing that.

Furthermore, even if a company was using differential privacy to anonymize
data between the collection and the processing step, there is no way to prove
that the data is being handled appropriately before and during the collection
step. Also, there is no way for a company to prove that they continue to
handle data appropriately over time.

These tools are super useful for releasing data sets to the public from a
trusted source (such as a healthcare provider assisting researchers by
releasing cancer data), but that's not what we're talking about here.

~~~
j2kun
It is a new field, I admit, but it shows there's a false dichotomy between
privacy and stopping all data collection and analysis.

LeapYear Innovations [1] looks like they have some clients who care about
differential privacy. [2]

[1]:
[http://www.leapyearinnovations.com/](http://www.leapyearinnovations.com/)

[2]:
[http://www.leapyearinnovations.com/shroudbase](http://www.leapyearinnovations.com/shroudbase)

~~~
oconnore
It's not a false dichotomy: most of the time data collection and analysis does
not preserve privacy. In all cases, you can't guarantee that.

You also didn't respond to this:

> Furthermore, even if a company was using differential privacy to anonymize
> data between the collection and the processing step, there is no way to
> prove that the data is being handled appropriately before and during the
> collection step. Also, there is no way for a company to prove that they
> continue to handle data appropriately over time.

Any company using shroudbase can choose to stop using shroudbase at any time,
or accidentally introduce a bug into their collection method, or start also
saving the data in MySQL at collection time.

Tools like that are useful to distribute data from trusted to non-trusted
parties. You still have to trust the analytics and advertising companies doing
the collection.

~~~
j2kun
You also can't prove that someone won't poison your soup before, during, or
after it was prepared from raw ingredients. But you don't claim either to
avoid all soup or die. This is because you can give very good guarantees that
if the correct process is followed then that won't happen. This is pretty much
how we get by in all areas of life. Trust is a default and it has to be for
society to function. If we can back up that trust by provably good protocols,
then one _must_ be malicious in order to break the system.

~~~
oconnore
Your chef doesn't have a large monetary incentive to poison your soup. Would
you eat the food if he did?

~~~
j2kun
They have large monetary incentives to cut corners when it comes to QA and
picking a distributor. One big thing stopping them is oversight, which is
perfectly reasonable to impose on data collection policies. But what do you
need to do so? Proof that the imposed policies give a good guarantee.

------
goodmornings
I don't want to sound too pessimistic and I agree with the sentiment of the
article, but I think people need to come to terms with that there isn't really
a choice to be made here. Just like you suddenly isn't going to change the at
least decade old path of the NSA, you aren't suddenly going to change the
fundamentals of the Internet. The choices that affects us now has to a large
extent already been made and we are living with the consequences.

~~~
shit_parade
I'm also surprised that people are not more skeptical of anything coming out
of the white house with Obama's name on it.

Obama has proven himself to be a warmonger with loose ethics unwilling to
prosecute torture and also fully interested in continuing the surveillance
state, killing Americans without due process, prosecuting whistle-blowers, and
protecting the status quo above the constitution and civil rights.

------
jwatte
Privacy is not achievable. It's much better to build a world where we can all
live happy /without/ privacy.

This requires an attitude adjustment and significant tolerance because
everything is public.

Want to know if your bank treats customers good or bad? Look it up. Want to
know if the issuer bets against a mortgage backed security? Audit the numbers.
Want to cheat on your taxes? Tough luck!

The thing is, we only have two options:

1\. Only spooks and marketers and those who pay, know.

2\. We all know.

~~~
0x5f3759df-i
You are presenting a false dichotomy and your conclusion that "privacy is not
achievable" is a claim without any justification.

[http://mind.ucsd.edu/syllabi/98-99/logic/falsedichotomy.html](http://mind.ucsd.edu/syllabi/98-99/logic/falsedichotomy.html)

------
bonn1
Clever Marketing gig from DDG's CEO Weinberg (as recommended in his book
'Traction').

The post makes sense, DDG makes sense, good timing, ok no news to most of us
but a good way to get people again talking about DDG.

Considering that DDG is 'just' a Yandex whitelabel (before Bing) with some
extra features, especially the no tracking, it's surprising how big it got
with Weinberg's Marketing hacks. Congrats!

------
runn1ng
Just look at Europe's cookie law and law about removal of "personal
information" from Google search, how well regulations work.

------
dmschulman
The myth of "partially anonymize" data is infuriating. As an academic exercise
I've begun to pore over Privacy Policies for web new services I find,
specifically how my account info will be used with third parties.

No new consumer oriented web product in their right mind would advertise "we
monetize your data with third parties", but they all include language in their
Privacy Policies about sharing "partially anonymize" data. It might make you
feel safe and sound when it comes to Company X protecting your identity, but
marketers and other organizations don't look at data points in a vacuum,
everything is in aggregate, and your aggregate profile represents you to the
highest degree of certainty.

~~~
nine_k
/* spelling/autocorrect: it's 'pore over', not 'pour over' */

~~~
falcor84
I upvoted you, but I also enjoy seeing these kinds of mistakes which either
get me to imagine new metaphors, and/or (like in this case) get me to learn
about real-world things. Turns out that pour-over is a coffee brewing method:
[http://coffee.wikia.com/wiki/Pour-
Over_Filtration_Brewing](http://coffee.wikia.com/wiki/Pour-
Over_Filtration_Brewing)

------
angersock
The annoying thing is that, even if we prevent them from harvesting data on
us, there's nothing to prevent them from convincing our
friends/parents/coworkers from sharing that information on our behalves.

~~~
drdaeman
Except for the lack of data. Don't share things you consider private (and that
are _indeed_ private and not just things you don't want to expose but can't
really do so, like your own face) with those who you don't trust. This is the
most secure approach among all possibilities.

~~~
angersock
So, consider "Hey, tomorrow is angersock's 34th birthday! We're organizing a
surprise party in his hometown of jonestown!".

Now, they've given away my age, birthdate, and where I was born. That's the
sort of information that, while private and something I don't give away, they
know and give away without thinking.

~~~
diminoten
Who is it you don't want to have that information?

The government already knows (it's part of your SSN information), and any
private company that cares will just make you give that info to them as part
of the cost of service. You'll do it too, because you don't want to be unable
to drive or have a mortgage.

~~~
angersock
I know about those entities, though--and I know that, in the case of private
companies, they're probably going to share it (and we can make laws to that
effect).

My original point is that those protections won't apply when just crawling
through friends and acquaintances mentioning things.

EDIT:

For another example, consider "Thank God, my friend angersock had a car
accident today but only scratched the bumper". That's something I don't want
as public knowledge, and that my insurance provider could (theoretically) use
to raise my rates.

~~~
schoen
Also, revealing your birthdate to the general public could help people
convince your bank they're you, or bust a pseudonym that you had been trying
to keep separate from your legal name.

------
TruthWillFree
The fight for privacy has to start at universities. At Georgia Tech, the
faculty are routinely involved in unwarranted surveillance and testing out
their fundamentally flawed ideas to sell off to the national security
apparatus. Such tests I would classify as being human experimentation with a
critical need for more transparency with the public. Without a broad education
that contains humanities, arts, and ethics we won't get the technical
solutions we need that address core societal issues. Instead we have an
cancerous culture in engineering that threatens our position among other first
world countries. Not all engineers have the same commitment to ethics and
unfortunately the most unethical don't have the proper economic incentives for
respecting human rights, liberty, and dignity. It's time to take a stand for
privacy, against the exploitation of technology, and against unethical human
experimentation. Georgia Tech's campus is a good place to start...

~~~
linkregister
What kind of surveillance is going on there? What kind of experiments are
happening there?

~~~
TruthWillFree
They psychologically torture and harass people to produce false confessions or
force people to do things against their will. Think what happened to Aaron
Swartz, but on crack... Chicago, I'm sure is no different...
[http://www.theguardian.com/us-news/2015/feb/24/chicago-
polic...](http://www.theguardian.com/us-news/2015/feb/24/chicago-police-
detain-americans-black-site)

~~~
jff
So you couldn't provide any real source, instead linking to something about
the Chicago police. What's the Georgia Tech connection?

~~~
TruthWillFree
[http://wiki.project-pm.org/wiki/Endgame_Systems](http://wiki.project-
pm.org/wiki/Endgame_Systems)

~~~
jff
Still not seeing any G.T. connection. Mind taking off the foil hat and beaming
the info to my mind or something?

~~~
TruthWillFree
Look at the physical addresses...Shrill.

------
TheMagicHorsey
I'm curious how DuckDuckGo makes money. They don't charge us for search
results, and they don't use our information to target ads. How do they make
money to run their operations?

~~~
rocky1138
I've seen ads on their site related to keywords in my search query.

------
stcredzero
_Pretty much all technologies have facets where markets break down and require
some form of corrective regulation to make things work the way we want them
to._

No! Nooooooo! Say it isn't so! The market is a magical infallible oracle of
laissez-faire goodness! (That snidely said, the market is absolutely a
marvellous thing in precisely the contexts where situations are so complex
that centralized control is hopeless and only massively distributed decision
making can hope to keep up. Again, context is everything.)

~~~
murbard2
In which category do you think the question of how privacy should be managed
between websites and their customers, across all kind of business models, all
types of customers, and all sorts of data fit? A complex situation that needs
context aware distributed decision, or a problem simple enough that regulation
can unambiguously help?

~~~
stcredzero
Of course, there are actually a great number of questions, not just one. One
of the biggest problems is that there is not enough knowledge in general
society yet for markets to work well enough wrt privacy. One thing that
lawmakers should be keenly aware of, is that broadly written regulations can
be helpful at first, but then become burdensome in a mature market or in the
face of technological change.

------
Nanzikambe
Fascinating, wake me up when this ethereal bill appears _and_ offers
protections for the privacy of all humans regardless of nationality, and not
just _some_ humans.

------
jqm
I don't think we are at a privacy crossroad. I think the fork was taken some
time ago and now it's just a matter of how fast and reckless we go, and just
who is going to be doing the driving.

------
mikerichards
Obama's natural inclination is to never to "regulate" the power of government,
but to regulate industry. Government's intrusion of our privacy is the much
bigger problem, but Obama just says "look over there at those big internet
companies, forget about the NSA, CIA, IRS and other numerous government
agencies and unaccountable bureaucrats that want to snoop into and control
your private lives. Forget that the government has the guns that can force
you. I'll throw the boogey-strawman of "big internet" to appease you"

~~~
Retra
Obama is not a member of congress. He doesn't write laws or regulations.

~~~
mikerichards
The first sentence of the post.

Any day now President Obama is going to propose a new privacy bill of rights
that will give you much more control over your personal information.

[http://www.politico.com/story/2015/01/online-privacy-bill-
wh...](http://www.politico.com/story/2015/01/online-privacy-bill-white-
house-114696.html)

------
recondite
I really want to recommend (upvote) his post, but Medium requires me to sign
in with Twitter or Facebook to do so. Great.

~~~
owly
Funny how that works. :(

------
owly
Thank you. DDG should be the default in Firefox and iOS.

------
happyscrappy
Choose what? To live like Stallman? Even his data leaks all over the place.
Absolute privacy, like all absolutes, is a sandcastle in the path of an
incoming tide. I am all for encrypted comm but metadata is almost as bad and
virtually unavoidable. Why was no one creeped out that Starfleet always knows
where every crew member is at all times?

~~~
whyever
I thought they don't if people do not carry their communicator. So basically
the same as today?

------
lnanek2
Honestly, I kind of prefer the new AT&T solution where they charge you ~$30
more to do nothing with your data. If paranoid people want this, then by all
means, let them pay for it.

~~~
TruthWillFree
You trust them? How do you know this just makes you more suspicious and gives
them more of an illogical basis for placing you under increased surveillance.

~~~
fixermark
Sure I trust them. The moment it's discovered that they've failed to hold up
their end of the bargain, they're out $30 x some significant percentage of the
users of that service per month. That's not chump change (to say nothing of
the potential class action lawsuit for utterly failing to hold up a contract
while continuing to charge customers for the services stipulated in said
contract).

~~~
TruthWillFree
We assume that we are entitled to some sort of protection because we've paid
for a service, but that didn't stop these companies from unlawfully
participating or turning a blind eye to unwarranted and unrestrained
violations of privacy. If you believe some court centered process will protect
you from abuse you are sadly mistaken. Of course it is no issue until the
fascists come after you....

------
anon012012
Sometimes I think privacy is bound to die because of nuclear bombs. What stops
a country sneaking bombs into another? We need total knowledge of what's in
the city. But maybe I'm wrong, I haven't thought it through.

