I've been using DDG as my primary search engine since June, 2013. That's not my first attempt to make a go of it, I took a couple of stabs at DDG over the past year or two, but found that the results were less than satisfactory: slow response, no response, and often, poor matches on queries.
With the Snowden revelations and the abundantly clear trend of Google to aggregate as much personally-identifiable information as possible, I made a clean break in June, 2013. The performance and search quality are vastly improved. And while I don't eschew all Google products (though I'm making drastically less use of them, and as little as possible while authenticated), I find that using DDG as my first cut generally works.
For fallback, my usual scheme is DDG, !SP (StartPage, another proxying search aggregator making more full use of Google), and if I'm still not fully satisfied, Google itself.
There are areas in which Google's search tools are still hugely superior:
⚫ Searching within a date range. DDG doesn't offer this option.
⚫ Some specialized search, in particular Google Books and Google Scholar. Where Google focuses on its core competency of providing search and not on grabbing as much user data as possible, I find the company far more acceptable.
⚫ Some deep-site searches. Google seems to crawl sites more deeply and in more detail than DDG. I particularly rely on it for Reddit, whose own site search excludes comments.
As I've noted, Google's biggest liability is that, no matter its best intentions, it cannot provide any guarantee against a government-size advanced persistent threat, especially not one with the law (constitutional or otherwise) at its disposal: http://www.reddit.com/r/dredmorbius/comments/1u356d/schmidt_...
But overall, I'm hugely impressed with DDG.
For those who use console / terminal browsers such as w3m or links, the 'lite' version puts the "search" button one tab following the search dialog: https://duckduckgo.com/lite
And DDG's TTY mode (command-line interface) is teh awesomenessedness:
If Google can't protect its datacenter traffic from the NSA, or from the law, what makes you think DDG can operate outside the law or protect itself from NSA snooping?
DDG's policy is to not log personally identifiable data. Google's present business model is based on logging enormous amounts of personally identifiable data. Your search history for at least 18 months. Cross-correlation between Search, YouTube, Gmail, G+, and other services. And on and on. I detail much of this in the blog entry linked.
DDG could be forced to put an upstream intercept which would log searches by specific IPs, but that's outside their normal operational scope. It also applies only to data-on-the-wire, not data-at-rest. In Google's case, your aggregated history is sitting on their servers to be collected at any time.
If you don't trust DDG not to log your searches, going through Tor will give you yet another degree of separation (there are also browser extensions such as DisconnectSearch: https://disconnect.me/search).
As sobering as the disclosures from Snowden, Applebaum, and others have been, the news appears to be that cryptographic methods do work to protect privacy or at the very least greatly increase workload for surveillance.
And another aspect is that by encouraging and promoting alternatives to Google, we're carving out at least a small niche in which privacy-focused entrants to a vastly concentrated search market (Google scores in the neighborhood of 85% of all search according to some metrics I've seen) might be able to thrive.
Since the NSA "Muscular" program was known to have compromised datacenters upstream, that's little consolidation if DDG has any multihomed datacenter support and is not encrypting their inter-DC links or if the NSA has compromised your hosting provider directly. Given that they have been shown to actually intercept and plant modified hardware, there's really no guarantee that they couldn't plant a tap. Point is, if DDG ever got a non-trivial marketshare, there's little confidence that your systems are more secure than Google's, regardless of capturing search history or not, or if they could not be compromised by the same court demands that other top level providers are under.
DDG's safety from the NSA is inversely proportional to its success in the market.
I find this somewhat naive. If DDG was ever something they wanted to track or aren't currently tracking in some way, they can. I mean lavabit and silent circle were forced to either comply or shut down.
Lavabit and Silent Circle are both predicated on retaining persistent user state (messages, logins, etc.), and could be required to modify back-end code to select on that and either dump state (possibly unencrypted, I'm not sure of the specifics of their methods), provide stream intercepts, etc. The point is: user identification is integral to the services.
DDG doesn't operate that way. Access it through a sufficient diversionary proxy (Disconnect Search, TOR, what have you), and you're simply another (unknown) IP address making another (known) search request. While I won't say it's impossible to tie the two together, the cost is far higher than the case where 1) user search history is explicitly stored or 2) a direct IP history is connected.
Scale your countermeasures to suit your paranoia level / risk model. If you're concerned over browser fingerprinting (https://panopticlick.eff.org/), you'll want to include privoxy as well as TOR.
Note that even unauthenticated users to Google are issued cookies, and undetermined amounts of browser state are tracked. I've got a statement from a Google engineer on G+ that such indicators aren't used to identify accounts, but whether or not they're used to identify end users at all is an unanswered question.
So, short answer: you're right, using DDG of itself isn't a perfect guarantee, but it's a much smaller risk envelope than Google offers, and it can be reduced to pretty near nil with a few additional provisions, all of which hugely increase intercept costs.
Tor doesn't keep the site from knowing who you are. It only prevents an observer from determining the relationship between you and that site from traffic alone, as that is encrypted and obfuscated.
So if you're using Google directly via TOR, you're back in the risk case that your data-at-rest identify you. They can be linked by various means: your username, if that identifies you, by patterns of behavior across multiple sites, by ad syndication networks and shared cookies, etc.
So, no, TOR alone isn't sufficient security in the case of Google.
Your patterns of behavior across multiple sites is not going change whether you're using DDG or Google. And presumably, if you are using TOR, you are not logged into Google, using an incognito window, have scripts to block Google Analytics, etc.
If the NSA is tracking you across the internet outside of Google's Search Box, you've got bigger problems than Search History. Searching for "Bomb Making 101" is the least of your problems if they see you actually visiting BombMaking.com as well as BombMaterialsShop.com
You're postulating a threat model in which anonymized and proxied browsing isn't good enough, because somehow they'll capture all your behavior anyway and then tie it to anonymous search history. My point is, if they can do that, frankly, the fact that they have your search history is the least of your troubles.
This appears to be a threat model specifically designed to sell the DDG use case and fight the notion that using Google un-logged in via a privacy browser isn't "good enough". I'm not sure the case can be made that the DDG scenario is marginally better enough to justify worse search results.
"If Google can't protect its datacenter traffic from the NSA, or from the law, what makes you think DDG can operate outside the law or protect itself from NSA snooping?"
It's not just a question of NSA snooping, some of us simply do not want our online behaviour tracked and recorded by companies to such an invasive degree.
DDG does not know when I print to my desktop printer or how often (but Google does if I'm using ChromeOS).
DDG does not know my journey within different websites, but Google does via it's analytics service.
DDG does not stitch together seemingly disparate journeys that I make online (e.g. browsing a product on a shopping site that uses Google Anlaytics, then going to YouTube to search for said product - Google undoubtedly connects these journeys)
DDG does not record every website I visit, every link I click. Google does if I'm using ChromeOS or if I'm signed into a Google account and using the Chrome browser.
DDG can not track my online behvaviour across desktop (Chrome and ChromeOS), mobile (Android) and tablet (Android) to the degree that Google can.
The extent to which Google can track and record online behaviour simply has no equal among online companies. No company that collects such a staggering amount of data about users should be free from scrutiny.
And finally, it's also about taking a principled stand rather than just shrugging your shoulders and thinking "Well, the NSA will snoop on me whatever service I use, so I'll just stick with Google even if I don't like their online practices"
I've been trying again to get in to DDG and currently have it as my search provider in my main browser - but the lack of date limitation is a clincher for me.
I did Bing's search comparison again just today and came out on top for Google 3/5 and even on 2/5 searches.
Seems I'm stuck with Google, just wish it was old Google with booleans and code search and such.
On a Mac in Safari when I search using Google, immediately above the search results there is a line that has "Search tools" as the rightmost entry. Click that and a new line will appear underneath it with a date limitation drop down menu ("Any time" label) at the leftmost position. Use that to set search date limits.
> Google's biggest liability is that, no matter its best intentions, it cannot provide any guarantee against a government-size advanced persistent threat
Google is the government-sized persistent threat. The NSA didn't start demanding Google collect as much information as it can on you, Google did. The NSA just wanted a piece of that spying action after the fact.
You're missing my point. While I allow that your statement has merits, mine is that even if it didn't, Google simply cannot assert the ability to secure users privacy.
With the Snowden revelations and the abundantly clear trend of Google to aggregate as much personally-identifiable information as possible, I made a clean break in June, 2013. The performance and search quality are vastly improved. And while I don't eschew all Google products (though I'm making drastically less use of them, and as little as possible while authenticated), I find that using DDG as my first cut generally works.
For fallback, my usual scheme is DDG, !SP (StartPage, another proxying search aggregator making more full use of Google), and if I'm still not fully satisfied, Google itself.
There are areas in which Google's search tools are still hugely superior:
⚫ Searching within a date range. DDG doesn't offer this option.
⚫ Some specialized search, in particular Google Books and Google Scholar. Where Google focuses on its core competency of providing search and not on grabbing as much user data as possible, I find the company far more acceptable.
⚫ Some deep-site searches. Google seems to crawl sites more deeply and in more detail than DDG. I particularly rely on it for Reddit, whose own site search excludes comments.
As I've noted, Google's biggest liability is that, no matter its best intentions, it cannot provide any guarantee against a government-size advanced persistent threat, especially not one with the law (constitutional or otherwise) at its disposal: http://www.reddit.com/r/dredmorbius/comments/1u356d/schmidt_...
But overall, I'm hugely impressed with DDG.
For those who use console / terminal browsers such as w3m or links, the 'lite' version puts the "search" button one tab following the search dialog: https://duckduckgo.com/lite
And DDG's TTY mode (command-line interface) is teh awesomenessedness:
https://duckduckgo.com/tty/