The referrer header is indeed a reality of HTTP, but that doesn't mean we can't and shouldn't work around that reality and correct for it, if it has real privacy implications, which I think it definitely does.
By getting rid of that header I think we take away a lot of private context, i.e. the actual search terms that landed you on that page, which in and of themselves can provide a lot of background into what was personally going on with that person on that page.
So yes, the first sentence is all about the referrer header. And yes, it is just one piece of the privacy puzzle, but it is one that I think can certainly be solved. It is also a piece I feel the average person knows nothing about.
Yup, that was the same day we announced SSL search, which prevents referrers to http sites.
I don't begrudge you trying to make privacy a selling point for DDG, but donttrack.us felt like trying to paint Google with a pretty broad brush. Honestly, it reminded me of when Privacy International decided to give Google a worse privacy rating than any other company. Here's how I responded to Privacy International at the time: http://www.mattcutts.com/blog/privacy-international-loses-al...
I really wasn't trying to paint with a broad brush, but instead concentrate on very specific things that I think the average person doesn't know about.
Personally, as you can gather, I don't think SSL search is enough (or browser plugins). The average person doesn't know it exists and so it essentially doesn't "exist" for most people. If you made it the default, or did something like what we did by dropping the referrer header, I think it becomes moot (at least the first sentence).
I'm really not trying to say Google is all bad or anything. In fact, I use a lot of Google services myself, e.g. Gmail. And I know you take privacy very seriously. However, the ad networks and other aggregators are starting to do some pretty scary stuff, and so I think you need to do more faster to catch up, or stay ahead of them in the privacy arena.
If the average person knew that their Google searches can potentially lead to credit rejections or trouble with health insurance providers (hypothetical at this point, but with recent trends not as farfetched as before), I think they certainly would care.
The reason why the masses don't care is because they don't know why kind of havoc this sort of lack of privacy can cause. I for one am glad someone is educating the layman in an accessible and non-condescending way.
There are lots of ways this could play out. If you go to the site and register (increasingly likely), they might be able to detect you individually. Secondly, providers are starting to line up data by email address and other personal facts, so they may be able to match you like that. But even if they aren't absolutely sure it is you, they can still use the information to put you in different initial pools that could be used, for example, to ask you more specific follow-up questions that then put you in different risk pools.
I think that the lack of understanding about how this stuff works really is the root of non-tech people being apparently apathetic about it. Of course, the observation is all anecdotal on my part, and a lot of people seem to have anecdotal evidence (One that stands out in my mind: http://twitter.com/dozba/status/19237941121388544 ). I wonder if anyone has done a study about how accurately the average user models this stuff internally.
And yet Stallman's endless ranting was instrumental in getting the Open Source movement started, and developing the GNU tools which brought us Linux, which is used widely in embedded systems and on servers, as well as by small businesses to cheaply bring users applications that solve problems for them. Sometimes solving problems for developers does trickle down.
"90% of respondents said they pay little or no attention to online ads."
eg the respondents are in no way a representative sample.
It also sounds like an entirely loaded poll - eg "Would you like more ability to opt out of online tracking".... "um... yes? I guess".
There's so much FUD around the issue - "should advertising networks be allowed to target products to you based on tracking". The term 'tracking' sounds bad. It sounds like they are monitoring everything you do, when in fact they're just storing a cookie and noticing which other sites you visit that also carry ads from the same network.
I think generally though, a very very vocal minority make a ton of noise about privacy.
Look at adblock. If you were a newcomer to the net and just read comments here or at reddit, you'd assume everyone uses it. But the figure is more like 1 or 2% at most have adblock or similar installed.
There's this big elitist movement that supposes that only idiots click on adverts, that they only click because they're confused, that adverts are all bad and irritating. But there's no real evidence to back that up.
Nearly everyone clicks on adverts. Nearly everyone buys stuff as a result. Consumers find stuff via adverts, Sellers sell stuff via adverts. They work.
I appreciate what you're trying to do though, and hope it does pay off for you, the time is right for some google competition.
I'd be satisfied I'm wrong if adblock usage jumped to 50%+ or if more than a few thousand people used Tor or whatever the usual figure is (extremely low).
Your comment looks like you assume that the majority of internet users have an informed opinion about privacy on the internet. I deny that assumption.
My observation is that more than 90% computer users don't have a clue. They don't know how computers work, what they store, and what they send. I've even seen computer engineering students that don't know that Gmail does semantic analysis on their e-mail, despite the presence of targeted ads and a very good spam filter.
Now, of the 10% who do have a clue, most don't know the exact nature of each threat to their privacy. They just know they are being watched by Big Profitable Companies that sell each other their data. They don't always know that they can protect themselves from some of those threats, let alone how. Even when they do, it requires some effort up-front, and the benefits tend to be long-term and invisible.
Therefore, the extremely low percentage of people who use adblock, noscript, Tor or whatever isn't the result of most people doing a rational cost-benefit evaluation based on informed opinions about privacy on the internet. Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor.
Why should they have a clue about inner workings. Most people also don't know how a car engine works.
My comment isn't that people have an informed opinion about privacy, more that it's a moot point to them. It's like asking them their opinion on a new fuel injection component.
Users rightly assume that their personal details will be kept securely by any website they give them to.
> " Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor"
Your post looked like it was trying to assess that privacy isn't such a big deal, period. One of its arguments was an appeal to popularity: the extremely low percentage of people who use special privacy tools. Appeal to popularity can be valid, but I say that it doesn't work here, because the extremely low popularity of privacy tools is fully explained by the fact that nearly everyone doesn't have a clue, and therefore no opinion worth listening to. (When seeking truth, at least. Studying uninformed opinions has other uses.)
I hate ads. I despise them. And I work as a small-time consultant along with my studies.
When I install/fix a machine, I always load Firefox with adblock plus due to the amount of harassing nasty ads. Being the location where I do the majority of my business, they are almost exclusively on dialup, so even a 100kb image add is literally 25 seconds extra load time.
Now, am I anti-capitalist? Not quite. I agree that someone doing work for money (be it a sole proprietor or company) has a right to 'hang their shingle'. I most certainly do. However, when I look at content, I do not want myself distracted from material that has no bearing on what I am looking at.
And yes, I full well understand that ad-click and purchase is what increases revenue for content based websites. I also know, from the many articles here, that google is THE player in this sphere, along with their multitude of complaints.
I also, control my network connection from my side. I also control my CPU, what resides in ram, what lands on my screen, and what I choose to not display. As I look at it, we have dealt with nearing 15 years of increasingly hostile ads. I'm only reacting in kind by being hostile to them. And I attribute banners and such like the 'last minute' sale grocery stores attempt by putting candy in the checkout lane.
Yes, I do know that my viewpoint is a minority. But I also recommend goods and services to others. So, yeah, don't abuse us and we'll pass on the sales.
I'm all for targeted ads, when I am looking for products and/or services to buy.
99% of the time im on the internet, I am NOT going to buy stuff. I'm going to forums that I attend, getting email, working to help that ubuntu works better (by bug reports and fixes), and researching on more stuff that I can do in IT
Supporting privacy is one thing and I'm appreciative of Google's stance. But when we're talking about personally identifiable information we're talking about a binary. Either you're personally identifiable from the data being stored or you're not. The bottom line is that I'm identifiable with the data stored on me by Google but not by the data stored on me by DDG. Google has made this decision to store identifiable information in order to improve the usability of their search and DDG has opted for a different route.
I will point out that there is nothing wrong with that. Google is not for those with strong privacy requirements, just as all popular operating systems are not for those with strong security requirements. Google falls at one point on the privacy/usability continuum and DDG falls at another point. But as far as the article being unfair to Google goes, I'll have to disagree. You are identifiable with Google's data and that's a reality.