DuckDuckGo not that private?

Sorry I know I was rude in my post earlier, ill delete that. and i know this is about ddg, but you started with dnscrypt so hence why i replied, i dont know, it is what it is.

go here https://www.grc.com/dns/dns.htm to see for yourself. Im using Linux with DNSCrypt and I unplugged my router because its setup for opendns, and I connected str8 to my box with DNScrypt and it still comes up as m11.dfw.opendns.com & m7.dfw.opendns.com

DNSCrypt might protect you from your isp in different ways, but it still goes to openDNS servers where it is then decrypted for the request, and logged then so called anonymized then sent to a 3rd party for sale, nothing is free, unless you pay, then in such a case they wouldn't need to make their money back for what you used because you payed for it, but they can log your ip with your dns requests at the request of whoever, because they too are located in the US, so their kinda like duckduckgo imo! this is the point i was trying to make.

VPN (can also be requested to log your connection in certain countries, but you can pay with bitcoin ect and chain vpns to harden your privacy, setup gateways ect get creative lol)
Privacy DNS Server ?
DuckDuckGo (One should never base a so called privacy engine in a country that requires no privacy!)

Startpage and Ixquick, (I think out of all the engines I have tried I trust these ones the most, but they need to work on their results too because they are very weak results, they may have pictures but i still think duckduckgo has better results than sp and ixq, oh well but all 3 are still getting a weak validation with calomel sll validation addon like 54% secure, dont know how accurate the addon is? the coolest part is the ability to open a page from their search with their encrypted proxy, and even navigate through the site while still encrypted, so yes I will agree with the added DNSCrypt it can provide sufficient security for simple private searches you dont want your isp caching or whatever, like reading news or whatever so you make a good point here! still better than nothingl

OpenDNS how to pay for the free?(this is a great service, and greater if you pay the little fee, it has already stopped a number of threats for me, and I trust them more then I do my ISPs trash DNS Servers, their just a great service with lots of reputation behind them and very nice speeds even with DNSCrypt)

 

OK, thanks.

After some experimentation with Firefox I have discovered that it appears that you can switch between the default Google & DuckDuckGo in the search box on the Firefox homepage. This can be achieved by typing browser.search.defaultenginename into about:config (clicking on the string) & replacing Google with DuckDuckGo by typing which you want into the dialogue box. I don't even think you have to download the DDG plug-in.

However, I use the keyword.URL in about:config filter to use Startpage in the runbox. I don't have anything against DDG, it's just that I've always preferred Startpage for a variety of reasons. Oddly, one of them is that I just prefer the way it scrolls.

 

I don't really find much difference between the different search engines. At the end of the day Startpage/Ixquick & DDG are probably a little more secure. Aren't there other advantages to not using Google directly? I have noticed that if I use Google a lot rather than other engines I tend to find more spam in Outlook. I don't get a lot of spam, it could just be my imagination though.

 

I guess you didn't hover over the details text?

It uses OpenDNS by default but it's not tied to it.

 

I agree, and I'd never heard of him before, but some of the things he said did hold merit e.g. cookie issue, unclear privacy policy. It may be "another company" setting the cookies but letting something like this slip by isn't excusable.To be honest when it comes down to it, the Google enhanced searches are just better than Bing enhanced searches.

 

Hi Warlockz,

Your ISP is only able to log your DNS requests if and only if you do not change your default ISP DNS ip addresses in your router! For example, if you change your default DNS fields in your router to say OpenDNS ip addresses - then your ISP has no way to log your request to its own DNS servers because its DNS servers never receive your DNS requests.

-- Tom

 

FWIW, there is an interesting comment by the Startpage and Ixquick CEO:

 

http://www.alexanderhanff.com/startpage-and-ixquick-search-in-privacy

So they are planning to start-up a email service

 

After reading this thread I started to use Startpage and got rid of DDG.
However, whilst using startpage, and observing Abine's donotTrackme findings, which I have installed-- although there are no cookies from Startpage, several times I was alerted that ' Ixquick-proxy.com was trying to track you but it has been blocked'.
So what's all that about then ??

 

I'm not sure, but Ixquick has proxy servers.

Ixquick : Proxy server allowing users to anonymously surf the web

How To Hide Your IP Address Using the Free Ixquick Proxy – w/Video

 

Actually your DNS requests always go through your ISP, regardless of whether you resolve them with OpenDNS or your ISP. The only way you can avoid your ISP entirely is by setting up your own RX server.

 

... or using a VPN service.

 

They still go through your ISP, they just don't see them. Just like if you use DNSCrypt, your DNS requests are encrypted, but they always pass through your ISP first.

If you use OpenDNS alone, you hop through your ISP first.

 

OK, fair enough

They go through your ISP, but it doesn't know that they do.

 

Possibly answered by a bit of investigation on, oh, let me see now - How about "startpage enhanced by google"?

Of more concern is that it's another .com and, thus, subject to PATRIOT, FISA, etc.

 

No PRISM. No Surveillance. No Government Back Doors. You Have our Word on it.

 

Let me take DDG's side for this one. DDG fully supports forward secrecy, yet SP still has taken no action to support it. So saying "no PRISM" is a load of nonsense IMO.

Evidence:
DDG: https://www.ssllabs.com/ssltest/analyze.html?d=duckduckgo.com&s=184.72.115.86
SP: https://www.ssllabs.com/ssltest/analyze.html?d=www.startpage.com

SP also has a 1024bit certificate in its chain, where as DDG only has 2048bit certificates.

Both web searches fail to support TLS 1.1/1.2, a big fail in my book

IMO until they all support forward secrecy, TLS 1.2 and only 2048bit certificates, neither can claim to be immune from PRISM.

The BEST part of all this? Google DOES support it all https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com&s=74.125.227.148
The only thing it lacks is 2048bit certificates which (I think?) they announced already they are going to move to.

 

"we will not comply unless the law which actually applies to us would undeniably require it from us"

Unless required to do so by law means they will do so if required by law

And there will be data retention laws to consider too

No provider is going to be able to guarantee 100% anonymity unless it is prepared to boobytrap all its data processing and flip the switch that puts them out of business for the sake of one, unknown, netizen ... which is never gonna happen - They might put up a fight, but they'll bend over in the end

"You Have our Word on it"

To paraphrase Nixon (badly) "We are not crooks"

 

right.

another question anyone's got to ask is "how do they make their money to provide this service to me for 'free'?"

 

When I use DDG, I use the Firefox plugin search module for DuckDuckGo RU SSL which I installed using the Firefox plugin for the Mycroft Project among the 54 search plugins I have installed in Firefox.

-- Tom

 

UPDATE:

Startpage now supports TLS 1.1/1.2 AND forward secrecy, putting it ahead of DuckDuckGo which does NOT support TLS 1.1/1.2

Startpage can now be considered the safest place to search, especially if you're using a TLS 1.2 capable browser.

https://www.ssllabs.com/ssltest/analyze.html?d=www.startpage.com

 

TLS has nothing to do with PRISM, though. PRISM is more to do with a significant lack of oversight in the FISA court system. Regardless, have you requested DDG to implement TLS 1.1/1.2? Now that modern browsers support those algorithms (a recent change that won't hit stable for a little bit longer).

 

It's good to hear that SP now supports TLS 1.1/1.2 AND forward secrecy

But niether SP or DDG are as good as they could be ! Room for further improvement

 

From Startpage regarding 'Enhanced by Google':
"Our relationship with Google is simple and straightforward: We are a separate company from Google, and we do not share data with them.

StartPage acts as an intermediary between you and Google, so your searches are completely private. StartPage submits your query to Google anonymously, then returns Google results to you privately. Google never sees you and does not know who made the request; they only see StartPage.

Since Google never sees your IP address or interacts with your web browser, you do not receive tracking cookies from Google. What's more, since Google can't determine your interests based on your past search history, you receive standard search results rather than Google's "personalized" results.

We never record your visits, your searches, or your IP address, and we do not use tracking cookies. Our privacy practices are highly respected and third-party certified. Our parent company, Ixquick, has been serving outstanding search results since 1999.

NOTE: If you do not wish to receive Google results, StartPage has a sister search engine Ixquick that returns search results from other search engines. Ixquick is a 100% private metasearch engine that does not query Google. Ixquick is also third-party certified, and comes with all the great privacy protections of StartPage."

 

PrivateLee scores a little higher in Calomel.