I just searched Google (heh) and apparently DDG makes their money from affiliate links at the moment. I've been considering switching to DDG so I'll have to make an effort to do my Amazon searches through them; it's a really easy way to support them.
It's also important to note that not only do they run a Tor exit enclave, they also run a .onion hidden service, which unlike the enclave is not deprecated in the next version, and means that DDG can be accessed without leaving the Tor network.
Everytime I don't get the results I want through DDG (which happens rarely) I just type !sp + searchterm into my search bar and it searches via startpage.com, which uses googles search results without my IP address or searches being recorded, no identifying or tracking cookies are used and SSL encryption is set by default.
When you look at the timeline[1], the first event is "DontTrack.us", a website[2] dedicated to pointing out google tracking, and linking to DDG in the end.
So privacy has always been their focus. It is a nice advertising point, but pushed from the beginning.
I remember the first time (about 6 months ago) I took a look at their about page there was a big emphasis on them not tracking your searches, so I think the sentiment has always been there.
In the very beginning, Gabriel was more focused on the instant answers and hadn't thought much of privacy -- users brought it up after he launched it on HN.
Google's strategy is to profit from advertising. It fundamentally benefits from knowing as much about its users as possible. Every tactic it has will always support that strategy or it will risk failure.
You can tell its strategy motivates it toward evil (its term, not mine), because its slogan is "Don't be evil."
It chose that slogan because it risks being evil, in its own terms. It doesn't need a slogan like "Don't be unprofitable" or "Don't break the law" because its strategy doesn't point it in those directions. It points to being evil, in its terms.
Why else would a company feel so compelled to stop itself from doing evil than to make its most prominent slogan to stop itself? If its strategy didn't point it in that direction, why else would it try to stop itself from stopping being "evil"? All the brilliance of its engineers, managers, leaders, deals, and so on exists to support the company's strategy, which it realizes motivates them so much toward "evil" it has to stop itself as its highest or at least most public directive.
"Don't be evil" exists to make the place palatable to humans who understand the company's direction. Who made the slogan? The people who know the company's direction best. They know it better than you and they realize its direction.
Google has a technically superior product to its competitors. When you realize its most knowledgeable and powerful employees know its strategy points it to "be evil", you realize why people use alternatives whose strategies don't point them to "evil," especially when current events highlight the consequences of its strategic choice of knowing so much about you, its users.
Whatever you feel about Google's actions, there's no need to concoct elaborate stories around and speculative theories about the origin of Google's 'don't be evil' slogan. You can look it up.
According to http://blogoscoped.com/archive/2007-07-16-n55.html, the 'don't be evil' slogan came from Paul Buchheit, who was brand-new to the company when he proposed it at a corporate-values brainstorming meeting. This meeting was before Google became an advertising company, and Paul intended the slogan to be funny, and a jab at other companies.
It's also worth noting that Paul Buchheit worked at Intel before Google: http://en.wikipedia.org/wiki/Paul_Buchheit and I remember him railing about big companies and the sort of sclerotic bureaucracy that prevailed at big companies.
I think Paul also wanted to pick an idea that would prevent Google from becoming a typical big company. But I don't recall there ever being any sort of "Google's strategy leans it toward evil; we need to avoid that" undertone in Paul's suggestion. In my mind, it was more like "avoid how almost all larger companies naturally end up being."
I agree with the parent commenter: the fact that "don't be evil" was adopted suggests strongly that there is a motivation to be evil that needed to be overcome (and that users could identify with).
The company storytelling that goes along with the slogan doesn't matter, and nor does it matter that it's intended mainly as a jab at competitors in the same industry.
It's not a 0-1 thing, there are degrees of attraction towards "evil". The guard in a concentration camp has more tendency towards evil than the guard in, say, a factory or residential building.
As Buchheit[1] himself said: "It’s also a bit of a jab at a lot of the other companies, especially our competitors, who at the time, in our opinion, were kind of exploiting the users to some extent." (emphasis mine)
Realizing that your competitors, i.e. firms you acknowledge as being in the same industry, are "kind of exploiting the users" seems to me not far from realizing that your very industry has a tendency towards that.
I think "Don't be evil" is an honest expression of the early confidence and idealism of the founders and core team of Google. However, in the last few years, as with America at large, something seems to have changed at Google. Personally, I tend to steer more and more away from it.
If they truly wanted to avoid evil and, perhaps more important, the potential for future evil, they would anonymize all observations to make, say, search per se better (as opposed to expressly attributing data so as to "personalize" it). That, incidentally, would also make Google immune to NSA bullying. Much like Apple, they could just say: We don't even store this kind of data, sorry guys, look somewhere else. At the rate with which they collect data points and with which hardware, algos, and science advance, it will be possible in a few years to do fine-grained psychological profiling on a massive scale, with all the possibilities of evil I can imagine. It's a fine line between prediction and control in social systems. And we all know that what is technically possible eventually will be tried by someone. It's not hard to think of scenarios.
Limiting technology usage because of fear of unforeseen consequences seems a little short-sighted to me. If I would agree with such a line of thought, I would be Amish or something. In regards to evilness potential, the genie is out of the bottle ever since the Internet happened.
Btw, Google does personalize searches in a useful way. You may not have noticed it, especially if you're from the US. DuckDuckGo is unusable for me whenever I search for local stuff. Also, when I search for "Ruby", the first result is about Ruby, the programming language. Guess what my wife sees when she's doing the same search.
You can place "personalize" in quotes all you want, but they are doing it because users want it, period.
Also, I see people here being so enthused about DuckDuckGo, ignoring that the project itself uses Bing's APIs as its primary engine. Of course it does, who would be insane to recreate Google's infrastructure and algorithms when you could get it by piggybacking on Google's main competitor and without which DuckDuckGo wouldn't have been possible.
And here's what a lot of people miss - you don't even need a unique cookie to track users down. All you need are IPs and some smart algorithms for disambiguations. You can't reliably identify all users, but you can identify many of them only by keeping the history of searches per IP. And if you throw in a user agent (which I can assure you, it does get sent to Bing), the reliability increases even further. Throw in IPv6 and we won't be needing cookies at all.
If anything, fear of technology doesn't do any good, because it will happen, regardless if you want it or not. Privacy concerns need to be solved by laws. If governments disapprove, then we need new governments.
1. Region can be changed in DuckDuckGo's settings, for more localized results -- by default it is set to "No region," so there is nothing localized in the results.
2. Bing is one of very very many sources, which are all remixed and combined, so the end result is completely different from Bing or any other upstream source (and most often, far better).
3. No, no, no. Nothing at all is sent to bing other than a plain request for an ad coming from DuckDuckGo servers with the query (for a page-relevant ad).
So, this sentence: "user agent (which I can assure you, it does get sent to Bing)" <-- Utterly untrue.
Now, when you click on an ad, naturally your information is sent to both bing and whatever site the ad was for. That's to be expected, you are leaving DuckDuckGo at that point. This is also true when you click standard result links, of course.
Now that that's out of the way, my personal opinion of result tailoring/bubbling is: it's good sometimes.
I love being in my cozy little bubble when searching for coding things, and even local businesses and such. I do NOT love bubbling when I am doing academic research. Why would I want to see content I already know and like? That invalidates the point of research, and even gives me a false idea about whatever I am researching.
Bubbling and tracking, while good in some cases, should be optional in my opinion.
This is ahistorical. As another commenter said, you can look into the factual history behind the slogan yourself before it became an advertising company.[1]
That's an anecdotal account, not a factual history. Besides, I can use it to make my point, e.g.:
"our competitors, who at the time, in our opinion, were kind of exploiting the users"
So, they are fully aware that they're entering an industry where exploiting the users is a common temptation. Like I said, this provides motivation for a slogan referring to that.
"Amit started writing it down all over the building, on whiteboards everywhere."
Imagine literally going around plastering "Don't be evil" all over your colleagues' working spaces: I'm not sure that would be accepted as inoffensive in most work places... IMHO that would normally be a very strong action showing you think your colleagues ought to be reminded.
Paul Buchheit, the creator and original developer of GMail.
He participated in a meeting to establish the company's values and because he found things like “strive for excellence" to be bullshit, he wanted something unusual that would actually mean something. He chose "Don't be evil", because it was funny, it was a jab at Google's competitors and it was something that would be difficult to pull out.
You're actually confusing a couple of things. Advertising has very little to do with it. Say for the sake of argument they had no advertising and charged you $1 per month for a subscription to use Google. They'd still have the same challenge. That is, they are privy to their users most private thoughts - more so than nearly any other business or service in life. With that knowledge comes great responsibility and risk. Employees could be drawn into schemes to provide political, social, business or criminal networks with information on what citizens are thinking. It's sensible to drive that point home on a daily basis in your culture. In a way it's reassuring that they understand that rather than be flippant about it.
The slogan was probably more about not being like Microsoft, which was the top example of a successful software firm at the time, and was considered pretty evil.
Wow, the snark in this comment is so thick that you could cut it with a knife. How about instead you comment on why he's wrong instead of just being condescending.
Okay, but what's the end point? What's the "evil" destination for Google? When do we know Google has arrived there, if you say reaching that point is inevitable?
I think that even if Google themselves never do anything "evil", by any definition, there still remains this problem of "having very important user data" that you don't want to fall "in the wrong hands". The more data it has about the users, the more other, external, "wrong hands", will want it for reasons other than just to sell you advertising.
Unfortunately, those "wrong hands" will most likely be the government, and not just some hackers or other companies, and Google is relatively powerless against them, if they really want all the users' data.
This is why I think that if Google really cared about us, they'd do their best to at least give the users the option to have their data protected even if it falls into those "wrong hands". We need Google to implement some real encryption and decentralization in its services.
If Google really is powerless against the government, then they should leave it up to us to deal with the government, when that moment arrives, but help make it easy for everyone to protect that data.
Google does encrypt user data at rest. The problem is that they also have the decryption keys. They need to be able to see the data in plain text in order to target ads and improve their services. That's their entire business models. So, there is pretty much zero chance that Google will ever "implement some real encryption and decentralization in its services." If we want a Search Engine/Email Provider/Video Sharing Service/Thousand Other Things Google Does that is decentralized and encrypted client-side, it would have to be built by a different company or community with a different mission and profit model.
Then they would need a way to do client-side public key encryption in the web browser, which is difficult and not really an important feature as far as the vast majority of their users are concerned.
Despite the comments that the slogan predates advertising, there is something to the parent commenter's thesis, though it's certainly not pure cause and effect.
This is a commonly discussed psychological phenomenon; if you focus on avoiding the negative, you accentuate that. You're not saying "Be Good", it's don't be evil, and so you not only name the elephant in the room, you chart the path around her periphery, and may actually crash into the elephant of evil.
In other words, as taken from a parenting site:
State Requests Positively
>Positive requests are more effective than negative commands. For >example, your child is more likely to respond to, "Please use your >spoon." than "Don't eat with your fingers."
I can't believe this was upvoted to the first comment. It's baseless speculation and slander. Whatever your reasons for disliking Google, none of your suppositions here are reasonable.
>"Google's strategy is to profit from advertising. It fundamentally benefits from knowing as much about its users as possible. Every tactic it has will always support that strategy or it will risk failure."
Yes, Google's strategy is to profit from advertising. But this is a gross oversimplification of Google's business model. It also constantly innovates and improves its own technology and domain through research and development. It would be more apt to say, "Google has many strategies, of which advertising is one." Advertising profit is just one relevant strategic position. This is important because if you try to pigeonhole Google like this it makes it easier to build a strawman argument.
>"You can tell its strategy motivates it toward evil because its slogan is "Don't be evil." It chose that slogan because it risks being evil, in its own terms. It doesn't need a slogan like "Don't be unprofitable" or "Don't break the law" because its strategy doesn't point it in those directions. It points to being evil, in its terms."
No, no no no. This is clearly your term. If you read Paul Buchheit's telling of how the slogan was chosen (he was the one who came up with it, before Google was an ad company, before it was "Google" by modern standards, and while he was still fresh at the company)[1].
Furthermore, you're not making any sense with the last sentence. How in the world can you reasonably say a company would try to prevent itself from being "evil" by preemptively referring to that possibility in a slogan?
What? What kind of logic is that? It doesn't even hold up to Occam's Razor, since I just directly refuted it with a primary source and you have submitted no evidence except your clear bias against the company. For such a complex story that requires suspending disbelief, you have no proof.
>""Don't be evil" exists to make the place palatable to humans who understand the company's direction. Who made the slogan? The people who know the company's direction best. They know it better than you and they realize its direction."
Now you're just raving. Paul Buchheit made it. Do you hear yourself? A slogan exists to make an advertising company palatable to humans? What is your problem with Google? This goes beyond any fulfilling debate, you're actually just pulling nonsense out of the air with this. It would be different if you could submit anything that makes sense to support your loathing, but you have nothing but slander and words here.
>"Google has a technically superior product to its competitors. When you realize its most knowledgeable and powerful employees know its strategy points it to "be evil", you realize why people use alternatives whose strategies don't point them to "evil," especially when current events highlight the consequences of its strategic choice of knowing so much about you, its users."
Maybe this makes sense, if you had actually set up a reasonable probability that Google has a nefarious plot to be evil and subjugate the public to its whims while distracting them from that plot. What you're saying is inane and false. It amounts to a tinfoil conspiracy theory with groundless, biased assumptions that have no basis in observable reality.
Google isn't faultless. But you're actually being unreasonable. This comment is polarizing and devoid of any substantial quality. You didn't give a real critique of the company or its ethical standards. You just raved and made it clear you dislike the company.
Finally, just for the sake of argument, assuming everything you said is true (despite the fact that it's a complex web of conspiracy with no evidence) - why would making a slogan have any impact on whether or not a company is ethical? You neither defined "evil", nor submitted any evidence. The entire comment of yours is farcical.
Oh that's cool. I'd forgotten they had the traffic up online. I was wondering how many people had switched over to it over the last week (I've gone back to using it as my default engine again - not for the first time).
How many queries does google process per day? 1B? DDG is up 1M in the last week. So it could realistically represent a 0.1% drop in traffic for google - or am I way off somehow? It's not unrealistic to think it could go up another magnitude again. Then you're starting to talk about a real impact to Google's bottom line.
Google has more information security engineers than ddg has all engineers. Same goes for Facebook and Microsoft. What makes HN think the NSA and/or China and/or Somali pirates haven't completely owned every server at ddg? Why do you think that just because ddg doesn't log anything implies that your ddg accesses aren't logged by third parties?
I am one of those that have changed to DDG after the scandals. So far it feels like I find my results as quickly as I used to do with Google. One nice feature that I just found: under the Privacy tab at https://duckduckgo.com/settings you can change so that the query is sent as a HTTP POST parameter instead of a GET parameter. That way your ISP can't find out what you are searching for (assuming you have https enabled).
You are correct, I was drawing the wrong conclusions from how the HTTP headers are sent. It doesn't affect how much info the ISP gets. However, POST parameters are somewhat more secure, since less info about your query is cached by your browser: http://stackoverflow.com/questions/198462/is-either-get-or-p...
Not just the query string values, it encrypts the path to the resource (and headers, etc) as well. However, another HNer pointed me to an article on side-channel attacks which is helpful to keep in mind when considering privacy:
Consider using Fiddler some time without HTTPS decryption enabled and go roaming around HTTPS sites. You'll see how much information it can extract from the transaction.
I find the option to ‘save’ options in the URL much nicer. If I want to change my default language, safe mode etc. with Google, I need to enable Cookies. With DDG, I can save these in the search engine settings in Opera :)
DDG logs very litte information...so while NSA can subpoena DDG, there's no data to get.
Developers should read "Playing chicken with cat.jpg" [1] which was a response from cperciva [2] to the 37 Signals privacy blunder. It was discussed quite a bit on HN [3] and for me it was a perspective-changing read on privacy.
Not necessarily possible even with the private keys. If you use an SSL cipher with ephemeral keys, such as the DHE_* or ECDHE_* family of ciphers, then an eavesdropper with a recorded but not MITMed conversation cannot decrypt it even with the server's private SSL key.
Which of course they do not. Google uses ECDHE_RSA. DDG uses RSA. ixquick, "the world's most private search engine", uses RSA. Bing does not even offer https.
Google does pin their keys in Chrome though, so they know if there is a MITM (and they have, Chrome's certificate pinning led to DigiNotar's downfall). It's a non-scalable hack, but definitely a good one for the largest search engine and a leading email provider to be able to provide.
Don't forget link owners. NSA and other bastards can force data centers and link providers without knowledge of DDG. They can split, sniff and store all that data, even if they atm don't know how to decrypt some traffic. One day they will know. It's friking 1984^2
Isn't DDG just a search engine aggregator? If they weren't relying on 3rd party search engines, which do record log searches, they'd then probably have to implement a diminished search themselves. A search implementation which I imagine would be severely hampered by a lack of logs.
I don't really see how their model is sustainable at scale.
Now, this makes me wonder: What could be an equivalent implementation for e-mails. An e-mail host that encourages immediate download, totally deletes e-mail contents, deletes logs of any sort, etc. when you delete messages?
The first thing to do is to avoid using the most popular email hosts. The world's email should not be centralized around some popular service like Gmail, but should be distributed over many hosts and countries.
I'd be happy even with a host that allows you to delete e-mails en masse, or auto-delete them after a set period of time, say 180 days, which is how much is necessary to pass before the US government considers e-mail "free for all".
You could also try Bitmessage or Retroshare, where e-mails are automatically encrypted, and P2P (no central server).
You can start your own mail server and make it encrypt all incoming messages with your GPG or SMIME public key. This way NSA will have to collect your old messages from various senders' servers (or the archive made by their sniffers).
That's the second time I've seen someone use GPG and the first time I assumed it was a mistype and they meant "PGP", so I looked it up. Just in case anyone was in the same boat as me:
"DuckDuckGo gets its results from over one hundred sources, including DuckDuckBot (our own crawler), crowd-sourced sites (like Wikipedia, which are stored in our own index), Yahoo! (through BOSS), WolframAlpha, Bing, and Yandex." [1]
Because it varies widely :).
It is entirely based on your query -- whichever source is detected as best for that type of query (i.e. Yandex is better at handling symbols, Bing's advanced syntax is better [mostly]), and of course it changes over time as rules are tweaked and added.
For the searches that don't bring relevant results, I choose the "Give Feedback" option and report Bad Results. Then I add "!g" to the search and continue.
I've been using it. It's a pretty decent search engine, but doesn't do quite as good a job as Google at prioritizing "canonical" content and finding the right entry points to things. Sometimes it'll land you deep in a relevant site but not at the front page, for example.
I have found one area that it seems to sometimes outshine Google: finding really obscure stuff. Google seems to be biased so hard toward more popular/stable/canonical content that it sometimes seems to overlook things when you really are looking for something weird, or a needle in a haystack. Try using DuckDuckGo to find some ultra-obscure reference.
This is interesting as Google's index is almost certainly much larger... so it's got to be a PageRank artifact.
I actually switched to DuckDuckGo because the Chrome team decided to make using a Google a worse experience than using any other search engine in the latest beta client.
Unfortunately, DuckDuckGo results are way worse than Google from what I can tell so I still end up frequently going back and searching Google for things :(
Really wanted to like DDG, and went as far as changing default SE for Chrome this week, but I couldn't hack it for more than a few days. The results page is very difficult on the eyes, and the design hierarchy is very rough. Google is just light years ahead. I'm going back to Google with Incognito and AdBlock for now.
I tried to switch back to Google because it didn't feel the same to a part of my brain, even though I didn't feel search result quality was an issue. So I changed keyword.url(firefox) to duckduckgo. It doesn't feel that bad now, and when I feel I am missing out I visit google.com manually.
Google has great results, and even with the current fiasco, I do trust google somewhat. But we don't have good alternatives to Google and bing, which isn't a good thing. So I am trying to help ddg out by using their service.
Are incognito and AdBlock meant to protect against PRISM? I don't quite understand what the point is. Why not just log out if you're still using Google anyway?
Incognito and AdBlock might not protect against Prism, but they protect me from other sites. Logging out is an option as well, which is something I'm considering, though I doubt it matters much since they know me by IP and I use Gmail.
You can greatly customise the layout of the results page, and even store these customisations in the GET parameters, i.e. your browser’s search engine settings.
At the end of the article the author insinuates that the Bing ad partnership might lend itself to tracking users or otherwise making the service less secure and anonymous. Is that possible?
IIRC it depends how the ads are routed. The ads could be piped through duckduckgo so Bing only receives searches to return contextual ads for but has no knowledge of the IPs for each search. Duckduckgo then embeds the ads in the search page and returns it to the searcher, then forgets their IP.
On the other hand if there's just a bit of javascript on the search page that says "Tell bing to put ads on this page using the search bar text" then bing would be able to link the search to an IP and you lose your privacy.
I was looking into this recently, and I found this, on the FAQ:
"Ads cannot be retrieved from the developer directly but instead through the end user's browser. Calling for the Ads from a server will lead to detection and termination of the customer."
I used GDG for a while and there is one feature that it doesn't have that Google has that makes it very hard to convert. I can google "soap" and the first result is http://en.wikipedia.org/wiki/SOAP. If I GDG "soap" the results are all about bars of soap.
Nothing I have tried even comes close to competing with Google Search trained fror me when it comes to search relevance.
I tried using DDG a while ago. For most things it worked fine, but my biggest (only real) issue with it came when searching for solutions to technical problems.
For example, say I'm programming and I run into some obscure error message generated by some 3rd party library. From what I remember, DDG (in general) tended to require more fine tuning of the search query than Google in order to find in order for me to find the information I was looking for.
Unfortunately I can't think of an example of the top of my head, as this was awhile ago.
edit:
Another example: Say I remember an obscure forum post from months ago. Which search engine is more likely to find it? DDG is great, but it still needs to improve somewhat in these areas before I switch over to it entirely.
I use DDG, but whenever I have the sort of search intent you outline, I simply append !g and search Google instead. It's also easier for me to use DDG and append !gi to look at images, rather than run a Google search and then switch to image search.
This is absolutely what happens when you find a successful long-play strategy and position yourself right. DDG is probably never going to be as big as Google, but it doesn't need to be. There is likely a growing group of people that doesn't so much like the idea of Google tracking them down and using their information for other things, or governments getting that information. A small portion of a huge audience could likely be millions, certainly enough to support a business, even if it's not a huge business.
I have a strange phobia. Even though I think I have an understanding of how Google works, I have this (irrational?) belief that no matter what I do Google can see it. That somehow, someway, even if I use DuckDuckGo, Google is aware of it and tracking me anyway.
Sometimes I see an ad on the internet that seems relevant to a private, in person conversation I had with someone, and that same "Google feeling" washes over me.
That's not irrational at all - Google tracks almost everything you do on the web via the Google analytics code and Adsense code that are on the web pages you visit, not just via your searches.
I love DuckDuckGo, but there is one problem, the search results are generally poor. I have to revert to google very regularly to find what I want, particularly for technical searches. I am going to persist, but at this stage I am limiting it to things I don't want on my permanent record, like when I am searching for things like 'herpes'.
Brown cookie for the effort, but i have exactly 0% of hits coming from duckduckgo to any of my sites.
It's good alternative search engine though as Google becoming increasingly opinionated and rattled by inconsistent changes with never ending improvements to their algorithms.
I changed my default search engine on safari to DDG, am I happy, no but willing to give them a chance and also using other search sources(github) for my purposes
On mobile safari you can't change the search engine (that I know of), so I've switched to the Mercury browser which does allow me to use DDG. I'm actually quite happy with Mercury, it's a snappy little browser with a good feature set!
One motivation for switching: they have lots of "gadgets" like Google, and will take suggestions and/or apparently let you develop new ones. Here is a cool example: https://duckduckgo.com/goodies#Programming/crontab_0_0______...
Another useful feature: https://duckduckgo.com/bang.html
I just searched Google (heh) and apparently DDG makes their money from affiliate links at the moment. I've been considering switching to DDG so I'll have to make an effort to do my Amazon searches through them; it's a really easy way to support them.
EDIT: useful method of switching: http://help.duckduckgo.com/customer/portal/articles/255650