I stumbled on this article in french : http://franck-ridel.fr/duckduckgo-le-canard-aux-pratiques-boiteuses/
I checked through Duckduckgo.com server and hosting history too.
Translation with handy DeepL
I checked through Duckduckgo.com server and hosting history too.
Translation with handy DeepL
DuckDuckGo, the duck with lame practices
Since a few years, and mainly since Snowden's revelations, DuckDuckGo is put on the scene as an alternative to Google. If on paper, and according to them, DuckDuckGo does not track its users and protects their privacy, the reality can be quite different.
Not to make them look like liars who take advantage of people's credulity, their intentions may well be real after all, but one important thing is often put aside.
Some details
First of all, DuckDuckGo has for a while been put aside by the privacytools.io site, which details what are the privacy issues online and gives some tips to protect yourself. Indeed, the fact that this search engine is based in the United States poses a problem (Which is specified since they reappear on the site). A data center must comply with the laws of the country in which it is located, it is the right of the ground which is imposed, whatever the nationality of the company. In the case of DuckDuckGo, it is an American company whose servers are mainly in the United States, which is already starting badly... It means to sum up that in their case, the Patriot Act applies, and that all government agencies such as NSA, CIA, or FBI can rely on it to achieve their ends, often by crossing the red line. It's average enough, but one could say that DuckDuckGo has secure servers, well hidden, blabla. Actually, no, it's all utopia.
Eric Leandri and DuckDuckGo
In an article read the day before yesterday (Thanks to Steve12L) about Qwant, French search engine which also wants to be respectful of our private life, the CEO of Qwant Eric Leandri tells us this about DuckDuckGo when we compare it to his own search engine :
"It's just a meta-engine hosted on Amazon Web Services. It's Canada Dry. If the U.S. government wants data, it just has to ask Amazon, without even going through Duck Duck."
If you've been following the mass surveillance cases uncovered in recent years, you probably know that Amazon is one of the worst data mining companies. As Eric Leandri implies in the sentence above, even if DuckDuckGo's intentions were really sincere, they are useless anyway. It is easy for American government agencies to spray them quickly, without DuckDuckGo even being aware of them, without DuckDuckGo even being able to do anything to counter them (Except by turning off servers like Lavabit did a few years ago. And again, not sure it would be enough if Amazon decided to collaborate and let government agencies access backups, which are sometimes "stubborn").
You might say to yourself, "But why do you trust a simple interview? He's just a competitor of DuckDuckGo defending his company's interests, right? ». Well, yeah, that's the first thing that came to mind.
Let's check their accommodation
Let's take a few seconds to check for ourselves:
Click on the Firefox tcputils addon :
And now let's consult the tab that opened (Or you can also make a "whois 54.229.105.203" in your terminal) :
As you can see on tcputils.com, they are hosted by Amazon AWS. In this example, the servers are in Ireland (a country that has become a little suburb of Silicon Valley).
Some alternatives
So yes, to choose between Google and DuckDuckGo, if you want to protect your data by simple convictions or for professional reasons (If you are a doctor, lawyer, journalist, hacktivist, etc...), DuckDuckGo seems to be more reliable than the Mountain View firm. But there are other alternative search engines that are safer (or at least don't pack at Amazon). Let us look at some of them.
Qwant : French search engine whose servers are in France, but which is a proprietary search engine (The source code is not searchable). If Eric Leandri's intentions are certainly sincere and if Qwant has evolved a lot since its beginnings (He was still in beta when I knew him), you have to trust them on data management. It still remains an excellent alternative to Google and the lame duck.
StartPage: Became famous thanks to Edward Snowden, this search engine based in Holland (Le pays, pas François) uses Google search results and makes them anonymous. It's not based in the United States, but it's not an open source project either. If it sounds interesting on paper too, we can only trust them blindly, although according to them they do not store users' IP addresses.
Metager : a metasearch engine (Like DuckDuckGo) partially open source (Also Like DuckDuckGo) based in Germany. Their goal is also to protect the privacy of users, it is globally a DuckDuckGo bis based in Europe and hosted by Hetzner. Personally, although I like the idea, I find that the search results are not always optimized. We often have results on the front page that date back several years, while others are more recent and more relevant.
Searx: We're getting close. Searx is also a metasearch engine, it gathers the results of several search engines such as Google, Bing, Yahoo, Yandex, but also Wikipedia, Reddit, and other sites. We can choose the sources of the research results according to our needs and/or desires, and configure pretty much anything we want. It is 100% open source, and there are several instances around the world.
Let's go deeper with Searx
Beyond the positive points just mentioned, Searx offers an additional advantage. If we're looking for the little beast, we could say, "Okay, your thing is open source, decentralized, and everything. But if someone gets their hands on one of the servers, that person can still retrieve the logs, even if they are encrypted. As I said earlier, it is the ground law that applies to servers. Data that is secure on one instance may be less secure on another.
With Searx, we have another possibility of use: Run Searx locally (Or locallyhost for friends). Yes, a search engine hosted directly on your machine. You can find all the details on the Github page of the project. If you don't speak English well, although I don't think it's essential here, you can find on this blog a tutorial in French that I will do soon. Thus, by applying this method, the logs are stored on your PC. If you pay attention to your machine, do not leave it lying around and be careful what you do online, your data is secure (At least it is much more secure than with the alternatives mentioned above).
/edit : Since the question has been asked several dozen times today (Really), I specify that the purpose of the local instance is not to type 3 commands and use it as is. The next article, which will be devoted to Searx, will detail how to go through a reverse proxy, Proxychains, or other techniques. While waiting for it to be released, if you don't know how to set it all up, Qwant is fine, as are the Searx instances, including Framasoft and Quadrature du Net.
/edit2 : The sequel on Searx is here.
Conclusion
Without falling into paranoia or conspiracy, be careful about the use of your personal data. If you don't want to be a duck walker, check for yourself when a company says "We're good people, we do everything we can to protect your data. Kisses". In many cases, it's just an argument for you to use their products and generate more revenue.
Translated with www.DeepL.com/Translator
