Why You Should Avoid DuckDuckGo (DDG) 2021 Edition, Now Microsoft-Hosted and With Extra Privacy Risks

Why You Should Avoid DuckDuckGo (DDG) 2021 Edition, Now Microsoft-Hosted and With Extra Privacy Risks


Reddit seems to be censoring such revelations right now (even a year after publication), as if sponsors are more important than facts


There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spotlighted:

  1. Nefarious History of DDG founder & CEO:
  2. DDG’s founder (Gabriel Weinberg) has a history ofprivacy abuse, starting with his founding of Names DB,a surveillance capitalist service designed to coerce naive usersto submit sensitive information about their friends. (2006)
  3. (expand related trivia on Reddit censorship)
  4. Weinberg’s motivation for creating DDG was notactually to “spread privacy”; it was to create something big,something that would compete with big players, according to aninterview between Weinberg and Susan Adams. As a privacy abuserduring the conception of DDG (Names Database), Weinberg sought tobecome a big-name legacy. Privacy is Weinberg’s means (not ends)in that endeavor. Clearly he doesn’t value privacy — he valuesperception of privacy.
  5. Direct Privacy Abuse:
  6. DDG was caught violating its own privacy policyby issuing tracker cookies, according to Alexander Hanff(CEO of Think Privacy and a data security andethics expert on staff at Singularity University).
  7. DDG was again caught violating its own privacy policy byfingerprinting browsers. DDG responded notwith counter evidence, but simply a plea to trust them.
  8. DDG’s third violation (2021): Microsoft hosts DDG’s service andalso supplies Bing search results for the sametransaction. This means Microsoft sees both sides of thetransaction and can link your IP address (i.e. identity) toyour search query that Bing processes. DDG makes thisfalse statement: “we never share any personal information withany of our partners. The way it works is when we call a partnerfor information, it is proxied through our servers so it stayscompletely anonymous. That is, any call to a partner looks tothe partner as it is from us and not the user itself, and nouser personal information is passed in that process (e.g. theirIP address). That way we can build our search result pages usingthese 100s of partner sources, while still keeping themcompletely anonymous to you (emphasis added). While it maybe true that DDG doesn’t transmit users’ IP addresses toMicrosoft, Microsoft has already seen users’ IP addresses viaAzure. That combination of data given to Microsoft makes DDG’sstatement a lie. The MS Azure privacy policy refersus to the general MS privacy policy, which confirms thatMicrosoft collects IP addresses.
  9. DDG can change their hosting provider at any time. And theyhave– they migrated from Amazon AWS to Microsoft. As of thedrafting of the article herein, DDG is still MS-hosted. Toverify for yourself that DDG is still MS-hosted as you readthis, Linux Tor users can run: torsocks whois "$(torsocks dig +tcp +short +time=4 +tries=1 duckduckgo.com @resolver1.opendns.com)"; web users can verify by obtainingDDG’s IP address from digweb and then visithttps://ipinfo.io/ <IP address from digweb>.
  10. DDG’s app sends every URL you visit to DDGservers. (discussion).
  11. DDG is currently collecting users’ operating systems andeverything they highlight in the search results. (to verifythis, simply hit F12 in your browser and select the “network”tab. Do a search with JavaScript enabled. Highlight some text onthe screen. Mouseover the traffic rows and see that yourhighlighted text, operating system, and other details relating togeolocation are sent to DDG. Then change the query and submit.Notice that the previous query is being transmitted with the newquery to link the queries together)
  12. When clicking an ad on the DDG results page, all data availablein your session is sent to the advertiser, which is why the Epicbrowser project refuses to set DDG as the defaultsearch engine.
  13. DDG blacklisted Framabee, a search engine for thehighly respected framasoft.org consortium.
  14. Censorship:Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
  15. DDG is complying with the “celebrity threesomeinjunction”.
  16. Harmful impact on net neutrality:
  17. DDG attempts to play both sides of the network neutrality fight.DDG donated $50k (as of 2020) to anopponent of net neutrality who ironicallycalls themselves “TechFreedom”. Then DDG alsodonated $50k to an opponent of TechFreedom, “PublicKnowledge”, who actually calls for “NO rulespreventing blocking of website”, yet Public Knowledge blocks Torusers from their own website by issuing a “403 forbidden” error.Public Knowledge intends to coach Congresson “How Interoperability Can Rein In Big Tech”, yet theythemselves have broken interoperability with Tor as they makethemselves electronically unreachable outside of Facebook,Twitter, Youtube, and Gmail.
  18. CloudFlare: DDG promotes one of the most perniciousprivacy abusing tech giants and adversary to the Torcommunity: CloudFlare Inc. DDG results give high rankings toCloudFlare sites, thus leading users into the largest privacyabusing walled garden on the web.
  19. Supporting CloudFlare compromises privacy, net neutrality,democracy, and anonymity:
  20. Anonymity: CloudFlare DoS attacks Tor users, causing substantialdamage to the Tor network.
  21. Privacy: All CloudFlare sites are surreptitiously MitM’d by design.
  22. Net neutrality: CloudFlare’s attack on Tor users causes accessinequality, the centerpiece to net neutrality.
  23. DDG T-shirts are sold using a CloudFlare site, thussurreptitiously sharing all order information (name, address,credit card, etc) with CloudFlare despite their statement at thebottom of the page saying “DuckDuckGo is an Internet privacycompany that empowers you to seamlessly take control of yourpersonal information online, without any tradeoffs.” (2019)
  24. DDG hired CloudFlare to host spreadprivacy.com (2019)
  25. DDG also donated over $186k to a series ofprivacy-abusing CloudFlare sites run by “Demand Progress”, “Fightfor the Future”, and “Access Now”. Despite getting nearly $70kfrom DDG, FFTF continues to expose their own patrons to the veryevil they claim to be fighting. Demand Progress, who received$100k from DDG, posts their claim to “contest concentratedcorporate power” directly on their CloudFlare site,as well as the claim that they educate people on“the impacts of corporate power over our economy and democracy” asthey “confront corporate bad actors”, all of which is bluntlyunaligned with their CloudFlare patronage. Access Now, whoreceived $16k from DDG, also used CloudFlare to block Tor users,hypocritically acting against theirown mission to “fight for a free and openinternet, advocating for the Net Neutrality principle that internetaccess should be offered to everyone on a nondiscriminatory basis,without favoring certain websites, applications, or services.” DDGapparently does little inspection on those they donate to, as ifthey’re merely selecting recipients with names that promote theirprivacy propaganda strategy to boost user loyalty.
  26. Harmful Partnerships with Adversaries of Privacy Seekers:
  27. DDG gets paid a commission when users visit eBayfrom DDG. Note that eBay has been caughtsending JavaScript that snoops on their own customers by portscanning the LAN and reporting back to eBay. Moreover, eBaytransactions are impossible without using PayPal, andPayPal abuses privacy in countless ways.
  28. DDG gets paid a commission when users visitprivacy-abuser Amazon.
  1. DDG also uses AWS to crawl the web, which Amazonprofits from. The Amazon partnership triggers substantialethical issues:
  2. Amazon is making an astronomical investment in facialrecognition which will destroy physical travel privacyworldwide.
  3. Amazon uses Ring and Alexa to surveil neighborhoods and theinside of homes.
  4. Amazon paid $195k to fight privacy in CA. (alsosee http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
  5. Amazon runs sweat shops, invests in climate denial, etc. Thelist of non-privacy related harms is too long tolist here.
  6. DDG feeds privacy-abuser Microsoft by patronizing the BingAPI for search results,using Microsoft’s ad network, using Outlook emailservice, hiring Microsoft to host DDG’s search site and hostDDG’s crawler.
  7. The Dutch government commissioned a study whichfound Microsoft Office products to haveseveral GDPR violations.
  8. Microsoft finances AnyVision to equip the Israeli militarywith facial recognition to be used against the Palestinianswho they oppress.
  9. Microsoft paid$195k to fight privacy in CA. (also seehttp://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
  10. DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==>“…duckduckgo-com.mail.protection.outlook.com”
  11. (historic) DDG is was previously partneredwith Yahoo (aka Oath; plus Verizon and AOL byextension).
  12. (click to expand details)
  13. Advertising Abuses & Corruption:
  14. DDG exploited a room at FOSDEM for commercial gain, todeliver a sales pitch despite its proprietary non-free servercode, then dashed out without taking questions. Shame on FOSDEMorganizers for allowing this corrupt corporate abuse of preciousresources.
  15. Tor Project accepts an annual $25k “contribution”(read: bribe) from DDG, so you’ll find that DDG problems aredown-played by those close to the Tor Project (e.g. EFF). Thisis likely why Tor Browser always defaults to using DDG (whichDDG conceals from their disclosure) and why TorProject endorses DDG over Ss — ultimately against theinterests of the privacy-seeking Tor community. This defaultsearch engine exploitsThe Tyranny of Convenience. The EFF also pimpsDDG — a likely consequence of EFF’s close ties to Tor Project.
  16. (click to expand details on how Tor Project responds to criticism about their loyalty toward DuckDuckGo [their benefactor] in IRC)

Editor’s note: We published a (now-outdated) version before. The author notes: “The significant changes are: DDG is now MS-hosted (2.3), DDG gets commission when Amazon or eBay links are followed, Verizon-Yahoo is no longer a partner, and there’s more dirt on DDG donees (TechFreedom, “Public Knowledge”, “Demand Progress”, “Fight for the Future”, and “Access Now”)”

https://techrights.org/2021/03/15/duckduckgo-in-2021/

Report Page