Opened 8 years ago

Closed 17 months ago

Last modified 6 months ago

#4902 closed enhancement (worksforme)

Change the default search engine in TBB

Reported by: phobos Owned by: mikeperry
Priority: Medium Milestone: TorBrowserBundle 2.3.x-stable
Component: Firefox Patch Issues Version:
Severity: Blocker Keywords: MikePerry201204
Cc: mk@…, tails@…, mikeperry, erinn, strunk@…, 5p4m@… Actual Points: 1
Parent ID: Points: 1
Reviewer: Sponsor:

Description

Some users are concerned that the default search engine in TBB is Google. While we do rewrite the parameters sent to Google, the fact that google can see a large percent of the tor user search queries (as a whole community) may be reducing their anonymity set. The power of defaults means many users, perhaps the majority, will not change their behavior.

Alternatives to google by default are ixquick and duckduckgo. My vote is for ddg. They run a hidden service, exit enclave, and in general seem to support Tor. ixquick has refused to work with us in the past.

Child Tickets

Attachments (7)

google.xml (2.3 KB) - added by cooperq 8 years ago.
Google.is search widget
ddg-tor.xml (2.0 KB) - added by cooperq 8 years ago.
duck duck go search widget
ddg-onion.xml (2.0 KB) - added by m 8 years ago.
DuckDuckGo TOR service search widget
ddg-html-post-onion.xml (2.0 KB) - added by cypherpunks 8 years ago.
DDG Search widget for onion for as HTTP POST (HTML version)
duckduckgo.xml (1.9 KB) - added by cooperq 8 years ago.
list.txt (75 bytes) - added by cooperq 8 years ago.
startpage.xml (1.9 KB) - added by cooperq 8 years ago.

Download all attachments as: .zip

Change History (50)

comment:1 Changed 8 years ago by Neo139

I like DuckDuckGo or scroogle. They are both equally anonymous. Never used ixquick.
The good thing about DuckDuckGo is that they support the cause. They run an exit enclave. They also support the free software community (they sponsor Linux Mint)
The good thing about scroogle is its fast, only one request/reply. The bad is it searches exactly what you typed,(even if it has a typo) without providing the "Did you mean" thing. So is not noob friendly.

+1 to DuckDuckGo

comment:2 Changed 8 years ago by atagar

I like DuckDuckGo or scroogle. They are both equally anonymous.

While I like scroogle and use it for my own searching, it would not be a good default for TBB. Scroogle relies on scraping google's content which has a couple disadvantages...

  1. Scroogle breaks whenever google changes their page. Scraping becomes more difficult as google integrates more ajax into their pages and, iirc, scroogle is now relying on the mobile version of the google site.

There have been a few times that it looked like scroogle would be broken indefinitely. It would be a bad idea to potentially leave TBB users with a broken default search.

  1. Google would still be getting TBB search queries, just through a one hop proxy. I'm not sure if this really addresses the concerns people have been raising...

My preference would be for us to go with DDG too. Besides being a nice search, they've been supportive of tor and also changed their homepage in response to complaints that it required javascript to operate. Both great signs that they're highly supportive of user privacy.

Cheers! -Damian

comment:3 Changed 8 years ago by mk

Cc: mk@… added

First, the main problem with Google, as I see it, is that it tracks clicks on result pages, and has demonstrated its disregard for users privacy. Combined with users inevitably logging in to other Google-owned services, such as GMail, having Google search as a default provides for complete deanonymization when accessing URLs via search results.

If you want DuckDuckGo to work like Scroogle, you can use the non-Javascript interface (see below). I will attempt to outline the technical pros and cons of some search engines.

  1. DuckDuckGo
  1. Ixquick via Google
    • Has high results quality and no click tracking (which Google does)
    • Supports Google's date filter
    • Uses POST requests (a problem with search extensions?), and GET support is apparently undocumented, but works: https://startpage.com/do/search?query=test
  1. Ixquick
    • Don't see why use it instead of its Google-results page
  1. Scroogle

I think that overall, DuckDuckGo is the best choice as a default search engine, given its support for Tor (including a hidden service to access the site), and that Ixquick via Google (startpage.com) is a good alternative for users who are dissatisfied with DuckDuckGo's results quality. This is probably the configuration that I will stay with use in Liberté Linux.

comment:4 Changed 8 years ago by T(A)ILS developers

Cc: tails@… added

comment:5 Changed 8 years ago by joebt

Duck Duck Go & Scroogle are both good in their own right, but EACH records / logs some info about visitors or searches (read their privacy policies). Scroogle's privacy policy isn't really a policy (that I find) - it's a graphic.

Duck Duck Go's policy says:
"Similarly, we may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites."
Sounds odd. Unless one uses a completely anonymous payment method, the site that DDG referred you to, knows who you are, once purchases are made. There's too little info in DDG's privacy policy about how the process of adding affiliate code & receiving payment works to fully understand it. It also raises the question, of the popular practice of search engines presenting what they want the user to see, first. In this case, possibly results from sites with whom they have financial agreements.

Ixquick & Start Page don't record any info (log searches, record IP addresses, etc) per their policies, last I read. If one wants Google search results, use Start Page. If you want results from other search engines, use Ixquick. Both have https. My experience is, different search results are often seen in Ixquick vs Google (or Google scrapers).

I don't know about "default" search engine. Would it be possible to actually prompt users to choose one, if Ixquick, Start Page, Duck Duck Go, Scroogle are all included in Aurora?

If Google search is COMPLETELY left out of Aurora, help is available through Mozilla (Aurora) Help, how to find / add search engines. Simple FAQ on Tor Project site could explain it. Most Tor users already know how to add search engines.

comment:6 Changed 8 years ago by phobos

startpage and ixquick are the same thing. ixquick just queries google these days. ixquick seems to do a lot to fingerprint individual users without recording the IP.

As one of the support people, most tor users don't look for a faq nor know how to manipulate the torbrowser at all.

comment:7 Changed 8 years ago by Neo139

What Duck Duck Go does is adding &tag=duckduckgo to all the URLs of Amazon. That's it. If you search "Amazon kindle" you will get
https://www.amazon.com/kindle-store-ebooks-newspapers-blogs/b?ie=UTF8&node=133141011&tag=duckduckgo-d-20
This is doesn't affect privacy more than cross-referering in common browsers. Amazon knows you came there via DDG. Nothing more.

I use Amazon Associates so I know the info duckduckgo is able to see is not much (number of clicks, number of buys, and products bought, You can't tell if 100 products were bought by 100 different people or all by 1 dude.

I think is way of business is much 'privacy-friendly' than recording everything you do, mining all, and displaying ads based on that.

There should be both scroogle, start page and DDG in the search engine (ctrl K) list. But as default, DDG. Scroogle is currently laggy

@mk
We can ask DDG admins to have an option to access the non-javascript page via URL parameters. &js=0
and maybe some 'lite' version without the "Spread DGG" sidebar, with a &lite=1

comment:8 Changed 8 years ago by mikeperry

Cc: mikeperry erinn added
Owner: changed from mikeperry to erinn
Status: newassigned

@phobos: mk is right. It looks like ixquick is no longer the same backend as startpage.com. Startpage.com seems to use Google on the back end where as ixquick does not. That gives us another option..

I am in favor of getting Google out of the default omnibox position, at least for now, due mainly to the Captcha problem. I am also made nervous by the gmail linkage. I'm not sure if people are aware of this risk, and the TBB threat model doesn't deal with it.

I am annoyed by startpage/ixquick giving us the cold shoulder, but I do feel like real Google search results are considerably better than what I get from DuckDuckGo (which I guess is Bing?)..

So I am torn between startpage and DDG for the omnibox default... We should include them both, though, and probably eliminate ebay, amazon, yahoo and bing.

Erinn, do you happen to know how the url box is built during the build process? Can we just add in our own .src plugins and remove the current ones?

comment:9 in reply to:  6 Changed 8 years ago by joebt

Replying to phobos:

"startpage and ixquick are the same thing. ixquick just queries google these days. "

No, they're different. Ixquick is a metacrawler and Start Page is a google scraper, just like Duck Duck Go. Start Page is run by Ixquick folks, but they don't use the same sources for search results.

I believe SOME Tor (TBB) users don't know "how to manipulate" the browser. Adding a search engine is as easy as adding bookmarks - not manipulating. The ones calling are those that don't know much. People that know their way around don't call support for ANY product much, by comparison.

If Google search is left out, ANYone can get it easily. If they're too clueless to add a search engine, they have worse problems & Tor's not going to protect them from themselves. You can only idiot proof something so much.

For anonymity's sake, I don't know how smart it would be to tell "the clueless" that Firefox Help from Mozilla works the same on Aurora, but they can get help there. Could force a readme file to open on Aurora's 1st start (no opt out) w/ some basic info. If they choose to close w/o reading, that's their problem.

comment:10 Changed 8 years ago by strunk

Cc: strunk@… added

Google is somewhat hostile to Tor users and more than somewhat hostile to privacy. DuckDuckGo has made overt efforts to support privacy, and to support Tor specifically. We should be embracing DDG. They may not be perfect (URI rewriting to add affiliate codes in search results) but they are orders of magnitude better than Google for our purposes. The transparency DDG has offered into their operation is unprecedented. Having a really high quality search engine that runs both a hidden service *and* an exit enclave is something TBB should be supporting and driving users to by default.

Please, make this change and make it soon.

comment:11 Changed 8 years ago by m

Cc: 5p4m@… added

Searches of users logged in to G+, Gmail or other Google services can very likely be traced by Google and we can be sure that Google will continue to work on tracing their users as much as they can. Gathering and connecting data is their business, hence they are by default a threat to the privacy of TOR users. We cannot keep users away from using Gmail or G+, so we should at least take precautions that their internet searches will not be traced by default. If they add Google themselves, so be it.

Alternatives have been mentioned here in various postings. DDG is the only one of the mentioned search engines that is actively supporting TOR. DDG is running a TOR relay and an exit enclave. DDG gave a part of their 2010 revenue FOSS donations to TOR and the DDG community nominated the TOR project again for 2011 revenue FOSS donations. On the other hand the IXQuick/ Startpage-people seem to be ignorant towards the TOR project. Scroogle gives anonymized Google searches but seems to be unreliable.

Therefore please add the DDG TOR service as the default engine for future versions of TBB. Maybe add Scroogle as an alternative and delete the default search engines (Google, eBay, Amazon etc.). The person behind DDG is usually very responsive and helpful and obviously aware and supporting of TOR which may be helpful in the future.

DDG is by the way not a Google scraper as mentioned earlier. AFAIK they gather data from several different sources and their own crawlers.

comment:12 in reply to:  11 ; Changed 8 years ago by mikeperry

Replying to m:

Searches of users logged in to G+, Gmail or other Google services can very likely be traced by Google and we can be sure that Google will continue to work on tracing their users as much as they can. Gathering and connecting data is their business, hence they are by default a threat to the privacy of TOR users. We cannot keep users away from using Gmail or G+, so we should at least take precautions that their internet searches will not be traced by default. If they add Google themselves, so be it.

It turns out that Google offers encrypted search on https://www.google.ca. The different TLD will cause Tor Browser's url isolation to prevent Google from tracking google.com users when google.ca is used for search, but google.com is used for authenticated services.

Alternatives have been mentioned here in various postings. DDG is the only one of the mentioned search engines that is actively supporting TOR. DDG is running a TOR relay and an exit enclave. DDG gave a part of their 2010 revenue FOSS donations to TOR and the DDG community nominated the TOR project again for 2011 revenue FOSS donations. On the other hand the IXQuick/ Startpage-people seem to be ignorant towards the TOR project. Scroogle gives anonymized Google searches but seems to be unreliable.

Therefore please add the DDG TOR service as the default engine for future versions of TBB. Maybe add Scroogle as an alternative and delete the default search engines (Google, eBay, Amazon etc.). The person behind DDG is usually very responsive and helpful and obviously aware and supporting of TOR which may be helpful in the future.

I would accept a patch to change our default search engine to DDG and/or to add DDG and StartPage to the Omnibox, because captchas fucking suck. But changing it right now myself is not a super high priority. I imagine Erinn is thinking the same thing.

Note that we already have code to use DDG as the searchbox on check.torproject.org (#3962), but since it's no one's job to admin check, and no one wants to give admin access to anyone else, that code will probably sit around forever unused :/.

comment:13 in reply to:  12 Changed 8 years ago by phobos

Replying to mikeperry:

Note that we already have code to use DDG as the searchbox on check.torproject.org (#3962), but since it's no one's job to admin check, and no one wants to give admin access to anyone else, that code will probably sit around forever unused :/.

Not true, sir. I admin check. We have an svn repo for check. And if we want something to go live on check, it should be committed first, and then I can push it live. It appears arma has a check fetish as well. Therefore you have not one, but two avenues for making things go live to check.

comment:14 in reply to:  12 Changed 8 years ago by phobos

Replying to mikeperry:

Note that we already have code to use DDG as the searchbox on check.torproject.org (#3962), but since it's no one's job to admin check, and no one wants to give admin access to anyone else, that code will probably sit around forever unused :/.

I don't see code on #3962, I see a ticket to patch torbel for ddg/new user interface. If there is code for check, point me at it. torbel isn't ready for production yet and won't be ready for a while.

Changed 8 years ago by cooperq

Attachment: google.xml added

Google.is search widget

Changed 8 years ago by cooperq

Attachment: ddg-tor.xml added

duck duck go search widget

comment:15 Changed 8 years ago by cooperq

Status: assignedneeds_review

I have attached the preceeding two xml files as proposed patches for a DDG widget and a google widget that searches through google.is since iceland has better privacy law. If you drop these into App/Firefox/searchplugins they should automatically show up in firefox. Google.is should also automatically become the default search engine.

comment:16 Changed 8 years ago by mikeperry

Owner: changed from erinn to mikeperry
Status: needs_reviewassigned

Thanks for the plugins. I will give this a shot in my FF dev build to see how easy it is to toss in to the equivalent build directory.

comment:17 Changed 8 years ago by mikeperry

Status: assignedneeds_review

Trac, why do you always have to be so difficult?

comment:18 Changed 8 years ago by mikeperry

After dumping both files into a vanilla Firefox source tarball in browser/locales/en-US/searchplugins I built a basic dev build (./configure --disable-crash-reporter && make -j8). The good news is that the altered google.xml was updated.

The bad news was that the ddg xml did not seem to be included in the resulting build. There probably is some build script that copies these files into the resulting dist directory. Grepping the source seems to find a few Makefiles referencing the dir, but they don't seem to have a list of files to include that I can find easily by grepping for existing filenames..

Changed 8 years ago by m

Attachment: ddg-onion.xml added

DuckDuckGo TOR service search widget

comment:19 in reply to:  15 ; Changed 8 years ago by m

Replying to cooperq:

I have attached the preceeding two xml files as proposed patches for a DDG widget and a google widget that searches through google.is since iceland has better privacy law. If you drop these into App/Firefox/searchplugins they should automatically show up in firefox. Google.is should also automatically become the default search engine.

I have attached an XML file for search through the DuckDuckGo TOR hidden service. The file added before uses the regular DDG website, not the TOR service.

<Url type="text/html" method="GET" template="https://duckduckgo.com/"> <Param name="q" value="{searchTerms}"/> </Url>

The attachment for google.is does not actually search google.is

<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&amp;client=firefox&amp;hl={moz:locale}&amp;q={searchTerms}"/> </Url>

I strongly disagree with using google.ca or google.is. I sincerely doubt that Google cannot link a person logged in to googlemail.com to a search on google.ca or google.is by IP, browser fingerprinting and/ or other means. I object to adding google.is as default after so many postings pro DDG and against Google. And I would like to ask in what way Islandic law regulates Google?

comment:20 in reply to:  19 Changed 8 years ago by mikeperry

Replying to m:

The attachment for google.is does not actually search google.is

<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&amp;client=firefox&amp;hl={moz:locale}&amp;q={searchTerms}"/> </Url>

We disable search suggest in TBB, but we should probably make this consistent anyways.

I strongly disagree with using google.ca or google.is. I sincerely doubt that Google cannot link a person logged in to googlemail.com to a search on google.ca or google.is by IP, browser fingerprinting and/ or other means. I object to adding google.is as default after so many postings pro DDG and against Google. And I would like to ask in what way Islandic law regulates Google?

The choice of google.is over google.com is made primarily because of the design properties of Tor Browser that cause google.is to be isolated from google.com in terms of identifiers and fingerprinting.

See:
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability and
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

The high level design goals that drove these properties are here:
https://www.torproject.org/torbutton/en/design/#requirements

There are some edge cases that can still cause issues (see the "Implementation Status" sections), most notably top-level redirects. However, I intend to fix those issues in the 2.3.x series. If there are other issues you are aware of that aren't covered in that design document, please file a bug.

As for who gets the default position, my current inclination is startpage.com because of Google-quality results without the captchas, all things being equal. I'm not sure we're ready to make a definitive decision between startpage and DDG yet, though.

comment:21 Changed 8 years ago by intrigeri

FWIW, Tails has been shipping with Startpage as default search engine since 0.10.1, released 3 weeks ago. No complain so far.

comment:22 in reply to:  19 Changed 8 years ago by cypherpunks

Replying to m:

Replying to cooperq:
I have attached an XML file for search through the DuckDuckGo TOR hidden service. The file added before uses the regular DDG website, not the TOR service.

<Url type="text/html" method="GET" template="https://duckduckgo.com/"> <Param name="q" value="{searchTerms}"/> </Url>

You should probably do a POST request here as the value of the searchTerms parameter will be leaked as part of the Referer header. Also, I'd prefer a default to the HTML search. It loads faster and works with NoScript enabled.

Changed 8 years ago by cypherpunks

Attachment: ddg-html-post-onion.xml added

DDG Search widget for onion for as HTTP POST (HTML version)

comment:23 Changed 8 years ago by mikeperry

Milestone: TorBrowserBundle 2.3.x-stable
Status: needs_reviewassigned

We should pick *some* default option other than captcha city... I'm not in a hurry to change anything personally, though.

comment:24 Changed 8 years ago by cooperq

Status: assignedneeds_review

I have fixed the search xml files based on the suggestions that cypherpunks made. I am attaching a duck duck go (non onion) and a startpage xml file. I chose not to use the .onion for speed purposes (3 hops instead of 6) though it might be useful to include an onion as well.
As for how to get these into the build: @mikeperry, I found that if you edit the list.txt file in the searchplugins directory in the firefox source (mozilla-release/browser/locales/en-US/searchplugins) and add a duckduckgo and startpage line those search engines will show up in the build. I have attached a working list.txt file.

Changed 8 years ago by cooperq

Attachment: duckduckgo.xml added

Changed 8 years ago by cooperq

Attachment: list.txt added

Changed 8 years ago by cooperq

Attachment: startpage.xml added

comment:25 Changed 8 years ago by joebt

There may be a couple reasons to also add Ixquick https search in addition to DuckDuckGo & StartPage.

DDG is sometimes referred to as a "hybrid" search engine, while Ixquick is called a metacrawler (what's in a name?). So, they're going to produce different results because of different sources. They did in my brief comparisons.

Another nice feature (to me) is, both Ixquick & Startpage allow making numerous search settings changes, then saving those in a cookie, OR... saving the changes as a readable or obfuscated URL, containing the changes. To make it even easier for users to use their custom search settings, they can 'Install Custom Plugin' after creating the custom settings URL, that installs as any other search plugin. Or save the custom URL as a bookmark.

Several custom search settings bookmarks can be created. Haven't tested creating multiple Ixquick / StartPage custom search plugins.

AFAIK, DDG doesn't have the ability to automatically generate the custom URL or create a plugin (at all) containing the custom settings. DDG users (apparently) have to choose their own custom URL parameters (typing or coping) from this list, which is time consuming: http://duckduckgo.com/params.html

I don't find where DDG allows setting # of results per page.  Some also don't want to keep up with or save cookies in TBB, so having the customized search plugin is a good feature, IMO.

comment:26 Changed 8 years ago by mikeperry

Keywords: MikePerry201203 added

comment:27 Changed 7 years ago by phobos

The default startpage widget censors searches by enabling the 'web/picture family filter'. It's unclear who decides what is 'family friendly' here, maybe google, maybe ixquick. To use startpage, we would have to generate a custom plugin or append the queries with the necessary parameters. This is the same situation with DDG.

comment:28 Changed 7 years ago by mikeperry

Keywords: MikePerry201204 added; MikePerry201203 removed

phobos: Technically Google has the same image filtering on by default too, I think. Unless it's different.

My opinion is we should just merge this. I'm sorry it's taking so long.

comment:29 Changed 7 years ago by mikeperry

Actual Points: 1
Points: 1
Resolution: fixed
Status: needs_reviewclosed

This is merged in mikeperry/maint-2.2, which should go out in the Firefox 12 TBB tomorrow.

We've gone with Startpage for the default selected position.

comment:30 Changed 7 years ago by cypherpunks

ixquick has refused to work with us in the past.

I wonder why the Startpage/ixquick people are refusing to work with Tor Project.
Is there any specific reason?

comment:31 Changed 17 months ago by heyjoe

Resolution: fixed
Severity: Blocker
Status: closedreopened

DuckDuckGo is hosted on Amazon which means Amazon receives info about all searches.

Could someone please consider reviewing and reconsidering this?

startpage.com looks like a better alternative. (or maybe some other engine)

comment:32 Changed 17 months ago by gk

Resolution: worksforme
Status: reopenedclosed

Startpage does not want us using their engine. I think we are good with DuckDuckGo for now. In the future, please don't reopen long-closed tickets but file a new one instead, thanks!

comment:33 Changed 17 months ago by heyjoe

Startpage does not want us using their engine.

What does this mean? Who is stopping you from setting any search engine as default?

I think we are good with DuckDuckGo for now.

What does "good" mean, considering that Amazon can track all the searches? And what is the basis of your trust in a search provider who is working with an entity like Amazon?

In the future, please don't reopen long-closed tickets but file a new one instead, thanks!

I decided to comment here because of the previous context and discussion. I can surely open a new ticket but I would like to clarify for myself if that would really be considered or simply closed because it has been already pre-decided.

comment:34 in reply to:  33 Changed 17 months ago by gk

Replying to heyjoe:

Startpage does not want us using their engine.

What does this mean? Who is stopping you from setting any search engine as default?

No one is stopping you from doing that, exactly. The point is we were in contact with Startpage and they said explicitly they are not happy with us using their search engine. I think that's a clear sign to pause and look for something else.

I think we are good with DuckDuckGo for now.

What does "good" mean, considering that Amazon can track all the searches? And what is the basis of your trust in a search provider who is working with an entity like Amazon?

I think there is more elaboration needed than just claiming the things you do. E.g. what does "work with" mean in this context? And why and how can Amazon track all the searches? We have mailing lists for discussions like that, e.g. tor-talk. (see: https://lists.torproject.org/cgi-bin/mailman/listinfo). That way, everyone in our community could get on the same page (and read the info substantiating your claims) and help with decision-making.

comment:35 Changed 17 months ago by heyjoe

The point is we were in contact with Startpage and they said explicitly they are not happy with us using their search engine.

Weird. Thanks for the info.

E.g. what does "work with" mean in this context?

This means paying to (supporting) Amazon and giving Amazon traffic info.

And why and how can Amazon track all the searches?

Traffic info (including traffic to DDG out of Tor network). I believe Amazon should also be able to decrypt the traffic as they own the end nodes (which practically gives them full access to all info on them).

Is there any search functionality for mailing lists so I can look for relevant discussions about that?

comment:36 in reply to:  31 Changed 17 months ago by cypherpunks

Replying to heyjoe:

DuckDuckGo is hosted on Amazon which means Amazon receives info about all searches.

Well the Tor Browser is supposed to protect you in case DuckDuckGo or its evil hosting platform try to hunt down your identity. So even if it was bad, it's still good with the Tor Browser. Also they don't use Amazon for European folks, i.e. a significant portion of exit bandwidth.

If you're still afraid, then use their onion service at the very least (which you can find on about:preferences#search).

comment:37 Changed 17 months ago by heyjoe

Well the Tor Browser is supposed to protect you in case DuckDuckGo or its evil hosting platform try to hunt down your identity. So even if it was bad, it's still good with the Tor Browser.

Of course TB provides a level of anonymization. Still the data collector on the other side of the wire can correlate data based on search patterns and subsequent site visits (which Amazon and other PRISM companies may track too).

Also they don't use Amazon for European folks, i.e. a significant portion of exit bandwidth.

Not true. A simple test from EU host:

[~]: host duckduckgo.com
duckduckgo.com has address 34.243.144.154
duckduckgo.com has address 34.241.201.179
duckduckgo.com has address 34.243.160.29
duckduckgo.com mail is handled by 10 in1-smtp.messagingengine.com.
duckduckgo.com mail is handled by 20 in2-smtp.messagingengine.com.
[~]: host 34.243.144.154
154.144.243.34.in-addr.arpa domain name pointer ec2-34-243-144-154.eu-west-1.compute.amazonaws.com.
[~]: host 34.241.201.179
179.201.241.34.in-addr.arpa domain name pointer ec2-34-241-201-179.eu-west-1.compute.amazonaws.com.
[~]: host 34.243.160.29
29.160.243.34.in-addr.arpa domain name pointer ec2-34-243-160-29.eu-west-1.compute.amazonaws.com.

If you're still afraid, then use their onion service at the very least

It is not that I am afraid personally but rather pointing out that DDG is a potential weak spot for privacy. Or are you saying that using their onion domain routes traffic to some other DDG servers which are completely disconnected from AWS, without DBs synced with them etc?

comment:38 in reply to:  37 Changed 17 months ago by cypherpunks

Replying to heyjoe:

Of course TB provides a level of anonymization. Still the data collector on the other side of the wire can correlate data based on search patterns and subsequent site visits (which Amazon and other PRISM companies may track too).

Correlate isn't that simple. I don't see the gains from such a complex maneuver to be honest.

comment:39 Changed 17 months ago by heyjoe

Correlate isn't that simple.

I am not saying that it is simple per se but the more data there is, the easier it becomes to correlate it. Though I am unaware of starpage's infrastructure and relations, still we are all aware that Amazon is not our friend. Ideally we would have a decentralized search but AFAIK such is not available ATM.

I don't see the gains from such a complex maneuver to be honest.

Which is a complex maneuver? Setting another default search engine is easy. Though I am not familiar with any legal factors that may be preventing this (as in an expressed disagreement by Startpage).

comment:40 in reply to:  39 Changed 17 months ago by cypherpunks

Replying to heyjoe:

Correlate isn't that simple.

I am not saying that it is simple per se but the more data there is, the easier it becomes to correlate it. Though I am unaware of starpage's infrastructure and relations, still we are all aware that Amazon is not our friend. Ideally we would have a decentralized search but AFAIK such is not available ATM.

I don't see the gains from such a complex maneuver to be honest.

Which is a complex maneuver?

The complex maneuver of engineering a correlation mechanism that identifies unique users with their searches with low false positives and with only timing (and no fingerprinting) and content as input. It's probably impossible.

Setting another default search engine is easy. Though I am not familiar with any legal factors that may be preventing this (as in an expressed disagreement by Startpage).

It's not easy when there are no alternatives (searx will get overwhelmed and their infrastructure won't be able to handle the load, bing, qwant, baidu and yahoo searches are really poor quality wise). It's not a legal problem, Startpage puts up captchas to Tor users when it was enabled as default not so long ago IIRC. (Can't find the relevant comments.)

comment:41 Changed 17 months ago by heyjoe

Startpage puts up captchas to Tor users when it was enabled as default not so long ago IIRC. (Can't find the relevant comments.)

Interesting. Here it is the default SE in TBB and it shows me no captchas.

comment:42 in reply to:  41 Changed 17 months ago by cypherpunks

Replying to heyjoe:

Interesting. Here it is the default SE in TBB and it shows me no captchas.

I wasn't talking about an earlier time, and you can also reproduce it if they block some particular exit (I did happen on a case once where I had a captcha with startpage with TB not so long ago).

comment:43 Changed 6 months ago by Ashwin

I have a idea to learn online for useful information about how to add or permanently remove cookes from my windows 10 OS web browser, am learning with this Homepage https://deletecookieswindows10.com/ and telling you to must visit of you really wants to get free and online instruction.

Note: See TracTickets for help on using tickets.