Referrers are a part of the way the web has worked since before Google existed. They're a browser-level feature more than something related to specific websites. But if referrers bother you, just use the SSL version of Google to prevent referrers from being sent to http sites (or change your browser not to send referrers at all).
The corresponding sentence even for a website that strips referrers would be "When you search on domain X, and click on a link, your browser & computer info is sent to that site, which can often uniquely identify you."
Read more carefully in that light, the first sentence is really saying that third-party sites that you land on after searching or visiting a domain can track you. That's independent of whether you came from Google or any other search engine, of course.
By getting rid of that header I think we take away a lot of private context, i.e. the actual search terms that landed you on that page, which in and of themselves can provide a lot of background into what was personally going on with that person on that page.
So yes, the first sentence is all about the referrer header. And yes, it is just one piece of the privacy puzzle, but it is one that I think can certainly be solved. It is also a piece I feel the average person knows nothing about.
Here's the original post when I made the change to make searches externally anonymous: http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-sea...
I don't begrudge you trying to make privacy a selling point for DDG, but donttrack.us felt like trying to paint Google with a pretty broad brush. Honestly, it reminded me of when Privacy International decided to give Google a worse privacy rating than any other company. Here's how I responded to Privacy International at the time: http://www.mattcutts.com/blog/privacy-international-loses-al...
The fact is that Google has a good history of supporting privacy, from fighting overly broad subpoenas from the DOJ to SSL Search to creating a browser plugin to opt out of personalized advertising: http://www.google.com/ads/preferences/plugin/pluginfaq.html .
Personally, as you can gather, I don't think SSL search is enough (or browser plugins). The average person doesn't know it exists and so it essentially doesn't "exist" for most people. If you made it the default, or did something like what we did by dropping the referrer header, I think it becomes moot (at least the first sentence).
I'm really not trying to say Google is all bad or anything. In fact, I use a lot of Google services myself, e.g. Gmail. And I know you take privacy very seriously. However, the ad networks and other aggregators are starting to do some pretty scary stuff, and so I think you need to do more faster to catch up, or stay ahead of them in the privacy arena.
Is there any evidence to suggest the average person really cares about privacy online to such an extent?
The evidence is that the masses don't care. They just want stuff that works and solves problems for them. Is it open source? Why would anyone (apart from a geek) care?
The reason why the masses don't care is because they don't know why kind of havoc this sort of lack of privacy can cause. I for one am glad someone is educating the layman in an accessible and non-condescending way.
Also afaik health insurance is mainly a US phenomenon thank god.
There are lots of ways this could play out. If you go to the site and register (increasingly likely), they might be able to detect you individually. Secondly, providers are starting to line up data by email address and other personal facts, so they may be able to match you like that. But even if they aren't absolutely sure it is you, they can still use the information to put you in different initial pools that could be used, for example, to ask you more specific follow-up questions that then put you in different risk pools.
If you're endlessly searching for cancer cures, perhaps they should be aware of that.
Of course the solution is the US is universal health care for all. But that's never going to happen.
Same goes for free software: more casual users (probably) would use more free software if they knew about it. And the bit about it just working is mostly FUD.
"90% of respondents said they pay little or no attention to online ads."
eg the respondents are in no way a representative sample.
It also sounds like an entirely loaded poll - eg "Would you like more ability to opt out of online tracking".... "um... yes? I guess".
There's so much FUD around the issue - "should advertising networks be allowed to target products to you based on tracking". The term 'tracking' sounds bad. It sounds like they are monitoring everything you do, when in fact they're just storing a cookie and noticing which other sites you visit that also carry ads from the same network.
But more generally, I don't know if there is any poll that would satisfy you. I've been watching you make these comments for years :).
I think generally though, a very very vocal minority make a ton of noise about privacy.
Look at adblock. If you were a newcomer to the net and just read comments here or at reddit, you'd assume everyone uses it. But the figure is more like 1 or 2% at most have adblock or similar installed.
There's this big elitist movement that supposes that only idiots click on adverts, that they only click because they're confused, that adverts are all bad and irritating. But there's no real evidence to back that up.
Nearly everyone clicks on adverts. Nearly everyone buys stuff as a result. Consumers find stuff via adverts, Sellers sell stuff via adverts. They work.
I appreciate what you're trying to do though, and hope it does pay off for you, the time is right for some google competition.
I'd be satisfied I'm wrong if adblock usage jumped to 50%+ or if more than a few thousand people used Tor or whatever the usual figure is (extremely low).
My observation is that more than 90% computer users don't have a clue. They don't know how computers work, what they store, and what they send. I've even seen computer engineering students that don't know that Gmail does semantic analysis on their e-mail, despite the presence of targeted ads and a very good spam filter.
Now, of the 10% who do have a clue, most don't know the exact nature of each threat to their privacy. They just know they are being watched by Big Profitable Companies that sell each other their data. They don't always know that they can protect themselves from some of those threats, let alone how. Even when they do, it requires some effort up-front, and the benefits tend to be long-term and invisible.
Therefore, the extremely low percentage of people who use adblock, noscript, Tor or whatever isn't the result of most people doing a rational cost-benefit evaluation based on informed opinions about privacy on the internet. Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor.
My comment isn't that people have an informed opinion about privacy, more that it's a moot point to them. It's like asking them their opinion on a new fuel injection component.
Users rightly assume that their personal details will be kept securely by any website they give them to.
> " Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor"
When I install/fix a machine, I always load Firefox with adblock plus due to the amount of harassing nasty ads. Being the location where I do the majority of my business, they are almost exclusively on dialup, so even a 100kb image add is literally 25 seconds extra load time.
Now, am I anti-capitalist? Not quite. I agree that someone doing work for money (be it a sole proprietor or company) has a right to 'hang their shingle'. I most certainly do. However, when I look at content, I do not want myself distracted from material that has no bearing on what I am looking at.
And yes, I full well understand that ad-click and purchase is what increases revenue for content based websites. I also know, from the many articles here, that google is THE player in this sphere, along with their multitude of complaints.
I also, control my network connection from my side. I also control my CPU, what resides in ram, what lands on my screen, and what I choose to not display. As I look at it, we have dealt with nearing 15 years of increasingly hostile ads. I'm only reacting in kind by being hostile to them. And I attribute banners and such like the 'last minute' sale grocery stores attempt by putting candy in the checkout lane.
Yes, I do know that my viewpoint is a minority. But I also recommend goods and services to others. So, yeah, don't abuse us and we'll pass on the sales.
Just to play devil's advocate, but wouldn't targetted ads be more preferable then, since they WOULD have a bearing on what you're looking at?
99% of the time im on the internet, I am NOT going to buy stuff. I'm going to forums that I attend, getting email, working to help that ubuntu works better (by bug reports and fixes), and researching on more stuff that I can do in IT
And as we all know, there are absolutely no adverts to do with that.
Most people (in North America anyway) don't appear to care much about their health, either... that is, until they are diagnosed with cancer or suffer a heart attack.
I will point out that there is nothing wrong with that. Google is not for those with strong privacy requirements, just as all popular operating systems are not for those with strong security requirements. Google falls at one point on the privacy/usability continuum and DDG falls at another point. But as far as the article being unfair to Google goes, I'll have to disagree. You are identifiable with Google's data and that's a reality.
When Google switched to AJAX-based search, that temporarily stopped sending referrers, and lots of people screamed bloody murder. For example, http://getclicky.com/blog/150/googles-new-ajax-powered-searc... said "So what can we do about it? If you run a blog, write about this. Submit this story or your own story to large tech blogs like TechCrunch, CenterNetworks, ReadWriteWeb, GigaOm, etc - no large site has written about this yet, and one of them needs to. ... Do anything you can to spread the word and let Google know that this is not acceptable."
Or see http://www.seobook.com/Ad-Networks-Partners-Hoarding-Publish... or http://econsultancy.com/us/blog/3240-google-ajax-bad-news-fo... or http://blogs.sitepoint.com/2009/02/04/google-update-breaks-t... . So we heard lots of complaints.
SSL as an option provides a nice choice for people who care about these issues and don't mind taking a tiny hit in latency.
The articles you reference speak to the problems for advertisers and related interests. They do not address issues of web user privacy.
Don't get me wrong, Google is in the difficult position of balancing the display of results based on advertising revenue with the display of results based on utility to the user.
What I see Google facing is that given their market share and mind share and the typical web user's tolerance for providing information it is probably easy to make a business case for skewing the balance. The problem is that there is no precedent from which to draw long term conclusions about loss of anonymity at the scale at which it currently occurs.
The concern was that people might click into SSL mode, forget they were in SSL mode, and complain because they didn't see Images or Maps or whatever search mode they wanted.
For smaller websites, switching on SSL mode can be pretty easy, but we've still got changes going in to improve various rough edges on SSL search.
In particular, GMail initially had SSL configurable, but then moved it to the default: http://gmailblog.blogspot.com/2010/01/default-https-access-f... . Apparently they don’t think the latency is a problem—or if they do, that it’s worth it to get the security benefits of HTTPS.
DuckDuckGo, AFAIK doesn't log your searches or correlate your searches with a user account.
So I don't see how that sentence is even fair at all, Duck Duck Go might stop the search term from being sent (and as a webmaster I'd hate that as it makes it harder to figure out how users are getting to my site), but they can't stop browser and computer info from being sent.