|May the source be with you, but remember the KISS principle ;-)|
|Contents||Bulletin||Scripting in shell and Perl||Network troubleshooting||History||Humor|
|News||Privacy is Dead – Get Over It||Recommended Links||Using web proxy||Google Tracking and Hidden Redirects in Search||Nephophobia: avoiding cloud to reclaim bits of your privacy|
|HTTP Servers Log Analyses||Is Google evil ?||Social Sites as intelligence collection tools||National Security State||Prizm-related humor||Etc|
Every time you use a regular search engine, your search data is recorded. Major search engines capture your IP address and use tracking cookies to make a record of your search terms, the time of your visit, and the links you choose -- then they store that information in a giant database. Many of them are storing your searches and like for five years or more. There are opinions that Google stores searches "forever".
Those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political leanings, medical conditions, and more. This information is modern-day gold for marketers, government officials, black-hat hackers and criminals -- all of whom would love to get their hands on your private search data.
In short search engine privacy does not exist. All keywords you searched are neatly catalogued by frequency, time stamped and stored for a considerable time. They are also available to government without warrant. This is a major drawback of search engines which became kind of Windows into Internet, the bottleneck at which important users activities can easily be intercepted (and are intercepted).
One simple way to increase privacy of your searches is to use Web proxy. You can also "dilute" your "footprint" by submitting some popular searches (and here Google can provide real help as in Google Trends - Hot Searches ;-). You can also delete your search history from Google but at this point it's too late.
A good discussion of issues can be found in DuckDuckGo Illusion of Privacy - Slashdot. Here is a collection of relevant comments:
Anonymous CowardImpy the Impiuos Imp (442658)
I didn't start using DuckDuckGo for privacy (Saturday July 13, 2013 )
I started using DuckDuckGo because, out of all the other search engines out there, it's the only one I've found whose entire mission statement centers around _not_ collecting information on every goddamn thing you do. Yes it's probably still being tapped at the fibre optic cable level so it doesn't really matter, that's not the point. The point is to vote with your dollar, or in this case your page view, far more influential these days than one thinks.
I don't use DuckDuckGo because it preserves my privacy. I use DuckDuckGo because they don't try to take it away from me.
Re:I didn't start using DuckDuckGo for privacy (Score:2)
Well, that's fine, but I keep pointing out I'm less concerned with whether Google knows I might want to buy Depends than that the NSA might be able to spy on political opponents to whoever holds their ear. "Make sure you fill out the warrant form, agent #4821 out of 17436." isn't much protection for a G. Gordon Liddy type.
Re:I didn't start using DuckDuckGo for privacy (Score:2)
Obviously. The scary form is 27B/6 [youtube.com].
Re:I didn't start using DuckDuckGo for privacy (Score:2)
The article misses the point. It's about getting rid of the Google sphere and search filtering.
I'm using Startpage [startpage.com]at the moment.
Yeah, the fibre level is pretty hard to avoid. Here's something I spotted this afternoon, related to the reveal that the US was recording Telstra's Reach traffic:
Telstra issued a statement defending the agreement.
“This Agreement, at that time 12 years ago, reflected Reach’s operating obligations in the US that require carriers to comply with US domestic law," a Telstra spokesman said.
"It relates to a Telstra joint venture company’s operating obligations in the United States under their domestic law. We understand similar agreements would be in place for all network infrastructure in the US. When operating in any jurisdiction, here or overseas, carriers are legally required to provide various forms of assistance to Government agencies.”viperidaenz
Re: (Score:2)by (2515578) writes:
To hide the referrer (Score:4, Interesting)
To strip off the referrer. Otherwise the end site would see the URL of the DuckDuckGo search revealing the details of the search, page, etc.
jones_supa (887896)sydneyfong (410107) writes:
But that still tells DuckDuckGo which page you went to. We can't be sure if they store that information. It's better if you can simply disable sending the referrer information from your browser.
I've found a pointing the link to a datauri encoded html page with a meta tag to redirect works pretty well.
Its not about 100% privacy (Score:5, Insightful)by writes: on Saturday July 13, 2013 @08:58PM (#44272709)
At least for me its not, its about not feeding the beast directly. I jumped to Linux, Opera, and DDG as a way to add a few more cycles and maybe a few more man hours to the mess rather than hand it over directly with Windows, IE or Chrome, and Google.
If anyone thinks they can really be anonymous in this ecosystem they are sorely mistaken. I do believe however there are less trodden paths and a little more pains in the rear that can be had, and as a silent protest, I chose to use them.
Ixquick? (Score:4, Informative)
At least Ixquick is not a U.S. company: https://ixquick.com/eng/prism-program-revealed.html [ixquick.com]
While their searches aren't as fast as Google's, I have found them to be pretty good quality-wise.
Lawrence_Bird (67278)Decrypting SSL (Score:4, Interesting) by BringYourOwnBacon (2808547) writes: on Saturday July 13, 2013 @09:21PM (#44272837)
No PFS at DDG (Score:3)by writes: on Saturday July 13, 2013 @09:06PM (#44272761)
This is because DDG does not use crypto algorithms which support perfect forward secrecy.
When PFS is used, the compromise of an SSL site's private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).
So it would require significantly more work for NSA to deal with a site using PFS. Source: netcraft [netcraft.com]
I think the article brings up and interesting point about who's SSL certs the NSA has access to. It's reasonable to assume that they are capturing most if not all Internet traffic in the states (at the very least all packets entering or leaving the county.) What is unknown is how much of that encrypted traffic can be easily decrypted. If I were a three letter gov't agency intent on decrypting massive amounts of traffic, I would go straight for the keys. It's particularly of note that DuckDuckGo does NOT use session keys in its SSL implementation, meaning if their private key got compromised, all previous searches would also be compromised. I don't think it's too much of a stretch to assume that the NSA has found a way to that key, either through secret court orders, or good old fashioned nefarious means. Especially for a site like DDG, who makes promises of "privacy". Makes you wonder who else's keys they have access to.
Larger picture... (Score:3)by Shoten (260439) writes: on Saturday July 13, 2013 @10:09PM (#44273043)
So, the majority of the population now realizes that their activity is in some way monitored, and they wish to evade that monitoring. They need to consider this: they are amateurs playing for nickel stakes in this game.
The NSA doesn't care about them, and the people aren't used to playing this game either, for their part. This game exists, at the moment, primarily between the most sophisticated intelligence apparatus in human history and a very small population that is doing everything they can possibly do to hide.
We think that using airgapping a network and using USB drives simply to move data across the room is a powerful security measure...these guys used USB drives to move data between countries, and even that wasn't good enough to protect them. The average citizen merely worries about some amorphous knowledge of their habits...the real target population faces death, or perhaps even worse internment in a black site somewhere for years first. And that population has been working on hiding for quite some time now; this is not a new game just because the rest of us know it's being played now.
So...with that context, why would anyone think that simply using a different search engine fucking matters?
Anonymous Cowar My Major Concern with DuckDuckGo (Score:2, Insightful)
I have been using DuckDuckGo for some time now but stopped lately because I notice something fishy. When you hover over a link the bar at the bottom of the screen displays the link address to make you believe clicking on that link will go to that address, but if you look closely at it when you click it flashes "Sending Request..." then "Waiting for https://duckduckgo.com/" and finally "Waiting for https://what-you-clicked.com/". So they are redirecting all the search results so they know who clicked what. Great. There is no reason a company dedicated to privacy would be using any type of redirect, they should take you directly to the page you clicked simple as that.
heypete Re:My Major Concern with DuckDuckGo (Score:4, Informative)
It's so their system will strip out referrals, thus increasing your privacy: the site you end up on won't know what search terms you used to get there.
DuckDuckGo is hosted in America (Score:2)by allo (1728082) writes: on Sunday July 14, 2013 @07:00AM (#44275907)tepples In Russia, Yandex searches YOU (Score:5, Informative)
any further questions?
DDG is a reskinned Yandex with shortcuts to search particular sites [duckduckgo.com]. If you don't commonly use site: searches on Google, and if you can't stand Yandex, you won't like DDG.
Jul 22, 2012 | Veterans Today
Who's behind those Foster Grants – The CIA, of course.
Well, now it is official. Mark Zuckerberg was not so smart after all, but just fronting for the CIA in one of the biggest Intelligence coups of all times.
But there remains one small problem, the CIA is not supposed to monitor Americans. I guess we will hear more on that soon from the lawyers once the litigation gets cranked up.
Personally I will be more interested in how this is going to effect the stock offering and shares as all Americans should own the entity that has been spying on them.
And then there are the SEC full disclosure regulations and penalties. It's bonanza time for the lawyers.
Could the loophole the CIA used be that, 'you aren't being spied on if you are willingly posting everything a repressive regime would love to have on your Facebook account, with no threats, no family hostages, no dirty movies or photos that could be released?
But enough with the lead in. Let's take you directly to our source where you can get it straight from the source's mouth, including seeing Zuckerberg getting his award.
We really need your comments on this below so we can speak to power with one voice…something that can rarely be done around here.
I know what you're thinking, but no, I am not stupid…all of my Facebook material is all made up, including all of my friends. I am in the safe zone. My momma didn't raise no fool. But how about you?
YouTube - Veterans Today - – CIA and Zuckerberg
Hope you enjoyed the spoof folks. I thought it was great. And congrats to the Onion News Network gang on getting those 3.7 million YouTube views !!!
July 10, 2012 - 6:27 pm
"The Onion" is great and they certainly have no shortage of material for their satirical wit. I guess you might as well laugh about it, there's no telling how much longer we'll be able to laugh about ANYTHING, if the Zuckerbergs have their way with us.Log in to Reply
July 10, 2012 - 6:39 pm
Of course, everyone should realize this video is SPOOF News by The Onion.Log in to Reply
July 10, 2012 - 6:46 pm
Chris Sartinsky is a writer for The Onion News Network.Log in to Reply
- The Rahnameh
July 10, 2012 - 9:10 pm
Google as well. Google suffers from a clever stock price inflation. It begs the question, "What has Google done to assure its investors that it is worth its price every quarter?" After you attempt the answer, then contrast that with a bonafide security like Apple (and what it had to do to maintain its price). Facebook was a ponzi scheme. The entire market is a pyramid scheme, in fact.
The game is theirs and one can keep playing it or change the rules to win. The effect here is akin to the one that begets protestors who ready to revolt against a government, but are still subconsciously observing basic pedestrian rules, keeping off property where it's obviously private, etc.
Facebook and Google are a team. The cover for the collaboration was blown when Facebook became a Google searchable hit.
Here is the top level synopsis in hindsight (I have left out many details/tangents):
1. "America Online" (oy, the name's obvious!) care of Steve Case and many Zionists. AOL was arguably an even more robust online social community than Facebook, with customizable profiles, Keywords, status messages/tweets known as away messages, message boards, e-mail, instant messages, multiplayer games, and even viable chat rooms;
2. DARPA released WWW and people escaped from a stale AOL;
3. Friendster and Myspace emerge. Myspace's addresses replace AOL's keywords in an eerie redux;
4. Myspace is bought by Rupert Murdoch and subsequently turns into a spam filled lot of junk from what was a robust community of customizable information; and then,
5. Facebook emerges as the new bastion and a migration occurs to the "new scene". These migrations are little more than media encouraged penning of sheeple into various cages.
This continues, but based on the linear history above alone, one can make many accurate inferences.Log in to Reply
July 11, 2012 - 7:28 am
No, I did NOT enjoy the spoof. Of course I'm aware of The Onion and their spoof news, but billions worldwide are unaware of who they are, and many will take this "news" seriously. The Onion is a disinfo operative's "wet dream". I'm surprised you guys find it funny. One of these days, The Onion may do a spoof about you. Would you laugh then? Enough already.
For the record, I have never had a personal MySpace, Facebook, Twitter, etc account. Would consider one only for business.Log in to Reply
- Jim W. Dean
JS, You are the second person in a year to not like a Spoof….that you should have picked up on. We are, among other things, an intel and analysis site, and we do things like this so readers have a chance to see what they missed if they don't get it till the end.
We do this not only to give readers a feel for what it's like to be able to pick up on stuff like this, say in a situation where it was critical to do so. We will keep doing it as long as the huge majority enjoys…and more than a few of those even catch the between the lines message that was in here.
Re-watch it and you will spot the clues…and you will spot them sooner the next time. It's called learning, and we are doing it every day…and teaching, too. Gordon's peice that follows is a bookend to this one…the Phd level…where the whole public got 'spoofed' on the DC Sniper case.
So we all need to be smarter if we are going to be able to give the bad guys a run for their money. Right now, they are on the golf course…not too worried.
Thanks for your efforts.Log in to Reply
July 11, 2012 - 11:04 pm
I know this is the land of freedom and one should not expect to worry about being spied on but. I never signed up on Face book, when asked why I could only say "just a feeling, because of the personal questions they asked to join" One thing people should know by now is that government is surely not going to look out for what we get yourself into for any reason, as we used to say "read the small print".
Some years ago an Orthopedic Clinic asked me for my personal picture which they were taking there to go on my record. Why does my face picture has to do with my spinal condition??? Help said "government requested we do so for all the records now". This was before Obama.
Interesting because some months ago I started using a local Orthopedic emergency etc. The paper they gave me to sign had nothing to do with pinched nerve, so I asked and got a very rude answer. The people sitting there were poor very likely Medical, they said they would absorb cost Medicare did not pay.
I smelled some fraud and evidently they did not want curious people, Well, never could get an appointment from them. Same with Well Fargo asking me for personal financial information to open a checking account. They were so testy when I refused to tell them the amount of my Family Trust Estate, I told them they were to sophisticated for me and closed the checking account.
So, it is going around, list of names they sell pay very well. Somewhere recently I read an offer names, phone address,of all Obama volunteer from that special Obama For America. the price was in the thousands.
December 24th, 2011 | The Big Picture
Thanks for this I would suggest that people should also beware of google. If you are not signed in or if you do not have a google account you are tracked but your identifiable history only exists for two years before it is "anonymized" (ya right).
If you have google toolbar or chrome or are signed into your google account whilst browsing – it's tracked and it's stored in perpetuity. When you sign up for a google account something called web history is an opt out feature. Google web history records every site you visit and then stores that info. Because you agreed to Google's terms when you signed up even if you delete and disable web history you're sol as they've got the data.
If you have a google account and did not opt out of web history take a look and have a walk down memory lane.
I think it was Eric Schmidt who suggested that people need to get over the privacy thing.
In a move that has triggered outrage, Google has announced plans to bring all data collected from users' separate accounts on its sites into a combined profile. Besides raising dubious questions about privacy, this offer is one you… cannot refuse.
Some say Google's privacy announcement is frustrating and a little frightening."Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out," said Common Sense Media chief executive James Steyer, as cited by the Washington Post.
Google says the new policy reflects a "desire to create a simple product experience" that does what one needs, when one needs it. The changes, apparently, will also allow Google to offer more new services and other "cool things."
But these changes come with an unprecedented boost to Google's right to collect and combine your personal data in ways you could never have imagined when you were registering for Gmail or Picasa.
"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," she said.
And it's not like Google doesn't already collect a lot of information about its customers. When you are using Android mobile phones, Google can access your contacts and location. If you are searching for something on the internet, Google remembers all the search terms. When you sign into your Google account, it can track the sites you visit.
The only Google projects which – for now – are not affected by this extensive data collecting operation are the Google Wallet, Google Books and Chrome internet browser.
Google claims it is committed to protecting your privacy, and that the only person it will share your personal information with, is you.
"Our recently launched personal search feature is a good example of the cool things Google can do when we combine information across products," Google says.
But this personal search feature has already raised a lot of skepticism. Google is facing an anti-trust probe over the latest changes to its search engine. The Washington Post says the Federal Trade Commission is privately checking whether Google's decision to promote its Google+ social network on the search result pages is an act of unfair competition.
Now, the new changes have opened up yet more debate about Google's stance on privacy, and the protection of personal data.dahszil
It's Orwell's "1984", "big brother" is watching your every move more and more. 911 is the major cause of this surveillance ve iled as marketing. And 911 was an effect: post ww2 US imperialism in the middle east and elsewhere was the cause. Even the cia called 911 "blowback". We(the US government)created al quieda to help deliver former USSR its Vietnam. The US "deep state" backed sadistic Saddam in a bloody war of aggression against Iran. Saddam lost, then tried conquering Kuwait(another US bought off corrupt Sheikdo m) we had Iraqi military running back to Iraq. But we left US military bases dotted across the Persian Gulf and region, and a stone's throw from Mecca in another US corrupt lackey in Saudi Arabia. Where were the terrorist attacks against USA prior to first gulf war in circa 1990? Do you 'catch my drift'?
Do you people know how often your tracked, have you ever asked yourself why you are asked for a valid email when posting on news sites? Or why you need an email address to post at all? To give you the illusion that your allowing them to know who you are. If you think only keeping "fake" email addresses keep you safe you are delusional. Ever here of an IP address. Ever look on a page and see adds for the city you live in. Buy the way your IP address is the same thing as your house address. They know who you are, where you are and what your posting. They even know when you agree or disagree with a comment. Happy surfing folks.
OMG! has anyone ever heard of the KGB or the STASI.. Neighbor spying on Neighbor - Brother turning in Brother.. give me a f. break! if you don't think Russian ISPs know everything about you... you are either stupid or stupid...
The moment you turn on that router.. The Russian Mob, knew everything about you.. and that applies to any Government.. fr om the second you were born.. Big Brother knew everything about you....People are just too Stu#id. it never cease to amaze .. Deleted your Google account - What for... ?
Google is no different from any other big business.. they want you to buy stuff.. Its not like your some secret agent and the governement wants to find you.. your some poor sl$b sitting at his laptop watching inane videos and trolling for p%#n.. just like the rest of us.. who cares if google is tracking me.. everywhere you go.. your being tracked.. watched. analysed ... and in the end.. your just part of the Matrix ..
Actually in this page there's a Quantcast tracer
Quantc ast provides real-time detailed audience profiles for advertisers to buy, sell, connect and learn more about what consumers are doing online.
so we are all drawing in the water?
We are all numbers for them, just a piece of money walking/surfing around.
Your ISP tracks everything you do and stores it for no less than 6 months. They track every address you go to, every cookie you get, every download you make, every site you visit, ever packet of data you send and receive from EVERYTHING you do online on your computer. Your bank monitors ALL your cookies, your name, phone number, address, acct #s, social security number, all of your transactions. Facebook stores AND SELLS ALL your information on its servers from your address, your interests and every site you visit while logged into Facebook. Even if you simply close the tab FB is on you have not logged out.
Your phone tracks everywhere you've been and stores that on your computer. Twitter stores and SELLS ALL the information you provide to them for your account and they track your posts to build a social graph on your likes and interests.
The Government has ALL of your personal information on file somewhere, from your driving records to your tax status, your income, social security number, your address, your phone number, your next of kin, your birthplace, your birthday.
Why are people so upset now that Google is simply doing the same thing, AND TELLING YOU THEY'RE DOING IT. Get over it. There is no such thing as privacy any longer.
Nevoeiro 27.01.2012 13:31
First step, don't use Google for searching. Use DuckDuckGo search engine instead for exemple (and others like it)
Second, use ghostery addon (available for most web browsers) to avoid trackers.
Thi rd, allways pick https over http (firefox has an addon called "https everywhere" that does this automatically)
Forth, try to allways clean your cookies, or don't even allow them to be stored on your web browser settings.
Fif th, you can also use the torproject.
A nd finally, avoid using google services if you can.
Paulo 26.01.2012 08:57
It's not only a privacy matter, it's just weird when you make a new google search, and it keeps adding previous keywords to your new search!!!
Or it decides that you must speak that language, and search results are just not what you are looking for if you don't choose advanced search.
Now it goes really far, when you get email offers from your local provider that are precisely related to your last searchs, you know it's time to learn to clear your cookies and reset your router/connection regularly!!!
Some plugins for Firefox browser, like Cookies Manager, or Tools/Options/... clear cookies, then reset IP on a regular basis, but this is mostly for geek types?
For those who stay logged in to FB, youtube and other google services, etc, no privacy! like it or no.
frank (unregistered) 25.01.2012
It is very obvious that there are spooks working at google. Like the saying that you know the person really is by his actions. Now google saves what you are looking for in their system, and it does not matter if you clear your browser cache, google knows that you are looking for a particular product and presents those in google maps, for those businesses that paid for it.
I bet google even saves the results of which links you clicked from their search results, and builds a profile of who you are.
Google wrote the Android operating system that runs on your personal tracking device (or your cell phone), and if you really cared about what's running on your phone, you will notice that it keeps connecting and transferring data to some other place that you didn't tell it to. You shutdown programs from running on your phone and it persists to run again. You want to remove an application on your phone, and you can't really remove it. You want to disable programs from starting, but you have to hack your phone.
If you think you can be anonymous on the internet, think again, it doesn't happen that way. The sad thing about secrecy is that it is heavily unfair, secrecy is for them while we have to be exposed by default.
Being a technology giant that google is, it is not even doing something to our election systems where we can count our votes in real time and we can verify anonymously via a website that our vote was counted correctly. We can't really trust that elections are fair, because lately, even over 900 dead people voted in the latest South Carolina primary. On the contrary if you go to Walmart and swipe your visa card, you can get a completely verifiable transaction in seconds.
Juan Carlos (Mexico) 25.01.2012 21:15
I've used Yandex (Russian product) and is so fast than google. Unfortunately I don't know how to make it appear like principal engine.Greetings from Mexico
Nay Lin Maung 25.01.2012 20:09
Federal government backed up entrepreneur runs in the economic. It looks big brother likes to watch everything what he or she is doing in the web.
WHICH INTERNET COMPANY HASN'T GIVEN THE U.S. GOVERNMENT ITS RECORDS?June 10, 2013
NEW YORK: Outraged Internet users searching for an alternative to the privacy-busting companies they'd trusted are turning to a company that provides what it calls, "the world's most private search engines."
StartPage and its sister search engine Ixquick were launched in 2006 to staunchly defend their users' privacy and civil liberties. StartPage provides a private portal to Google results, while Ixquick provides private results from other search engines.
The services have not participated in PRISM, nor have they ever provided user data to the U.S. government or to any other government or agency in the U.S. or anywhere in the world.
That is more than nine of the biggest Internet companies -- Apple, Google, Microsoft, Yahoo, Facebook, YouTube, PalTalk, AOL and Skype -- can say.
"The Privacy of our users rests on three important foundations," explains StartPage and Ixquick CEO Robert Beens. "We are based in the Netherlands, we use encrypted connections, and -- most importantly -- we don't store or share any of our users' personal search data."
StartPage and Ixquick are also the only search engines whose privacy practices have been independently verified and third-party certified through the European Union's Privacy Seal program.
"Unfortunately, it takes a scandal like PRISM to wake people up to the erosion of privacy", says Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage. "As people get fed up with being spied on, they look for alternatives. We already serve nearly 3 million private searches each day, and we expect that number to grow as people seek shelter from search engines that store and share their private information."
The company will expand its privacy services this summer with the addition of a new private email product called StartMail. StartMail will offer a paid, private email platform with strong encryption. Anyone interested in beta testing the program on its release can sign up at www.StartMail.com
Hi, this is Gabriel Weinberg, CEO and founder of DuckDuckGo. I do not believe we can be compelled to store or siphon off user data to the NSA or anyone else. All the existing US laws are about turning over existing business records and not about compelling you change your business practices. In our case such an order would further force us to lie to consumers, which would put us in trouble with the FTC and irreparably hurt our business.
We have not received any request like this, and do not expect to. We have spoken with many lawyers particularly skilled and experienced in this part of US and international law. If we were to receive such a request we believe as do these others it would be highly unconstitutional on many independent grounds, and there is plenty of legal precedent there. With CALEA in particular, search engines are exempt.
There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example.
fat-tireJuly 13, 2013 at 7:27 PM
First off, assuming it's legit, this is an important reply, and I hope it gets more attention up top. Second, I'm interested in the "additional and technical inaccuracies"-- Gabriel, is there a page on DDG's site that discusses for technical-minded people the security measures that are used to protect keys/certs, the obligations/relationships concerning the NSA, etc? Has DDG's methods and practices been discussed publicly and subject to the scrutiny of the Internet's security experts? Also, what are the advantages/disadvantages of DDG vs smartpage.com, which I think is Tor's default search engine...?Delete
mikeJuly 13, 2013 at 10:17 PM
I think what duck duck is going in the right direction, but the cynics have a point, even if its muddy and inaccurate in the details. Fundamentally, right now duck duck in relation to users is a 3rd party privacy effort, not a protocol based effort that the user can see locally.
Perhaps if duck duck baked in a webRTC data channel onion passing among ? So that after you first connect duck duck would connect to peers and client side encrypt your request so that only duck can decode but you never directly send your request to duck duck, and it always hops through a few peers. Likewise while your on the page you would potentially pass off encrypted packets to duck duck for a peer.
I.e webRTC Tor. If duck duck did that and the source was open ( would basically have to be open since it will run client side ) I think that would go a long way. Sure you would still want a way to validate peers, but if the system was working, your search would be guaranteed through your own outgoing traffic inspection to be indistinguishable searches you had passed on for peers.
Sure it would result in slower experience (like tor) but then you could more legitimately say look we don't know who this search came from, and we can't know tomorrow neither, and the EEF agrees... And I think you could leverage this system for other service offerings, like msg and email. Bring actual privacy to the growing demographic that does not appreciate the current status quo.
In a world with secret laws and gag orders, the point is sadly you can only know what you see, so better to see privacy at the protocol level then hear a variation of ~trust us~ or "I don't think we could be compelled to do X, Y or Z" ... Or "its not constitutional" whatever that means now days...
Its not enough to simply say "we don't block tor". If duck duck is competing in the space of "we don't track / others can't track you when you use us" ... we should see innovation and new ideas here, not just turning off the log files (something we as users can't actually see or check against in their outgoing traffic )Delete
indoleringJuly 13, 2013 at 10:29 PM
Gabriel worked with me to test the speed of his Tor in-proxy and I can attest that he isn't doing this for the money. If the NSA came in, I have no doubt that he would shut his service down or make it impossible to comply.
Smartpage.com mixes queries to fool Google's servers. It is no more/less secure than DDG.
DDG has a proxy between AWS and their back-end servers, publishes most of the source code for the site, and it has stronger-than-normal SSL. There might be some cutting edge stuff they are not aware of, but DDG has always been secure by default, even if it costs more (and it does).
Researchers are still trying to work out ways of nullifying the NSA's techniques. They are experimental and DDG is pushing the envelope by incorporating as much as they have. Now that they have this big uptick, you can expect them to start being able to invest in fundamental research.Delete
Brett WooldridgeJuly 14, 2013 at 3:17 AM
First of all, thank you Gabriel for replying directly.
>I do not believe we can be compelled to store or siphon off user data
>to the NSA or anyone else. All the existing US laws are about turning over
>existing business records and not about compelling you change your
This is absolutely incorrect.
If you believe this I strongly suggest reading:
"Under federal law, the National Security Agency can serve real-time "electronic surveillance" orders on Internet companies for investigations related to terrorism or national security."
Do you think that Google, Yahoo!, and Microsoft willingly collaborate with the NSA? They were confronted with the Hobbesian choice of 1) either altering their business practices and providing direct integration with the NSA (which they could somewhat control), or 2) allowing the FBI or NSA to install their own hardware into their networks under court order (over which they have no control).
Quoting that article again, and Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society:
"They can install equipment on the system. And I think that's why companies are motivated to cooperate [and] use their own equipment to collect for the government. They would rather help than let any government equipment on their service, because then they lose oversight and control."
And, "Nobody wants it on-premises," said a representative of a large Internet company who has negotiated surveillance requests with government officials. "Nobody wants a box in their network...[Companies often] find ways to give tools to minimize disclosures, to protect users, to keep the government off the premises, and to come to some reasonable compromise on the capabilities."
Again, I appreciate your responding Gabriel, but saying "There are many additional legal and technical inaccuracies in this article and I will not address all of them in this comment. All our front-end servers are hosted on Amazon not Verizon, for example", and then only the one you do point out is where your front-end servers are located?
It is in fact your assertion that court orders can only effect turning over existing records that is quite troubling (and inaccurate). If this came to you from your "many lawyers", I suggest you talk to the lawyers of Yahoo! et al.
Technically, the only thing you can dispute is how difficult it would be for the NSA to get your private cert. They might already have it, you would never know. Anyway, eventually they are more likely to come knocking at your front door with a court order, rather than sneaking through a backdoor. But when they do, it will come with a gag order (ask Yahoo!) and you won't be able to say peep.
Let me say that I *am* a DDG user. I appreciate your service for blocking tracking by third-party
advertisers and peeling away the "filter box". But do not disrespect your users or me by any
implication that using DDG protects them from government tracking.
pogueJuly 14, 2013 at 5:13 AM
DDG does operate a TOR exit node if you do want to use that: http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-a-tor-exit-enclave.html
However, I think the author and some other commenters do have good points about DDG. Being operated within the US, it is compelled to laws that allow it to be searched from various points and cannot admit to doing so. But, I do think DDG would fight the order if they got one and attempt to make public that fact. Even with all he knows, and under the realization DDG has to be taken at its word, experts who were aware of the NSA surveillance all along, such as Bruce Schneier trust DDG.
With that being said, Startpage.com/IXQuick are based in the Netherlands, so avoid this particular facet of US law (with the exception of their domain running on the US based .com TLD, which is operated by Verisign). That's not to say their results aren't monitored by whatever the Netherlands secret service(s) do and use, or even be scooped up by the NSA/GCHQ access to worldwide fiber backbones -- which, they would need to sort and is an incredibly time consuming and laborious process (having access to the "firehose" takes up vast amounts of space and requires quite a lot of time to go through).
But, if you're super duper paranoid, you should always be running TOR or a non-domestic VPN service to protect yourself.
Google and your privacy
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: September, 12, 2017