If your threat model includes actors within the US Federal Government (especially the intelligence community), run. Yesterday. That's a statement about our times, not about any particular company.
The solution ought to be browbeating the US Government for unethical practices, not browbeating a company that does privacy better than most, and not as well as would be necessary to stand toe-to-toe with some of the most powerful and far reaching organizations in the world.
> “By not storing any useful information, DuckDuckGo simply isn’t useful to these surveillance programs,” says Weinberg. “We literally do not store personally identifiable user data, so if the NSA were to get a hold of all our data, it would not be useful to them since it is all truly anonymous.”
DDG is "unfairly singled out" for good reason, namely that company representatives made an incorrect assertion. DDG is still useful for ongoing surveillance, as the article pondered:
> But what if DuckDuckGo provided a splitter-feed to the NSA? DuckDuckGo can claim without lying that they store no personal information, but that speaks nothing of a collaborating partner storing it.
Obviously, DDG isn't perfect. I'm not naive. But for me there's some value in trying not to succumb to Google's desire to have us all assimilate.
This is ridiculous. It makes no sense why the NSA or any other members of the US Intelligence Community would cause this sort of reputational damage and nationwide outrage to a company when they could simply walk up to them with one of those fancy national security letters with a built in gag order and take the information with much less of a fuss.
Other than that, I agree. Google should buy me a god damn drink if they really want to get to know me. :)
In the context of the history of the CIA and NSA it's standard procedure. And that's just the stuff we know about. Certainly Snowden taught us anything is possible, that they have no restraint.
On the other hand, politely asking an outfit like Equifax for (just about) ALL their data with no real reason would be out of character. Why bother? Why go on record?
It's pretty simple. Why would they get via hack? Answer: Because they can.
Snowden, a man who worked from home in Hawaii as an NSA contractor making over $200k a year with his smoking hot girlfriend, who suddenly decided he had a moral compass, was able to download tons of classified files over VPN to his laptops and run off to meet Greenwald et. al. to divulge all this information, then flee to Russia where he sends out anti-Russian tweets.
Meanwhile, nothing has happened. The NSA is still spying. PRISM seems to be something everyone has forgotten about (did it even exist? Most companies denied it). His evidence were all rededicated power point slides.
Question the narratives that are given to you.
If so, poor security contractors (and their apparently less appealing girlfriends) with our cynical assumptions.
Certainly Equifax has other data. Maybe they didn't get what they wanted? Maybe Equifax isn't being transparent? Maybe they don't know?
What do you think the NSA is doing with all that computing (and storage) power? Processing cat photos? :)
I'm not saying i think that's what happened. I'm saying there's a part of me that has good reason it it's possible it could be that. Crazy? Not more than some of things we know the intelligence community has done or tried to do.
We're being tracked. One click/visit at a time.
Not to mention they don't need to provide anything themselves. Unless DDG has their own cables to users homes, after DDG connect to the internet backbone and before the user connects to DDG, the various agencies have all kinds of opportunities to get their feeds. It surely isn't SSL that will prevent them.
If DDG isn't any better than maybe nobody is, so we might as well get used to the lack of privacy. Why switch if you're just going to get worse results, expend more energy, and not actually get increased privacy? You might just as well give up the struggle...
Fortunately, I'm not a conspiracy theorist,
Of course there are nutty conspiracy theories but there are nutty math and physics papers too. I feel like the blanket ridicule of any notion of conspiratorial action is meant to discourage any form of investigative journalism or deeper probing below the surface of the narrative.
Your hypothesis is reasonable and plausible.
If I were in a position of power, and I knew that DDG was more difficult to get user data from, then I'd absolutely find a way to have articles published like this. I imagine that disenfranchised people are less likely to seek alternatives and are more likely to resign themselves to being monitored. It also seems like it would be more politically acceptable as well as offering a layer for plausible deniability.
Were I in charge, and a nefarious actor, I'd be slipping stories like this into the media quite frequently. It's low cost, low risk, and probably has a good chance at success with at least some percentage of the population.
I'm not sure I have the lack of ethics required to really do such a job. I'd like to hope that I'd resign before I helped do those sorts of things.
Since this article I have, which was in the making for some time already, switched from Chrome to Firefox with duckduckgo as my main search engine. Added Disconnect and Ublock origin as well. And yes I realize it doesn't help against NSA tracking of a certian magnitude.
I meant to turn that into a standalone essay, too, but forgot about it. Thanks for the reminder.
I checked various dictionaries available online and all of them have a common definition like "a secret plan by a group to do something unlawful or harmful."
It's true, however, that they don't want to share it. It may even be true that they specifically don't want the NSA etc to steal it from them. And indeed, I recall an unofficial Google response to Snowden's leaks:
> Fuck these guys.
> I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces… But after spending all that time helping in my tiny way to protect Google -- one of the greatest things to arise from the internet -- seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.
So anyway, DDG arguably gives users some privacy from Google. But neither has a better claim to providing privacy from the NSA etc. Indeed, maybe it's Google that does, given their greater resources.
If you want more than that, use some mix of VPNs and Tor. Or if you're not feeling lucky, stay off the Internet ;)
According to the State of California Department of Justice , the last publicly acknowledged data breach from Google was March 9th, 2017. Before that it was August 10th, 2016, and before that March 29th, 2016.
Here's a quote from one of them:
"We recently learned that certain hotel reservations made for Google business travel were among the many reservations affected by a security incident impacting a third-party provider’s electronic reservation system that serves thousands of travel agencies and hotels. This did not
affect Google’s systems. However, this incident impacted one of the travel providers used by Googlers, Carlson Wagonlit Travel (CWT)."
Many users are paranoid about ToS and how companies (esp the big guys) make money either by learning your behaviors (search preference, sites you visited) or selling your data to a partner (Foursquare, although they claim to only sell location data which are anonymous). We have a blind-trust with service providers. We let service providers to collect everything about ourselves, but internally they can decide whether to discard "sensitive data" early on or not during data processing (but web logs would have the trace).
Has anyone every inspect the traffic, or reverse the API in <your wearable device> (e.g. Fitbit?) What about file sharing companies? Are they storing your data in a secure way and without reading what's in your file? What about sites that let you compare prices across multiple stores? What about medtech startups? What about when the company is acquired?
Because the giants are more eye-catching, we don't see the smaller guys; but we are willing to give away sensitive and private data to the smaller guys because? If the argument is "well the big guys should have known better and have more resources to do the right thing", then I argue that by 2017 the new startups are doing the right things (not making the same well-known security flaws for example). I have doubt; I doubt many achieve 50% of what is on the imaginary checklist. The claim "we build MVP" is the equivalent of the big guys saying "we know what we are doing, don't worry."
No, we don't know better. No, your MVP should be secure enough so users can trust you. I almost never try a newly launched service because I really don't want to be a lab rat. I am sorry if that sounds cynical, but I don't trust myself doing everything right. If you let me choose between a new file sharing startup vs others, I'd go with either Dropbox, Google Drive or OneDrive (FWIW, Google is replacing Drive with a new service). Why? Because if the big guy is compromised, well, shit, thousands or millions will be affected. The least cynical version is, well, they are too big to do stupid things (of course not true in reality).
Our biases create illusions.
I think it is less about who you should trust to do the right thing and more of how much you trust an individual group to be able and willing to maintain the security of the data they have.
That is to say: it is more about the ratio of <stored data>/<security of stored data> rather than either of those values.
Google stores more data than I personally trust anybody to be able to store. Largely because they make themselves a huge target.
Equifax is a great example of storing WAY too much data. Sure, their practices are to blame, but I'd argue that them storing half the information they do is better than doubling their security (whatever that means). This is due to the compounding effect of being a smaller target.
DDG at least claims to not store as much of that information.
> When was the last time Google leaked your data.
If Google has one major leak, does the historical quantity of leaks matter?
EDIT: more thoughts.
That Google has your search or email data and that they can always sell it, or that the NSA has a direct link to them, those are separate discussions.
I don't care about "NSA has decided to invest $10 million to make me personally miserable." At that point, they will simply fabricate the evidence they need.
If someone at the NSA wants to come after me, I simply want someone to actually have to sign a piece of paper--cut a check, file a warrant, send a human being, etc.--rather than just write a script in Python.
If someone in a bureaucracy has to sign their name and take responsibility, I'm fairly safe. Simply the possibility that something might cause political fallout will stop 99.9% of all such actions.
If you use Google Search and someone obtains access to the data they have on you, legally or illegally, they could end up obtaining many years of your browsing history. If you use DDG they have nothing, and the most they can do (as the article states) is start collecting your search habits from that point onward.
I don't want huge companies to amass giant archives of data about me. There are so many ways it can be abused by a multitude of actors. It's a selling point to me when a service retains little or no information, and if it needs to retain something, it requests limited permission in clear and simple terms.
What's left for the people who aren't criminals but don't like being spied on? PGP and keys that are exchanged physically, by hand?
If somebody can physically spy on the infrastructure cables that your traffic goes through, will SSL protect you? As written in the article -- no it will not, because the certificate can be obtained, even if it takes some time and strong-arm effort to do so. But when a country can order you to give up private keys and keep quiet about it, really, what can you do?
At this point, full decentralization, mesh networking and something times better than Tor encoded in 100% of the network code seems to be the only way out. Maybe a combination of IPFS and FreeNet, full packet-level encryption and keys that expire in 1 minute and are auto-generated for every transaction?
Furthermore, spies aren't stopped by social stigma. Even if the whole planet agrees in one voice wiretapping shouldn't be done (never gonna happen) the spies can always deny that they're spying. It's not like any of us can actually prove that any agency is indeed wiretapping.
Morality is, in the technical sense, optional. It cannot be enforced. Thus it's unreliable.
Not enough, in my opinion. Where most people will fail is on the opsec side. They just don't understand security best practices. I realize that not all problems can be solved, but technology is not just encryption, it's understanding how the technology works so you can avoid leaking information in the hundreds of other ways that are possible on the Internet.
Do you think people's data would be more secure at the border if
- You kernal-hacked iOS so that it booted into a vanilla account upon entry of a certain passcode, and encouraged people to install your hack from GitHub, potentially borking their phones
- People couldn't be compelled (or face being denied entry) to allow search of their electronic devices
What about trying to do everything via a VPN and spoofed UA strings vs. PII being banned from sale, heavily taxed, or a meaningful opt-out existing? Or even just DNT having a legal basis?
For HN readers. And probably in general.
As for your questions, I would definitely like to first use software which doesn't compromise my privacy and security and only as a very distant second have some bureaucrat who would maybe in the best case scenario fine a company which leaks my data.
The vote I cast by running a Tor relay is much more meaningful and valuable defence of privacy than a vote in the general elections. By orders of magnitude.
> The vote I cast by running a Tor relay is much more meaningful and valuable defence of privacy than a vote in the general elections.
I kind of agree, but, not if the new leader outlaws using Tor tomorrow, as they have in China and Iran, and are attempting to do in Russia and France.
> bureaucrat who would maybe in the best case scenario fine a company which leaks my data
You may be selling the power of legislation short. It has the power to entirely transform the default business model of the Internet away from surveillance capitalism, for example. In terms of privacy, this would eliminate entire classes of "threat".
We frequently under-estimate our power as technologists to influence these things; we have very much more than a single vote. The narrative of 'technology' in the media is almost entirely that of billionaires and spies, and the media are gradually starting to realize that they're being led along. Getting the voice of technologists to explain the societal impacts of technology policy is a problem that we need to identify with as group.
Ultimate Encryption Method has just been trivially bypassed.
Hence, the good crypto is really only the most basic first step. Full privacy should be the second and a very important step. Fine, I might have an account in <insert-trendy-social-network-here>. Fine, my real name is known there.
But there are plethora of cases where having a user profile and personally identifiable information is simply not necessary -- like web search. Even e-commerce like Amazon can be mostly anonymized: you can pay with an e-gold kind of currency (Bitcoin, Ethereum) and Amazon can only ask politely another API if the goods are deliverable to your address (while Amazon won't have an idea about your physical address). Then, even if that mystical-another-API has your physical address, at least it's not in the hands of Amazon -- fragmentation of personal info gives us a small degree of protection, even if Amazon can eventually procure the info under the table. Hey, every little bit helps. Make surveillance expensive and many will drop it (not everybody of course, I recognize that). Again, every little bit helps.
Of course, due to a mountain of vested interests, nobody is talking about such technical solutions. "They" want your info all over the net. It's easier for them, so why change anything? The current status quo is sadly very logical.
Back to your example, thugs will just be angrily gnawing at their nails if they have no idea who you are and where you live.
However, what we can do is make decentralized tech absolutely idiot-proof and put it in the hands of non-technical users. If it's convenient, fast and reliable, it will at least have an equal footing against the centralized services. Let's get to that point and fight the other battle you mentioned then.
Better software and newer generations that know how to use them will, however, come before anyone can make a government that respects his population.
Also, we all know about Intel ME, right? It's baffling how most people using PCs have hardware-level backdoor and the world hasn't lost its shit. It's a very sad epoch we live in. :(
A solution right now is to simply not get on the state adversaries' bad side, maybe. And utilize the blockchain for anonymity, I guess.
The thing is, there are absolutely no guarantees it's any better in other countries : the fact that NSA activities were revealed doesn't mean other countries don't do as bad.
It's probably still a good idea to segments services across countries, though, so that it's not a single country who have access to all data.
I was thinking something else, lately (and it was really weird to me, since I'm a webdev): why do we need webapps for everything? Maybe we wouldn't have so many problems if we weren't centralizing so much data. There are probably many apps for which native apps and p2p would do.
(1) Business who are familiar with web tech and for them it's simply good business to not invest in entirely new (for the dev teams in there) stacks and data formats.
(2) Political pressure -- we know that NSA successfully pushed a broken crypto once in the past, so it's not a stretch to theorize that influential people were whispering in the right ears at the right time.
Even though #2 is just as likely as #1, please note that I think #2 probably happened much, much less than #1. We should never attribute to malice that which can be attributed to incompetence and short-sightedness.
There are several very good candidates for data formats out there which are much more efficient than JSON. Adoption is seldom an issue; if one corporation pushes for the format, it's a matter of several months at the most before that format becomes widely supported. Replacing JS might be much harder but efforts continue even today.
It seems like we'll have to wait for users to complain more about privacy issues before the effort is worth it, from a business point of view.
The alternative, of course, being to find a way to make native apps as easy. Nothing prevent us to make updates automatically apply (many apps do that, actually). Applications can run in some sort of VM/container so environment is controlled. And regarding distributed databases, we already have a good idea of what it could look like with blockchains, even if it would obviously be way better to build something with databases in mind from the start. For example, servers could be used for people to register to a service and be added to groups. Then, clients contact servers to get a list of peers, and then they sync their group database by executing transactions (somehow like migrations).
So feel free to build a company in Sweden, but the US is actually legally permitted to wiretap the crap out of it.
Example: make a strong standardized crypto (I still have to workaround API requests to several servers and hardcode TLS v1.2 as a requirement which is not okay!), then work on making a Tor-like net tech, then integrate the blockchain in the picture so anonymity is stronger, then probably put all that in mesh networking, etc. etc. The current internet is broken, many of us know it.
I am not an expert so my example might be naive and stupid -- but recently I am very interested in the area and I'd contribute. After I educate myself first, though.
With Searx, you still need the regular search engines. I suspect that your traffic can still be identified, say through timing requests or from piecing together behavioral data. I haven't really dug that deep to investigate the risks.
I will give it a shot tomorrow, just to try it out. I've seen it in passing but you're the first person I've seen, in the wild, that uses it. I'll give it a test run.
Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business.
We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.
There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.
He created that blog account just to write that article and it's the only one up there. Stuff like this makes me wonder what motivates some people.
DDG could achieve the same result by simply providing an alternate URL, something like /lite2 in addition to /lite.
Whether DDG saves this data I have no idea. But one has to wonder why, if privacy is a goal, DDG is collecting it to begin with.
For example, browser settings already allow the user to control HTTP Referer headers, assuming queries were submitted using GET. The user can change the settings in the browser so that no referer is sent, or to send a custom referer of her choosing.
Another example is if DDG accepted queries via POST method in addition to GET. No search terms would be leaked in the URL or in any HTTP referer.
* We don't track result clicks. URLs are no longer prefixed with a DDG URL by default except for old browsers (although this is controllable in the settings: https://duckduckgo.com/settings#privacy ), but even if this is in effect we don't store which sites users visit. We started stripping search queries in referrer headers in 2010 and you're right, current web standards make it possible to do this without us having to redirect through our own servers.
* Cookies are used to store settings but if users prefer to block them, preferences can still be "saved" by using URL parameters, listed here: https://duckduckgo.com/params
These can be used either to form a local bookmark/start page or anonymously in the cloud with a password only (no username or other data).
> But one has to wonder why, if privacy is a goal, DDG is collecting it to begin with.
Doing so does carry quite a bit of political risk. There have been quite a few lawsuits from EFF and ACLU in regard to do so, and as the comment from CEO of Duck Duck Go says in the comment thread, all existing cases has been about turning over records. Going the extra step of compelling people to install hardware and keeping the operation going would be a further step.
I doubt ddg is currently worth the political risk. There is likely much easier targets to attack first in order to get 100% of the worlds search data.
*down votes? Explanation?
I know if I was a three letter agency, I'd start a "secure" service like DDG myself as kind of a honeypot.
Not that I'm saying that such an agency is actually behind DDG -- I have no way of knowing. But I would be very surprised if a large number of services promising "security" and "privacy" weren't run by such agencies or their agents.
That's why I believe that frequent, independent third-party auditing (by multiple trusted groups like the EFF) would be necessary to gain any kind of confidence in such services. Even then, it'll be no guarantee that they're not compromised, but it would just make such compromise significantly more difficult and less likely to be effective.
Independent third-party auditing is useful. There is the occasional fund raising for auditing of software (Truecrypt comes in mind), but I don't recall hearing one about search engines.
How many new search engines were focusing on privacy and security as their main differentiator from the competition?
I know of only one: DDG
That list is long and show that there has been quite a few people have tried to get momentum in the search engine space. Would be interesting if anyone did a meta study to see how many uses the words "security" and "privacy" as marketing to gain users.
I think we should also include open source search engines and p2p, since if NSA developed them they could build backdoors in them. Most of them seems to have "privacy and security" as explicit goals.
Far more viable to let someone else take those risks, then provide a compelling case for them to assist you in your inquries and/or interests.
You don't need to do anything like that. DDG doesn't crawl the web itself, it uses API providers like Bing (Microsoft/NSA) and Yandex (Russian/FSB). They're legally required to disclose that on their site.
It's possible to identify people solely through anonymised credit card transactions so doing the same for search results is pretty much the same.
DDG isn't private, it just gives the illusion of privacy, same as TOR. That said though if you're a high profile target then there's much more direct means to track what you're searching.
If I can go to a search engine that doesn't sell the fact of possible financial problems to whatever loan shark is willing to pay the most to get to me, I see that as a win.
Audit reports? How trustworthy are they if Symantec was able to provide good reports for such a long time for their certificate issuance when things were clearly not ok.
However it never made sense to me why people would use those DDG bangs.
I mean privacy is the main selling point, so why in the world would you send the searches you make on other websites to DDG, when the browser is perfectly capable of being configured for "search keywords".
In Firefox, go to amazon.com (or any website you want), right click on their search bar and select "Add a Keyword for this search...". Add "!a" or whatever you want. There, you've got your own bangs.
DDG is consistent across hosts / browsers / OSes.
DDG maintain (and fix) the bang searches as they break (which ... happens).
I appreciate being able to !bang away in my Android browser(s) navbars. There are other options. Surfraw (a Linux CLI utility) is an example, though my problem is that 1) I can't remember the aliases and 2) they interfere with other commands I use (there are ... a lot of surfraw elvi).
No one made such claim, not even the Tor Project themselves.
> and there are several ways in which one could connect traffic at some endpoint with a user at a specific IP.
DDG traffic is e2e encrypted especially if you use their onion service since it wont use exit nodes, the best they can know is that someone did some unknown search on DDG.
> Do not rely on Tor if you really want anonymity.
Tor is the best solution low-latency anonymity system currently.
That is an extremely dangerous statement to make and one I do not agree with.
Keep in mind that:
- you will have to trust that a large chunk of the nodes is not in the hands of someone that you count as your enemy
- that even if your enemy is not in charge of a substantial part of the network they may still be monitoring entry and egress and that that alone can be enough to figure out who is talking to who
- that any data present at egress that can be intercepted might still reveal who you are
So no, Tor is not 100% secure and it is very well possible that even if you use Tor your identity will be connected with some activity or even all of your activity while using the network.
Not to mention, you conspicuously avoid comparing degrees of anonymity. Obviously TOR is better than SSL, which doesn't provide any anonymity.
Why not run your own guard node or even an obfuscated brige and then connect to it? That way you can make sure that no one will do traffic correlation (except, of course, a global adversary) since that would require controlling both the guard node and the exit used in the circuit (which changes every 10min, and in the Tor Browser you get a new circuit for each website).
> that even if your enemy is not in charge of a substantial part of the network they may still be monitoring entry and egress and that that alone can be enough to figure out who is talking to who
That's not possible in practice, quoting from the Tor Browser design documentation :
> In the case of this attack, the key factors that increase the classification complexity (and thus hinder a real world adversary who attempts this attack) are large numbers of dynamically generated pages, partially cached content, and also the non-web activity of the entire Tor network. This yields an effective number of "web pages" many orders of magnitude larger than even Panchenko's "Open World" scenario, which suffered continuous near-constant decline in the true positive rate as the "Open World" size grew (see figure 4). This large level of classification complexity is further confounded by a noisy and low resolution featureset - one which is also relatively easy for the defender to manipulate at low cost.
> To make matters worse for a real-world adversary, the ocean of Tor Internet activity (at least, when compared to a lab setting) makes it a certainty that an adversary attempting examine large amounts of Tor traffic will ultimately be overwhelmed by false positives (even after making heavy tradeoffs on the ROC curve to minimize false positives to below 0.01%). This problem is known in the IDS literature as the Base Rate Fallacy, and it is the primary reason that anomaly and activity classification-based IDS and antivirus systems have failed to materialize in the marketplace (despite early success in academic literature).
> Still, we do not believe that these issues are enough to dismiss the attack outright. But we do believe these factors make it both worthwhile and effective to deploy light-weight defenses that reduce the accuracy of this attack by further contributing noise to hinder successful feature extraction.
And just recently netflow padding has been added to Tor 0.3.1.x.
> So no, Tor is not 100% secure and it is very well possible that even if you use Tor your identity will be connected with some activity or even all of your activity while using the network.
That still doesn't disprove the fact that Tor is the best low-latency anonymity system and that not using Tor is much much worse than using it.
 : https://www.torproject.org/projects/torbrowser/design/
 : https://bugs.torproject.org/16861
Many people seeking enhanced privacy from DuckDuckGo are seeking privacy from Google, not from state actors. For that, you'd need additional measures like Tor, for which DuckDuckGo provides a convenient .onion service. Even if DDG is secretly tracking all our searches, they have less data to correlate it with.
My current privacy complaint on DuckDuckGo, combined with browser search UI issues (looking at you, Chrome) is over the !bangs. If you're doing "!w [sensitive topic]" instead of tabbing to Wikipedia search in your browser and searching that way, you're risking DDG or anyone who's compromised DDG seeing your Wikipedia searches, when the search should go straight to Wikipedia, Twitter, Stack Overflow, and so on.
For non js. There are of course other vectors and many not even search engine dependent.
(Disclaimer: DDG staff)
(Perhaps I am a robot?)
Fat protocols should marshal the true web 2.0 along with DAOs.
What if your threat model is a nation state? What's the proper way to ensure your privacy that does not require abstaining from the internet? Is a high degree of privacy even possible?
I'm more worried about privacy from private interests. The issue is what the governments do with data, and if the government let private parties access it, and where do you draw the line between the government having right to access, and companies being allowed to access it, because you will often have situations where things are not clear.
To be honest I will always have a problem with the whole privacy/surveillance debate, because there are things the government should know, but only because it is the government. Private companies are now being able to track people and have the same kind of data the government has.
So there is a big nuance, and it is often shut out by the outrage, which frankly comes from a libertarian agenda, which I have a problem with.
I search from my own 1GB database; It covers 80% of my needs;