Hacker News new | comments | show | ask | jobs | submit login

The referrer header is indeed a reality of HTTP, but that doesn't mean we can't and shouldn't work around that reality and correct for it, if it has real privacy implications, which I think it definitely does.

By getting rid of that header I think we take away a lot of private context, i.e. the actual search terms that landed you on that page, which in and of themselves can provide a lot of background into what was personally going on with that person on that page.

So yes, the first sentence is all about the referrer header. And yes, it is just one piece of the privacy puzzle, but it is one that I think can certainly be solved. It is also a piece I feel the average person knows nothing about.

Here's the original post when I made the change to make searches externally anonymous: http://www.gabrielweinberg.com/blog/2010/05/duck-duck-go-sea...




Yup, that was the same day we announced SSL search, which prevents referrers to http sites.

I don't begrudge you trying to make privacy a selling point for DDG, but donttrack.us felt like trying to paint Google with a pretty broad brush. Honestly, it reminded me of when Privacy International decided to give Google a worse privacy rating than any other company. Here's how I responded to Privacy International at the time: http://www.mattcutts.com/blog/privacy-international-loses-al...

The fact is that Google has a good history of supporting privacy, from fighting overly broad subpoenas from the DOJ to SSL Search to creating a browser plugin to opt out of personalized advertising: http://www.google.com/ads/preferences/plugin/pluginfaq.html .


I really wasn't trying to paint with a broad brush, but instead concentrate on very specific things that I think the average person doesn't know about.

Personally, as you can gather, I don't think SSL search is enough (or browser plugins). The average person doesn't know it exists and so it essentially doesn't "exist" for most people. If you made it the default, or did something like what we did by dropping the referrer header, I think it becomes moot (at least the first sentence).

I'm really not trying to say Google is all bad or anything. In fact, I use a lot of Google services myself, e.g. Gmail. And I know you take privacy very seriously. However, the ad networks and other aggregators are starting to do some pretty scary stuff, and so I think you need to do more faster to catch up, or stay ahead of them in the privacy arena.


> "The average person doesn't know it exists"

Is there any evidence to suggest the average person really cares about privacy online to such an extent?


The average person can't decide if they care about it until they understand it. Until they do, I'm glad people like Gabriel are being paranoid on their behalf.


Reminds me of stallmans endless ranting about freedom and software.

The evidence is that the masses don't care. They just want stuff that works and solves problems for them. Is it open source? Why would anyone (apart from a geek) care?


If the average person knew that their Google searches can potentially lead to credit rejections or trouble with health insurance providers (hypothetical at this point, but with recent trends not as farfetched as before), I think they certainly would care.

The reason why the masses don't care is because they don't know why kind of havoc this sort of lack of privacy can cause. I for one am glad someone is educating the layman in an accessible and non-condescending way.


Highly hypothetical - to the extreme. How would any insurance co. know if it's me, or someone else in the household?

Also afaik health insurance is mainly a US phenomenon thank god.


http://online.wsj.com/article/SB1000142405274870464860457562...

There are lots of ways this could play out. If you go to the site and register (increasingly likely), they might be able to detect you individually. Secondly, providers are starting to line up data by email address and other personal facts, so they may be able to match you like that. But even if they aren't absolutely sure it is you, they can still use the information to put you in different initial pools that could be used, for example, to ask you more specific follow-up questions that then put you in different risk pools.


It's a tangential question, but why shouldn't insurers be able to know a fair amount about you to assess risk?

If you're endlessly searching for cancer cures, perhaps they should be aware of that.

Of course the solution is the US is universal health care for all. But that's never going to happen.


I think that the lack of understanding about how this stuff works really is the root of non-tech people being apparently apathetic about it. Of course, the observation is all anecdotal on my part, and a lot of people seem to have anecdotal evidence (One that stands out in my mind: http://twitter.com/dozba/status/19237941121388544 ). I wonder if anyone has done a study about how accurately the average user models this stuff internally.


Disagree. People usually aren't aware of these privacy problems, and would care if they did know. Result: this page.

Same goes for free software: more casual users (probably) would use more free software if they knew about it. And the bit about it just working is mostly FUD.


And yet Stallman's endless ranting was instrumental in getting the Open Source movement started, and developing the GNU tools which brought us Linux, which is used widely in embedded systems and on servers, as well as by small businesses to cheaply bring users applications that solve problems for them. Sometimes solving problems for developers does trickle down.


I don't think Stallman would be particularly keen on your mistaken impression that he has anything at all to do with advocating Open Source.


http://blogs.wsj.com/digits/2010/12/21/web-surfers-troubled-...


Yeah I'd take that with a giant pinch of salt.

"90% of respondents said they pay little or no attention to online ads."

eg the respondents are in no way a representative sample.

It also sounds like an entirely loaded poll - eg "Would you like more ability to opt out of online tracking".... "um... yes? I guess".

There's so much FUD around the issue - "should advertising networks be allowed to target products to you based on tracking". The term 'tracking' sounds bad. It sounds like they are monitoring everything you do, when in fact they're just storing a cookie and noticing which other sites you visit that also carry ads from the same network.


I don't think that statement renders the poll invalid. That is to say, I think 90% of people in general would say they pay little or no attention to online ads.

But more generally, I don't know if there is any poll that would satisfy you. I've been watching you make these comments for years :).


heh true, true.

I think generally though, a very very vocal minority make a ton of noise about privacy.

Look at adblock. If you were a newcomer to the net and just read comments here or at reddit, you'd assume everyone uses it. But the figure is more like 1 or 2% at most have adblock or similar installed.

There's this big elitist movement that supposes that only idiots click on adverts, that they only click because they're confused, that adverts are all bad and irritating. But there's no real evidence to back that up.

Nearly everyone clicks on adverts. Nearly everyone buys stuff as a result. Consumers find stuff via adverts, Sellers sell stuff via adverts. They work.

I appreciate what you're trying to do though, and hope it does pay off for you, the time is right for some google competition.

I'd be satisfied I'm wrong if adblock usage jumped to 50%+ or if more than a few thousand people used Tor or whatever the usual figure is (extremely low).


Your comment looks like you assume that the majority of internet users have an informed opinion about privacy on the internet. I deny that assumption.

My observation is that more than 90% computer users don't have a clue. They don't know how computers work, what they store, and what they send. I've even seen computer engineering students that don't know that Gmail does semantic analysis on their e-mail, despite the presence of targeted ads and a very good spam filter.

Now, of the 10% who do have a clue, most don't know the exact nature of each threat to their privacy. They just know they are being watched by Big Profitable Companies that sell each other their data. They don't always know that they can protect themselves from some of those threats, let alone how. Even when they do, it requires some effort up-front, and the benefits tend to be long-term and invisible.

Therefore, the extremely low percentage of people who use adblock, noscript, Tor or whatever isn't the result of most people doing a rational cost-benefit evaluation based on informed opinions about privacy on the internet. Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor.


Why should they have a clue about inner workings. Most people also don't know how a car engine works.

My comment isn't that people have an informed opinion about privacy, more that it's a moot point to them. It's like asking them their opinion on a new fuel injection component.

Users rightly assume that their personal details will be kept securely by any website they give them to.

> " Indeed, I suspect that among those who do an informed opinion, very few have deliberately chosen not to use privacy helpers like adblock, noscript, or Tor"

BS. Try using tor for a day. It's useless, ridiculously slow, and means things don't work properly. Also I tried adblock for a day, and I hated it. I want to see the internet uncensored. If a website pisses me off with popup ads, I'll just not go there again. I think that's pretty typical behavior. NoScript is an even stupider idea. Who in their right mind would disable javascript? Pretty much all websites will be broken. The only people who would install noscript are the analy OCD afflicted control freaks.


Your post looked like it was trying to assess that privacy isn't such a big deal, period. One of its arguments was an appeal to popularity: the extremely low percentage of people who use special privacy tools. Appeal to popularity can be valid, but I say that it doesn't work here, because the extremely low popularity of privacy tools is fully explained by the fact that nearly everyone doesn't have a clue, and therefore no opinion worth listening to. (When seeking truth, at least. Studying uninformed opinions has other uses.)

> BS

Ah, that is a meaningful disagreement. Well, you've just treated me of an OCD afflicted control freak, along with Eben Moglen. :-) By the way, the majority of the web site I go to (mostly from HN), work like charms, and I don't often have to enable Javascript. Tor doesn't work, true, and that's why I intend to run an exit node very soon. It'll be a drop in the ocean, but we gotta start somewhere. I liked Adblock while I used it, but animated ads stopped bothering me since NoScript.


I hate ads. I despise them. And I work as a small-time consultant along with my studies.

When I install/fix a machine, I always load Firefox with adblock plus due to the amount of harassing nasty ads. Being the location where I do the majority of my business, they are almost exclusively on dialup, so even a 100kb image add is literally 25 seconds extra load time.

Now, am I anti-capitalist? Not quite. I agree that someone doing work for money (be it a sole proprietor or company) has a right to 'hang their shingle'. I most certainly do. However, when I look at content, I do not want myself distracted from material that has no bearing on what I am looking at.

And yes, I full well understand that ad-click and purchase is what increases revenue for content based websites. I also know, from the many articles here, that google is THE player in this sphere, along with their multitude of complaints.

I also, control my network connection from my side. I also control my CPU, what resides in ram, what lands on my screen, and what I choose to not display. As I look at it, we have dealt with nearing 15 years of increasingly hostile ads. I'm only reacting in kind by being hostile to them. And I attribute banners and such like the 'last minute' sale grocery stores attempt by putting candy in the checkout lane.

Yes, I do know that my viewpoint is a minority. But I also recommend goods and services to others. So, yeah, don't abuse us and we'll pass on the sales.


I do not want myself distracted from material that has no bearing on what I am looking at.

Just to play devil's advocate, but wouldn't targetted ads be more preferable then, since they WOULD have a bearing on what you're looking at?


No, they would have bearing onwho is looking at them.


I'm all for targeted ads, when I am looking for products and/or services to buy.

99% of the time im on the internet, I am NOT going to buy stuff. I'm going to forums that I attend, getting email, working to help that ubuntu works better (by bug reports and fixes), and researching on more stuff that I can do in IT


> and researching on more stuff that I can do in IT

And as we all know, there are absolutely no adverts to do with that.


Not until their life is impacted negatively (e.g., turned down for health insurance).

Most people (in North America anyway) don't appear to care much about their health, either... that is, until they are diagnosed with cancer or suffer a heart attack.


Supporting privacy is one thing and I'm appreciative of Google's stance. But when we're talking about personally identifiable information we're talking about a binary. Either you're personally identifiable from the data being stored or you're not. The bottom line is that I'm identifiable with the data stored on me by Google but not by the data stored on me by DDG. Google has made this decision to store identifiable information in order to improve the usability of their search and DDG has opted for a different route.

I will point out that there is nothing wrong with that. Google is not for those with strong privacy requirements, just as all popular operating systems are not for those with strong security requirements. Google falls at one point on the privacy/usability continuum and DDG falls at another point. But as far as the article being unfair to Google goes, I'll have to disagree. You are identifiable with Google's data and that's a reality.


Mixing the 'search term' and 'browser & computer info' points in the same lead sentence is misleading, suggesting (again to the 'average' person) you're more different from Google than you are.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: