

Privacy, Search Engines, and Government Monitoring - greglindahl
https://blog.blekko.com/2013/06/17/privacy-search-engines-and-government-monitoring/

======
jtome
The article says that privacy by design but then goes on to list examples of
privacy by policy: \- "Don’t track anyone’s search histories" This can simply
be changed by changing you policy and _deciding_ to start tracking it \- "Be
careful that anonymized data really is anonymized, and is minimized to provide
the most benefit with the least data." A bad actor can always save a non-
anonymized copy for "law enforcement" purposes \- "Keep nothing if users
select the “Do not track” option in their browser." Again more privacy policy,
since it relies on you not changing your mind about DNT

A real example of privacy by design is duckduckgo's hidden service since it
cannot, by nature, know who is using it.

I found most of the courses of action suggested by the article to be privacy
by policy, which is laudable but it aint privacy by design.

~~~
greglindahl
The design part is that when bad guys or government agents show up to collect
historical data, it isn't there.

I agree that for even better privacy, i.e. to protect against us being ordered
to keep data in the future, you should search via Tor, reject cookies, etc
etc.

~~~
jtome
well first i think you should be commended on having these policies and I
think that this is the best you can get with a website. However an adversary
can force you to change these policies. While an adversary can also force a
developer of a free software project (private by design) to put in some kind
ofof backdoor, in theory the target will be able to avoid this by reviewing
the patches made to a project, in practoce I imagine a single target could be
compromised by this backdoor, but i imagine it would soon be discovered. This
is the key difference

------
greglindahl
I'm really curious what the HN community thinks about Privacy by Design, and
also the tradeoff between keeping all of the exact data on all your users'
behavior vs. keeping summary data that obscures most of the details while
getting most of the benefit.

~~~
contingencies
Hey Greg, we met a few years back in SF. Two [edit: three] small bits of
feedback: I would suggest that you consider browsing without JavaScript (I
guess a relatively huge segment of your audience, re: privacy concerns?) and
also have obvious contact details or info about Blekko itself visually
accessible from the main page. A ~live sparklinesque graph of search volumes
or other upward metrics might also appeal and provide free marketing. [Third
point: your default/suggested searches are culturally insensitive. How about
putting in some consulted time for topic recommendations for non-US
countries?] PS. Congrats on the recent round of investment!

~~~
greglindahl
We are adding contact & privacy policy info to the homepage footer today, and
non-US countries should be getting different, much less US-centric topic
recommendations -- in both cases I was the guy that insisted that we do it
that way! :-)

