EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.02.20

Why People Should Never Ever Use DuckDuckGo

Posted in Deception, Microsoft, Search at 10:36 am by Dr. Roy Schestowitz

Credit to Lemmy for the detailed yet very concise list

A model factory

Summary: DuckDuckGo is another privacy abuser in disguise; the above forum thread enumerates key reasons

TThere are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted:

  • Nefarious History of DDG founder & CEO:
    • DDG’s founder (Gabriel Weinberg) has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006)
    • Weinberg’s motivation for creating DDG was not actually to “spread privacy”; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg’s means (not ends) in that endeavor. Clearly he doesn’t value privacy – he values perception of privacy.
  • Direct Privacy Abuse:
    • DDG was caught violating its own privacy policy by issuing tracker cookies.
    • DDG’s app sends every URL you visit to DDG servers. (reaction).
    • DDG is currently collecting users’ operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the “network” tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
    • DDG is accused of fingerprinting users’ browsers.
    • When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
    • DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium.
  • Censorship:
    Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.

    • DDG is complying with the “celebrity threesome injunction”.
  • CloudFlare: DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity:
    • Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network.
    • Privacy: All CloudFlare sites are surreptitiously MitM’d by design.
    • Net neutrality: CloudFlare’s attack on Tor users causes access inequality, the centerpiece to net neutrality.
    • DDG T-shirts are sold using a CloudFlare site, thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying “DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs.” (2019)
    • DDG hired CloudFlare to host spreadprivacy.com (2019)
  • Harmful Partnerships with Adversaries of Privacy Seekers:
    • DDG patronizes privacy-abuser Amazon, using AWS for hosting.
      • Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy
        worldwide.
      • Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes.
      • Amazon paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • Amazon runs sweat shops, invests in climate denial, etc… the list of non-privacy related harms is too long to list here.
    • DDG feeds privacy-abuser Microsoft by patronizing the Bing API for search results and uses Outlook email service.
      • Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations)
      • Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress.
      • Microsoft paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
      • DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==> “…duckduckgo-com.mail.protection.outlook.com”
    • DDG is partnered with Yahoo (aka Oath; plus Verizon and AOL by extension). DDG helps Yahoo profit by patronizing Yahoo’s API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways:
      • Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills)
      • Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay.
      • Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace.
      • Verizon supports the TTP treaty.
      • Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration.
      • Yahoo recently recovered “deleted” e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy.
      • Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers.
      • (2014) Verizon fined $7.4 million for violating customers’ privacy
      • (2016) Verizon fined $1.35 million for violating customers’ privacy
      • (2018) Verizon paid $200k to fight privacy in CA. See also this page
      • (2018) Verizon caught taking voice prints?
      • more dirt (scroll down to Verizon)
      • (2016) Yahoo caught surreptitiously monitoring Yahoo Mail messages for the NSA.
  • Advertising Abuses & Corruption:
    • DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources.
    • Tor Project accepted a $25k “contribution” (read: bribe) from DDG, so you’ll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over searxes.eu.org – and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG – a likely consequence of EFF’s close ties to Tor Project.

    Credit: Lemmy

02.13.20

What’s Evil is Forcing People to Use Something They Don’t Want and Typically Dislike

Posted in Google, Microsoft, Search at 8:39 am by Dr. Roy Schestowitz

Like putting Windows on every computer sold (and forcing people to pay for it)

Evil because many choose it. Benign because Microsoft imposes it on many?

Summary: The difference between Google Search and Microsoft is that many people actually want to use Google (and don’t have to)

2020: The Year Microsoft Became Honest… About Being Corrupt and Criminal

Posted in Microsoft, Search at 8:07 am by Dr. Roy Schestowitz

New year, still no “new Microsoft”

Steve Ballmer

Satya Ballmer

Summary: Microsoft is destroying any past attempts to portray itself as a reformed company or ‘recovering criminal’; nothing is really changing and everyone has noticed

LAST year we saw Microsoft convicted for very serious crimes [1, 2] and as soon as this year started we saw not one but several major scandals associated with Microsoft force-feeding people, e.g. “Bing!”

We’re going to assume our readers already heard about at least one among several such scandals (at least three separate such scandals were reported).

“The company is transparently corrupt, openly dishonest, and as criminal as ever.”We’ve included several examples of this in our Daily Links and we also discuss this routinely in IRC.

We, for once, appreciate Microsoft’s transparency. The company is transparently corrupt, openly dishonest, and as criminal as ever. We can only joke about the likes of the Linux Foundation and OSI treating the company as a trustworthy party.

It’s not.

Please carry on, Microsoft.

“In the next few days we expect to have an update, as per promises from Seattle’s police, about the arrest for pedophilia at the home of Bill Gates.”Do what you do. Make it easier for us. Your worst enemy is your own actions. You cannot help breaking the law and once there’s public backlash you drop these plans or undo these actions (after the damage has already been done).

In the next few days we expect to have an update, as per promises from Seattle’s police, about the arrest for pedophilia at the home of Bill Gates. We have not forgotten about it and we’ll keep chasing.

Pedophile working for Bill Gates

01.23.20

Confirmation: System1/Startpage Offered Pay to People Who Pushed for (Re)Listing in Privacy Directories

Posted in Deception, Search at 5:54 am by Dr. Roy Schestowitz

Pull request or pulling a stunt/fast one? Because we value privacy we shall name nobody in this article.

EPIC privacy

Summary: The debate is now settled; those arguing in favour of listing Startpage as privacy-respecting are in fact secretly ‘compensated’ by Startpage (in other words, they’re Startpage ‘shills’)

OVER the past few days we wrote a number of articles about Startpage and about mischievous things that it had done (except selling out to a surveillance giant, System1). We still prefer not to name any people, but we will, instead, present their confessions.

“An open admission, a face-saving PR, was issued by him half a day ago.”While communicating about the unanswered Startpage questions and delisting of Startpage someone was approached by Startpage.

An open admission, a face-saving PR, was issued by that someone half a day ago. That someone confessed only after being asked questions which that someone cannot answer and having repeatedly attacked those who asked these questions, sometimes with vacuous projection tactics, hence becoming too big a liability even to Startpage. It’s a total cock-up because of that. Here’s the full confession:

Alright, I want to address the comments on this pull request.

I am going to give a lot of detail here in the hopes of clarifying this.

When the System1 investment into Startpage went down and the CEO contacted both Jonah and I to help answer the questions the privacy community had. Through those discussions and subsequent emails about how Startpage could have better handled the situation and why the privacy community was so alarmed, it was revealed that my professional background is in marketing and communications. Coupled with my experience and knowledge in the privacy community, I was offered a meeting w/ some of the Startpage team.

That meeting led to them offering me a contract to do 2 things.

1. To write a handful of blog posts for their blog related to their search engine, but also to privacy in general. This is something I already do professionally as a columnist, blogger, and author. Guest blogging is nothing new to me.

2. To meet with their team as a consultant and share my marketing/communications/privacy related experience with them.

As a professional marketer and writer, this is what I do. I will not be a Startpage employee or on their payroll.

That’s it. Any compensation being given to me will be for these services, which are part of my professional expertise.

The moment I got off the call with Startpage, I alerted the PrivacyTools team about the potential offer and that I believed this could cause a conflict of interest and since this has not happened to any other member, I wanted to make them aware so we could decide how to best handle the potential conflict. Did that mean I would have to leave the team? I was not sure, but I was willing to do so if asked. The integrity of the site is important to me, regardless of my status as a team member. While we are still discussing it now, we all agree some guidelines should be put in place. I asked that the team not go public until we had internal discussions and that I was sure I was even going to accept or decline the offer.

When it comes to this pull request to relist Startpage, it should be noted that:

1. It is a PR in response to an issue opened by another team member who agreed that Startpage should be relisted based on the answers we got from those questions. The PR cannot be pushed live by me without multiple team member approval. This ensures that even if I had not notified the team of the pending contract, that I could not just re-list a service on my own. Not only would I have to convince them it was the right thing to do, but also the community. This is one of the great features of PrivacyTools.

2. The issue and PR predates the meeting I had with Startpage and I only created the PR to satisfy the issue, as you have seen done many times before on our Github.

Startpage has not asked me to relist their service even though I am sure they would love to be. What service wouldn’t want to be? It’s a fantastic resource privacy tools and is well respected by users, organizations, and companies.

I hope this helps clarify things.

The above is pretty significant for a number of distinct reasons. First of all, anyone who still defends Startpage can be more easily accused of being either a Startpage employee or someone who was offered money by Startpage (or courting Startpage for money).

We’ve covered similar examples over the years; Microsoft is a common culprit (rewarding people with jobs in exchange for OOXML advocacy, among other things).

In the above case, it took a lot of pressure to extract the confession. “The offer could be an attempt to influence the relisting,” one person told us, “or it could be very bad judgment on the part of Startpage/System1.”

Regardless of this judgment, and irrespective of the listing, the above person was putting Startpage as a top pick for a search engine (at the same time). Is this a marketer? Seems so…

At the time the person was suddenly retweeting Startpage tweets.

Lastly, the person suddenly changed the business model and the title to “privacy consultant.”

This brings to mind this quote from Microsoft [PDF]: “”Independent” consultants should write columns and articles, give conference presentations and moderate stacked panels, all on our behalf (and setting them up as experts in the new technology, available for just $200/hour).”

We still don’t know just how much money was offered.

Fake privacy isn’t “consultation” but corruption of groups. Thankfully this one managed to call out the mole before its reputation was harmed severely.

“Why aren’t so-called private search engines DuckDuckGo or Startpage offered in Epic? Why are you unable to trust them?”Epic Browser

01.21.20

Startpage/System1 Almost Definitely Pay for People to Lie About Their Surveillance

Posted in Deception, Search at 11:26 am by Dr. Roy Schestowitz

Startpage/System1 lacking a sense of humility. They even exploit MLK, whom the FBI spied on very heavily (this is well documented) until his death.

Startpage/System1 on MLK

Summary: A longterm investigation suggests that there are forces in the debate that aren’t objective and are being super evasive and dodgy; this typically happens only when somebody has much to hide

AS WE pointed out in two separate articles recently [1, 2] (lots of research went into them, even if they’re short) Startpage is going very dark, very malicious. It’s still a surveillance company disguised as a privacy-respecting shelter. It spends a lot of money on media campaigns (to maintain the ‘cover’). System1 is a very large “Sugar Daddy”, so it can spare a buck or two (or even a million bucks) to glue/affix/attach some false labels. This has gone on for more than a year and the cover was secured for nearly a year.

“It’s still a surveillance company disguised as a privacy-respecting shelter.”Having inquired and reached out to people, including those whom we suspect to be working for Startpage/System1 (no response since we last mentioned it two days ago), we almost must conclude that there’s a business relationship. Its nature, however, is unknown to us (courting, employing, contracting). There’s an opportunity for the accused to issue a response; but they don’t exercise the right of defense. Does that mean there’s no valid defense? Running away is not a potent form of defense.

We suppose our readers now wonder, who is this all about and what was it all along? There are clues in our IRC channels, but not names… (we often redact names in the pursuit/interests of privacy).

“People who believe they enjoy discreetness online are in fact spied on by a surveillance giant. In some contexts or in oppressive nations this can lead to death.”Well, we don’t wish to name the culprits or divulge the proof just yet (as the names would inevitably become apparent). We are definitely not done and we shall ‘drill on’. Eventually, the whole world needs to know what Startpage (or StartPage or ixquick) became. As a former user — for about half a decade! — I have much at stake too. I know a lot about this company. As they’re pouring money into disinformation campaigns it is growingly important to refute them. People who believe they enjoy discreetness online are in fact spied on by a surveillance giant. In some contexts or in oppressive nations this can lead to death.

01.19.20

StartPage (System1) Found New Spin Allies. Some Have Been Offered StartPage Jobs. Some Might Already be Working for StartPage in Secret.

Posted in Deception, Search at 2:47 am by Dr. Roy Schestowitz

When you have critics and you pay people to discredit them, what does that make you?

StartPage gifts
From StartPage with love

Summary: Pro-StartPage voices appear to be paid (or have been promised pay) by StartPage; the key strategy of StartPage seems to be, attack and betray people’s privacy while paying people in particular positions to pretend otherwise

IT HAS been a while since we last touched the StartPage saga and little has changed. StartPage is still owned/controlled by a surveillance company and it is trying to muzzle/squash/discredit its critics.

“At this moment in time we do know for a fact about the conflict (some are more upfront about this than others), but we just don’t know the full extent of it.”Based on our understanding, as well as evidence we have but cannot divulge at this time, StartPage made job offers to people who are in a potential position to relist the company in privacy sites. In a sense, they’re trying to pay their way into re-acceptance, without disclosing pertinent details. It’s possible that some of these people are already on StartPage’s payroll because they refuse to answer very simple questions.

At this moment in time we do know for a fact about the conflict (some are more upfront about this than others), but we just don’t know the full extent of it. This corrupts or at least erodes trust in groups which claim to advance privacy agenda. If they receive money from surveillance companies, what does that tell us about them? Maybe some time soon we’ll be able to publicly name the culprits, too.

12.18.19

Fuzzy Logic and Personal Attacks: How Startpage Guards Its Image After Becoming a Surveillance Company

Posted in Deception, Search at 1:26 am by Dr. Roy Schestowitz

Don’t worry, buddy, System1 already has you ‘backed up’

Startpage lie
One of many “sponsored” tweets (promoted for a fee) that spread lies and misinformation

Summary: Startpage assumes that its users have bags for brains; it continues to shamelessly lie about Startpage’s data flows, which ‘inadvertently’ reveal what users are searching for (an advertising company that owns most if not all of Startpage deciphers identities)

The Startpage saga has come to a phase of personal attacks or ad hominem tactics. They try to personify the issues and create a phony ‘personal’ controversy. Seeing that System1 turned Startpage into a surveillance site/company (perhaps fully owned or almost fully owned by System1), now there’s a deflection and blame game. They attack the messengers, using innuendo of course, and pretend to be the victim (playing the victim has always been a classic strategy). Perhaps this is expected when one’s “side” in a debate isn’t supported by facts. We don’t want to name any names or link to the personal attacks, but they’re out there. There’s suspicion that some act as ‘proxies’ of the accused. Heck, some are literally employed by the accused!

“After persistent pressure they admitted it, but they claim to preserve anonymity (those who have followed many scandals since the famous AOL scandal are aware that de-anonymisation is almost always very easy — there’s a body of scholarly work to that effect too).”Our investigation of this matter will of course persist. We already know (it’s confirmed by the accused) that data is being passed from Startpage to System1 for advertising purposes. After persistent pressure they admitted it, but they claim to preserve anonymity (those who have followed many scandals since the famous AOL scandal are aware that de-anonymisation is almost always very easy — there’s a body of scholarly work to that effect too).

This is an area I deal with at work. Here’s what readers might want to know about data anonymisation, data re-identification, de-identification, and k-anonymity. Andrew Orlowski wrote about such issues more than 13 years ago in “AOL publishes database of users’ intentions” (it even made it public! It did not just pass it to advertisers!).

Pseudonymization is a suitable term here. As Wikipedia puts it: “The pseudonym allows tracking back of data to its origins, which distinguishes pseudonymization from anonymization, where all person-related data that could allow backtracking has been purged. Pseudonymization is an issue in, for example, patient-related data that has to be passed on securely between clinical centers.”

“Must there be some kind of identifier in order to have System1 process data for Startpage that gets back to a user?”

One reader asked us that. We used to recommend Startpage, so we suppose some of our readers still use it and are now rightly concerned. “It might not be an IP,” our reader continued, “maybe an IP substitute? This is a generic question.”

There’s lots more to go by, including cookies and additional data that is passed around recklessly by so-called ‘data brokers’. It’s a vast and very shady ‘industry’ — a so-called ‘industry’ in which System1 is a prominent player.

“Stay away from and keep a distance from Startpage. They’re liars and charlatans, pretending to value privacy whilst actively betraying it.”“I am also not clear as to how Startpage can hand even anonymised or fuzzed data to a behavioral ad company like System1 for processing,” our reader continued. “Wouldn’t that need to be divulged in the Startpage policies? Maybe the privacy policy is actually accurate because technically Startpage itself is doing what it says and doesn’t mention what other organisations might do or what organisations it might share data with?”

Yes, that’s a known loophole. With GDPR care is taken to ensure third parties aren’t leveraged as loopholes — means by which to bypass the law or outsource/offshore the abuses. That has happened a lot.

“I reached out to another computer expert,” our reader noted, “and got a plausible explanation for how System1 might process Startpage data without getting user personal info and then get it back to the user.”

It’s really unhelpful that Startpage has been so facetious about it; it also should be considered a major breach of trust that Startpage gave in to System1 about a year ago without telling anyone (until it came up with this ridiculous spin). There’s no ‘Privacy One Group’; it’s like an offshore account/shell. Stay away from and keep a distance from Startpage. They’re liars and charlatans, pretending to value privacy whilst actively betraying it. They think they’re being clever about it with their shameless marketing campaigns, but geeks aren’t gullible enough to fall for “sweet talk”.

12.16.19

Startpage and System1: Lying for Almost a Year and Nowadays Making Things Personal/Ad Hominem (Shooting the Messengers)

Posted in Deception, Search at 5:17 am by Dr. Roy Schestowitz

Startpage and its apologists have become abrasive and aggressive, just like spies

Startpage tweet
A surveillance company advises people to keep “personal information private!”

Summary: As more people become aware of what a scam Startpage is (and has clandestinely been for nearly a year) the strategy seems to be further obfuscation and even personal attacks (demonising the critics/exposers)

THE TWITTER feed of Startpage is good for eye-rolling. It’s a lot like the NSA’s. They say they value security and privacy, but in practice they undermine both, for gain.

For quite some time Startpage attempted to keep secret the System1 transaction. Later they came up with some fictional “Privacy One Group” to ‘come clean’. That didn’t go too well, did it? As one site put it a month ago, “Who owns Startpage now?”

“They say they value security and privacy, but in practice they undermine both, for gain.”“The exact answer to this question is not entirely clear,” it says, “and it seems that is intentional.”

“Also concerning is that the Privacy Policy of Startpage makes no reference to the new ownership structure and continues to suggest it is strictly a Dutch company,” it adds.

Also it says: “There is no mention of System1 or the Privacy One Group, the members of which now hold an “important stake” in Startpage. Questions about the exact ownership structure have gone unanswered, aside from general statements.”

“For quite some time Startpage attempted to keep secret the System1 transaction.”On “Privacy One Group” it says: “While some are suggesting that this entity may be just a facade of privacy for the parent company System1, I’m not going to speculate. Ultimately, we don’t know much about the company – and neither Startpage, nor System1, nor Privacy One Group are offering these details.”

Further down it adds: “So here we have an investor from New York and the co-founder of System1 sitting on the board of directors for Surfboard Hoalding BV, the parent company of Startpage. Ian Weingarten is currently the CEO of System1 and Robert Beens is the CEO of Startpage.”

About timing: “Also notice that this change happened on December 31, 2018. Yet Startpage’s leadership did not make any announcement of this change until October 2019, where they described it as a “most recent” change. I do not think that a nine-month delay is a “most recent” development.”

The author, Sven Taylor, concluded with this: “At the end of the day, an American ad-tech company that seeks to “gather as much data as possible” is still the majority owner of Startpage, a search engine that could be used to collect data.”

“We’ve meanwhile noticed Startpage and its apologists smearing their ‘opponents’, mocking articles that unmasked the surveillance because the articles aren’t in sites with encrypted connections, and not justifying decisions to relist surveillance sites in so-called ‘privacy’ directories.”That was a month ago and a lot has happened since then, including what we called lobbying by the CEO earlier this month. Martin Brinkmann, a GNU/Linux proponent, wrote about that 3 days later, also with the face-saving PR of Startpage. Did that work? Seems so. “The whole situation could have been avoided if Startpage would have been transparent about the deal,” Brinkmann concluded. “The publication reveals critical information about the deal and should reassure some users. Others may require additional information or clarification, e.g. whether data is shared with Privacy One Group Limited or System1.”

That’s kind of obvious, isn’t it? Consider how dishonest these people have been all along and for so long (until they got exposed, whereupon it wasn’t possible to hide anymore).

We’ve meanwhile noticed Startpage and its apologists smearing their ‘opponents’, mocking articles that unmasked the surveillance because the articles aren’t in sites with encrypted connections, and not justifying decisions to relist surveillance sites in so-called ‘privacy’ directories. We don’t want to link to these accusations (we’ve kept record and stock of these), which tend to be personal attacks that are substance-free. Startpage becoming as aggressive and as dishonest as spying companies may in fact be expected and predictable. After all, Startpage was bought by one and is now bossed by one.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts