Hacker News new | past | comments | ask | show | jobs | submit login

The first sentence when I stripped out the pictures was "When you search Google, and click on a link, your search term is sent to that site, along with your browser & computer info, which can often uniquely identify you."

Referrers are a part of the way the web has worked since before Google existed. They're a browser-level feature more than something related to specific websites. But if referrers bother you, just use the SSL version of Google to prevent referrers from being sent to http sites (or change your browser not to send referrers at all).

The corresponding sentence even for a website that strips referrers would be "When you search on domain X, and click on a link, your browser & computer info is sent to that site, which can often uniquely identify you."

Read more carefully in that light, the first sentence is really saying that third-party sites that you land on after searching or visiting a domain can track you. That's independent of whether you came from Google or any other search engine, of course.

The referrer header is indeed a reality of HTTP, but that doesn't mean we can't and shouldn't work around that reality and correct for it, if it has real privacy implications, which I think it definitely does.

By getting rid of that header I think we take away a lot of private context, i.e. the actual search terms that landed you on that page, which in and of themselves can provide a lot of background into what was personally going on with that person on that page.

So yes, the first sentence is all about the referrer header. And yes, it is just one piece of the privacy puzzle, but it is one that I think can certainly be solved. It is also a piece I feel the average person knows nothing about.

Here's the original post when I made the change to make searches externally anonymous: http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-sea...

Yup, that was the same day we announced SSL search, which prevents referrers to http sites.

I don't begrudge you trying to make privacy a selling point for DDG, but donttrack.us felt like trying to paint Google with a pretty broad brush. Honestly, it reminded me of when Privacy International decided to give Google a worse privacy rating than any other company. Here's how I responded to Privacy International at the time: http://www.mattcutts.com/blog/privacy-international-loses-al...

The fact is that Google has a good history of supporting privacy, from fighting overly broad subpoenas from the DOJ to SSL Search to creating a browser plugin to opt out of personalized advertising: http://www.google.com/ads/preferences/plugin/pluginfaq.html .

I really wasn't trying to paint with a broad brush, but instead concentrate on very specific things that I think the average person doesn't know about.

Personally, as you can gather, I don't think SSL search is enough (or browser plugins). The average person doesn't know it exists and so it essentially doesn't "exist" for most people. If you made it the default, or did something like what we did by dropping the referrer header, I think it becomes moot (at least the first sentence).

I'm really not trying to say Google is all bad or anything. In fact, I use a lot of Google services myself, e.g. Gmail. And I know you take privacy very seriously. However, the ad networks and other aggregators are starting to do some pretty scary stuff, and so I think you need to do more faster to catch up, or stay ahead of them in the privacy arena.

> "The average person doesn't know it exists"

Is there any evidence to suggest the average person really cares about privacy online to such an extent?

The average person can't decide if they care about it until they understand it. Until they do, I'm glad people like Gabriel are being paranoid on their behalf.

Reminds me of stallmans endless ranting about freedom and software.

The evidence is that the masses don't care. They just want stuff that works and solves problems for them. Is it open source? Why would anyone (apart from a geek) care?

If the average person knew that their Google searches can potentially lead to credit rejections or trouble with health insurance providers (hypothetical at this point, but with recent trends not as farfetched as before), I think they certainly would care.

The reason why the masses don't care is because they don't know why kind of havoc this sort of lack of privacy can cause. I for one am glad someone is educating the layman in an accessible and non-condescending way.

Highly hypothetical - to the extreme. How would any insurance co. know if it's me, or someone else in the household?

Also afaik health insurance is mainly a US phenomenon thank god.


There are lots of ways this could play out. If you go to the site and register (increasingly likely), they might be able to detect you individually. Secondly, providers are starting to line up data by email address and other personal facts, so they may be able to match you like that. But even if they aren't absolutely sure it is you, they can still use the information to put you in different initial pools that could be used, for example, to ask you more specific follow-up questions that then put you in different risk pools.

It's a tangential question, but why shouldn't insurers be able to know a fair amount about you to assess risk?

If you're endlessly searching for cancer cures, perhaps they should be aware of that.

Of course the solution is the US is universal health care for all. But that's never going to happen.

I think that the lack of understanding about how this stuff works really is the root of non-tech people being apparently apathetic about it. Of course, the observation is all anecdotal on my part, and a lot of people seem to have anecdotal evidence (One that stands out in my mind: http://twitter.com/dozba/status/19237941121388544 ). I wonder if anyone has done a study about how accurately the average user models this stuff internally.

Disagree. People usually aren't aware of these privacy problems, and would care if they did know. Result: this page.

Same goes for free software: more casual users (probably) would use more free software if they knew about it. And the bit about it just working is mostly FUD.

And yet Stallman's endless ranting was instrumental in getting the Open Source movement started, and developing the GNU tools which brought us Linux, which is used widely in embedded systems and on servers, as well as by small businesses to cheaply bring users applications that solve problems for them. Sometimes solving problems for developers does trickle down.

I don't think Stallman would be particularly keen on your mistaken impression that he has anything at all to do with advocating Open Source.

Yeah I'd take that with a giant pinch of salt.

"90% of respondents said they pay little or no attention to online ads."

eg the respondents are in no way a representative sample.

It also sounds like an entirely loaded poll - eg "Would you like more ability to opt out of online tracking".... "um... yes? I guess".

There's so much FUD around the issue - "should advertising networks be allowed to target products to you based on tracking". The term 'tracking' sounds bad. It sounds like they are monitoring everything you do, when in fact they're just storing a cookie and noticing which other sites you visit that also carry ads from the same network.

I don't think that statement renders the poll invalid. That is to say, I think 90% of people in general would say they pay little or no attention to online ads.

But more generally, I don't know if there is any poll that would satisfy you. I've been watching you make these comments for years :).

heh true, true.

I think generally though, a very very vocal minority make a ton of noise about privacy.

Look at adblock. If you were a newcomer to the net and just read comments here or at reddit, you'd assume everyone uses it. But the figure is more like 1 or 2% at most have adblock or similar installed.

There's this big elitist movement that supposes that only idiots click on adverts, that they only click because they're confused, that adverts are all bad and irritating. But there's no real evidence to back that up.

Nearly everyone clicks on adverts. Nearly everyone buys stuff as a result. Consumers find stuff via adverts, Sellers sell stuff via adverts. They work.

I appreciate what you're trying to do though, and hope it does pay off for you, the time is right for some google competition.

I'd be satisfied I'm wrong if adblock usage jumped to 50%+ or if more than a few thousand people used Tor or whatever the usual figure is (extremely low).

Your comment looks like you assume that the majority of internet users have an informed opinion about privacy on the internet. I deny that assumption.

My observation is that more than 90% computer users don't have a clue. They don't know how computers work, what they store, and what they send. I've even seen computer engineering students that don't know that Gmail does semantic analysis on their e-mail, despite the presence of targeted ads and a very good spam filter.

Now, of the 10% who do have a clue, most don't know the exact nature of each threat to their privacy. They just know they are being watched by Big Profitable Companies that sell each other their data. They don't always know that they can protect themselves from some of those threats, let alone how. Even when they do, it requires some effort up-front, and the benefits tend to be long-term and invisible.

Therefore, the extremely low percentage of people who use adblock, noscript, Tor or whatever isn't the result of most people doing a rational cost-benefit evaluation based on informed opinions about privacy on the internet. Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor.

Why should they have a clue about inner workings. Most people also don't know how a car engine works.

My comment isn't that people have an informed opinion about privacy, more that it's a moot point to them. It's like asking them their opinion on a new fuel injection component.

Users rightly assume that their personal details will be kept securely by any website they give them to.

> " Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor"

BS. Try using tor for a day. It's useless, ridiculously slow, and means things don't work properly. Also I tried adblock for a day, and I hated it. I want to see the internet uncensored. If a website pisses me off with popup ads, I'll just not go there again. I think that's pretty typical behavior. NoScript is an even stupider idea. Who in their right mind would disable javascript? Pretty much all websites will be broken. The only people who would install noscript are the analy OCD afflicted control freaks.

Your post looked like it was trying to assess that privacy isn't such a big deal, period. One of its arguments was an appeal to popularity: the extremely low percentage of people who use special privacy tools. Appeal to popularity can be valid, but I say that it doesn't work here, because the extremely low popularity of privacy tools is fully explained by the fact that nearly everyone doesn't have a clue, and therefore no opinion worth listening to. (When seeking truth, at least. Studying uninformed opinions has other uses.)

> BS

Ah, that is a meaningful disagreement. Well, you've just treated me of an OCD afflicted control freak, along with Eben Moglen. :-) By the way, the majority of the web site I go to (mostly from HN), work like charms, and I don't often have to enable Javascript. Tor doesn't work, true, and that's why I intend to run an exit node very soon. It'll be a drop in the ocean, but we gotta start somewhere. I liked Adblock while I used it, but animated ads stopped bothering me since NoScript.

I hate ads. I despise them. And I work as a small-time consultant along with my studies.

When I install/fix a machine, I always load Firefox with adblock plus due to the amount of harassing nasty ads. Being the location where I do the majority of my business, they are almost exclusively on dialup, so even a 100kb image add is literally 25 seconds extra load time.

Now, am I anti-capitalist? Not quite. I agree that someone doing work for money (be it a sole proprietor or company) has a right to 'hang their shingle'. I most certainly do. However, when I look at content, I do not want myself distracted from material that has no bearing on what I am looking at.

And yes, I full well understand that ad-click and purchase is what increases revenue for content based websites. I also know, from the many articles here, that google is THE player in this sphere, along with their multitude of complaints.

I also, control my network connection from my side. I also control my CPU, what resides in ram, what lands on my screen, and what I choose to not display. As I look at it, we have dealt with nearing 15 years of increasingly hostile ads. I'm only reacting in kind by being hostile to them. And I attribute banners and such like the 'last minute' sale grocery stores attempt by putting candy in the checkout lane.

Yes, I do know that my viewpoint is a minority. But I also recommend goods and services to others. So, yeah, don't abuse us and we'll pass on the sales.

I do not want myself distracted from material that has no bearing on what I am looking at.

Just to play devil's advocate, but wouldn't targetted ads be more preferable then, since they WOULD have a bearing on what you're looking at?

No, they would have bearing onwho is looking at them.

I'm all for targeted ads, when I am looking for products and/or services to buy.

99% of the time im on the internet, I am NOT going to buy stuff. I'm going to forums that I attend, getting email, working to help that ubuntu works better (by bug reports and fixes), and researching on more stuff that I can do in IT

> and researching on more stuff that I can do in IT

And as we all know, there are absolutely no adverts to do with that.

Not until their life is impacted negatively (e.g., turned down for health insurance).

Most people (in North America anyway) don't appear to care much about their health, either... that is, until they are diagnosed with cancer or suffer a heart attack.

Supporting privacy is one thing and I'm appreciative of Google's stance. But when we're talking about personally identifiable information we're talking about a binary. Either you're personally identifiable from the data being stored or you're not. The bottom line is that I'm identifiable with the data stored on me by Google but not by the data stored on me by DDG. Google has made this decision to store identifiable information in order to improve the usability of their search and DDG has opted for a different route.

I will point out that there is nothing wrong with that. Google is not for those with strong privacy requirements, just as all popular operating systems are not for those with strong security requirements. Google falls at one point on the privacy/usability continuum and DDG falls at another point. But as far as the article being unfair to Google goes, I'll have to disagree. You are identifiable with Google's data and that's a reality.

Mixing the 'search term' and 'browser & computer info' points in the same lead sentence is misleading, suggesting (again to the 'average' person) you're more different from Google than you are.

If SSL was the default and sending headers was opt-in, it would probably add some weight to your argument. What Google actively promotes to the typical web user, however, is not SSL or anonymous search but rather features that collect user data to an ever greater degree, e.g. Toolbar, Instant Search, and the Chrome browser.

SSL adds latency, because you're setting up an encrypted connection. Google hates slowing down users, and we don't want to slow down every user unless it's a clear win. That's one reason.

When Google switched to AJAX-based search, that temporarily stopped sending referrers, and lots of people screamed bloody murder. For example, http://getclicky.com/blog/150/googles-new-ajax-powered-searc... said "So what can we do about it? If you run a blog, write about this. Submit this story or your own story to large tech blogs like TechCrunch, CenterNetworks, ReadWriteWeb, GigaOm, etc - no large site has written about this yet, and one of them needs to. ... Do anything you can to spread the word and let Google know that this is not acceptable."

Or see http://www.seobook.com/Ad-Networks-Partners-Hoarding-Publish... or http://econsultancy.com/us/blog/3240-google-ajax-bad-news-fo... or http://blogs.sitepoint.com/2009/02/04/google-update-breaks-t... . So we heard lots of complaints.

SSL as an option provides a nice choice for people who care about these issues and don't mind taking a tiny hit in latency.

Your argument would carry more weight if, the user had the ability to switch to SSL search from the "Classic" search page or if SSL search was a setting that was accessible from "Search Settings" or "Advanced Search" on the "Classic" page.

The articles you reference speak to the problems for advertisers and related interests. They do not address issues of web user privacy.

Don't get me wrong, Google is in the difficult position of balancing the display of results based on advertising revenue with the display of results based on utility to the user.

What I see Google facing is that given their market share and mind share and the typical web user's tolerance for providing information it is probably easy to make a business case for skewing the balance. The problem is that there is no precedent from which to draw long term conclusions about loss of anonymity at the scale at which it currently occurs.

I can talk a bit about why we didn't launch with "click here to switch to SSL search" links. When SSL search launched, web search was supported, but not every type of search was supported. For example, Google Image Search wasn't easily supported for some esoteric reasons (some browsers have a limit of 2 simultaneous connections, and that can interact badly with SSL + fetching bunches of thumbnail images).

The concern was that people might click into SSL mode, forget they were in SSL mode, and complain because they didn't see Images or Maps or whatever search mode they wanted.

For smaller websites, switching on SSL mode can be pretty easy, but we've still got changes going in to improve various rough edges on SSL search.

In fairness, Google deserves credit for providing SSL search in the first place, but exactly how does one go about contacting the Google Complaints Department?


We try to keep an eye out for feedback across the web, on Twitter, at search conferences, in comments on blogs, etc. There's also a forum linked to from google.com/webmasters that we keep an eye on.

I think moving to SSL as a default is a good move. What difference does no logging on the receiving end make when your ISP can log everything you search for?

In particular, GMail initially had SSL configurable, but then moved it to the default: http://gmailblog.blogspot.com/2010/01/default-https-access-f... . Apparently they don’t think the latency is a problem—or if they do, that it’s worth it to get the security benefits of HTTPS.

I don't think latency is a problem for something like gmail, you open it once and much of it happens in an already opened connection or in the background.

Clicking on a link in a Google search results page creates a redirect URL that leads back to Google itself and logs the visit to your Google Web History if you are logged in. Its not a simple matter of referrals to third party websites. Its a personal detailed silo of personal information that Google sits on and can only stay private as long as Google can make good on its promise to.

DuckDuckGo, AFAIK doesn't log your searches or correlate your searches with a user account.

Ignoring the search term being sent, browser and computer info is ALWAYS available to the target site, that is not something Google can even stop. Browser send information on who they are, JavaScript allows probing of what is installed, how big the screen is and all of that fun stuff.

So I don't see how that sentence is even fair at all, Duck Duck Go might stop the search term from being sent (and as a webmaster I'd hate that as it makes it harder to figure out how users are getting to my site), but they can't stop browser and computer info from being sent.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact