იხვმაც დაიწყო პრივეისიზე ხელის ყოფა?
[QUOTE]03.15.21
Why You Should Avoid DuckDuckGo (DDG) 2021 Edition, Now Microsoft-Hosted and With Extra Privacy Risks
Posted in Deception, Microsoft, Search at 9:21 pm by Dr. Roy Schestowitz
Reddit seems to be censoring such revelations right now (even a year after publication), as if sponsors are more important than facts
There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spotlighted:
Nefarious History of DDG founder & CEO:
DDG’s founder (Gabriel Weinberg) has a history of
privacy abuse, starting with his founding of Names DB,
a surveillance capitalist service designed to coerce naive users
to submit sensitive information about their friends. (2006)
(expand related trivia on Reddit censorship)
Weinberg’s motivation for creating DDG was not
actually to “spread privacy”; it was to create something big,
something that would compete with big players, according to an
interview between Weinberg and Susan Adams. As a privacy abuser
during the conception of DDG (Names Database), Weinberg sought to
become a big-name legacy. Privacy is Weinberg’s means (not ends)
in that endeavor. Clearly he doesn’t value privacy — he values
perception of privacy.
Direct Privacy Abuse:
DDG was caught violating its own privacy policy
by issuing tracker cookies, according to Alexander Hanff
(CEO of Think Privacy and a data security and
ethics expert on staff at Singularity University).
DDG was again caught violating its own privacy policy by
fingerprinting browsers. DDG responded not
with counter evidence, but simply a plea to trust them.
DDG’s third violation (2021): Microsoft hosts DDG’s service and
also supplies Bing search results for the same
transaction. This means Microsoft sees both sides of the
transaction and can link your IP address (i.e. identity) to
your search query that Bing processes. DDG makes this
false statement: “we never share any personal information with
any of our partners. The way it works is when we call a partner
for information, it is proxied through our servers so it stays
completely anonymous. That is, any call to a partner looks to
the partner as it is from us and not the user itself, and no
user personal information is passed in that process (e.g. their
IP address). That way we can build our search result pages using
these 100s of partner sources, while still keeping them
completely anonymous to you“ (emphasis added). While it may
be true that DDG doesn’t transmit users’ IP addresses to
Microsoft, Microsoft has already seen users’ IP addresses via
Azure. That combination of data given to Microsoft makes DDG’s
statement a lie. The MS Azure privacy policy refers
us to the general MS privacy policy, which confirms that
Microsoft collects IP addresses.
DDG can change their hosting provider at any time. And they
have– they migrated from Amazon AWS to Microsoft. As of the
drafting of the article herein, DDG is still MS-hosted. To
verify for yourself that DDG is still MS-hosted as you read
this, Linux Tor users can run: torsocks whois "$(torsocks dig +tcp +short +time=4 +tries=1 duckduckgo.com @resolver1.opendns.com)"; web users can verify by obtaining
DDG’s IP address from digweb and then visit
https://ipinfo.io/ <IP address from digweb>.
DDG’s app sends every URL you visit to DDG
servers. (discussion).
DDG is currently collecting users’ operating systems and
everything they highlight in the search results. (to verify
this, simply hit F12 in your browser and select the “network”
tab. Do a search with JavaScript enabled. Highlight some text on
the screen. Mouseover the traffic rows and see that your
highlighted text, operating system, and other details relating to
geolocation are sent to DDG. Then change the query and submit.
Notice that the previous query is being transmitted with the new
query to link the queries together)
When clicking an ad on the DDG results page, all data available
in your session is sent to the advertiser, which is why the Epic
browser project refuses to set DDG as the default
search engine.
DDG blacklisted Framabee, a search engine for the
highly respected framasoft.org consortium.
Censorship:
Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
DDG is complying with the “celebrity threesome
injunction”.
Harmful impact on net neutrality:
DDG attempts to play both sides of the network neutrality fight.
DDG donated $50k (as of 2020) to an
opponent of net neutrality who ironically
calls themselves “TechFreedom”. Then DDG also
donated $50k to an opponent of TechFreedom, “Public
Knowledge”, who actually calls for “NO rules
preventing blocking of website”, yet Public Knowledge blocks Tor
users from their own website by issuing a “403 forbidden” error.
Public Knowledge intends to coach Congress
on “How Interoperability Can Rein In Big Tech”, yet they
themselves have broken interoperability with Tor as they make
themselves electronically unreachable outside of Facebook,
Twitter, Youtube, and Gmail.
CloudFlare: DDG promotes one of the most pernicious
privacy abusing tech giants and adversary to the Tor
community: CloudFlare Inc. DDG results give high rankings to
CloudFlare sites, thus leading users into the largest privacy
abusing walled garden on the web.
Supporting CloudFlare compromises privacy, net neutrality,
democracy, and anonymity:
Anonymity: CloudFlare DoS attacks Tor users, causing substantial
damage to the Tor network.
Privacy: All CloudFlare sites are surreptitiously MitM’d by design.
Net neutrality: CloudFlare’s attack on Tor users causes access
inequality, the centerpiece to net neutrality.
DDG T-shirts are sold using a CloudFlare site, thus
surreptitiously sharing all order information (name, address,
credit card, etc) with CloudFlare despite their statement at the
bottom of the page saying “DuckDuckGo is an Internet privacy
company that empowers you to seamlessly take control of your
personal information online, without any tradeoffs.” (2019)
DDG hired CloudFlare to host spreadprivacy.com (2019)
DDG also donated over $186k to a series of
privacy-abusing CloudFlare sites run by “Demand Progress”, “Fight
for the Future”, and “Access Now”. Despite getting nearly $70k
from DDG, FFTF continues to expose their own patrons to the very
evil they claim to be fighting. Demand Progress, who received
$100k from DDG, posts their claim to “contest concentrated
corporate power” directly on their CloudFlare site,
as well as the claim that they educate people on
“the impacts of corporate power over our economy and democracy” as
they “confront corporate bad actors”, all of which is bluntly
unaligned with their CloudFlare patronage. Access Now, who
received $16k from DDG, also used CloudFlare to block Tor users,
hypocritically acting against their
own mission to “fight for a free and open
internet, advocating for the Net Neutrality principle that internet
access should be offered to everyone on a nondiscriminatory basis,
without favoring certain websites, applications, or services.” DDG
apparently does little inspection on those they donate to, as if
they’re merely selecting recipients with names that promote their
privacy propaganda strategy to boost user loyalty.
Harmful Partnerships with Adversaries of Privacy Seekers:
DDG gets paid a commission when users visit eBay
from DDG. Note that eBay has been caught
sending JavaScript that snoops on their own customers by port
scanning the LAN and reporting back to eBay. Moreover, eBay
transactions are impossible without using PayPal, and
PayPal abuses privacy in countless ways.
DDG gets paid a commission when users visit
privacy-abuser Amazon.
DDG also uses AWS to crawl the web, which Amazon
profits from. The Amazon partnership triggers substantial
ethical issues:
Amazon is making an astronomical investment in facial
recognition which will destroy physical travel privacy
worldwide.
Amazon uses Ring and Alexa to surveil neighborhoods and the
inside of homes.
Amazon paid $195k to fight privacy in CA. (also
see
http://cal-access.sos.ca.gov/Campaign/Comm...518&view=late1) Amazon runs sweat shops, invests in climate denial, etc. The
list of non-privacy related harms is too long to
list here.
DDG feeds privacy-abuser Microsoft by patronizing the Bing
API for search results,
using Microsoft’s ad network, using Outlook email
service, hiring Microsoft to host DDG’s search site and host
DDG’s crawler.
The Dutch government commissioned a study which
found Microsoft Office products to have
several GDPR violations.
Microsoft finances AnyVision to equip the Israeli military
with facial recognition to be used against the Palestinians
who they oppress.
Microsoft paid
$195k to fight privacy in CA. (also see
http://cal-access.sos.ca.gov/Campaign/Comm...518&view=late1) DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==>
“…duckduckgo-com.mail.protection.outlook.com”
(historic) DDG is was previously partnered
with Yahoo (aka Oath; plus Verizon and AOL by
extension).
(click to expand details)
Advertising Abuses & Corruption:
DDG exploited a room at FOSDEM for commercial gain, to
deliver a sales pitch despite its proprietary non-free server
code, then dashed out without taking questions. Shame on FOSDEM
organizers for allowing this corrupt corporate abuse of precious
resources.
Tor Project accepts an annual $25k “contribution”
(read: bribe) from DDG, so you’ll find that DDG problems are
down-played by those close to the Tor Project (e.g. EFF). This
is likely why Tor Browser always defaults to using DDG (which
DDG conceals from their disclosure) and why Tor
Project endorses DDG over Ss — ultimately against the
interests of the privacy-seeking Tor community. This default
search engine exploits
The Tyranny of Convenience. The EFF also pimps
DDG — a likely consequence of EFF’s close ties to Tor Project.