Google's strategy is to profit from advertising. It fundamentally benefits from knowing as much about its users as possible. Every tactic it has will always support that strategy or it will risk failure.
You can tell its strategy motivates it toward evil (its term, not mine), because its slogan is "Don't be evil."
It chose that slogan because it risks being evil, in its own terms. It doesn't need a slogan like "Don't be unprofitable" or "Don't break the law" because its strategy doesn't point it in those directions. It points to being evil, in its terms.
Why else would a company feel so compelled to stop itself from doing evil than to make its most prominent slogan to stop itself? If its strategy didn't point it in that direction, why else would it try to stop itself from stopping being "evil"? All the brilliance of its engineers, managers, leaders, deals, and so on exists to support the company's strategy, which it realizes motivates them so much toward "evil" it has to stop itself as its highest or at least most public directive.
"Don't be evil" exists to make the place palatable to humans who understand the company's direction. Who made the slogan? The people who know the company's direction best. They know it better than you and they realize its direction.
Google has a technically superior product to its competitors. When you realize its most knowledgeable and powerful employees know its strategy points it to "be evil", you realize why people use alternatives whose strategies don't point them to "evil," especially when current events highlight the consequences of its strategic choice of knowing so much about you, its users.
Whatever you feel about Google's actions, there's no need to concoct elaborate stories around and speculative theories about the origin of Google's 'don't be evil' slogan. You can look it up.
According to http://blogoscoped.com/archive/2007-07-16-n55.html, the 'don't be evil' slogan came from Paul Buchheit, who was brand-new to the company when he proposed it at a corporate-values brainstorming meeting. This meeting was before Google became an advertising company, and Paul intended the slogan to be funny, and a jab at other companies.
It's also worth noting that Paul Buchheit worked at Intel before Google: http://en.wikipedia.org/wiki/Paul_Buchheit and I remember him railing about big companies and the sort of sclerotic bureaucracy that prevailed at big companies.
I think Paul also wanted to pick an idea that would prevent Google from becoming a typical big company. But I don't recall there ever being any sort of "Google's strategy leans it toward evil; we need to avoid that" undertone in Paul's suggestion. In my mind, it was more like "avoid how almost all larger companies naturally end up being."
It's not a 0-1 thing, there are degrees of attraction towards "evil". The guard in a concentration camp has more tendency towards evil than the guard in, say, a factory or residential building.
As Buchheit himself said: "It’s also a bit of a jab at a lot of the other companies, especially our competitors, who at the time, in our opinion, were kind of exploiting the users to some extent." (emphasis mine)
Realizing that your competitors, i.e. firms you acknowledge as being in the same industry, are "kind of exploiting the users" seems to me not far from realizing that your very industry has a tendency towards that.
I think "Don't be evil" is an honest expression of the early confidence and idealism of the founders and core team of Google. However, in the last few years, as with America at large, something seems to have changed at Google. Personally, I tend to steer more and more away from it.
If they truly wanted to avoid evil and, perhaps more important, the potential for future evil, they would anonymize all observations to make, say, search per se better (as opposed to expressly attributing data so as to "personalize" it). That, incidentally, would also make Google immune to NSA bullying. Much like Apple, they could just say: We don't even store this kind of data, sorry guys, look somewhere else. At the rate with which they collect data points and with which hardware, algos, and science advance, it will be possible in a few years to do fine-grained psychological profiling on a massive scale, with all the possibilities of evil I can imagine. It's a fine line between prediction and control in social systems. And we all know that what is technically possible eventually will be tried by someone. It's not hard to think of scenarios.
Limiting technology usage because of fear of unforeseen consequences seems a little short-sighted to me. If I would agree with such a line of thought, I would be Amish or something. In regards to evilness potential, the genie is out of the bottle ever since the Internet happened.
Btw, Google does personalize searches in a useful way. You may not have noticed it, especially if you're from the US. DuckDuckGo is unusable for me whenever I search for local stuff. Also, when I search for "Ruby", the first result is about Ruby, the programming language. Guess what my wife sees when she's doing the same search.
You can place "personalize" in quotes all you want, but they are doing it because users want it, period.
Also, I see people here being so enthused about DuckDuckGo, ignoring that the project itself uses Bing's APIs as its primary engine. Of course it does, who would be insane to recreate Google's infrastructure and algorithms when you could get it by piggybacking on Google's main competitor and without which DuckDuckGo wouldn't have been possible.
And here's what a lot of people miss - you don't even need a unique cookie to track users down. All you need are IPs and some smart algorithms for disambiguations. You can't reliably identify all users, but you can identify many of them only by keeping the history of searches per IP. And if you throw in a user agent (which I can assure you, it does get sent to Bing), the reliability increases even further. Throw in IPv6 and we won't be needing cookies at all.
If anything, fear of technology doesn't do any good, because it will happen, regardless if you want it or not. Privacy concerns need to be solved by laws. If governments disapprove, then we need new governments.
1. Region can be changed in DuckDuckGo's settings, for more localized results -- by default it is set to "No region," so there is nothing localized in the results.
2. Bing is one of very very many sources, which are all remixed and combined, so the end result is completely different from Bing or any other upstream source (and most often, far better).
3. No, no, no. Nothing at all is sent to bing other than a plain request for an ad coming from DuckDuckGo servers with the query (for a page-relevant ad).
So, this sentence: "user agent (which I can assure you, it does get sent to Bing)" <-- Utterly untrue.
Now, when you click on an ad, naturally your information is sent to both bing and whatever site the ad was for. That's to be expected, you are leaving DuckDuckGo at that point. This is also true when you click standard result links, of course.
Now that that's out of the way, my personal opinion of result tailoring/bubbling is: it's good sometimes.
I love being in my cozy little bubble when searching for coding things, and even local businesses and such. I do NOT love bubbling when I am doing academic research. Why would I want to see content I already know and like? That invalidates the point of research, and even gives me a false idea about whatever I am researching.
Bubbling and tracking, while good in some cases, should be optional in my opinion.
That's an anecdotal account, not a factual history. Besides, I can use it to make my point, e.g.:
"our competitors, who at the time, in our opinion, were kind of exploiting the users"
So, they are fully aware that they're entering an industry where exploiting the users is a common temptation. Like I said, this provides motivation for a slogan referring to that.
"Amit started writing it down all over the building, on whiteboards everywhere."
Imagine literally going around plastering "Don't be evil" all over your colleagues' working spaces: I'm not sure that would be accepted as inoffensive in most work places... IMHO that would normally be a very strong action showing you think your colleagues ought to be reminded.
Paul Buchheit, the creator and original developer of GMail.
He participated in a meeting to establish the company's values and because he found things like “strive for excellence" to be bullshit, he wanted something unusual that would actually mean something. He chose "Don't be evil", because it was funny, it was a jab at Google's competitors and it was something that would be difficult to pull out.
You're actually confusing a couple of things. Advertising has very little to do with it. Say for the sake of argument they had no advertising and charged you $1 per month for a subscription to use Google. They'd still have the same challenge. That is, they are privy to their users most private thoughts - more so than nearly any other business or service in life. With that knowledge comes great responsibility and risk. Employees could be drawn into schemes to provide political, social, business or criminal networks with information on what citizens are thinking. It's sensible to drive that point home on a daily basis in your culture. In a way it's reassuring that they understand that rather than be flippant about it.
Despite the comments that the slogan predates advertising, there is something to the parent commenter's thesis, though it's certainly not pure cause and effect.
This is a commonly discussed psychological phenomenon; if you focus on avoiding the negative, you accentuate that. You're not saying "Be Good", it's don't be evil, and so you not only name the elephant in the room, you chart the path around her periphery, and may actually crash into the elephant of evil.
In other words, as taken from a parenting site:
State Requests Positively
>Positive requests are more effective than negative commands. For >example, your child is more likely to respond to, "Please use your >spoon." than "Don't eat with your fingers."
I can't believe this was upvoted to the first comment. It's baseless speculation and slander. Whatever your reasons for disliking Google, none of your suppositions here are reasonable.
>"Google's strategy is to profit from advertising. It fundamentally benefits from knowing as much about its users as possible. Every tactic it has will always support that strategy or it will risk failure."
Yes, Google's strategy is to profit from advertising. But this is a gross oversimplification of Google's business model. It also constantly innovates and improves its own technology and domain through research and development. It would be more apt to say, "Google has many strategies, of which advertising is one." Advertising profit is just one relevant strategic position. This is important because if you try to pigeonhole Google like this it makes it easier to build a strawman argument.
>"You can tell its strategy motivates it toward evil because its slogan is "Don't be evil." It chose that slogan because it risks being evil, in its own terms. It doesn't need a slogan like "Don't be unprofitable" or "Don't break the law" because its strategy doesn't point it in those directions. It points to being evil, in its terms."
No, no no no. This is clearly your term. If you read Paul Buchheit's telling of how the slogan was chosen (he was the one who came up with it, before Google was an ad company, before it was "Google" by modern standards, and while he was still fresh at the company).
Furthermore, you're not making any sense with the last sentence. How in the world can you reasonably say a company would try to prevent itself from being "evil" by preemptively referring to that possibility in a slogan?
What? What kind of logic is that? It doesn't even hold up to Occam's Razor, since I just directly refuted it with a primary source and you have submitted no evidence except your clear bias against the company. For such a complex story that requires suspending disbelief, you have no proof.
>""Don't be evil" exists to make the place palatable to humans who understand the company's direction. Who made the slogan? The people who know the company's direction best. They know it better than you and they realize its direction."
Now you're just raving. Paul Buchheit made it. Do you hear yourself? A slogan exists to make an advertising company palatable to humans? What is your problem with Google? This goes beyond any fulfilling debate, you're actually just pulling nonsense out of the air with this. It would be different if you could submit anything that makes sense to support your loathing, but you have nothing but slander and words here.
>"Google has a technically superior product to its competitors. When you realize its most knowledgeable and powerful employees know its strategy points it to "be evil", you realize why people use alternatives whose strategies don't point them to "evil," especially when current events highlight the consequences of its strategic choice of knowing so much about you, its users."
Maybe this makes sense, if you had actually set up a reasonable probability that Google has a nefarious plot to be evil and subjugate the public to its whims while distracting them from that plot. What you're saying is inane and false. It amounts to a tinfoil conspiracy theory with groundless, biased assumptions that have no basis in observable reality.
Google isn't faultless. But you're actually being unreasonable. This comment is polarizing and devoid of any substantial quality. You didn't give a real critique of the company or its ethical standards. You just raved and made it clear you dislike the company.
Finally, just for the sake of argument, assuming everything you said is true (despite the fact that it's a complex web of conspiracy with no evidence) - why would making a slogan have any impact on whether or not a company is ethical? You neither defined "evil", nor submitted any evidence. The entire comment of yours is farcical.
Okay, but what's the end point? What's the "evil" destination for Google? When do we know Google has arrived there, if you say reaching that point is inevitable?
I think that even if Google themselves never do anything "evil", by any definition, there still remains this problem of "having very important user data" that you don't want to fall "in the wrong hands". The more data it has about the users, the more other, external, "wrong hands", will want it for reasons other than just to sell you advertising.
Unfortunately, those "wrong hands" will most likely be the government, and not just some hackers or other companies, and Google is relatively powerless against them, if they really want all the users' data.
This is why I think that if Google really cared about us, they'd do their best to at least give the users the option to have their data protected even if it falls into those "wrong hands". We need Google to implement some real encryption and decentralization in its services.
If Google really is powerless against the government, then they should leave it up to us to deal with the government, when that moment arrives, but help make it easy for everyone to protect that data.
Google does encrypt user data at rest. The problem is that they also have the decryption keys. They need to be able to see the data in plain text in order to target ads and improve their services. That's their entire business models. So, there is pretty much zero chance that Google will ever "implement some real encryption and decentralization in its services." If we want a Search Engine/Email Provider/Video Sharing Service/Thousand Other Things Google Does that is decentralized and encrypted client-side, it would have to be built by a different company or community with a different mission and profit model.
I just searched Google (heh) and apparently DDG makes their money from affiliate links at the moment. I've been considering switching to DDG so I'll have to make an effort to do my Amazon searches through them; it's a really easy way to support them.
Everytime I don't get the results I want through DDG (which happens rarely) I just type !sp + searchterm into my search bar and it searches via startpage.com, which uses googles search results without my IP address or searches being recorded, no identifying or tracking cookies are used and SSL encryption is set by default.
It's also important to note that not only do they run a Tor exit enclave, they also run a .onion hidden service, which unlike the enclave is not deprecated in the next version, and means that DDG can be accessed without leaving the Tor network.
Oh that's cool. I'd forgotten they had the traffic up online. I was wondering how many people had switched over to it over the last week (I've gone back to using it as my default engine again - not for the first time).
How many queries does google process per day? 1B? DDG is up 1M in the last week. So it could realistically represent a 0.1% drop in traffic for google - or am I way off somehow? It's not unrealistic to think it could go up another magnitude again. Then you're starting to talk about a real impact to Google's bottom line.
I am one of those that have changed to DDG after the scandals. So far it feels like I find my results as quickly as I used to do with Google. One nice feature that I just found: under the Privacy tab at https://duckduckgo.com/settings you can change so that the query is sent as a HTTP POST parameter instead of a GET parameter. That way your ISP can't find out what you are searching for (assuming you have https enabled).
Not just the query string values, it encrypts the path to the resource (and headers, etc) as well. However, another HNer pointed me to an article on side-channel attacks which is helpful to keep in mind when considering privacy:
I find the option to ‘save’ options in the URL much nicer. If I want to change my default language, safe mode etc. with Google, I need to enable Cookies. With DDG, I can save these in the search engine settings in Opera :)
DDG logs very litte information...so while NSA can subpoena DDG, there's no data to get.
Developers should read "Playing chicken with cat.jpg"  which was a response from cperciva  to the 37 Signals privacy blunder. It was discussed quite a bit on HN  and for me it was a perspective-changing read on privacy.
Not necessarily possible even with the private keys. If you use an SSL cipher with ephemeral keys, such as the DHE_* or ECDHE_* family of ciphers, then an eavesdropper with a recorded but not MITMed conversation cannot decrypt it even with the server's private SSL key.
Google does pin their keys in Chrome though, so they know if there is a MITM (and they have, Chrome's certificate pinning led to DigiNotar's downfall). It's a non-scalable hack, but definitely a good one for the largest search engine and a leading email provider to be able to provide.
Don't forget link owners. NSA and other bastards can force data centers and link providers without knowledge of DDG. They can split, sniff and store all that data, even if they atm don't know how to decrypt some traffic. One day they will know. It's friking 1984^2
Isn't DDG just a search engine aggregator? If they weren't relying on 3rd party search engines, which do record log searches, they'd then probably have to implement a diminished search themselves. A search implementation which I imagine would be severely hampered by a lack of logs.
I don't really see how their model is sustainable at scale.
Now, this makes me wonder: What could be an equivalent implementation for e-mails. An e-mail host that encourages immediate download, totally deletes e-mail contents, deletes logs of any sort, etc. when you delete messages?
The first thing to do is to avoid using the most popular email hosts. The world's email should not be centralized around some popular service like Gmail, but should be distributed over many hosts and countries.
You can start your own mail server and make it encrypt all incoming messages with your GPG or SMIME public key. This way NSA will have to collect your old messages from various senders' servers (or the archive made by their sniffers).
I'd be happy even with a host that allows you to delete e-mails en masse, or auto-delete them after a set period of time, say 180 days, which is how much is necessary to pass before the US government considers e-mail "free for all".
You could also try Bitmessage or Retroshare, where e-mails are automatically encrypted, and P2P (no central server).
Google has more information security engineers than ddg has all engineers. Same goes for Facebook and Microsoft. What makes HN think the NSA and/or China and/or Somali pirates haven't completely owned every server at ddg? Why do you think that just because ddg doesn't log anything implies that your ddg accesses aren't logged by third parties?
"DuckDuckGo gets its results from over one hundred sources, including DuckDuckBot (our own crawler), crowd-sourced sites (like Wikipedia, which are stored in our own index), Yahoo! (through BOSS), WolframAlpha, Bing, and Yandex." 
Because it varies widely :).
It is entirely based on your query -- whichever source is detected as best for that type of query (i.e. Yandex is better at handling symbols, Bing's advanced syntax is better [mostly]), and of course it changes over time as rules are tweaked and added.
IIRC it depends how the ads are routed. The ads could be piped through duckduckgo so Bing only receives searches to return contextual ads for but has no knowledge of the IPs for each search. Duckduckgo then embeds the ads in the search page and returns it to the searcher, then forgets their IP.
Really wanted to like DDG, and went as far as changing default SE for Chrome this week, but I couldn't hack it for more than a few days. The results page is very difficult on the eyes, and the design hierarchy is very rough. Google is just light years ahead. I'm going back to Google with Incognito and AdBlock for now.
I tried to switch back to Google because it didn't feel the same to a part of my brain, even though I didn't feel search result quality was an issue. So I changed keyword.url(firefox) to duckduckgo. It doesn't feel that bad now, and when I feel I am missing out I visit google.com manually.
Google has great results, and even with the current fiasco, I do trust google somewhat. But we don't have good alternatives to Google and bing, which isn't a good thing. So I am trying to help ddg out by using their service.
Incognito and AdBlock might not protect against Prism, but they protect me from other sites. Logging out is an option as well, which is something I'm considering, though I doubt it matters much since they know me by IP and I use Gmail.