#137 Reorder metasearch/search engines

Closed
opened 9 months ago by TheEvilSkeleton · 29 comments

I would advise you to read through this: https://dev.lemmy.ml/post/31321. It talks a lot about DDG's privacy issues.

I would advise you to read through this: https://dev.lemmy.ml/post/31321. It talks a lot about DDG's privacy issues.
brickup changed title from DDG isn't trustworthy. I wouldn't advise putting it as an ethical alternative. to Remove Duckduckgo entry 9 months ago
brickup added the
content
label 9 months ago

Spot on. It's actually quite important to condemn DuckDuckGo, not just for their attacks on privacy and their support of privacy abusers, but because they are falsely positioned and they're damn good at it. A vast majority of users are not meticulous. They're vulnerable to DDG's propaganda tactics of outspoken pro-privacy advice despite their actual conduct. They're effective enough at the propaganda that sites like swiso have been fooled into endorsing them.

Naive users see the DDG endorsement and think they're in the right place, but to informed users swiso loses credibility for undermining their own cause. In any case, swiso has a chance to distinguish itself from the blind crowd followers and drop DDG. Show that swiso is information-driven and not emotion-driven. And ideally it should state why DDG should be avoided because it's important to proactively call them out in this case.

From a deontological angle, what benefit is swiso attempting by listing DDG? Anyone who finds the swiso website already knows of DDG's existence, so it's not informative. In fact it misinforms. To say DDG "does not track its users" is unverifiable. It's simply impossible for swiso to know for certain that a centralized SaaS does not track its users. In the best case the statement is unverifiable; in the case at hand there *is* evidence of DDG tracking users.

Spot on. It's actually quite important to condemn DuckDuckGo, not just for their attacks on privacy and their support of privacy abusers, but because they are ***falsely positioned*** and they're damn good at it. A vast majority of users are not meticulous. They're vulnerable to DDG's propaganda tactics of outspoken pro-privacy advice despite their actual conduct. They're effective enough at the propaganda that sites like swiso have been fooled into endorsing them. Naive users see the DDG endorsement and think they're in the right place, but to informed users swiso loses credibility for undermining their own cause. In any case, swiso has a chance to distinguish itself from the blind crowd followers and drop DDG. Show that swiso is information-driven and not emotion-driven. And ideally it should state why DDG should be avoided because it's important to proactively call them out in this case. From a deontological angle, what benefit is swiso attempting by listing DDG? Anyone who finds the swiso website already knows of DDG's existence, so it's not informative. In fact it misinforms. To say DDG "does not track its users" is unverifiable. It's simply impossible for swiso to know for certain that a centralized SaaS does not track its users. In the best case the statement is unverifiable; in the case at hand there \**is*\* evidence of DDG tracking users.
brickup commented 9 months ago
Owner

As many links in the lemmy post aren't working anymore, I link this PRISMbreak issue that additionally also discusses a lot of the content. Adding to the points made over there:

Concerning the founder, we shouldn't try to argue on his motivation. The source given there also doesn't give objective input on this. Arguably, to compete with Google, you need to create "something big" and be ambitious in one way or another. Names Database was criticised, but in the end it isn't DDG. If one wants to judge me on my previous projects, you might find my objectives very LEGO-centric, but they aren't anymore.

Concerning privacy, the caught violation was a wrong set cookie reported by a now offline site. I couldn't validate the claims made on it.

The "send every URL" (host only, not full URL) via favicon request indeed was a big mistake, which they acknowlegded and fixed. Took a year from first report to fix, but at least fixed quickly after it was brought up again. Already made it to Wikipedia.

The fingerprint accusation originated here and there was a plausible explanation added.

On Framabee, I personally wouldn't assume bad intentions here. Framasoft itself isn't doing so either in the linked newsletter. A lot of requests coming from the same IP will probably look like some strange DDOS attack on the receiving end.

On information collection, yes, selecting text on the page triggers a call like this one to improving.duckduckgo.com.

https://improving.duckduckgo.com/t/lc?7454762&t=d&ss=0&sp=0&u=bingv7aa&dm=www.chip.de&hn=www.chip.de&r=r1&da=0&nt=0&adx=tas1&adc=2&adx_name=slta&rl=de-de&dl=de&oll=en:2,de:28&i506=0&ivc=1&ibc=0&pr=https&q=test&ttc=79088&ct=DE&d=d&kl=wt-wt&kp=-1&sm=wikipedia_german:q:medium&v7exp=a&sltexp=a&wiadrk=b

Here is their explanation on this behaviour. On the ad topic, I can't add anything as I don't know how this works. I just found out that ads can be disabled in their settings.

Concerning censorship, as the linked article from 2016 states: "It appears that duckduckgo inherits this censorship from Yahoo." Again, I personally wouldn't assume bad intentions here. It's just hard to notice missing things I guess.

Concerning Cloudflare, I think we know best how far stretching this service has become. Their blog doesn't seem to connect to Cloudflare - at least judging by this browser extension. The merch store seems to be some third party? But I see no prominent link on their site to this store, so "promoting" is seems a bit far fetched here.

Concerning partnerships, looking at their traffic stats I guess maintaining the hardware capacity for 700 searches per second on their own is quite unrealistic, as far as I can tell. At least as their main goal is maintaining software, not hardware. Don't know if there are hosting providers without ties to GAFAM/CF, that could possibly handle this? I'm not aware of at least.

Show that swiso is information-driven and not emotion-driven.

All in all, I have looked at and thought about the bullet points, as one can hopefully see by this answer. I personally wouldn't delist DDG from what I've seen and read. Information-driven answers are welcome.

As many links in the lemmy post aren't working anymore, I link [this PRISMbreak issue](https://gitlab.com/prism-break/prism-break/-/issues/2143) that additionally also discusses a lot of the content. Adding to the points made over there: **Concerning the founder**, we shouldn't try to argue on his motivation. The source given there also doesn't give objective input on this. Arguably, to compete with Google, you need to create "something big" and be ambitious in one way or another. Names Database [was criticised](https://en.wikipedia.org/wiki/Names_Database#Criticism), but in the end it isn't DDG. If one wants to judge me on my previous projects, you might find my objectives very LEGO-centric, but they aren't anymore. **Concerning privacy**, the caught violation was a wrong set cookie reported by a [now offline site](https://archive.is/qntuk). I couldn't validate the claims made on it. The "send every URL" ([host only](https://github.com/duckduckgo/Android/issues/527#issuecomment-652882558), not full URL) via favicon request indeed was a big mistake, which they [acknowlegded](https://news.ycombinator.com/item?id=23711597) and [fixed](https://github.com/duckduckgo/Android/pull/878). Took a year from first report to fix, but at least fixed quickly after it was brought up again. Already made it to [Wikipedia](https://en.wikipedia.org/wiki/DuckDuckGo#Controversy). The fingerprint accusation [originated here](https://forums.whonix.org/t/duckduckgo-now-fingerprinting-visitors/6497) and there was [a plausible explanation added](https://forums.whonix.org/t/duckduckgo-now-fingerprinting-visitors/6497/9). On Framabee, I personally wouldn't assume bad intentions here. Framasoft itself isn't doing so either in the linked newsletter. A lot of requests coming from the same IP will probably look like some strange DDOS attack on the receiving end. On information collection, yes, selecting text on the page triggers a call like this one to [improving.duckduckgo.com](https://improving.duckduckgo.com/). ``` https://improving.duckduckgo.com/t/lc?7454762&t=d&ss=0&sp=0&u=bingv7aa&dm=www.chip.de&hn=www.chip.de&r=r1&da=0&nt=0&adx=tas1&adc=2&adx_name=slta&rl=de-de&dl=de&oll=en:2,de:28&i506=0&ivc=1&ibc=0&pr=https&q=test&ttc=79088&ct=DE&d=d&kl=wt-wt&kp=-1&sm=wikipedia_german:q:medium&v7exp=a&sltexp=a&wiadrk=b ``` [Here](https://help.duckduckgo.com/privacy/atb/) is their explanation on this behaviour. On the ad topic, I can't add anything as I don't know how this works. I just found out that ads can be [disabled in their settings](https://duckduckgo.com/settings#setting_k1). **Concerning censorship**, as the linked article from 2016 states: "It appears that duckduckgo inherits this censorship from Yahoo." Again, I personally wouldn't assume bad intentions here. It's just hard to notice missing things I guess. **Concerning Cloudflare**, I think we know best how far stretching this service has become. Their blog doesn't seem to connect to Cloudflare - at least judging by [this browser extension](https://github.com/traktofon/cf-detect). The merch store seems to be some third party? But I see no prominent link on their site to this store, so "promoting" is seems a bit far fetched here. **Concerning partnerships**, looking at [their traffic stats](https://duckduckgo.com/traffic) I guess maintaining the hardware capacity for 700 searches per second on their own is quite unrealistic, as far as I can tell. At least as their main goal is maintaining software, not hardware. Don't know if there are hosting providers without ties to GAFAM/CF, that could possibly handle this? I'm not aware of at least. > Show that swiso is information-driven and not emotion-driven. All in all, I have looked at and thought about the bullet points, as one can hopefully see by this answer. I personally wouldn't delist DDG from what I've seen and read. Information-driven answers are welcome.

As many links in the lemmy post aren't working anymore, I link this PRISMbreak issue that additionally also discusses a lot of the content. Adding to the points made over there:

Hold on -- all the points attempting to favor DDG expressed in that PRISM break thread were defeated. That thread supports the case for removal. So to be clear, there's nothing for DDG proponents to "add to". You have to invent new arguements, or you can try to debunk the prevailing arguments.

Concerning the founder, we shouldn't try to argue on his motivation.

Motivation is essential to credibility and ultimately important to trust. DDG is non-transparent and relies entirely on the public trust. You could disregard trust if we were talking about some piece of open source s/w because the code obviates the need for trust, but DDG is a centralized SaaS. This is not something you can discard unless you can prove that trust is unnecessary (hint: you can't).

I don't suggest spending much energy on it though because there are plenty of facts that kill DDG's trustworthiness which are more damning than Weinberg's elitist motivations and even more damning than his history of privacy abuse prior to DDG's founding.

The source given there also doesn't give objective input on this.

The bio was written by Dominic Otieno based on an interview between Weinberg and Susan Adams. Of course it's objective. It's a very dry and mundane article without the slightest negative statement or intent of smearing him. Why do you say otherwise? Weinberg can sue them for libel if they got something wrong. If you think Weinberg is being smeared or something is incorrect about the article, you can report it to informationcradle@gmail.com. The publisher is committed to accuracy.

Arguably, to compete with Google, you need to create "something big" and be ambitious in one way or another.

To be clear, when you say "compete with Google" you mean complete in business with Google. There are other competitions. Ss for example completely disregards monetization and has no hope of competing with Google in terms of business. But Ss has completely defeated Google in the competition for privacy-respecting search.

DDG's competition for Google business is not our problem. And helping corporations profit is not our objective and it's not the competition we're interested in. Swiso readers have no interest in a company's effectiveness in taking market share and profitting. What Swiso readers want is *privacy* and *ethics*, which is largely at odds with most monetization approaches. If DDG can't reach its business goals in a privacy-respecting manner, it's not our problem. It's merely our duty to show that they've failed.. that they've lost the privacy and ethics competition.

Names Database was criticised, but in the end it isn't DDG. If one wants to judge me on my previous projects, you might find my objectives very LEGO-centric, but they aren't anymore.

That history is very much connected to DDG because Weinberg is still the CEO of DDG. One day Weinberg will step down, and only then will his track record start to become irrelevant. The history is currently very much relevant because it's a trust factor, and Weinberg is at the helm of DDG making key decisions.

How do you determine if someone is trustworthy? You look at their history.

In some cases, the history is relevant as far back as high school and undergrad college years. Think of what triggered Bill Gates on his crusade against free software -- it was computer club kids selling to others copies of his work in front of him. And RMS's crusade in favor of free s/w which was triggered by him getting denied source code to device drivers in college which limited his options.

Weinberg's history shows repeatedly and consistently that he's keen to exploit privacy for business purposes. With names DB he exploited naive people, coercing them to share information about their friends. With DDG, it's even more insideous as he exploits the public's desire for privacy by baiting them with privacy propaganda. The privacy abuses didn't end with Names DB. DDG's history up to and including last month is littered with privacy incidents as well as non-stop partnerships with the most notorious privacy abusers.

Concerning privacy, the caught violation was a wrong set cookie reported by a now offline site. I couldn't validate the claims made on it.

Did you reach out to the author? Websites go offline all the time. Publishers go out of business, they rebrand, etc. These events do not discredit the works they published prior to going offline.

Alexander Hanff is CEO of Think Privacy and a data security and ethics expert on staff at Singularity University. Is there cause to discredit him? If you read the article, he details DDG's response. So DDG was actually in the loop on the accusation. Hanff is an advisor to the EU on privacy legislation, so I'm not convinced that he is making shit up here or that he would fabricate DDG's response.

The "send every URL" (host only, not full URL) via favicon request indeed was a big mistake, which they acknowlegded and fixed. Took a year from first report to fix, but at least fixed quickly after it was brought up again. Already made it to Wikipedia.

This kind of leak doesn't happen on accident. DDG obviously knew about the leak because they inserted it deliberately. It's their code and the code is on both the client side and the server side. It took an *outsider* spotting the client side leak before DDG would even consider removing it. Then they let a whole year go by! That's absurdly shameful. It was only after a year and loud public outrage building up enough to make it clear that the bad PR was going to harm business before they removed the leak. It's absolutely despicable that the leak was injected and that it went so far, and it serves as further evidence of DDG's untrustworthiness.

The fingerprint accusation originated here and there was a plausible explanation added.

That "plausible explanation" is nothing more than an attempt to garner sympathy for DDG's bottom line. Again, it's not our problem that DDG has the goal of monetization and profit maximization. DDG's discrimination on the basis of browser printing is not in the user's interest. The user is left with having to trust them not to exploit the fingerprints for tracking. DDG's anti-bot practice is actually an attack on privacy in itself. Some searx nodes *scrape* DDG ultimately to deliver those results to users in a privacy-respecting way. These bots are parasites in DDG's view, but to us privacy and ethics seekers they are beneficial bots. They benefit privacy seekers by feeding search results through a privacy-respecting channel which (as another bonus) neglects to reciprocate back to DDG in a way that finances Microsoft, Amazon and Yahoo.

On Framabee, I personally wouldn't assume bad intentions here. Framasoft itself isn't doing so either in the linked newsletter. A lot of requests coming from the same IP will probably look like some strange DDOS attack on the receiving end.

You can assume innocent intentions, but where's their explanation and apology? There was collateral damage to a friendly. Whether it was intentional or not it's an attack nonetheless on proponents of Swiso's causes from a utilitarian standpoint.

On information collection, yes, selecting text on the page triggers a call like this one to improving.duckduckgo.com.

https://improving.duckduckgo.com/t/lc?7454762&t=d&ss=0&sp=0&u=bingv7aa&dm=www.chip.de&hn=www.chip.de&r=r1&da=0&nt=0&adx=tas1&adc=2&adx_name=slta&rl=de-de&dl=de&oll=en:2,de:28&i506=0&ivc=1&ibc=0&pr=https&q=test&ttc=79088&ct=DE&d=d&kl=wt-wt&kp=-1&sm=wikipedia_german:q:medium&v7exp=a&sltexp=a&wiadrk=b

Here is their explanation on this behaviour. On the ad topic, I can't add anything as I don't know how this works. I just found out that ads can be disabled in their settings.

I read their explanation and it only has academic value. We need not make excuses for them. DDG is again doing something in the interest of their bottom line and contrary to the privacy objective.

Concerning censorship, as the linked article from 2016 states: "It appears that duckduckgo inherits this censorship from Yahoo." Again, I personally wouldn't assume bad intentions here. It's just hard to notice missing things I guess.

Intent is not the end of the story. DDG got burnt for trusting a data source they shouldn't have. Not to mention it's a privacy-abusing partner who they wouldn't be doing business with in the first place if they were true to the privacy cause.

When a vendor hires other vendors you have a supply chain. If a supplier of a supplier screws the pooch, they can point fingers all they want but our job is to hold our immediate supplier accountable. I recently ordered some products that didn't come. The shop I ordered from is pointing the blame at their supplier. Their supplier is not my problem because I didn't choose their supplier. The shop is directly accountable to me because they're the ones I hired. The shop doesn't get a pass -- they failed to establish a backup supplier.

When DDG neglects to deliver results, resulting in censorship, I don't care who their supplier is, it's DDG's fault they used a bad supplier, or neglected to negotiate for uncensored results from the supplier.

Concerning Cloudflare, I think we know best how far stretching this service has become. Their blog doesn't seem to connect to Cloudflare - at least judging by this browser extension. The merch store seems to be some third party? But I see no prominent link on their site to this store, so "promoting" is seems a bit far fetched here.

Spreadprivacy was certainly on CloudFlare in 2019. Myself and other privacy advocates have done our part to spotlight that. Perhaps DDG took it off CF to mitigate further embarrassment.

Concerning partnerships, looking at their traffic stats I guess maintaining the hardware capacity for 700 searches per second on their own is quite unrealistic, as far as I can tell. At least as their main goal is maintaining software, not hardware. Don't know if there are hosting providers without ties to GAFAM/CF, that could possibly handle this? I'm not aware of at least.

Again, not our problem. Swiso is not here to say "this search engine is relatively privacy-respecting considering the scale of searches it must handle". Swiso visitors don't care about the business challenge companies face. If anything, DDG very well funded when compared to underdog search engines that actually respect privacy and ethics. But we need not make excuses for their choices. We are looking at how they're doing on privacy and ethics entirely orthoganol to how they sustain themselves, and for DDG it pans out quite poorly.

Show that swiso is information-driven and not emotion-driven.

All in all, I have looked at and thought about the bullet points, as one can hopefully see by this answer. I personally wouldn't delist DDG from what I've seen and read. Information-driven answers are welcome.

The only bullet point we can disregard given your feedback is that of the blog no longer being on CloudFlare. I must say that's far too insignficant compared to all the outstanding issues.

> As many links in the lemmy post aren't working anymore, I link [this PRISMbreak issue](https://gitlab.com/prism-break/prism-break/-/issues/2143) that additionally also discusses a lot of the content. Adding to the points made over there: Hold on -- all the points attempting to favor DDG expressed in that PRISM break thread were defeated. That thread supports the case for removal. So to be clear, there's nothing for DDG proponents to "add to". You have to invent new arguements, or you can try to debunk the prevailing arguments. > **Concerning the founder**, we shouldn't try to argue on his motivation. Motivation is essential to credibility and ultimately important to ***trust***. DDG is non-transparent and relies entirely on the public trust. You could disregard trust if we were talking about some piece of open source s/w because the code obviates the need for trust, but DDG is a centralized SaaS. This is not something you can discard unless you can prove that trust is unnecessary (hint: you can't). I don't suggest spending much energy on it though because there are plenty of facts that kill DDG's trustworthiness which are more damning than Weinberg's elitist motivations and even more damning than his history of privacy abuse prior to DDG's founding. > The source given there also doesn't give objective input on this. The bio was written by Dominic Otieno based on an interview between Weinberg and Susan Adams. Of course it's objective. It's a very dry and mundane article without the slightest negative statement or intent of smearing him. Why do you say otherwise? Weinberg can sue them for libel if they got something wrong. If you think Weinberg is being smeared or something is incorrect about the article, you can report it to informationcradle@gmail.com. The publisher is [committed](https://informationcradle.com/gabriel-weinberg) to accuracy. > Arguably, to compete with Google, you need to create "something big" and be ambitious in one way or another. To be clear, when you say "compete with Google" you mean complete *in business* with Google. There are other competitions. Ss for example completely disregards monetization and has no hope of competing with Google in terms of business. But Ss has completely defeated Google in the competition for privacy-respecting search. DDG's competition for Google *business* is not our problem. And helping corporations profit is not our objective and it's not the competition we're interested in. Swiso readers have no interest in a company's effectiveness in taking market share and profitting. What Swiso readers want is \*privacy\* and \*ethics\*, which is largely at odds with most monetization approaches. If DDG can't reach its business goals in a privacy-respecting manner, it's not our problem. It's merely our duty to show that they've failed.. that they've lost the privacy and ethics competition. > Names Database [was criticised](https://en.wikipedia.org/wiki/Names_Database#Criticism), but in the end it isn't DDG. If one wants to judge me on my previous projects, you might find my objectives very LEGO-centric, but they aren't anymore. That history is very much connected to DDG because Weinberg is still the CEO of DDG. One day Weinberg will step down, and only then will his track record start to become irrelevant. The history is currently very much relevant because it's a trust factor, and Weinberg is at the helm of DDG making key decisions. How do you determine if someone is trustworthy? You look at their history. In some cases, the history is relevant as far back as high school and undergrad college years. Think of what triggered Bill Gates on his crusade against free software -- it was computer club kids selling to others copies of his work in front of him. And RMS's crusade in favor of free s/w which was triggered by him getting denied source code to device drivers in college which limited his options. Weinberg's history shows repeatedly and consistently that he's keen to exploit privacy for business purposes. With names DB he exploited naive people, coercing them to share information about their friends. With DDG, it's even more insideous as he exploits the public's desire for privacy by baiting them with privacy propaganda. The privacy abuses didn't end with Names DB. DDG's history up to and including last month is littered with privacy incidents as well as non-stop partnerships with the most notorious privacy abusers. > **Concerning privacy**, the caught violation was a wrong set cookie reported by a [now offline site](https://archive.is/qntuk). I couldn't validate the claims made on it. Did you reach out to the author? Websites go offline all the time. Publishers go out of business, they rebrand, etc. These events do not discredit the works they published prior to going offline. Alexander Hanff is [CEO of Think Privacy](https://www.theguardian.com/profile/alexander-hanff) and a data security and ethics expert [on staff](https://web.archive.org/web/20190411202653/https://su.org/about/faculty/alexander-hanff) at Singularity University. Is there cause to discredit him? If you read the article, he details DDG's response. So DDG was actually in the loop on the accusation. Hanff is an advisor to the EU on privacy legislation, so I'm not convinced that he is making shit up here or that he would fabricate DDG's response. > The "send every URL" ([host only](https://github.com/duckduckgo/Android/issues/527#issuecomment-652882558), not full URL) via favicon request indeed was a big mistake, which they [acknowlegded](https://news.ycombinator.com/item?id=23711597) and [fixed](https://github.com/duckduckgo/Android/pull/878). Took a year from first report to fix, but at least fixed quickly after it was brought up again. Already made it to [Wikipedia](https://en.wikipedia.org/wiki/DuckDuckGo#Controversy). This kind of leak doesn't happen on accident. DDG obviously knew about the leak because they inserted it deliberately. It's their code and the code is on both the client side and the server side. It took an \*outsider\* spotting the client side leak before DDG would even consider removing it. Then they let a whole year go by! That's absurdly shameful. It was only after a year and loud public outrage building up enough to make it clear that the bad PR was going to harm business before they removed the leak. It's absolutely despicable that the leak was injected and that it went so far, and it serves as further evidence of DDG's untrustworthiness. > The fingerprint accusation [originated here](https://forums.whonix.org/t/duckduckgo-now-fingerprinting-visitors/6497) and there was [a plausible explanation added](https://forums.whonix.org/t/duckduckgo-now-fingerprinting-visitors/6497/9). That "plausible explanation" is nothing more than an attempt to garner sympathy for DDG's bottom line. Again, it's not our problem that DDG has the goal of monetization and profit maximization. DDG's discrimination on the basis of browser printing is not in the user's interest. The user is left with having to trust them not to exploit the fingerprints for tracking. DDG's anti-bot practice is actually an attack on privacy in itself. Some searx nodes \*scrape\* DDG ultimately to deliver those results to users in a privacy-respecting way. These bots are parasites in DDG's view, but to us privacy and ethics seekers they are *beneficial* bots. They benefit privacy seekers by feeding search results through a privacy-respecting channel which (as another bonus) neglects to reciprocate back to DDG in a way that finances Microsoft, Amazon and Yahoo. > On Framabee, I personally wouldn't assume bad intentions here. Framasoft itself isn't doing so either in the linked newsletter. A lot of requests coming from the same IP will probably look like some strange DDOS attack on the receiving end. You can assume innocent intentions, but where's their explanation and apology? There was collateral damage to a friendly. Whether it was intentional or not it's an attack nonetheless on proponents of Swiso's causes from a utilitarian standpoint. > On information collection, yes, selecting text on the page triggers a call like this one to [improving.duckduckgo.com](https://improving.duckduckgo.com/). > > ``` > https://improving.duckduckgo.com/t/lc?7454762&t=d&ss=0&sp=0&u=bingv7aa&dm=www.chip.de&hn=www.chip.de&r=r1&da=0&nt=0&adx=tas1&adc=2&adx_name=slta&rl=de-de&dl=de&oll=en:2,de:28&i506=0&ivc=1&ibc=0&pr=https&q=test&ttc=79088&ct=DE&d=d&kl=wt-wt&kp=-1&sm=wikipedia_german:q:medium&v7exp=a&sltexp=a&wiadrk=b > ``` > > [Here](https://help.duckduckgo.com/privacy/atb/) is their explanation on this behaviour. On the ad topic, I can't add anything as I don't know how this works. I just found out that ads can be [disabled in their settings](https://duckduckgo.com/settings#setting_k1). I read their explanation and it only has academic value. We need not make excuses for them. DDG is again doing something in the interest of their bottom line and contrary to the privacy objective. > **Concerning censorship**, as the linked article from 2016 states: "It appears that duckduckgo inherits this censorship from Yahoo." Again, I personally wouldn't assume bad intentions here. It's just hard to notice missing things I guess. Intent is not the end of the story. DDG got burnt for trusting a data source they shouldn't have. Not to mention it's a privacy-abusing partner who they wouldn't be doing business with in the first place if they were true to the privacy cause. When a vendor hires other vendors you have a supply chain. If a supplier of a supplier screws the pooch, they can point fingers all they want but our job is to hold our immediate supplier accountable. I recently ordered some products that didn't come. The shop I ordered from is pointing the blame at their supplier. Their supplier is not my problem because I didn't choose their supplier. The shop is directly accountable to me because they're the ones I hired. The shop doesn't get a pass -- they failed to establish a backup supplier. When DDG neglects to deliver results, resulting in censorship, I don't care who their supplier is, it's DDG's fault they used a bad supplier, or neglected to negotiate for uncensored results from the supplier. > **Concerning Cloudflare**, I think we know best how far stretching this service has become. Their blog doesn't seem to connect to Cloudflare - at least judging by [this browser extension](https://github.com/traktofon/cf-detect). The merch store seems to be some third party? But I see no prominent link on their site to this store, so "promoting" is seems a bit far fetched here. Spreadprivacy was certainly on CloudFlare in 2019. Myself and other privacy advocates have done our part to spotlight that. Perhaps DDG took it off CF to mitigate further embarrassment. > **Concerning partnerships**, looking at [their traffic stats](https://duckduckgo.com/traffic) I guess maintaining the hardware capacity for 700 searches per second on their own is quite unrealistic, as far as I can tell. At least as their main goal is maintaining software, not hardware. Don't know if there are hosting providers without ties to GAFAM/CF, that could possibly handle this? I'm not aware of at least. Again, not our problem. Swiso is not here to say "this search engine is relatively privacy-respecting *considering the scale of searches it must handle*". Swiso visitors don't care about the business challenge companies face. If anything, DDG very well funded when compared to underdog search engines that actually respect privacy and ethics. But we need not make excuses for their choices. We are looking at how they're doing on privacy and ethics entirely orthoganol to how they sustain themselves, and for DDG it pans out quite poorly. > > Show that swiso is information-driven and not emotion-driven. > > All in all, I have looked at and thought about the bullet points, as one can hopefully see by this answer. I personally wouldn't delist DDG from what I've seen and read. Information-driven answers are welcome. The only bullet point we can disregard given your feedback is that of the blog no longer being on CloudFlare. I must say that's far too insignficant compared to all the outstanding issues.
Collaborator

@xr_rider What you're saying seems enough reason to move DuckDuckGo further down the list, but I don't think it's enough to remove them entirely. We're about more ethical, more freedom-respecting, more private alternatives. It's really hard to make a decent search engine these days, without venture capital (which would basically guarantee your standard for inclusion isn't met); weird network effects apply.

Yeah, Searx should probably be above it, and we shouldn't promote their browser, and we should add something like "while it's not the best option for privacy" to the text. But removing it entirely isn't appropriate, imo.

DuckDuckGo deserves faint praise, but still praise, from us.

Edit: Actually, can we completely flip the order of the entire list – if we're not putting Searx at the top? Maybe DuckDuckGo can go above Qwant, but Qwant's not really all that good. And Mojeek is great.

@xr_rider What you're saying seems enough reason to move DuckDuckGo _further down the list_, but I don't think it's enough to remove them entirely. We're about _more_ ethical, _more_ freedom-respecting, _more_ private alternatives. It's _really hard_ to make a decent search engine these days, without venture capital (which would basically guarantee your standard for inclusion isn't met); weird network effects apply. Yeah, Searx should probably be above it, and we _shouldn't_ promote their browser, and we should add something like "while it's not the best option for privacy" to the text. But removing it entirely isn't appropriate, imo. DuckDuckGo deserves faint praise, but still praise, from us. Edit: Actually, can we completely flip the order of the entire list – if we're not putting Searx at the top? _Maybe_ DuckDuckGo can go above Qwant, but Qwant's not really all that good. And [Mojeek is great](https://www.mojeek.com/about/cookie).

This is like a race of 50 runners. The first four to finish are Ss, search.disroot.org, Metager, and Mojeek in that order. The last five to finish are Startpage, DuckDuckGo, Google, Yahoo, and Microsoft, in that order. DDG, Yahoo, and Microsoft are on the same team along with Amazon, Verizon and CloudFlare. Swiso awards 3rd place to DDG, thus cheating better competitors out of recognition.

It's absurdly rediculous to give a falsely positioned privacy-abusing privacy propagandist any praise whatsoever. They directly violate users privacy, they lie about it, and they feed notorious privacy abusing partners. It's precisely because they have deceived a large portion of the naive public that it's paramount to condemn them. It's insufficient to simply delist DDG. Swiso would be undermining it's own mission not to call them out and proper the record.

This is like a race of 50 runners. The first four to finish are Ss, search.disroot.org, Metager, and Mojeek in that order. The last five to finish are Startpage, DuckDuckGo, Google, Yahoo, and Microsoft, in that order. DDG, Yahoo, and Microsoft are on the same team along with Amazon, Verizon and CloudFlare. Swiso awards 3rd place to DDG, thus cheating better competitors out of recognition. It's absurdly rediculous to give a falsely positioned privacy-abusing privacy propagandist any praise whatsoever. They directly violate users privacy, they lie about it, and they feed notorious privacy abusing partners. It's precisely because they have deceived a large portion of the naive public that it's paramount to condemn them. It's insufficient to simply delist DDG. Swiso would be undermining it's own mission not to call them out and proper the record.
Collaborator

Then we put them at the bottom of a long list of others, and say why. Could you open an issue for Metager, please?

Then we put them at the bottom of a long list of others, and say why. Could you open an issue for Metager, please?

Then we put them at the bottom of a long list of others, and say why. Could you open an issue for Metager, please?

The list would have to be 50+ large - and why not have Google and Microsoft on the list as well at that point if it's simply a ranking and not an exclusive list of privacy-respecting services?

> Then we put them at the bottom of a long list of others, and say why. Could you open an issue for Metager, please? The list would have to be 50+ large - and why not have Google and Microsoft on the list as well at that point if it's simply a ranking and not an exclusive list of privacy-respecting services?
Poster

@xr_rider What you're saying seems enough reason to move DuckDuckGo further down the list, but I don't think it's enough to remove them entirely. We're about more ethical, more freedom-respecting, more private alternatives. [...]

I don't understand how a proprietary service with a two year old privacy issue that was disregarded by the team and then (two years later) came to the conclusion to finally fix it due to that issue getting a lot of attention makes it more ethical, more freedom-respecting and more private.

DuckDuckGo deserves faint praise, but still praise, from us.

I disagree. I would personally say that it deserves to get removed from the list (same with Qwant) because you will be promoting a service that claims to be for freedom when in reality it is the total opposite due to it being proprietary, which is downright dishonest and arguably unethical.

It is better to not provide any alternatives than to lie to your visitors. Searx for example is completely FOSS, and despite it being able to use proprietary search engines, e.g. Google and DDG, you can still turn them off.

> @xr_rider What you're saying seems enough reason to move DuckDuckGo _further down the list_, but I don't think it's enough to remove them entirely. We're about _more_ ethical, _more_ freedom-respecting, _more_ private alternatives. [...] I don't understand how a <u>**proprietary**</u> service with [a two year old privacy issue](https://en.wikipedia.org/wiki/DuckDuckGo#Controversy) that was disregarded by the team and *then* (two years later) came to the conclusion to finally fix it due to that issue getting *a lot* of attention makes it *more* ethical, *more* freedom-respecting and *more* private. > DuckDuckGo deserves faint praise, but still praise, from us. I disagree. I would personally say that it deserves to get removed from the list (same with Qwant) because you will be promoting a service that claims to be for *freedom* when in reality it is the total opposite due to it being proprietary, which is downright dishonest and arguably unethical. It is better to not provide any alternatives than to lie to your visitors. Searx for example is completely FOSS, and despite it being able to use proprietary search engines, e.g. Google and DDG, you can still turn them off.

This is a work in progress...

This is a work in progress...
davidak commented 9 months ago
Owner

It is better to not provide any alternatives than to lie to your visitors.

We don't have to lie when we point out the problems. I think every step in the right direction is good. So we should list the best alternative we have, even if it is not perfect (yet). Generally speaking.

I'm not up to date with search engines, so i can't contribute to this specific case.

Thanks @xr_rider for working that out.

>It is better to not provide any alternatives than to lie to your visitors. We don't have to lie when we point out the problems. I think every step in the right direction is good. So we should list the best alternative we have, even if it is not perfect (yet). Generally speaking. I'm not up to date with search engines, so i can't contribute to this specific case. Thanks @xr_rider for working that out.
Collaborator

The aim of swiso is not to reward alternative software. It's to encourage users to use alternative software. If they don't see DuckDuckGo on the list, they might think we just missed it; if they see it at the bottom, they might think “wow, DuckDuckGo sure is advertising itself a lot; glad I found swiso”.

Once we've got enough easy to use search engines more private than DuckDuckGo on the list, then we can think about having an "alternatives to DuckDuckGo" page.

The aim of swiso is _not_ to _reward_ alternative software. It's to encourage users to use alternative software. If they don't see DuckDuckGo on the list, they might think we just missed it; if they see it at the bottom, they might think “wow, DuckDuckGo sure is advertising itself a lot; glad I found swiso”. Once we've got enough _easy to use_ search engines more private than DuckDuckGo on the list, _then_ we can think about having an "alternatives to DuckDuckGo" page.
Collaborator

This is a work in progress...

Does Ekoru have any problems? (There are a couple of bugs in the website, but I mean privacy-wise.)

> This is a work in progress... Does Ekoru have any problems? (There are a couple of bugs in the website, but I mean privacy-wise.)

It is better to not provide any alternatives than to lie to your visitors.

We don't have to lie when we point out the problems.

Indeed, but the status quo is lies and deception. Swiso's current statement today:

"The most popular and easiest to use privacy-conscious search engine, DuckDuckGo is funded by advertising but does not track its users. It is based in the USA."

"You can search through the website just like you would on Google, and there are phone apps available that provide additional protection when browsing the web. You can also set your web browser to use DuckDuckGo as its default search engine."

To say DDG is "easiest to use" is deceptive. All search engines present a search field in the middle of the screen that's equally easy to find, click on, and enter search query. It's no more complicated to initiate a search.disroot.org than it is on DDG. Furthermore, disroot offers a "cached" link for every result which eases the burden of indirect access. DDG does not. So with DDG users are on their own to find an indirect access method (which is important from a privacy standpoint and ultimately increases difficulty of use). When a novice Tor user gets a CAPTCHA from a DDG result (which happens often because DDG neglects to filter out CloudFlare sites), the novice user is at a loss for how to proceed. The cached/proxy offers of other search engines make it easy to circumvent that problem. The easiest of all is Ss, which does not present CloudFlare sites in the high ranking results and which strikes other sites that are problematic.

To say "does not track its users" is both a deception and a lie. It's a lie as we know from the evidence that DDG's clients and javascript have been caught sending data back to the server. It's also a deception because it's impossible for someone other than DDG to verify what goes on internally within a centralized service. Swiso cannot verify with certainty the a server is not tracking users, only when it *is* tracking users in cases where evidence emerges. IOW, we can't prove a negative here and Swiso is misleading readers by claiming any search service does not track users. The only way to express this in a non-deceptive way is to say "site X claims they do not track users".

To say "there are phone apps available that provide additional protection when browsing the web" is a deception at best because the phone app has been sending DDG additional tracking info for a year. Generally it would have been a true statement, but only in situations where the client app is 1) open source 2) does not execute javascript 3) has been audited. The case of DDG proved to fail here because a leak was exposed, it was deliberate on the part of DDG, and no forks emerged and the corrections didn't happen for a year thereafter.

To say "You can also set your web browser to use DuckDuckGo as its default search engine" is factually true but it's true of all search engines. In the case of DDG it's bad advice to suggest this. If a user's default search engine is DDG, they should be *removing* it from a privacy and ethics standpoint.

I think every step in the right direction is good. So we should list the best alternative we have, even if it is not perfect (yet). Generally speaking.

There are tens of alternate search engines nowhere near the abuses and ethical issues of DDG. I can list them here but transcribing them on the Swiso page would be so cluttered the users would be overloaded with good options mixed with poor options like DDG. Do we really want 20+ search engines listed?

Would it make sense to be transparent and list all the privacy and ethical issues of DDG while still endorsing DDG? Of course not -- it will perplex users about why Swiso is endorsing them in the first place. In order to save-face with a DDG endorsement you would have to down play the issues.

It only makes sense to condemn DDG. DDG should be listed right next to Google as a site to avoid. The extra perk is that Swiso would no longer be instantly seen as blindly following the crowd but rather a project with real insight and leadership. It would elevate Swiso's credibility.

> >It is better to not provide any alternatives than to lie to your visitors. > > We don't have to lie when we point out the problems. Indeed, but the status quo is lies and deception. Swiso's current statement today: > "*The most popular and easiest to use privacy-conscious search engine, DuckDuckGo is funded by advertising but does not track its users. It is based in the USA.*" > "*You can search through the website just like you would on Google, and there are phone apps available that provide additional protection when browsing the web. You can also set your web browser to use DuckDuckGo as its default search engine.*" To say DDG is "*easiest to use*" is deceptive. All search engines present a search field in the middle of the screen that's equally easy to find, click on, and enter search query. It's no more complicated to initiate a search.disroot.org than it is on DDG. Furthermore, disroot offers a "cached" link for every result which eases the burden of indirect access. DDG does not. So with DDG users are on their own to find an indirect access method (which is important from a privacy standpoint and ultimately increases difficulty of use). When a novice Tor user gets a CAPTCHA from a DDG result (which happens often because DDG neglects to filter out CloudFlare sites), the novice user is at a loss for how to proceed. The cached/proxy offers of other search engines make it easy to circumvent that problem. The easiest of all is Ss, which does not present CloudFlare sites in the high ranking results and which strikes other sites that are problematic. To say "*does not track its users*" is both a deception and a lie. It's a lie as we know from the evidence that DDG's clients and javascript have been caught sending data back to the server. It's also a deception because it's impossible for someone other than DDG to verify what goes on internally within a centralized service. Swiso cannot verify with certainty the a server is not tracking users, only when it \*is\* tracking users in cases where evidence emerges. IOW, we can't prove a negative here and Swiso is misleading readers by claiming *any* search service does not track users. The only way to express this in a non-deceptive way is to say "site X ***claims*** they do not track users". To say "*there are phone apps available that provide additional protection when browsing the web*" is a deception at best because the phone app has been sending DDG additional tracking info for a year. Generally it would have been a true statement, but only in situations where the client app is 1) open source 2) does not execute javascript 3) has been audited. The case of DDG proved to fail here because a leak was exposed, it was deliberate on the part of DDG, and no forks emerged and the corrections didn't happen for a year thereafter. To say "*You can also set your web browser to use DuckDuckGo as its default search engine*" is factually true but it's true of all search engines. In the case of DDG it's bad advice to suggest this. If a user's default search engine is DDG, they should be \*removing\* it from a privacy and ethics standpoint. > I think every step in the right direction is good. So we should list the best alternative we have, even if it is not perfect (yet). Generally speaking. There are tens of alternate search engines nowhere near the abuses and ethical issues of DDG. I can list them here but transcribing them on the Swiso page would be so cluttered the users would be overloaded with good options mixed with poor options like DDG. Do we really want 20+ search engines listed? Would it make sense to be transparent and list all the privacy and ethical issues of DDG while still endorsing DDG? Of course not -- it will perplex users about why Swiso is endorsing them in the first place. In order to save-face with a DDG endorsement you would have to down play the issues. It only makes sense to condemn DDG. DDG should be listed right next to Google as a site to avoid. The extra perk is that Swiso would no longer be instantly seen as blindly following the crowd but rather a project with real insight and leadership. It would elevate Swiso's credibility.
Collaborator

I can list them here

Please do. And if you include a link to a logo, and a brief description of the search engine, it'll make it easier for someone to turn into a pull request – though, of course, you don't have to.

In order to save-face with a DDG endorsement you would have to down play the issues.

Save face? Swiso is not a person; it does not care for social graces. Having it at the bottom of the list is almost less of an endorsement than not having it at all, given their advertising. And DuckDuckGo does have the most powerful metasearch features of any engine I know (i.e. its Bangs) and has a lot of great Instant Answers – I don't know of another search engine that uses those; these are legitimate reasons to keep it.

It should be at the bottom of the list, if we do keep it, though, unless something else ends up below it.

> I can list them here Please do. And if you include a link to a logo, and a brief description of the search engine, it'll make it easier for someone to turn into a pull request – though, of course, you don't _have_ to. > In order to save-face with a DDG endorsement you would have to down play the issues. Save face? Swiso is not a person; it does not care for social graces. Having it at the bottom of the list is almost _less_ of an endorsement than not having it at all, given their advertising. And DuckDuckGo _does_ have the most powerful metasearch features of any engine I know (i.e. its Bangs) and has [a lot of great Instant Answers](https://duck.co/ia) – I don't know of another search engine that uses those; these are legitimate reasons to keep it. It should be at the bottom of the list, if we do keep it, though, unless something else ends up below it.

In order to save-face with a DDG endorsement you would have to down play the issues.

Save face? Swiso is not a person; it does not care for social graces.

Of course reputation is important for Swiso. Swiso's mission is lost if it cannot demonstrate credibility. When Swiso recommends a service that works against Swiso's stated purpose, it's an embarrassment. Swiso cannot save face if it endorses DDG while transparently exposing all the ethical and privacy issues of DDG.

Having it at the bottom of the list is almost less of an endorsement than not having it at all,

Nonsense. You have that backwards. Listing DDG as an alternative *is* and endorsement even if it's at the bottom. A non-listing is absence of endorsement. Absence of endorsement would be a good start, but obviously it should be expressly condemned given the evidence presented.

given their advertising. And DuckDuckGo does have the most powerful metasearch features of any engine I know (i.e. its Bangs) and has a lot of great Instant Answers – I don't know of another search engine that uses those; these are legitimate reasons to keep it.

It's too bad DDG's privacy and ethics are in the shitter.

> > In order to save-face with a DDG endorsement you would have to down play the issues. > > Save face? Swiso is not a person; it does not care for social graces. Of course reputation is important for Swiso. Swiso's mission is lost if it cannot demonstrate credibility. When Swiso recommends a service that works against Swiso's stated purpose, it's an embarrassment. Swiso cannot save face if it endorses DDG while transparently exposing all the ethical and privacy issues of DDG. > Having it at the bottom of the list is almost _less_ of an endorsement than not having it at all, Nonsense. You have that backwards. Listing DDG as an alternative \**is*\* and endorsement even if it's at the bottom. A non-listing is absence of endorsement. Absence of endorsement would be a good start, but obviously it should be expressly condemned given the evidence presented. > given their advertising. And DuckDuckGo _does_ have the most powerful metasearch features of any engine I know (i.e. its Bangs) and has [a lot of great Instant Answers](https://duck.co/ia) – I don't know of another search engine that uses those; these are legitimate reasons to keep it. It's too bad DDG's privacy and ethics are in the shitter.
Collaborator

Nonsense. You have that backwards. Listing DDG as an alternative *is* an endorsement even if it’s at the bottom.

To people who haven't heard of DuckDuckGo, yes. To the average person who has, perhaps not; “DuckDuckGo is at the bottom of the list” is more visceral than “hmm… something's missing…”.

It’s too bad DDG’s privacy and ethics are in the shitter.

We don't know that. We know Google's creepy, we know Microsoft is the company that Embraced, Extended and Extinguished, but all we know is that DuckDuckGo acts as though they're trustworthy, and dismisses others' “we'd rather not trust you with that”. That's bad, but it doesn't mean their “ethics are in the shitter”.

The issue is that their ethics might be bad, and we'd have no way of knowing; we have to trust them, and historically that's not been a good sign. But “we should act as though DuckDuckGo is evil” doesn't mean “DuckDuckGo is evil”.

> Nonsense. You have that backwards. Listing DDG as an alternative _\*is\*_ an endorsement even if it’s at the bottom. To people who haven't heard of DuckDuckGo, yes. To the average person who has, perhaps not; “DuckDuckGo is at the bottom of the list” is more _visceral_ than “hmm… something's missing…”. > It’s too bad DDG’s privacy and ethics are in the shitter. We don't _know_ that. We _know_ Google's creepy, we _know_ Microsoft is the company that Embraced, Extended and Extinguished, but all we _know_ is that DuckDuckGo acts as though they're trustworthy, and dismisses others' “we'd rather not trust you with that”. That's _bad_, but it doesn't mean their “ethics are in the shitter”. The issue is that their ethics _might_ be bad, and we'd have no way of knowing; we _have to trust them_, and historically that's not been a good sign. But “we should act as though DuckDuckGo is evil” doesn't mean “DuckDuckGo is evil”.
Poster

The issue is that their ethics might be bad, and we'd have no way of knowing

I disagree. Having a proprietary back-end is already more than enough to tell that they have bad ethics.

> The issue is that their ethics *might* be bad, and **we'd have no way of knowing** I disagree. Having a proprietary back-end is already more than enough to tell that they have bad ethics.
Poster

I'm not sure if anybody knew that or if it has been mentioned, but try to whois DDG's IP and be amazed:

TL;DR: it hosts on Microsoft Azure!


Running dig to find DDG's IP

$ dig duckduckgo.com | awk '{print $1,$5}'

; <<>>
;; 
;; 
;; status:
;; ra;
 
;; 
; flags:;
;; 
;duckduckgo.com. 
 
;; 
duckduckgo.com. 52.149.246.39     # <----- referencing this IP for `whois`
 
;; msec
;; 
;; 24
;; 59

Running whois to check what CDN it uses

whois 52.149.246.39 
[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#


NetRange:       52.145.0.0 - 52.191.255.255
CIDR:           52.148.0.0/14, 52.152.0.0/13, 52.146.0.0/15, 52.160.0.0/11, 52.145.0.0/16
NetName:        MSFT
NetHandle:      NET-52-145-0-0-1
Parent:         NET52 (NET-52-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       
Organization:   Microsoft Corporation (MSFT)
RegDate:        2015-11-24
Updated:        2015-11-24
Ref:            https://rdap.arin.net/registry/ip/52.145.0.0



OrgName:        Microsoft Corporation
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-09
Updated:        2017-01-28
Comment:        To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment:        * https://cert.microsoft.com.  
Comment:        
Comment:        For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment:        * abuse@microsoft.com.  
Comment:        
Comment:        To report security vulnerabilities in Microsoft products and services, please contact:
Comment:        * secure@microsoft.com.  
Comment:        
Comment:        For legal and law enforcement-related requests, please contact:
Comment:        * msndcc@microsoft.com
Comment:        
Comment:        For routing, peering or DNS issues, please 
Comment:        contact:
Comment:        * IOC@microsoft.com
Ref:            https://rdap.arin.net/registry/entity/MSFT


OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@microsoft.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/MAC74-ARIN

OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080 
OrgTechEmail:  IOC@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/MRPD-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2020, American Registry for Internet Numbers, Ltd.
#

EDIT: Sorry for the very long text. I decided to not to remove any lines because I want to keep every single lines of proof.

I'm not sure if anybody knew that or if it has been mentioned, but try to `whois` DDG's IP and be amazed: TL;DR: it hosts on Microsoft Azure! --- ## Running `dig` to find DDG's IP ```bash $ dig duckduckgo.com | awk '{print $1,$5}' ; <<>> ;; ;; ;; status: ;; ra; ;; ; flags:; ;; ;duckduckgo.com. ;; duckduckgo.com. 52.149.246.39 # <----- referencing this IP for `whois` ;; msec ;; ;; 24 ;; 59 ``` ## Running `whois` to check what CDN it uses ``` whois 52.149.246.39 [Querying whois.arin.net] [whois.arin.net] # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2020, American Registry for Internet Numbers, Ltd. # NetRange: 52.145.0.0 - 52.191.255.255 CIDR: 52.148.0.0/14, 52.152.0.0/13, 52.146.0.0/15, 52.160.0.0/11, 52.145.0.0/16 NetName: MSFT NetHandle: NET-52-145-0-0-1 Parent: NET52 (NET-52-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Microsoft Corporation (MSFT) RegDate: 2015-11-24 Updated: 2015-11-24 Ref: https://rdap.arin.net/registry/ip/52.145.0.0 OrgName: Microsoft Corporation OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-09 Updated: 2017-01-28 Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to: Comment: * https://cert.microsoft.com. Comment: Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact: Comment: * abuse@microsoft.com. Comment: Comment: To report security vulnerabilities in Microsoft products and services, please contact: Comment: * secure@microsoft.com. Comment: Comment: For legal and law enforcement-related requests, please contact: Comment: * msndcc@microsoft.com Comment: Comment: For routing, peering or DNS issues, please Comment: contact: Comment: * IOC@microsoft.com Ref: https://rdap.arin.net/registry/entity/MSFT OrgAbuseHandle: MAC74-ARIN OrgAbuseName: Microsoft Abuse Contact OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@microsoft.com OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN OrgTechHandle: MRPD-ARIN OrgTechName: Microsoft Routing, Peering, and DNS OrgTechPhone: +1-425-882-8080 OrgTechEmail: IOC@microsoft.com OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/resources/registry/whois/tou/ # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ # # Copyright 1997-2020, American Registry for Internet Numbers, Ltd. # ``` EDIT: Sorry for the very long text. I decided to not to remove any lines because I want to keep every single lines of proof.
Collaborator

Having a proprietary back-end is already more than enough to tell that they have bad ethics.

In most cases, no. In this case, you have a point. But "worse ethics than me" doesn't mean "very bad".

> Having a proprietary back-end is already more than enough to tell that they have bad ethics. In most cases, no. In this case, you have a point. But "worse ethics than me" doesn't mean "very bad".
Poster

I'd still consider it bad but not as bad as Google and Bing. It is probably just me though.

I'd still consider it bad but not as bad as Google and Bing. It is probably just me though.
Collaborator

And Google and Bing are our standards of “bad”. DuckDuckGo is (currently) at the bad end of good.

And Google and Bing are our standards of “bad”. DuckDuckGo is (currently) at the bad end of good.
Poster

I agree with that

I agree with that
boud commented 9 months ago

The evidence for moving DDG down to the bottom of the list, starting from https://dev.lemmy.ml/post/31321 (I checked a DDG IP myself, which confirms that it's on GAFAM:M), looks strong to me.

Whether or not it should be completely removed is a question of where to choose in compromising. The Tyranny of Convenience is a real factor in choosing where along the line to compromise. I've just started trying Mojeek, and I'm going to try Searx (seems to have progressed since last time I tried). I can't yet judge whether my own tyranny of convenience will allow me to use Mojeek and/or Searx without DDG and GAFAM:G.

PS: Notation: GAFAM:X denotes component X of GAFAM.

The evidence for moving DDG down to the bottom of the list, starting from https://dev.lemmy.ml/post/31321 (I checked a DDG IP myself, which confirms that it's on GAFAM:M), looks strong to me. Whether or not it should be completely removed is a question of where to choose in compromising. The [Tyranny of Convenience](https://cosmo.torun.pl/blog/slack_zoom_prison) is a real factor in choosing where along the line to compromise. I've just started trying Mojeek, and I'm going to try Searx (seems to have progressed since last time I tried). I can't yet judge whether my own tyranny of convenience will allow me to use Mojeek and/or Searx without DDG and GAFAM:G. PS: Notation: _GAFAM:X_ denotes component X of [GAFAM](https://en.wikipedia.org/wiki/GAFAM).

TL;DR: it hosts on Microsoft Azure!

That's an interesting find. During my research spanning the past few years DDG was always hosted by Amazon AWS, and their duck.co docs confirmed it. DDG has been criticized over the years for that. Now when I do my own test today, I concur that DDG is now on MS Azure.

DDG left one evil for another, but this change is actually slightly in DDG's favor ethically. I consider Amazon significantly more evil than Microsoft. DDG already does business with MS and had no other Amazon ties apart from AWS. So all the Amazon-affiliated evil can be disregeded going forward. AFAIK. (late edit: I must retract the struck out text because using MS for both hosting & search query forwarding enables MS to identify the person who submitted the DDG query, which means we must merge the privacy policies of both DDG & Microsoft and consider them inseparable when evaluating DDG)

That said, DDG is still nowhere near getting any other vote than condemnation from me.

For someone to say "Google is worse than DDG", they'd have to be narrowly focused on direct privacy factors and wholly neglecting the big picture ethically (including the ethics of privacy). Microsoft, Verizon, Yahoo, and DDG's other partners are far more evil than Google. Google is more transparent and more ethical than Microsoft alone. Google at least has an AI principles statement, and when Google employees petition projects that violate those principles Google sometimes drops those contracts. The same cannot be said for Amazon and Microsoft, who pretty much laugh at similar petitions from their employees and then retaliate against the "trouble makers" who lead ethical petitions. DDG's partners have no ethical boundaries whatsoever.

PS: Notation: GAFAM:X denotes component X of GAFAM.

The problem with the GAFAM acronym is it neglects a company that is more evil than most if not of them-- who the public is largely unaware of: CloudFlare. I've replaced GAFAM with MACFANG because it's very important to raise awareness and expose what CloudFlare is doing.

  • Microsoft
  • Amazon
  • CloudFlare
  • Facebook
  • Apple
  • Netflix
  • Google
> TL;DR: it hosts on Microsoft Azure! That's an interesting find. During my research spanning the past few years DDG was always hosted by Amazon AWS, and their duck.co docs confirmed it. DDG has been criticized over the years for that. Now when I do my own test today, I concur that DDG is now on MS Azure. DDG left one evil for another, ~~but this change is actually slightly in DDG's favor ethically.~~ I consider Amazon significantly more evil than Microsoft. DDG already does business with MS and had no other Amazon ties apart from AWS. So all the Amazon-affiliated evil can be disregeded going forward. AFAIK. *(**late edit**: I must retract the struck out text because using MS for both hosting & search query forwarding enables MS to identify the person who submitted the DDG query, which means we must merge the privacy policies of both DDG & Microsoft and consider them inseparable when evaluating DDG)* That said, **DDG is still nowhere near getting any other vote than condemnation** from me. For someone to say "Google is worse than DDG", they'd have to be narrowly focused on direct privacy factors and wholly neglecting the big picture ethically (including the ethics of privacy). Microsoft, Verizon, Yahoo, and DDG's other partners are *far* more evil than Google. Google is more transparent and more ethical [than Microsoft alone](https://codeberg.org/swiso/website/issues/141#issuecomment-72792). Google at least has an [AI principles](https://ai.google/principles) statement, and when Google employees petition projects that violate those principles Google sometimes drops those contracts. The same cannot be said for Amazon and Microsoft, who pretty much laugh at similar petitions from their employees and then retaliate against the "trouble makers" who lead ethical petitions. DDG's partners have no ethical boundaries whatsoever. > PS: Notation: GAFAM:X denotes component X of GAFAM. The problem with the GAFAM acronym is it neglects a company that is more evil than most if not of them-- who the public is largely unaware of: *CloudFlare*. I've replaced GAFAM with MACFANG because it's very important to raise awareness and expose what CloudFlare is doing. * Microsoft * Amazon * CloudFlare * Facebook * Apple * Netflix * Google
boud commented 9 months ago

This is a side topic, but an important one:

While I personally have no objections to replacing GAFAM by MACFANG, the practical question is "What is knowledge?" GAFAM is "knowledge" in the fr.Wikipedia, but in the Wikipedia, GAFAM is one among several variations on "Big Tech". The present state of the article is not too bad. It seems that en.Wikipedians finally realised that an article about the organisations that more or less have totalitarian information control over much of humanity is worth paying serious attention to.

If you know of any peer-reviewed academic research articles using the acronym MACFANG, then please integrate them and their info into GAFAM (or at least add a link on the Talk: page).

This is a side topic, but an important one: While I personally have no objections to replacing GAFAM by MACFANG, the practical question is "What is knowledge?" [GAFAM](https://fr.wikipedia.org/wiki/GAFAM) is "knowledge" in the fr.Wikipedia, but in the Wikipedia, [GAFAM](https://en.wikipedia.org/wiki/GAFAM) is one among several variations on "Big Tech". The present state of the article is not too bad. It seems that en.Wikipedians finally realised that an article about the organisations that more or less have totalitarian information control over much of humanity is worth paying serious attention to. If you know of any peer-reviewed academic research articles using the acronym MACFANG, then please integrate them and their info into [GAFAM](https://en.wikipedia.org/wiki/GAFAM) (or at least add a link on the Talk: page).

The acronym has to catch on through informal use before we start seeing it in journals and wikipedia.

The acronym has to catch on through informal use before we start seeing it in journals and wikipedia.
Poster

This is a side topic, but an important one:

While I personally have no objections to replacing GAFAM by MACFANG, the practical question is "What is knowledge?" GAFAM is "knowledge" in the fr.Wikipedia, but in the Wikipedia, GAFAM is one among several variations on "Big Tech". The present state of the article is not too bad. It seems that en.Wikipedians finally realised that an article about the organisations that more or less have totalitarian information control over much of humanity is worth paying serious attention to.

If you know of any peer-reviewed academic research articles using the acronym MACFANG, then please integrate them and their info into GAFAM (or at least add a link on the Talk: page).

Sorry for off-topic: I personally think we should create a new Wikipedia page and call it MACFANG.

> This is a side topic, but an important one: > > While I personally have no objections to replacing GAFAM by MACFANG, the practical question is "What is knowledge?" [GAFAM](https://fr.wikipedia.org/wiki/GAFAM) is "knowledge" in the fr.Wikipedia, but in the Wikipedia, [GAFAM](https://en.wikipedia.org/wiki/GAFAM) is one among several variations on "Big Tech". The present state of the article is not too bad. It seems that en.Wikipedians finally realised that an article about the organisations that more or less have totalitarian information control over much of humanity is worth paying serious attention to. > > If you know of any peer-reviewed academic research articles using the acronym MACFANG, then please integrate them and their info into [GAFAM](https://en.wikipedia.org/wiki/GAFAM) (or at least add a link on the Talk: page). > *Sorry for off-topic*: I personally think we should create a new Wikipedia page and call it MACFANG.
TheEvilSkeleton changed title from Remove Duckduckgo entry to Reorder metasearch/search engines 8 months ago
Poster

#143

We agreed on reordering the search engines. Shall I close this issue?

https://codeberg.org/swiso/website/pulls/143 We agreed on reordering the search engines. Shall I close this issue?
Collaborator

Probably.

Probably.
TheEvilSkeleton closed this issue 8 months ago
Sign in to join this conversation.
No Milestone
No Assignees
6 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.