Page MenuHomePureOS Tracker

firefox-esr - Trust in default search engine
Open, WishlistPublic

Description

As writing this DuckDuckGo.com is the favored search in Firefox ESR on Pure OS. With this comes trust issue because of several reasons:

  1. Based in US; US laws give the US government the authority to compel a legitimate privacy-focused company into a data collector for state agencies. (surveillance programs, being prohibited from disclosing due to lawful data collection)
  2. Servers are hostet by Amazon in US. (data collection by PRISM)
  3. Started by Gabriel Weinberg (sold Names Database of the so called social network, including all the user data). DDG is privately held and also backed by various VC investors.
  4. Stores all search queries.
  5. Has not been audited.

See: DuckDuckGo vs Startpage: https://restoreprivacy.com/private-search-engine/

At times i am also user of DDG cause usability is great. But putting it default for world-wide usage questionable. Examples for better alternatives are:
https://startpage.com/ (Netherlands)
https://metager.org/ (Germany)
https://www.qwant.com/ (France) or https://lite.qwant.com/

Event Timeline

Badger created this task.Sep 1 2019, 04:19

@Badger just check the discussion here https://tracker.pureos.net/T156 (do click on "Show older changes" to check all the discussion).

Badger added a comment.EditedSep 4 2019, 10:13

@EchedeyLR thanks for pointing there, but it seems nobody has evidence of fingerprinting by DDG.

But that's not my point here. Instead it pretty much boils down to the point that DuckDuckGo is hostet in US and operated by US Company. Do we want this set as world-wirde standard in PureOS?

web.archive alexanderhanff.com/duckduckgone

DuckDuckGo insist that they cannot be compelled by the courts to provide access to user data which crosses their networks or touches their servers - they even claim they are exempt from Communications Assistance for Law Enforcement Act (CALEA) - this is misleading. They may be exempt from having to pre-install technologies providing the ability to "wiretap" (intercept) data on their networks but they can still be compelled to do so:

Notably, a U.S. court can compel any provider to provision a wiretap, even if the provider is exempt from CALEA. But exempt providers need not necessarily adopt tools in advance to meet CALEA's specifications for immediate and unobtrusive interception, with high-quality data streams and without infringing on others' privacy.
[Source]

Furthermore, they can be compelled to decrypt the encrypted data (HTTPS) since they are the origin of the encryption and have the capability to decrypt it:

"Covered providers are not required to decrypt communications unless they initially provide the encryption service, and, moreover, have the means to decrypt."
[Source]

When you understand this and include the fact that in their Privacy Policy, DuckDuckGo state they will comply with law enforcement requests, it becomes pretty clear that their "We don't log anything." statement offers absolutely zero protection and their claims that they are immune to being compelled to intercept and/or log are patently false.

EchedeyLR added a comment.EditedSep 4 2019, 13:43

@Badger that not was all the idea...

The idea was to show different propositions, even propose fully FOSS search services if its possible.

FindX is not available anymore, Gigablast not recommended from same devs of FindX but Metager, already pointed in that thread and by you, and independent SearX instances are available options instead of propose Qwant and StartPage, both being non-free services for example.

That issue also pointed here: https://tracker.pureos.net/T110

(Dont get confused with Freedom Issue only related with software installation in a PureOS system)

Thanks for hint. Yes, Metager is on GitLab: https://gitlab.metager.de/open-source/MetaGer

Searx seems to serve good results. shortly testet Example: searx.me There are severals instances: https://github.com/asciimoo/searx/wiki/Searx-instances

Thanks for sharing this helpful information, Becasue most of the search engine are not safe to use, many search engines save cookies of the user like google. So I always use vpn for extra protection.

I am very conscious about my online privacy. Thanks to this source: https://www.reviewsed.com/cybersecurity-guide-for-journalists/ for giving me some crucial tips to maintain online privacy.

CarloDz added a subscriber: CarloDz.EditedNov 5 2019, 02:37

Online privacy is some how tricky to handle as things are becoming complicated but nevertheless online privacy tools like tor, vpn, password manager etc. As per the BestVPNGuru, most effected and widely use tool is VPN due to level of encryption and anonymity.

In T818#16052, @CarloDz wrote:

Online privacy is some how tricky to handle as things are becoming complicated but nevertheless online privacy tools like tor, vpn, password manager etc. As per the thevpnexperts, most effected and widely use tool is VPN due to level of encryption and anonymity.

Thank you for sharing the valuable site which actually talks about privacy, security and online privacy tools.

cj993 added a subscriber: cj993.Apr 19 2020, 04:42
In T818#16052, @CarloDz wrote:

Online privacy is some how tricky to handle as things are becoming complicated but nevertheless online privacy tools like tor, vpn, password manager etc. As per the BuyBestVPN, most effected and widely use tool is VPN due to level of encryption and anonymity.

Thank you for sharing the valuable site which actually talks about privacy, security and online privacy tools.

No doubt it is one of the valueable resource in term of privacy and anonymity.

jonas.smedegaard triaged this task as Wishlist priority.May 25 2021, 12:16
jonas.smedegaard renamed this task from Pure OS / Pure Browser - Trust in default search engine to firefox-esr - Trust in default search engine.May 28 2021, 01:16
jonas.smedegaard updated the task description. (Show Details)