DuckDuckGo & NSA/FISA

<hidden> anonymous
Created: 4 years and 2 months ago • Updated: 4 years and 2 months ago
It's all well and good that "DuckDuckGo doesn't track you" and is privacy friendly blah blah. My concern is this:

DuckDuckGo is a company which is incorporated in the USA and so it falls under the rule of the NSA and FISA. Perhaps DuckDuckGo is already cooperating with these entities but either way, it's either happening right now or will be in the future and while you're based in the USA you cannot do anything to resist. When they come knocking and force DuckDuckGo to start tracking/logging users then there's going to be no indication that it's happening. I mean, obviously DuckDuckGo isn't going to change their homepage and say "The Search Engine that doesn't track you *" (* - except we feed everything to the NSA but don't worry).

I know it's easy for me to say but as long as DuckDuckGo is based in the US then the probability of this happening is big and worrying.

Is there a plan?

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


anonymous
True. Always thought DDG was in europe. This is quite a concern. NSA could most likely collect data all in secret. Find ways of DDG not even knowing. It's all about the routing.
posted by <hidden> • 4 years and 2 months ago Link
anonymous
They don't even need to do it in secret, they can just approach DDG and say, we want your data and if you don't co-operate we'll fine you a crazy fee per day. Plus they then apply a gagging order so DDG won't even be able to tell their own users they are at risk.

I think as long as DDG is based in the USA and indeed has servers in the USA then this is a real risk. I would love to hear from a DDG staff member on how they are looking to mitigate this risk. If they are not planning on mitigating it then all this privacy and security stuff is just baloney and DDG is no better than google or any other big player.
posted by <hidden> • 4 years and 2 months ago Link
x.15a2
If they approach DDG and say, "We want your data", all that DDG has to do is say, "Fine, we have no data to share". No personal information is collected or stored, so there's nothing to share.

posted by x.15a2 Community Leader4 years and 2 months ago Link
anonymous
It's also about location too. But this is the best DDG can do for now. I'm sure even my traffic that heads to europe passes through the US.
posted by <hidden> • 4 years and 2 months ago Link
anonymous
You honestly believe that? The NSA decide they want data from DDG so they approach them and they say "Sorry we don't have any"? So you're saying you suspect the NSA will go "Oh Ok.. let's try elsewhere so"? Hardly. They will force them to collect it, put a gagging order and fine them if they don't comply. The lavabit case comes to mind.. you can claim there's no data to record or you don't have access to it but that won't go very far.

As long as DDG is incorporated in the USA or has servers in the USA you may as well use Google - it's a false sense of security/privacy/anything else
posted by <hidden> • 4 years and 2 months ago Link
buckeye
Quote:
You honestly believe that? The NSA decide they want data from DDG so they approach them and they say "Sorry we don't have any"? So you're saying you suspect the NSA will go "Oh Ok.. let's try elsewhere so"? Hardly. They will force them to collect it, put a gagging order and fine them if they don't comply.
that is some interesting speculation but only speculation

by the way where in any of the ddg help or information files do you find information saying that they will safeguard you from the nsa? i have read through quite a bit and the information says that they do not track you and do not share your personal information like other search engines do but they are clearly talking about not letting your search information into the hand of other corporations for the purpose of tracking you for profit

Quote:
As long as DDG is incorporated in the USA or has servers in the USA you may as well use Google - it's a false sense of security/privacy/anything else
have fun with that
you are clearly making a case based on conjecture and speculation
posted by buckeye 4 years and 2 months ago Link
anonymous
Clearly based on conjecture? The evidence is already there to see - if your company or servers are US based you bow to the demands of the NSA or you will be crushed. Yahoo fined $250,000 per DAY for not cooperating, lavabit chose to shutdown rather than co-operate. There's no conjecture or speculation about it, this is the way it is. Don't be so naive
posted by <hidden> • 4 years and 2 months ago Link
x.15a2
Yes, I honestly believe that.
posted by x.15a2 Community Leader4 years and 2 months ago Link
anonymous
and then NSA goes to Amazon and gets all of the data from them, since DDG runs on AWS servers ;)
posted by <hidden> • 4 years and 2 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 4 years and 2 months ago
anonymous
"Pretty Sure"? what are you basing that conclusion on? DDG is a for-profit company which has raised investment capital. You think those partners would be OK with just shutting down and watching their invested money disappear?
posted by <hidden> • 4 years and 2 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 4 years and 2 months ago
anonymous
Keep that head of yours tucked firmly in the sand my friend.
posted by <hidden> • 4 years and 2 months ago Link
anonymous
Having, say DDG, 'track' your searches might not be unavoidable if they are court-ordered to do so. But shouldn't the tracked individual at least could be made aware 'tracking' was being done?
posted by <hidden> • 4 years and 2 months ago Link
Jlg
But how do you identify a user if DDG has no current method for doing so?
posted by Jlg Community Leader4 years and 2 months ago Link
anonymous
Correct me if I'm wrong, but packet headers must contain a public destination address so that they are relayed to the destination server.
That means any host they pass can pickup that they are heading for DDG. There goes your IP for TCP connections.
posted by <hidden> • 4 years and 2 months ago Link
Jlg
Use the DDG Onion exit node perhaps? (If you are this concerned).
posted by Jlg Community Leader4 years and 2 months ago Link