
Google tracks you. We don't. An illustrated guide - adityakothadiya
http://donttrack.us/
======
Matt_Cutts
The first sentence when I stripped out the pictures was "When you search
Google, and click on a link, your search term is sent to that site, along with
your browser & computer info, which can often uniquely identify you."

Referrers are a part of the way the web has worked since before Google
existed. They're a browser-level feature more than something related to
specific websites. But if referrers bother you, just use the SSL version of
Google to prevent referrers from being sent to http sites (or change your
browser not to send referrers at all).

The corresponding sentence even for a website that strips referrers would be
"When you search on domain X, and click on a link, your browser & computer
info is sent to that site, which can often uniquely identify you."

Read more carefully in that light, the first sentence is really saying that
third-party sites that you land on after searching or visiting a domain can
track you. That's independent of whether you came from Google or any other
search engine, of course.

~~~
epi0Bauqu
The referrer header is indeed a reality of HTTP, but that doesn't mean we
can't and shouldn't work around that reality and correct for it, if it has
real privacy implications, which I think it definitely does.

By getting rid of that header I think we take away a lot of private context,
i.e. the actual search terms that landed you on that page, which in and of
themselves can provide a lot of background into what was personally going on
with that person on that page.

So yes, the first sentence is all about the referrer header. And yes, it is
just one piece of the privacy puzzle, but it is one that I think can certainly
be solved. It is also a piece I feel the average person knows nothing about.

Here's the original post when I made the change to make searches externally
anonymous: [http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-
sea...](http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-searches-are-
now-externally-anonymous.html)

~~~
Matt_Cutts
Yup, that was the same day we announced SSL search, which prevents referrers
to http sites.

I don't begrudge you trying to make privacy a selling point for DDG, but
donttrack.us felt like trying to paint Google with a pretty broad brush.
Honestly, it reminded me of when Privacy International decided to give Google
a worse privacy rating than any other company. Here's how I responded to
Privacy International at the time: [http://www.mattcutts.com/blog/privacy-
international-loses-al...](http://www.mattcutts.com/blog/privacy-
international-loses-all-credibility/)

The fact is that Google has a good history of supporting privacy, from
fighting overly broad subpoenas from the DOJ to SSL Search to creating a
browser plugin to opt out of personalized advertising:
<http://www.google.com/ads/preferences/plugin/pluginfaq.html> .

~~~
epi0Bauqu
I really wasn't trying to paint with a broad brush, but instead concentrate on
very specific things that I think the average person doesn't know about.

Personally, as you can gather, I don't think SSL search is enough (or browser
plugins). The average person doesn't know it exists and so it essentially
doesn't "exist" for most people. If you made it the default, or did something
like what we did by dropping the referrer header, I think it becomes moot (at
least the first sentence).

I'm really not trying to say Google is all bad or anything. In fact, I use a
lot of Google services myself, e.g. Gmail. And I know you take privacy very
seriously. However, the ad networks and other aggregators are starting to do
some pretty scary stuff, and so I think you need to do more faster to catch
up, or stay ahead of them in the privacy arena.

~~~
axod
> "The average person doesn't know it exists"

Is there any evidence to suggest the average person really cares about privacy
online to such an extent?

~~~
extension
The average person can't decide if they care about it until they understand
it. Until they do, I'm glad people like Gabriel are being paranoid on their
behalf.

~~~
axod
Reminds me of stallmans endless ranting about freedom and software.

The evidence is that the masses don't care. They just want stuff that works
and solves problems for them. Is it open source? Why would anyone (apart from
a geek) care?

~~~
potatolicious
If the average person knew that their Google searches can potentially lead to
credit rejections or trouble with health insurance providers (hypothetical at
this point, but with recent trends not as farfetched as before), I think they
certainly would care.

The reason why the masses don't care is because they don't _know_ why kind of
havoc this sort of lack of privacy can cause. I for one am glad someone is
educating the layman in an accessible and non-condescending way.

~~~
axod
Highly hypothetical - to the extreme. How would any insurance co. know if it's
me, or someone else in the household?

Also afaik health insurance is mainly a US phenomenon thank god.

~~~
epi0Bauqu
[http://online.wsj.com/article/SB1000142405274870464860457562...](http://online.wsj.com/article/SB10001424052748704648604575620750998072986.html)

There are lots of ways this could play out. If you go to the site and register
(increasingly likely), they might be able to detect you individually.
Secondly, providers are starting to line up data by email address and other
personal facts, so they may be able to match you like that. But even if they
aren't absolutely sure it is you, they can still use the information to put
you in different initial pools that could be used, for example, to ask you
more specific follow-up questions that then put you in different risk pools.

~~~
axod
It's a tangential question, but why shouldn't insurers be able to know a fair
amount about you to assess risk?

If you're endlessly searching for cancer cures, perhaps they should be aware
of that.

Of course the solution is the US is universal health care for all. But that's
never going to happen.

------
Groxx
Or, you could use <https://encrypted.google.com> which disables the
referral[1]. You can also turn off the history[2].

Other info, like your IP address (which they partially anonymize after...
9/18/24 months (conflicting details)) and cookie[3] (which you can clear /
block), is still stored. Odds are DDG does this too (edit: they don't, see
replies), as it's mostly useful for overall statistics.

[1]:
[http://www.google.com/support/websearch/bin/answer.py?answer...](http://www.google.com/support/websearch/bin/answer.py?answer=173733)
[2]:
[http://www.google.com/support/accounts/bin/answer.py?answer=...](http://www.google.com/support/accounts/bin/answer.py?answer=54067)
[3]: <http://www.google.com/privacy/faq.html#toc-terms-server-logs>

~~~
nopal
_Other info, like your IP address...is still stored. Odds are DDG does this
too, as it's mostly useful for overall statistics._

You could have checked this assertion by reading DDG's plain-language privacy
policy:

 _When you access DuckDuckGo (or any Web site), your Web browser automatically
sends information about your computer, e.g. your User agent and IP address._

 _Because this information could be used to link you to your searches, we do
not log (store) it at all. This is a very unusual practice, but we feel it is
an important step to protect your privacy._

Edit: TOS -> privacy policy

~~~
Groxx
> _This is a very unusual practice_

So I was close. They even admit the odds were in my favor. Thanks for the
fact!

~~~
rumpelstiltskin
Close, but wrong.

~~~
Groxx
Which is why I edited my top post. No need to spread inaccurate information.

Since you're going on the offensive, a defensive move might be in order: no, I
wasn't. I said "odds are", not "DDG does", because I didn't know for sure and
did not intend to claim to. The odds _are_ in my favor, the fact is an
aberration on otherwise almost-uniform behavior by search providers.

~~~
foljs
Nope, you were just plain wrong.

The odds would have been in your favor if you have said "odds are a search
engine chosen at random does this too".

But, instead, you said: "odds are DDG does this too", thus binding the odds to
DDG.

Since the general stance of DDG is pro privacy, you should have reasoned that
the odds were in favor of DDG NOT doing this.

(Not to mention that posting that you "were close" didn't provide anything to
the discussion --apart from some ill-conceived face saving from your part).

~~~
Groxx
It bound the odds to DDG _in the face of a lack of information_ , where you
can only extrapolate from what you know - other search providers. It would've
bound straight to DDG if I _knew_ one way or another, but I didn't. Context is
very important for such phrasing.

I used it to say "thanks", which was the primary reason for me. The rest was
perhaps ill-conceived, but it has been amusing to see the spikes up and down
in its rank - it went > +10 for a while.

------
andrewljohnson
There is a rash of this kind of marketing I see cropping up on Hacker News,
marketing which promotes one company while badmouthing another. We saw it from
Posterous, Adioso, and now DuckDuckGo.

* Adioso vs. Bing: [http://blog.adioso.com/sorry-bing-adioso-is-still-the-worlds...](http://blog.adioso.com/sorry-bing-adioso-is-still-the-worlds-only-na)

* Posterous vs. Tumblr (and others): [http://blog.posterous.com/hey-tumblr-users-got-comments-want...](http://blog.posterous.com/hey-tumblr-users-got-comments-want-video-grad)

Setting aside whether or not you want to be perceived as cutthroat or just
straight-up douchey, the real question is whether or not this the most
effective spin.

I think it might be better just to talk about how great privacy is at
DuckDuckGo, perhaps in comparison to other search engines in general.

DDG calling out Google individually, Adioso calling out Bing individually, or
in the case of Posterous, calling out other startups, isn't how I would play
the game.

~~~
epi0Bauqu
I'm obviously biased, but I thought about this a lot before doing this page.
First off, I tried to take the informative approach, not the badmouthing
approach. In fact, this is the most informative page about search privacy I
know about. You may reasonably disagree I got there, but that was indeed the
goal.

Second, for most people, Google _is_ search. So not talking about them in the
context of search is almost useless. In other words, there is no real way to
talk up DDG privacy without explaining what happens when you use Google. It
just isn't meaningful because most people don't know what the baseline is.

~~~
itistoday
IHMO this is classy, smart marketing on your part. And it happens to be
championing privacy concerns. More power to you.

------
aw3c2
That site turned me off. I am using DDG as my primary search engine for many
months now.

I really dislike the style and "atmosphere" of that site. The images are
seemingly unordered and could use some borders. The images of the dog biting
the women or the predator disgust me. Then some "motivationals" and memes that
do not help the case.

This site gave me mental stress (the left-alignment of varied sized text and
images maybe, maybe the white, maybe the images) and overall broke a chunk off
the good impression the DDG creator gave me so far. I'd suggest either not
making such weird site or at least make it properly designed.

(When I clicked the link I expected it to be related to the
[http://hackademix.net/2010/12/28/x-do-not-track-support-
in-n...](http://hackademix.net/2010/12/28/x-do-not-track-support-in-noscript/)
disaster which dramatically "uniquifies" your browser fingerprint so I started
with a bad feeling. Thanks for adding ad-blocking recommendations though! And
even more so: Tor!)

~~~
epi0Bauqu
Truly sorry about that -- of course not the intention. I tried to keep it as
simple as possible, and didn't iterate much on the design. I'm open to design
changes if anyone has any concrete ideas.

Personally I hate disgusting images, and didn't think those two rose to that
level. If anyone has suggestions for equally good replacements, I'm fine with
that too.

~~~
edw519
_Truly sorry about that..._

Whenever anyone begins with "That site turned me off," it may be a good idea
to hear their feedback, but it does not necessarily follow that they deserve
an apology or that you need to act upon that feedback. I think you're dealing
with an outlier, and we already know what trying to please them can lead to.

 _If anyone has suggestions for equally good replacements, I'm fine with that
too._

Don't change a thing.

As Edward Everett said to Abraham Lincoln at Gettysburg: "I should be glad, if
I could flatter myself that I came as near to the central idea of the
occasion, in two hours, as you did in two minutes."

~~~
jsrfded
I thought it was hilarious. Agree that the poster is an outlier.

------
Ryan_IRL
I think it's some valid info here, and it's certainly worth being wary of the
info Google collects, but I also sense a little bit of FUD here. The whole
"...which can often uniquely identify you" makes me feel like this is playing
on fear a little too much. It's not like that "big ebony booty" search is
going to come up in a job interview any time soon guys.

~~~
epi0Bauqu
I really tried hard with this not to perpetrate any FUD. I re-read all the
recent WSJ reporting many times and ran this by a bunch of critical eyes.
Tracking down to the individual level is certainly real.

~~~
gyardley
The 'F' in FUD stands for fear. While tracking down to the individual level is
certainly real, it certainly isn't anything a typical user needs to be
concerned about - at least not to the extent that the WSJ's encouraging.

(Many people in the ad industry assume the WSJ's spreading such FUD because
the WSJ as a premium brand benefits disproportionately in a world with dumbed-
down ad targeting. I don't have any evidence for this - but it would explain
the WSJ's vituperativeness.)

To me, this looks like you've just reproduced the WSJ's FUD, since the FUD
just happens to reflect favorably on DuckDuckGo. That's not exactly laudable,
although it is understandable.

~~~
redrobot5050
In this case, the 'F' stands for Facts.

I know of at least two start-ups that are currently building advertising
revenue streams on facebook apps and twitter that are also data mining like
crazy. The goal is to replicate your "facebook friends" data and have it
accessible on-demand without needing facebook. They also plan on extracting
all your likes and interests. Then, if your friend (who is uniquely
identifiable) buys something and its within your "liked" interests, you get a
micro-targeted ad telling you your friend has bought it.

So, sometime soon, the Beacon-scandal from facebook (a few years ago, if
people can remember -- users said that facebook "ruined christmas") is going
to play out again on the greater web. And there will likely be no opt-out.

The company Gabe is afraid will come to be is already in the process of an
alpha test. Consumers are largely ignorant of how powerful data mining
software can be, and will continue to be until its "too late".

------
joakin
Here goes some feedback, hopefully we can gather some suggestions for Gabriel
instead of saying 'Encrypted Google' all the time...

In my opinion (using my designer side) the site lacks basic design, the text
is well written, and the images make it really easy to read, but its missing
some eye candy. Something to do would be structure each argument as a
page/slide, and make the reading more like slides or a book.

In my opinion, -quite ironic- you should have a look (copy format) from
Google's 20thingsilearned [1], the book format, with the beautiful design and
the animations would make the site stand out and more attractive to be read
than it is now.

But dont do as them, there is a pretty good job done keeping the text short
and concise but informative and clear.

If the site is kept well formatted as well as structured and 'playful' will
continue to be a pleasure to read.

Good luck with the campaign, happy to help to my default search engine :)

[1] <http://www.20thingsilearned.com/>

~~~
Kadin
Ugh, disagree. I detest the online-slideshow thing, and often wish people
would just take their "slides" and put them on the same page and just let me
scroll.

Whenever I see someone doing a slideshow-type presentation, my immediate
assumption is that they are just dragging me through the process so they can
get more eyeballs for their advertising. (Cf. much of Cracked.com and other
"Top x Lists".)

There are things that could be done to make the page more appealing, if you're
not into the lowdef look that I think they're going for intentionally, but
breaking it into multiple pages if it does't really have to be is just
obnoxious.

~~~
epi0Bauqu
Yes, I wanted to keep the lowdef look, though I'm happy to entertain any
design changes within that look.

~~~
joakin
What about a scrolling format but more visually appealing? Something like
benthebodyguard.com [1]

In light colors avoiding the darkness but funnier to scroll

[1] <http://benthebodyguard.com/>

~~~
potatolicious
I'm not sure if Ben the Bodyguard qualifies as "low-def". The problem with
heavy designs like this is that they _look_ great, but their efficacy is
rarely ever supported by raw data.

------
jimmyswimmy
Well, that finally worked for me. For the longest time I've seen the DDG "ads"
on here and thought, "meh, Google works fine for me." Focusing on the privacy
angle appealed to me, mainly because I like the idea of decoupling my search
and email histories.

But - if you are so focused on _not-tracking_ then how do you know if an
advertising campaign such as this actually works? Presumably this is not the
only campaign you are currently running. Must be the referrer string from
donttrack.us, which is so amusingly ironic that I can't help but twist the
corner of my mouth into a smirk.

Nice site, by the way, I found it clean, clear and readable. Scrolling and
justification are no matter to me, I liked the simple single-page look.

~~~
zavulon
I'm in the same boat - this has finally convinced me to give it a serious try.
I've been using Google mostly in "private" mode in Chrome/FF for a while now,
but that's not a real solution.

------
zackola
I've been using Duck Duck Go as my primary search for the last month - it's
pretty great! And if you need to fallback to google because you want a map or
something else there are a bunch of ! shortcuts to go right there. (!map is
most frequently used by me)

~~~
BrandonM
I'm forever confused by technical users who laud DDG's ! support. I love DDG
and use it as my primary search engine, but Firefox has featured keyword
searches for years now. Any search box anywhere can be turned into a URL
keyword search.

I use "m" for searching Google Maps, "im" for Google Images, "w" for
Wikipedia, "dict" and "thes" for dictionary.com, "bt" for searching torrents,
and the list goes on. Just yesterday I added one so that I can type "to 123
Main St 12345" in the Location Bar and it automatically gives me the Google
Maps driving directions from my house to the indicated address.

It's as simple as right-clicking a search box and selecting "Add a Keyword for
this Search...". Use it :)

~~~
JoshCole
I second this post and want to mention that support for this exists in Chrome
as well. You don't even need to grab an addon. The searchable bookmarks site,
trunkly, turned me on to this feature. I nearly posted a Tell HN when I
realized what I had been shown.

Add Keyword Search In Chrome:
[http://www.google.com/support/chrome/bin/answer.py?answer=95...](http://www.google.com/support/chrome/bin/answer.py?answer=95653)

Add Keyword Search In Firefox: [http://lifehacker.com/397071/easily-manage-
firefox-3-keyword...](http://lifehacker.com/397071/easily-manage-
firefox-3-keyword-quick-searches)

Enjoy!

------
cletus
I have a question: does this policy of DDG violate their legal
responsibilities? Thats a serious question. I believe that law enforcement
requires some form of data retention but I'm not sure what.

~~~
epi0Bauqu
No, nothing that I've ever come across says you have to save and store
peoples' personal information. If you have it, then you have to abide for
legal requests for it, but if you don't have it, you don't have it.

~~~
dschobel
As a caveat, I remember some techno-illiterate judge ruling that having the
data in memory constituted a record with the implication that by not
persisting the record/document you were intentionally destroying it. I'll try
to find the link.

edit: found it

 _A federal judge in Los Angeles last week ruled (PDF) that a computer
server's RAM, or random-access memory, is a tangible document that can be
stored and must be turned over in a lawsuit._

[http://www.zdnet.com.au/us-ruling-makes-server-ram-a-
documen...](http://www.zdnet.com.au/us-ruling-makes-server-ram-a-
document-339278641.htm)

~~~
cletus
This case was appealed in 2009. The Ninth Circuit did not directly address the
issue but, reading this summary, it appears the district court's ruling wasn't
quite as shocking as the headlines portrayed.

See <http://lctjournal.washington.edu/vol5/a23Hall.html>

------
snippyhollow
I switched definitely to duckduckgo one month ago and I'm happy about it. I
find that for us, tech-oriented people, it provides very pertinent result
pages, plus it is fast enough, and you can always !google or !wikipedia or
else if not satisfied... Its recall is perhaps less than Google, but the smart
handling of "spam" gives it a really nice precision. Never went on page 2!

------
gregable
As a practical matter, surfing from an <https://> URL doesn't strictly strip
referrers (in Google, DDG, or otherwise). SSL is intended to hide your data
from the network, not the destination, so every browser I've tested will send
referrers from <https://SiteA.com/> to <https://SiteB.com/> as long as both
the referring and destination URLs are both <https://>

------
fwdbureau
I'm sure google is not as "evil" as those recent bashing campaigns tend to
insinuate, but the fact is, if google could publish clearer, more-defined
data-privacy or data-retention policies instead of the vague assertions you
can find in their TOS, things would be clearer. The current situation is just
feeding doubts, and nothing serious or accompanied by hard facts comes to
contradict this illustrated guide

~~~
mariuskempe
Agreed. The deeper you delve into Google's TOS, Privacy, or other legal-
requirements pages, the more their corporate identity of 'fun and clear'
dissolves.

------
yuvadam
Strangely enough, and with all the anti-google hype lately, this really makes
me want to ditch google for web searches (Gmail is harder to leave...)

------
eddieplan9
Kudos to DDG. Finally a good alternative to the big G.

What scares me the most sometimes is when I think about how ubiquitous
Google's ads network and analytics network are. Most of the websites I visit
use AdSense and/or Google Analytics. Some are using Google's copy of popular
javascript libraries like jQuery. This means that when you are moving from
site A to site B to site C, there is a good chance that even though A or B or
C does not know about it, Google knows your full browsing path and even how
you move from one to another. I am not saying that Google is actually doing
it, but it is scary someone has the capability to do it and to know more about
you than the government and your mother do. It is important a significant
portion of the website and our browsing activities are outside of Google's
networks.

~~~
btilly
_Some are using Google's copy of popular javascript libraries like jQuery.
This means that when you are moving from site A to site B to site C, there is
a good chance that even though A or B or C does not know about it, Google
knows your full browsing path and even how you move from one to another._

Wrong.

When a browser gets a request for a JavaScript file that it has seen before,
it returns a cached copy from the local hard drive rather than sending out a
request to the website. Therefore sites that use Google's copy of jQuery are
maximizing their chances of having browsers not make a round trip, rather than
giving Google something that they can use for tracking.

------
Indyan
I love DDG, and am a DDG user. Nevertheless there are two things in this guide
that bothered me: i) No Referrers: I consider this to be essential information
for the webmaster. It allows him to know what is working, and what isn't. If
DDG becomes popular, it will kill the search analytics market. It's a niche
product right now, and that's why it can afford to do this and Google can't
(SSL isn't the default option).

ii) Adblock et all: By advising users to use Adblock, once again you are
encouraging users to do something that can cripple the web as we know it.

~~~
yycom
Adblock et all: By advising users to use Adblock, once again you are
encouraging users to do something that can cripple the web as we know it.

That's the point.

------
Skywing
You know what? I'm one of those people that can probably say "who cares", but
I think I'm going to try out DuckDuckGo over the upcoming week.

------
motters
I've been using DDG for a while, and have been very happy with it. IMHO they
should focus on this privacy aspect, trying to be the most privacy respecting
search engine, because it's a key product differentiator and it's also an
issue which is only likely to grow in importance.

~~~
16s
How will they make money? I agree with you. I like privacy, but ad supported
search seems to be the only viable business model. Advertisers won't pay DDG
b/c there's no one to target.

~~~
mike-cardwell
I assume they have various methods. One of the methods I noticed by accident
was that they add their affiliate id to Amazon links in search results

~~~
patrickaljord
So amazon can track DDG users.

~~~
mike-cardwell
They can track that you came from duckduckgo yes. But that's it. They can't
track what search terms you used, because that is what duckduckgo hides in the
referrer. But only if the link is https so the referrer is passed at all.

------
olalonde
In case you're wondering how uniquely identifiable your browser is:
<https://panopticlick.eff.org/>. "Your browser fingerprint appears to be
unique among the 1,328,173 tested so far."

 _Of course, this is regardless of Google._

------
danielhfrank
Could anyone comment on how much of this stuff could be sidestepped by just
using an incognito window in Chrome? I don't mind ads targeted to, say, me as
a Java developer. But, if I'm going to look up anything I'd rather others not
know about, I simply pop open an incognito window and... am I good to go? Is
there anything besides my IP address that can be read when I'm doing that?

~~~
potatolicious
Incognito is a pretty thin layer of privacy. What many systems will see is
this:

"User foobaz123 logs in from IP u.v.w.x. Here we have a no-cookie session from
IP u.v.w.x. This is probably foobaz123"

Any identity management system of modest complexity can do this with fairly
good accuracy. So while they don't have you confirmed via an authentication
cookie, it's certainly a far cry from total anonymity.

------
ignu
"which can often uniquely identify you."

"and potentially show up in unwanted places, like insurance, credit &
background checks."

yeah, i'm pretty sure that's not a thing that can happen.

also, if you like the internet being free then you shouldn't mind seeing ads
for your demographic that get a better roi and make more money for publishers
of the content you don't pay for.

~~~
codeup
If you pay with your data instead of money, how does that make a service
"free"? It would only be free if your data was worthless. But then they would
not collect it in the first place.

~~~
Groxx
Be careful how you define value / cost / worth. It costs me nothing if they
duplicate information I give them. It costs me something if it's used to
abusively manipulate me. It _pays_ me something if it's used to manipulate me
(ie, what I see) in ways I approve of.

~~~
codeup
Does the duplication of _private_ information reduce it's value? I think it
does. If there is a transfer of value from you to a company then you can call
transfer that a sort of payment. The company may _sell_ you something in
return, but I wouldn't confuse _selling_ with _paying_.

~~~
Groxx
> _The company may sell you something in return, but I wouldn't confuse
> selling with paying._

Absolutely, those are entirely different. But you _do_ seem to be defining
"providing a service" as not-paying. If you go down that route, why do houses
cost money? You are paying the builders for their service, but if that's not-
paying, then you're just giving away huge sums of money for zero value in
return. Tangibility isn't a defining line, or utility companies would be out
(they don't _provide_ water, they bring it _to_ you. An intangible service.).

The service in these cases being fewer "enlarge your breasts/penis" ads for
the wrong sex, or anything you may find offensive, replaced by ads which
(ideally) would help you discover things you want which you may not have found
otherwise. You're paying the ad services to be your personal product
investigators, and they return value by providing relevancy.

edited to add more. I'm done now!

------
pacemkr
I believe I was one of the people who requested this. Namely, a better
explanation of why DDG not tracking your search history is a big deal.

Implementation details aside, this page must exists and I applaud Gabriel for
making it. Why? I must have been living under a rock, but I for one have never
heard of https search for Google -- and I'm not exactly a computer newb.

Privacy should be the default, so "use secure Google" is a ridiculous response
to legitimate privacy concerns.

Feedback:

1\. I really appreciated how fast information is delivered. "One thing leads
to another." And its very clear up to...

2\. You lost me after the "Your profile can also be sold," with lolcat
material. It really threw me off and I almost forgot what I was reading about.
On my first run through the page, did not absorb ANY information past that
point.

3\. I only noticed the multiple (happens) links on the second run. Noticed one
somewhere along the way on the first run, but not the reast. This is the
important part. It tells me that this isn't a list of "imagine these unlikely
events and fear", its a list of "did you know this actually happened."

4\. The images establish pace for the reader, but, I can't stress it enough,
they must communicate additional information. Up until the parental control
cat we get a visual of what happens. I can also relate to the images because
I've seen ads for "wacom tablets" follow me for months after I bought the
freaking thing and I've seen the Google Analytics control panel. The image of
the woman signifies that her profile is slowly building up. What information
does the parental control cat or austin powers communicate?

5\. The design is a little too bland, but as noted above, that's not the
biggest problem. I wanted to link my friends to the page, but then got to the
images and felt that the message would be lost on them as it was lost on me.

Hope this helps and thank you for making the page.

------
jeromeflipo
Why not simply use <https://encrypted.google.com> with
<http://tools.google.com/dlpage/gaoptout>?

~~~
fmavituna
HTTP referrer header will be stripped from HTTPS to HTTP according to RFC so
it solves one of the problems.

Also there is a Chrome extension for Google SSL Web search:
[https://chrome.google.com/extensions/detail/lcncmkcnkcdbbanb...](https://chrome.google.com/extensions/detail/lcncmkcnkcdbbanbjakcencbaoegdjlp)

~~~
epi0Bauqu
I don't think it blocks the header for HTTPS -> HTTPS traffic though.

~~~
fmavituna
That's a good point :) It doesn't

------
crnixon
I like DuckDuckGo. I use it and it's a good search service. But I'm left with
a question after this site:

Isn't Google's tracking a _good_ thing in many ways? I want sites to know what
I've come searching for so they can present me peripheral content I want and I
want Google to know my interests so that they show me ads related to those
interests.

I agree Google could do more to alert users about what privacies they are
giving up, and I'm glad there's good alternatives if you don't want that info
tracked. I think not enough is made of the good side of Google's
personalization, however.

------
requinot59
Good explanations of privacy issue using Google for the neophyte. Thanks for
this, I'll use this link when I tell someone about the online privacy stuff.

------
marcusEting
If you don't want to be tracked but still want to use google there are three
great browser extensions which make that possible:
[http://techblog.willshouse.com/2011/01/03/three-
extensions-t...](http://techblog.willshouse.com/2011/01/03/three-extensions-
to-protect-privacy-against-google/)

------
shimonamit
I'm still dreaming of a search engine that parses regular expressions. When
that happens I'm there. Yesterday.

~~~
daten
It would be an interesting day if someone could make regular expression
searches over a large data set as fast as keyword or phrase searches against a
sorted and indexed database.

They also need to make sure they use an implementation that doesn't suffer
from exponential time[1] regular expressions.

[1] - <http://swtch.com/~rsc/regexp/regexp1.html>

~~~
util
This basically exists for source code now: <http://www.google.com/codesearch>

------
rmc
But isn't the referral header and search terms good for the webmaster? It
allows them to customize the website for their customers and allows them to
find out what their customers are looking for.

------
mitko
This page converted me. I'm giving DDG a test as my primary search.

------
lisperforlife
<http://www.google.com/search?q=rails> vs <https://duckduckgo.com/?q=rails>

<https://duckduckgo.com/?q=python> vs <http://www.google.com/search?q=rails>

I rest my case. Don't get me wrong. I like DDG but this campaign seems like
spreading FUD. BTW, I use https by default.

------
veidr
I don't think this is an important indictment of Google at all, but I _do_
think it is an important warning (mainly because of its simplicity and
digestibility) to those people who don't understand how the interweb tubes
work.

For instance, I forwarded the entire page as-is (Cmd-I in Safari if you have
Apple's Mail configured) to my little sister.

------
pragmatic
How does duck duck go make money?

I saw something about adding affiliate links to Amazon results. What else?

------
kolinko
There is a thin line between "fighting for what's right (privacy)" and
"building paranoia to earn profit" and I think DDG just crossed it :(

I like the search engine and I wish them all the best (seriously), but this
method of advertising is bad.

------
vitorbal
I love the reference to the austin powers' "in a nutshell" scene, heheh.

------
alexfarran
Does it really matter that DDG works around the referer header when
embarrassingillness.com/herpes has your IP address, and anything else your
browser sends to them.

------
sz
There ought to be a browser plugin for the paranoid... surely someone must
have tried to make one?

------
klync
bookmarking, delicious-ing, resending to ( / spamming) all my friends and
family ....

ddg rules and this finally puts my pov into nice, simple, pretty pictures.

W00t!

------
ssn
Too much FUD.

------
rick_2047
I seriously do not get this privacy sham. All of a sudden everybody and there
uncle is very concious about some algorithms (that select the ad for you)
knowing what they searched for. I mean even if I search for something
inappropriate and then google ads algorithm knows what I searched for, big
deal yaar whats the harm?

I presume referrer headers existed even before google and this privacy
outrage. The thing I do not understand is, why this sudden conciousness about
some database of what you searched online?

~~~
huertanix
This isn't just a matter of advertising. Your search history is an incredibly
personal and detailed profile of who you are, and governments have a history
of trying to use that sort of information for $badThings. See: US DOJ request
for search engine histories in 2005. There's a reason why librarians fought so
hard to keep your book checkouts private when the Patriot Act passed. Search
histories have a potential for abuse and their privacy should be an issue.

~~~
rick_2047
Then don't select such a government. Last time I checked USA was a democracy.

~~~
huertanix
I tried that. It didn't work.

------
pedanticfreak
I think the more appropriate summary is that DuckDuckGo proactively guards
your privacy. Google is completely aware of privacy issues, but allows privacy
to slip through the sieve by being indecisive about what to do about it.

------
mkramlich
Awesome promotional/marketting angle. Smart way to compete against Google.

