I think this is quite an informative post from Libtech you guys should read which helps to address some misconceptions people hold about duck duck go.<br><br>samthetechie<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Yosem Companys</b> <span dir="ltr"><<a href="mailto:companys@stanford.edu">companys@stanford.edu</a>></span><br>Date: 14 July 2013 21:09<br>Subject: [liberationtech] Ether Rag: Duck Duck Go: Illusion of Privacy<br>
To: Liberation Technologies <<a href="mailto:liberationtech@lists.stanford.edu">liberationtech@lists.stanford.edu</a>><br><br><br><a href="http://etherrag.blogspot.jp/2013/07/duck-duck-go-illusion-of-privacy.html" target="_blank">http://etherrag.blogspot.jp/2013/07/duck-duck-go-illusion-of-privacy.html</a><br>
<br>
Duck Duck Go: Illusion of Privacy<br>
<br>
There have been several articles in the press recently about users<br>
flocking to DuckDuckGo in the wake of the recent NSA snooping<br>
revelations. If you are in this category this post is meant for you.<br>
<br>
If you use DuckDuckGo solely for the myriad of other benefits, such as<br>
reducing advertiser tracking, filter boxing, etc. move along nothing<br>
to see here. DuckDuckGo will provide you at least that level of<br>
“privacy”.<br>
<br>
Update: Wow, I didn't expect this blog post to spread so widely.<br>
First of all, let me say to those accusing me of hating on DDG, I am a<br>
DDG user. I think they have a great service. This post is solely<br>
about the misconception that seems to have spread primarily from The<br>
Guardian article that DDG can somehow protect you from NSA monitoring.<br>
<br>
DDG stated, "We literally do not store personally identifiable user<br>
data, so if the NSA were to get a hold of all our data, it would not<br>
be useful to them since it is all truly anonymous." I would like to<br>
direct readers to this article which basically nullifies whatever<br>
protection DDG thinks it can provide, or you the reader think you<br>
have.<br>
<br>
Standard Wiretaps<br>
<br>
DuckDuckGo can easily be compelled either under the Communications<br>
Assistance for Law Enforcement Act (CALEA), standard court orders, or<br>
by secret orders from the Foreign Intelligence Surveillance Court<br>
(FISA) to provide tap-on-demand. I don’t think anyone can dispute<br>
that. If you are specifically targeted in an investigation, you can<br>
bank on the fact that all of your searches and their history “going<br>
forward” after the court order will be collected on you and stored.<br>
<br>
Google has at least a transparency report detailing the number of<br>
non-FISA requests it receives and now a “ballpark” reporting of FISA<br>
requests. Users should demand the same of DuckDuckGo.<br>
<br>
Deep Integration<br>
<br>
DuckDuckGo has made a lot of hay about their privacy, but like many<br>
other technology companies they have remained silent about their<br>
collaboration, if any, with law enforcement and security agencies.<br>
<br>
Why shouldn't they? They are reaping the benefits of an uninformed<br>
populace flocking to their service to avoid the NSA dragnet. The<br>
privacy they offer is privacy from third-party advertisers and<br>
cross-site tracking.<br>
<br>
The MarCom departments of big players like Google, Yahoo!, Microsoft<br>
and others are getting good at crafting extremely carefully worded<br>
denials through lies of omission.<br>
<br>
DuckDuckGo says:<br>
<br>
DuckDuckGo does not store any personal information, e.g. IP addresses<br>
or user agents<br>
But what if DuckDuckGo provided a splitter-feed to the NSA?<br>
DuckDuckGo can claim without lying that they store no personal<br>
information, but that speaks nothing of a collaborating partner<br>
storing it.<br>
<br>
Can they refuse to collaborate with the NSA if approached? If one<br>
looks at the recent reports about Yahoo! and others the answer is “No,<br>
you cannot”. Yahoo! apparently made concerted efforts to resist,<br>
sending lawyers into battle, and ultimately (and silently) lost the<br>
fighting the FISA Court. “Silently” because their loss and the ruling<br>
that handed it down is also secret.<br>
<br>
Assume, nay bank on, the fact that corporations located within the<br>
United States can be and are being compelled to participate in<br>
programs like PRISM and are legally powerless to refuse.<br>
<br>
The NSA Can’t Lose<br>
<br>
Let’s be realistic, if services start popping up on the internet that<br>
shield substantial amounts of communications from the NSA that the NSA<br>
thinks is valuable, how long to you think the NSA will allow that to<br>
persist before making efforts to abate it?<br>
<br>
What can they do?<br>
<br>
According to the Washington Post a NSA initiative called “Upstream”<br>
siphons off of “communications fiber cables and infrastructure as data<br>
flows past” at all the major “choke points” of the internet. So, we<br>
can assume that the NSA has access a substantial amount of ingress and<br>
egress packets to DuckDuckGo.<br>
<br>
However, DuckDuckGo is using SSL encryption. Without DuckDuckGo's<br>
private SSL certificate, your search queries (but not your location)<br>
are invisible. What is a spy agency to do?<br>
<br>
What is a SSL certificate key after all? It’s simply a small block of<br>
data, often in the form of a file. And it’s a file that must be<br>
installed on every webserver or load-balancer in a data-center. If<br>
you possess DuckDuckGo’s cert, you can decrypt all traffic to<br>
DuckDuckGo. The NSA could get the DuckDuckGo master cert in one of<br>
three ways:<br>
<br>
Be given the cert<br>
Physical access to servers or load-balancers<br>
Remote access to servers or load-balancers<br>
<br>
Let’s eliminate (1) for the sake of argument.<br>
<br>
Option 2<br>
<br>
Many smaller internet companies, including DuckDuckGo, do not operate<br>
their own data-center, but instead are “hosted” in another provider’s<br>
datacenter. In DuckDuckGo’s case, they are hosted by Verizon Internet<br>
Services. We’ve all learned about the cozy relationship between the<br>
NSA and Verizon, it is quite imaginable that Verizon would simply give<br>
them access to a DuckDuckGo server, or the load-balancer which is<br>
likely owned and operated by Verizon and upon which the SSL decryption<br>
key is installed. They don’t need continuous access, 30 seconds is<br>
all that would be necessary to copy the cert.<br>
<br>
Option 3<br>
<br>
If Google’s servers can be compromised by a bunch of Chinese hackers,<br>
and if the computers controlling Iran’s uranium enrichment equipment<br>
can be compromised without even being connected to the internet, how<br>
long would a service like DuckDuckGo (or Verizon Internet Services)<br>
standup against a concerted effort by the NSA? Verizon Internet<br>
Services is almost the better target given that penetrating their<br>
infrastructure gives you access to potentially all companies hosted by<br>
them.<br>
<br>
Again, this is a “get in, and get out quick” type operation. All they<br>
need is the key, they’ve already got the data.<br>
<br>
In Summary<br>
<br>
This is not an indictment of DuckDuckGo per se. Except in as far as<br>
they are taking advantage of the hysteria to their own ends. Every<br>
provider needs to be upfront with saying, “If it is indeed true that<br>
the NSA is monitoring our ingress/egress traffic, we can make no<br>
guarantee of privacy regardless of encryption or other efforts on our<br>
part.”<br>
<br>
In the larger picture, this is the crux of the problem not just for<br>
DuckDuckGo, but the internet as a whole. Until and unless agencies<br>
like the NSA are forbidden from conducting dragnet collection and<br>
analysis of data, there can be no privacy. Privacy is merely an<br>
illusion at this point.<br>
--<br>
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at <a href="mailto:companys@stanford.edu">companys@stanford.edu</a> or changing your settings at <a href="https://mailman.stanford.edu/mailman/listinfo/liberationtech" target="_blank">https://mailman.stanford.edu/mailman/listinfo/liberationtech</a><br>
</div><br><br clear="all"><br>-- <br>Samuel Carlisle BEng (Hons) Dunelm MIET<br>pgp: 0x54828CAA<br>Fingerprint: 9E01 D8A4 CFEB ED72 B0D2 70D7 1D57 A297 5482 8CAA<br><div>twitter: <a href="https://twitter.com/#!/samthetechie" target="_blank">@samthetechie</a><br>
</div>