

DuckDuckGo Sees Record Traffic After NSA PRISM Scandal - SmeelBe
http://searchenginewatch.com/article/2275867/DuckDuckGo-Sees-Record-Traffic-After-NSA-PRISM-Scandal
DuckDuckGo Google Tracks You We DontEver since the news hit about the NSA PRISM surveillance program in the United States, many people have become much more concerned about what exactly search engines are tracking about them.
======
jacobparker
They run a tor exit enclave which is really, really, cool; there is a blog
post about it here: [http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-
now-o...](http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-
a-tor-exit-enclave.html)

One motivation for switching: they have lots of "gadgets" like Google, and
will take suggestions and/or apparently let you develop new ones. Here is a
cool example:
[https://duckduckgo.com/goodies#Programming/crontab_0_0______...](https://duckduckgo.com/goodies#Programming/crontab_0_0________usr_bin_nice__n_15__usr_local_ddg_sysadmin_log_logrotate_ubuntu_sh)

Another useful feature:
[https://duckduckgo.com/bang.html](https://duckduckgo.com/bang.html)

I just searched Google (heh) and apparently DDG makes their money from
affiliate links at the moment. I've been considering switching to DDG so I'll
have to make an effort to do my Amazon searches through them; it's a really
easy way to support them.

EDIT: useful method of switching:
[http://help.duckduckgo.com/customer/portal/articles/255650](http://help.duckduckgo.com/customer/portal/articles/255650)

~~~
clicks
That is pretty awesome.

I'm curious: was the privacy focus by the DDG guys always there, or was it
pushed after they found it was a nice advertising point?

Either way, I think this is a good enough reason for me to finally make the
switch.

~~~
bru
When you look at the timeline[1], the first event is "DontTrack.us", a
website[2] dedicated to pointing out google tracking, and linking to DDG in
the end.

So privacy has always been their focus. It _is_ a nice advertising point, but
pushed from the beginning.

1: [https://duckduckgo.com/traffic.html](https://duckduckgo.com/traffic.html)

2: [http://donttrack.us/](http://donttrack.us/)

~~~
corin_
That timeline begins 1.5 - 2 years after DDG launched.

------
spodek
Google's _strategy_ is to profit from advertising. It fundamentally benefits
from knowing as much about its users as possible. Every tactic it has will
always support that _strategy_ or it will risk failure.

You can tell its _strategy_ motivates it toward evil (its term, not mine),
because its slogan is "Don't be evil."

It _chose_ that slogan because it risks being evil, in its own terms. It
doesn't need a slogan like "Don't be unprofitable" or "Don't break the law"
because its strategy doesn't point it in those directions. It points to being
evil, in its terms.

Why else would a company feel so compelled to stop itself from doing evil than
to make its most prominent slogan to stop itself? If its strategy didn't point
it in that direction, why else would it try to stop itself from stopping being
"evil"? All the brilliance of its engineers, managers, leaders, deals, and so
on exists to support the company's _strategy_ , which it realizes motivates
them so much toward "evil" it has to stop itself as its highest or at least
most public directive.

"Don't be evil" exists to make the place palatable to humans who understand
the company's direction. Who made the slogan? The people who know the
company's direction _best_. They know it better than you and they realize its
direction.

Google has a technically superior product to its competitors. When you realize
its most knowledgeable and powerful employees know its _strategy_ points it to
"be evil", you realize why people use alternatives whose strategies don't
point them to "evil," especially when current events highlight the
consequences of its strategic choice of knowing so much about you, its users.

~~~
gyardley
Whatever you feel about Google's actions, there's no need to concoct elaborate
stories around and speculative theories about the origin of Google's 'don't be
evil' slogan. You can look it up.

According to
[http://blogoscoped.com/archive/2007-07-16-n55.html](http://blogoscoped.com/archive/2007-07-16-n55.html),
the 'don't be evil' slogan came from Paul Buchheit, who was brand-new to the
company when he proposed it at a corporate-values brainstorming meeting. This
meeting was _before_ Google became an advertising company, and Paul intended
the slogan to be funny, and a jab at other companies.

~~~
ronaldx
I agree with the parent commenter: the fact that "don't be evil" was adopted
suggests strongly that there is a motivation to be evil that needed to be
overcome (and that users could identify with).

The company storytelling that goes along with the slogan doesn't matter, and
nor does it matter that it's intended mainly as a jab at competitors _in the
same industry_.

~~~
bad_user
Any company, person or organization has the potential to be evil. That's a
truism that doesn't bring any value to the conversation.

~~~
HSO
It's not a 0-1 thing, there are degrees of attraction towards "evil". The
guard in a concentration camp has more tendency towards evil than the guard
in, say, a factory or residential building.

As Buchheit[1] himself said: "It’s also a bit of a jab at a lot of the other
companies, especially _our competitors, who at the time, in our opinion, were
kind of exploiting the users_ to some extent." (emphasis mine)

Realizing that your competitors, i.e. firms you acknowledge as being in the
same industry, are "kind of exploiting the users" seems to me not far from
realizing that your very industry has a tendency towards that.

I think "Don't be evil" is an honest expression of the early confidence and
idealism of the founders and core team of Google. However, in the last few
years, as with America at large, something seems to have changed at Google.
Personally, I tend to steer more and more away from it.

If they truly wanted to avoid evil and, perhaps more important, the potential
for future evil, they would anonymize all observations to make, say, search
per se better (as opposed to expressly attributing data so as to "personalize"
it). That, incidentally, would also make Google immune to NSA bullying. Much
like Apple, they could just say: We don't even store this kind of data, sorry
guys, look somewhere else. At the rate with which they collect data points and
with which hardware, algos, and science advance, it will be possible in a few
years to do fine-grained psychological profiling on a massive scale, with all
the possibilities of evil I can imagine. It's a fine line between prediction
and control in social systems. And we all know that what is technically
possible eventually will be tried by someone. It's not hard to think of
scenarios.

_________________

[1]
[http://blogoscoped.com/archive/2007-07-16-n55.html](http://blogoscoped.com/archive/2007-07-16-n55.html)

~~~
bad_user
Limiting technology usage because of fear of unforeseen consequences seems a
little short-sighted to me. If I would agree with such a line of thought, I
would be Amish or something. In regards to evilness potential, the genie is
out of the bottle ever since the Internet happened.

Btw, Google does personalize searches in a useful way. You may not have
noticed it, especially if you're from the US. DuckDuckGo is unusable for me
whenever I search for _local_ stuff. Also, when I search for "Ruby", the first
result is about Ruby, the programming language. Guess what my wife sees when
she's doing the same search.

You can place "personalize" in quotes all you want, but they are doing it
because users want it, period.

Also, I see people here being so enthused about DuckDuckGo, ignoring that the
project itself uses Bing's APIs as its primary engine. Of course it does, who
would be insane to recreate Google's infrastructure and algorithms when you
could get it by piggybacking on Google's main competitor and without which
DuckDuckGo wouldn't have been possible.

And here's what a lot of people miss - you don't even need a unique cookie to
track users down. All you need are IPs and some smart algorithms for
disambiguations. You can't reliably identify all users, but you can identify
many of them only by keeping the history of searches per IP. And if you throw
in a user agent (which I can assure you, it does get sent to Bing), the
reliability increases even further. Throw in IPv6 and we won't be needing
cookies at all.

If anything, fear of technology doesn't do any good, because it will happen,
regardless if you want it or not. Privacy concerns need to be solved by laws.
If governments disapprove, then we need new governments.

~~~
crazedpsyc
1\. Region can be changed in DuckDuckGo's settings, for more localized results
-- by default it is set to "No region," so there is nothing localized in the
results.

2\. Bing is one of very very many sources, which are all remixed and combined,
so the end result is completely different from Bing or any other upstream
source (and most often, far better).

3\. No, no, no. Nothing at all is sent to bing other than a plain request for
an ad coming from DuckDuckGo servers with the query (for a page-relevant ad).
So, this sentence: "user agent (which I can assure you, it does get sent to
Bing)" <\-- Utterly untrue.

Now, when you click on an ad, naturally your information is sent to both bing
and whatever site the ad was for. That's to be expected, you are leaving
DuckDuckGo at that point. This is also true when you click standard result
links, of course.

Now that that's out of the way, my personal opinion of result
tailoring/bubbling is: it's good _sometimes_. I love being in my cozy little
bubble when searching for coding things, and even local businesses and such. I
do NOT love bubbling when I am doing academic research. Why would I want to
see content I already know and like? That invalidates the point of research,
and even gives me a false idea about whatever I am researching.

Bubbling and tracking, while good in some cases, should be optional in my
opinion.

------
aidos
Oh that's cool. I'd forgotten they had the traffic up online. I was wondering
how many people had switched over to it over the last week (I've gone back to
using it as my default engine again - not for the first time).

How many queries does google process per day? 1B? DDG is up 1M in the last
week. So it could realistically represent a 0.1% drop in traffic for google -
or am I way off somehow? It's not unrealistic to think it could go up another
magnitude again. Then you're starting to talk about a real impact to Google's
bottom line.

Very interesting.

~~~
icebraining
Google processes 100B/month[1], so 1M is closer to 0.03%.

[1]: [http://searchengineland.com/google-search-
press-129925](http://searchengineland.com/google-search-press-129925)

------
andyzweb
_A search engine whose users consisted of the top 10,000 hackers and no one
else would be in a very powerful position despite its small size_ —pg

------
jusben1369
A "pro PRISM" headline might read "Less than 0.0X% searches move to search
engines that don't track individuals despite apparent outcry over PRISM"

------
thrownaway2424
Google has more information security engineers than ddg has all engineers.
Same goes for Facebook and Microsoft. What makes HN think the NSA and/or China
and/or Somali pirates haven't completely owned every server at ddg? Why do you
think that just because ddg doesn't log anything implies that your ddg
accesses aren't logged by third parties?

~~~
bconway
Any evidence or just FUD?

~~~
thrownaway2424
Just FUD, but I don't think it's sufficient to /intend/ to protect user data,
you must also have the /capability/ to actually protect it.

------
Yrlec
I am one of those that have changed to DDG after the scandals. So far it feels
like I find my results as quickly as I used to do with Google. One nice
feature that I just found: under the Privacy tab at
[https://duckduckgo.com/settings](https://duckduckgo.com/settings) you can
change so that the query is sent as a HTTP POST parameter instead of a GET
parameter. That way your ISP can't find out what you are searching for
(assuming you have https enabled).

~~~
primaryobjects
SSL encrypts everything in the url after the ? so GET or POST matters little.

~~~
Hannan
Not just the query string values, it encrypts the path to the resource (and
headers, etc) as well. However, another HNer pointed me to an article on side-
channel attacks which is helpful to keep in mind when considering privacy:

[https://news.ycombinator.com/item?id=5492338](https://news.ycombinator.com/item?id=5492338)

------
annnnd
If NSA could subpoena Google, they can (and probably do) do the same with DDG.

Not that I don't wish them success, but PRISM is not the right reason to
switch search engine to them.

~~~
latch
DDG logs very litte information...so while NSA can subpoena DDG, there's no
data to get.

Developers should read "Playing chicken with cat.jpg" [1] which was a response
from cperciva [2] to the 37 Signals privacy blunder. It was discussed quite a
bit on HN [3] and for me it was a perspective-changing read on privacy.

[1] [http://www.daemonology.net/blog/2012-01-19-playing-
chicken-w...](http://www.daemonology.net/blog/2012-01-19-playing-chicken-with-
cat-jpg.html)

[2]
[https://news.ycombinator.com/user?id=cperciva](https://news.ycombinator.com/user?id=cperciva)

[3]
[https://news.ycombinator.com/item?id=3484284](https://news.ycombinator.com/item?id=3484284)

~~~
AlexMax
Why bother asking DDG itself when traffic can be intercepted and logged at
their ISP?

~~~
JimJames
IIRC HTTPS would encrypt your data from your ISP.

~~~
wcchandler
Until PRISM subpoenas DDG and gets their private keys -- after which they can
decrypt the SSL traffic.

~~~
JoshTriplett
Not necessarily possible even with the private keys. If you use an SSL cipher
with ephemeral keys, such as the DHE_* or ECDHE_* family of ciphers, then an
eavesdropper with a recorded but not MITMed conversation cannot decrypt it
even with the server's private SSL key.

See [http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-
se...](http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html)
for example.

~~~
thrownaway2424
Which of course they do not. Google uses ECDHE_RSA. DDG uses RSA. ixquick,
"the world's most private search engine", uses RSA. Bing does not even offer
https.

~~~
jonknee
Google does pin their keys in Chrome though, so they know if there is a MITM
(and they have, Chrome's certificate pinning led to DigiNotar's downfall).
It's a non-scalable hack, but definitely a good one for the largest search
engine and a leading email provider to be able to provide.

------
Kiro
I hope people are aware of the fact that DDG does not have its own index and
is using Bing under the hood.

~~~
m-r-a-m
"DuckDuckGo gets its results from over one hundred sources, including
DuckDuckBot (our own crawler), crowd-sourced sites (like Wikipedia, which are
stored in our own index), Yahoo! (through BOSS), WolframAlpha, Bing, and
Yandex." [1]

[1]
[http://help.duckduckgo.com/customer/portal/articles/216399-s...](http://help.duckduckgo.com/customer/portal/articles/216399-sources)

~~~
dnda
For some reason they never say what percentage of (unique)queries are answered
by which source though...

~~~
crazedpsyc
Because it varies widely :). It is entirely based on your query -- whichever
source is detected as best for that type of query (i.e. Yandex is better at
handling symbols, Bing's advanced syntax is better [mostly]), and of course it
changes over time as rules are tweaked and added.

------
Amarandei
Too bad the actual search results are not relevant at all. I tried searching
for something and I switched back to Google in the end.

~~~
dotmanish
For the searches that don't bring relevant results, I choose the "Give
Feedback" option and report Bad Results. Then I add "!g" to the search and
continue.

~~~
hobs
I will try that out, but just like the parent, I really struggle using DDG
because it truly is not returning the results I am looking for.

------
api
I've been using it. It's a pretty decent search engine, but doesn't do quite
as good a job as Google at prioritizing "canonical" content and finding the
right entry points to things. Sometimes it'll land you deep in a relevant site
but not at the front page, for example.

I have found one area that it seems to _sometimes_ outshine Google: finding
really obscure stuff. Google seems to be biased so hard toward more
popular/stable/canonical content that it sometimes seems to overlook things
when you really are looking for something weird, or a needle in a haystack.
Try using DuckDuckGo to find some ultra-obscure reference.

This is interesting as Google's index is almost certainly much larger... so
it's got to be a PageRank artifact.

~~~
bad_user
Google also customizes content for individuals, according to their location
and search history at least. DuckDuckGo doesn't.

------
ctide
I actually switched to DuckDuckGo because the Chrome team decided to make
using a Google a worse experience than using any other search engine in the
latest beta client.

[https://code.google.com/p/chromium/issues/detail?id=230607](https://code.google.com/p/chromium/issues/detail?id=230607)

Unfortunately, DuckDuckGo results are way worse than Google from what I can
tell so I still end up frequently going back and searching Google for things
:(

~~~
llamataboot
You can search from DDG by appending !g to your search

------
nhangen
Really wanted to like DDG, and went as far as changing default SE for Chrome
this week, but I couldn't hack it for more than a few days. The results page
is very difficult on the eyes, and the design hierarchy is very rough. Google
is just light years ahead. I'm going back to Google with Incognito and AdBlock
for now.

~~~
myko
Are incognito and AdBlock meant to protect against PRISM? I don't quite
understand what the point is. Why not just log out if you're still using
Google anyway?

~~~
nhangen
Incognito and AdBlock might not protect against Prism, but they protect me
from other sites. Logging out is an option as well, which is something I'm
considering, though I doubt it matters much since they know me by IP and I use
Gmail.

------
hawkharris
At the end of the article the author insinuates that the Bing ad partnership
_might_ lend itself to tracking users or otherwise making the service less
secure and anonymous. Is that possible?

~~~
JimJames
IIRC it depends how the ads are routed. The ads could be piped through
duckduckgo so Bing only receives searches to return contextual ads for but has
no knowledge of the IPs for each search. Duckduckgo then embeds the ads in the
search page and returns it to the searcher, then forgets their IP.

On the other hand if there's just a bit of javascript on the search page that
says "Tell bing to put ads on this page using the search bar text" then bing
would be able to link the search to an IP and you lose your privacy.

~~~
Matt_Cutts
In the past I believe I've seen search ad links on DDG that included my IP
address in the URL.

~~~
throwaway10001
Nice, unsupported low blow to a competitor. Keep looking maybe you'll "find"
some with your credit card info and home address.

------
Zergy
I used GDG for a while and there is one feature that it doesn't have that
Google has that makes it very hard to convert. I can google "soap" and the
first result is
[http://en.wikipedia.org/wiki/SOAP](http://en.wikipedia.org/wiki/SOAP). If I
GDG "soap" the results are all about bars of soap.

Nothing I have tried even comes close to competing with Google Search trained
fror me when it comes to search relevance.

------
quattrofan
Am I missing something here but how does this help? Its still based in the US.

------
Meza
I tried using DDG a while ago. For most things it worked fine, but my biggest
(only real) issue with it came when searching for solutions to technical
problems.

For example, say I'm programming and I run into some obscure error message
generated by some 3rd party library. From what I remember, DDG (in general)
tended to require more fine tuning of the search query than Google in order to
find in order for me to find the information I was looking for.

Unfortunately I can't think of an example of the top of my head, as this was
awhile ago.

edit:

Another example: Say I remember an obscure forum post from months ago. Which
search engine is more likely to find it? DDG is great, but it still needs to
improve somewhat in these areas before I switch over to it entirely.

~~~
panacea
I use DDG, but whenever I have the sort of search intent you outline, I simply
append !g and search Google instead. It's also easier for me to use DDG and
append !gi to look at images, rather than run a Google search and then switch
to image search.

------
programminggeek
This is absolutely what happens when you find a successful long-play strategy
and position yourself right. DDG is probably never going to be as big as
Google, but it doesn't need to be. There is likely a growing group of people
that doesn't so much like the idea of Google tracking them down and using
their information for other things, or governments getting that information. A
small portion of a huge audience could likely be millions, certainly enough to
support a business, even if it's not a huge business.

~~~
telcodud
What's DDG's business model?

------
nsxwolf
I have a strange phobia. Even though I think I have an understanding of how
Google works, I have this (irrational?) belief that no matter what I do Google
can see it. That somehow, someway, even if I use DuckDuckGo, Google is aware
of it and tracking me anyway.

Sometimes I see an ad on the internet that seems relevant to a private, in
person conversation I had with someone, and that same "Google feeling" washes
over me.

~~~
embolism
That's not irrational at all - Google tracks almost everything you do on the
web via the Google analytics code and Adsense code that are on the web pages
you visit, not just via your searches.

~~~
cLeEOGPw
Don't forget the browser itself, if you use Chrome.

------
adamconroy
I love DuckDuckGo, but there is one problem, the search results are generally
poor. I have to revert to google very regularly to find what I want,
particularly for technical searches. I am going to persist, but at this stage
I am limiting it to things I don't want on my permanent record, like when I am
searching for things like 'herpes'.

------
mehmehshoe
Now if they would just offer free email....hint.

------
gesman
Brown cookie for the effort, but i have exactly 0% of hits coming from
duckduckgo to any of my sites.

It's good alternative search engine though as Google becoming increasingly
opinionated and rattled by inconsistent changes with never ending improvements
to their algorithms.

------
senthilnayagam
I changed my default search engine on safari to DDG, am I happy, no but
willing to give them a chance and also using other search sources(github) for
my purposes

~~~
craigching
On mobile safari you can't change the search engine (that I know of), so I've
switched to the Mercury browser which does allow me to use DDG. I'm actually
quite happy with Mercury, it's a snappy little browser with a good feature
set!

~~~
Revisor
You can change the search engine if you liberate/jailbreak your device.

