Hacker News new | past | comments | ask | show | jobs | submit login

For the team here at DuckDuckGo, we were excited not only to hit 14M searches in a single day but to also cross the threshold of 10B total private searches served. Of which 4B were from last year alone.

We wrote a post covering it in our newly launched blog: https://spreadprivacy.com/10-billion-fc7808c91343

It is always an amazing and humbling moment when we hit a new milestone in our metrics. Our team is so incredibly passionate about what we do. To have people from all over the world rally around this concept of raising the standard of trust online and build this product is one thing. But, for users to endorse that mission at such a growing pace and to share us with their friends and family -- it lets us know we're truly making a difference for people who want to be more private online, and that is incredibly rewarding.

So thank you, to all of you who search with us, all of you who know privacy matters, and all of you who work along side us to show that privacy is not a fringe interest but something we can all have!

DDG is a great success story, I wish the whole team the best.

I wonder how an exit will play out though. A big factor with DDG is user trust - that seems to limit the list potential buyers to the few that could credibly maintain that trust.

Then there is the IPO route, but that has it's own challenges. You could argue that up until now DDG has had no competition because Google doesn't think it's worth raising its hand to swat a fly. But there is no flying under the radar after an IPO. What if Google promoted a new "no track" feature which matched DDGs benefits without having to do dumb things like append query arguments, modify location, and run plugins?

You might say Google would never give up this much tracking control, but there are two caveats. First, if it's just an option buried in settings there will be limited uptake yet DDG's ability to claim differentiation would be nullified. Secondly, as DDG itself says, search can still be a great business without having to track people.

If I were lucky enough to be in DDGs position I would push for a Microsoft acquisition. MS has kept enough promises in recent years that they just may be able provide DDG users enough guarantees to maintain the trust. People have mentioned Apple but that seems like a lower probability for a variety of reasons. An MS deal would avoid the massive hassle of an IPO and enough resources to chip away at Google indefinitely without being pressured into short term decisions.

For now I'm just glad DDG is here trying to do some good.

Why would DuckDuckGo need to exit? Are they losing money?

Money can corrupt, but so can poverty.

There is a financial sweet spot where the contributors to DuckDuckGo are fat and happy and there aren't greedy investors wanting to monetize all that trust.

Google has already occupied the greedy investor niche. DDG has carved out a niche where, I fear, the greatest threat is a lack of money for the people building and maintaining DDG. If they feel underappreciated, they may start to monetize that trust. The DDG team should be rewarded for their hard work.

No concern here. While we don't disclose the figure our CEO has publicly noted that we are indeed profitable:


A quick Google search indicates that they've taken on ~$3M in funding. Depending on their revenues & expenses, that may mean that their investors aren't clamoring for quick returns. But at some point most investors do want to see a ROI/exit.

Not if it's a vanity investment (I don't know if there's a better term for it). If some VCs know that their fund will ride on one or two unicorns (or network effects like in YC's case) and that the rest of the investments will fail or barrly return 1-5x, once it's clear what the unicorn is there's a little room for investments that aren't expected to have a financial ROI. Perhaps the investment gets the investors a foot in the door for future ventures by the team or into a field where they might not have deal flow, or they might just want the extra "street cred" and publicity. YC regularly gives slots with funding to nonprofits now, which by definition can't have a financial ROI.

Because they've taken VC money. Usually, even if a business becomes profitable investors do not want to wait out a long term approach or be involved in a "lifestyle" business.

we (USV) are the VCs who invested in DDG. we are very patient. and are happy to wait and see where this goes. this was a very small investment for us so there is no pressure on them from us.

Great to hear. Just shows not all money is equal. People remember these things.

What promises has Microsoft kept that would make me consider trusting privacy to them? A sale to Microsoft would mean the decision to use duckduckgo would rely solely on search performance, and as much as I love bangs it's not a better search engine.

No big company is perfect, so trust is a relative judgement. It's also somewhat based on values, so we may think have different opinions. For example, I would trust MS more than Oracle, or one of the big cable companies.

Why? When has Microsoft ever done anything that gives you the impression they respect your privacy?

From a privacy point of view, it would be awesome if you stabilise the NoJS version of your search page: https://duckduckgo.com/html/

* The above landing page doesn't work (typing a query and pressing enter returns me back to the same page).

* Even if I manually enter a search URL like this https://duckduckgo.com/html/?q=test it doesn't fully work (page navigation and requerying is broken).

Interesting, it works fine for me. What browser are you using?

Chromium with uMatrix installed. (exact versions irrelevant, because it hasn't been working for me since atleast 2 years)

Like MaxLeiter, this page works normally for me, so I thought I would do a bit of testing. I know this is a plain HTML version of DDG and no AJAX is involved, but bear with me, I want to illustrate a point.

From the browser console, the origin is that of the web page you're currently viewing, so you're free from CORS concerns.

So, from my browser console in Chrome 56, with duckduckgo.com/html/ open in the browser tab, I should be able to do this without any trouble:

    fetch(window.location, {
      method: 'POST', 
      body: 'q=testddg'
    .then(result => {
      .then(text => { 
        document.documentElement.innerHTML = 
          new DOMParser()
            .parseFromString(text, 'text/html')

But, surprise surprise, it doesn't work. There's no change in the document, where I'd obviously expect to see the search results page loaded, because the response was the home page -- as it is in your case, when you try to search for stuff.

So I tried to make a POST request without a body instead, appending the query parameter to the URL as one would with a GET request:

    fetch(window.location + '?q=testddg', {
      method: 'POST'
    .then(result => {
      .then(text => { 
        document.documentElement.innerHTML = 
          new DOMParser()
            .parseFromString(text, 'text/html')

This worked perfectly, all the search results were loaded. Works as a plain GET request too. So what we seem to be able to surmise is that posting a request body causes the search to be rejected...

But that's absurd! The native submit behaviour of a form with method 'POST' necessarily sends a POST request with a body, the body can be of multiple types, specified by the enctype attribute, default being x-www-form-urlencoded, which mimics a GET request.

In my browser's dev tools, I checked the request in the networking panel. The fetch requests were all there, but they differed from the native requests in an important way: the body was called 'Form data' in native requests, where in fetches it appeared as 'Request payload'.

The latter is obviously not going to be identified by DDG or any website as form data to parse, so I tried fetching with the correct content-type header explicitly set:

    fetch(window.location, {
      method: 'POST', 
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      body: 'q=testddg'
    .then(result => {
      .then(text => { 
        document.documentElement.innerHTML = 
          new DOMParser()
            .parseFromString(text, 'text/html')
Boom, worked perfectly, just as we'd expect.

So what was the point of this? We haven't really learned much, because handling form submissions via AJAX always requires such considerations, and that's irrelevant here anyway because the web page in question does not use AJAX, it's a plain HTML version of the site!

What we have determined is that there's most probably nothing wrong with their web page and the problem is more likely to be originating from your side.

I get the feeling that your browser is, for some reason, not applying the correct default enctype for the DDG/html form or uMatrix is interrupting the request and re-sending the request as a generic POST without the explicit content-type.

I've been unable to reproduce the bug on my machine. Do you use any other browser extensions? Does the site work in other browsers you may have?

Nope, there are no other browser extensions. Just Chromium with uMatrix.

Here's the complete request/response data in HAR format: https://gist.github.com/hrj/f538ed3e67636c94934e221efe67b323

(Note that the UA string is being spoofed by uMatrix, but I don't think that's relevant. I tried disabling the UA spoofing with the same result.)

Thank you for a great search engine! I swapped from Google as a default search to your guys' engine just shy of a year ago and haven't looked back. Keep up the great work :)

A thousand times this. Initially I wasn't a fan if I'm perfectly honest, but once I got my head around such brilliant things as the bang syntax I've been finding Google almost awkward to use by comparison. Being able to search Wikipedia with !w is brilliant.

This is built into most browsers--you don't need to forward the query through a third party.

For the curious, that's what the search "keyword" is for. Over time, Firefox has made it harder to add new search engines and find/modify their settings, but it definitely still works.

I use DDG Lite with Dillo, a fast non-Javascript GUI browser, but lately (I'd say since the first week of January, according to this message [1] in Dillo's mailing list), I'm unable to visit the search results using Dillo's native search box.

Instead of sending me to example.com, DDG redirects to a weird constructed address [2]). If I go to duckduckgo.com/lite and search there, it works fine. Any ideas? What would be the best (eh, sorry) place to post this?

Of course, thanks for your great work, and bangs are amazing!

[1] http://lists.dillo.org/pipermail/dillo-dev/2017-January/0110...

[2] https://duckduckgo.com/l/?kh=-1&uddg=http%3A%2F%2Fexample.co...

This is to stop your HTTP referrer leaking your search terms: "DuckDuckGo prevents search leakage by default. Instead, when you click on a link on our site, we route (redirect) that request in such a way so that it does not send your search terms to other sites. The other sites will still know that you visited them, but they will not know what search you entered beforehand." https://duckduckgo.com/privacy

Did you consider changing the domain name?

This is the biggest turn off for me for the service. I use it, because I like it, but I really don't like the name.

I've been using DuckDuckGo for the past year and love it. But this also gets me. I've been trying to evangelize with my colleagues and friends and the whole duck thing makes it hard for them to take seriously. One friend said the logo reminded them of Aflac.

And then all of a sudden we're talking about a duck instead of why private search is important.

If you use it, and like it, why does the name matter anymore? Is it an embarrassment thing?

Google is basically a verb at this point. It's hard to tell people to DuckDuckGo it.

GoDuck might be interesting. "GoDuck it."

You could return to the neutral non-branded term of 'search' it.

Even better: You can work an making "google" a generic term for searching – "I'm googling it on DuckDuckGo" – which increases awareness of other search engines and decreases the association of the common activity "googling" with the company "Google".

I believe the idea is to be more of a guerrilla evangelist for DDG, but the brand name makes that hard.

It's just too much to type.

I think it's been several years since I've actually visited duckduckgo.com. Modern browsers make it really easy to set DDG to your default search engine.

People often want to try it for a while before to set it as default. Same happened to me when I changed my default browser. All being said I think a rebranding would make it more competitive.

Yeah but I often use other computers. I often thought about having a shorter name under elinks for instance.

There's always https://ddg.co or https://ddg.gg


Nah just bugs me. Like you wouldn't drive a DuckDuckGo mobile right?

Have you tried ddg.gg ?


oh! nifty shortcut, thanks =)

Pretty much the only time I switch away from your search engine is when I want to extend the time constraint to "Past Year", if you fix that you should increase your total searches this next year by at least 200... http://i.imgur.com/0O15hJV.png

We love DDG, and use them for search on our site because privacy and DNT are so important to us.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact