I'm Matthew Setter. I'm a security researcher, privacy advocate, and a software engineer. I’ve been developing software since 2000. This blog is focused on helping you write more secure software and protect your online privacy.
Avoid Being Tracked Online? Ditch Google For DuckDuckGoprivacy December 30th, 2017
Do you ever wonder just how much information Google is storing and sharing about you, all so that they can give you those search results? Ever felt like you were being tracked online, all so that you could do some simple searches? Well, it's time to consider alternatives to Google, ones that give you great search results, but that don't invade your privacy.
Why You Should Ditch Google
We're all familiar with Google. It's not only a household name, it's also a modern verb! We no longer search online anymore. We google for things.
And that's entirely understandable. Because depending which report you read, Google accounts for as much as 87% of all internet searches. It's also referenced in popular culture.
Moreover, despite efforts by alternative search engines — most notably Microsoft Bing, which only has 5.2% market share — no one's ever managed to gain any amount of meaningful traction on Google's dominance. I don't know of anyone who bings anything. Do you?
For the longest time, this setup seemed all fine and dandy. You opened up your browser, which defaulted to Google's home page, did some quick searching, found what you wanted to learn, do, or buy, and did it. Happy days! Right?
However, in recent years that's begun to change. People have been feeling that they're being tracked online. Perhaps you have. As a result, we've started learning about how Google is able to provide such high-quality search results Moreover, what we've found is more than a bit concerning.
Here's an example; you search for something in Google, perhaps a new vacuum cleaner. Perhaps you buy it; perhaps not.
Then, as you visit other sites, you notice that the advertisements being displayed on those sites have an uncanny relationship with your recent vacuum cleaner search history.
Now some would argue that there isn't necessarily anything sinister nor big brother going on here. The reason why Google's able to provide such excellent results — and why other sites know what to suggest to you — is because you've willingly given away enough information already!
However, that's not the whole story. And there's more than an element of truth in the fact that:
- Google does store significant amounts of data about you; and
- That information is used to enhance their search results and those of their partners.
Have you been feeling the same way? If so, then it's time to do something about it! It's time to find an alternate search engine, one that still gives you excellent search results yet also respects your privacy.
You might be forgiven for believing that you can have one, but you can't have both, but you'd be wrong. In recent years, enough people have been feeling the same way that you have, so much so that decent alternatives not only exist, but they're getting even better.
In this, the first part, we'll start off with DuckDuckGo. And next week, we'll finish up with Qwant.
Yes, there are others, but I don't have sufficient experience with them to speak confidently or authoritatively about them, to recommend them. However, if you can, please do so in the comments.
What is DuckDuckGo?
Despite the name, it's a genuine service, one I've been happily using for the last four weeks. To quote their website:
DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any trade-offs. With our roots as the search engine that doesn't track you, we've expanded what we do to protect you no matter where the Internet takes you.
- They donate to several privacy-focused organisations, such as the Electronic Frontier Foundation (EFF), Riseup, and F-Droid, as well as to many notable open source projects, including NGINX, FreeBSD, and the Tor Project.
- They have a mobile app and a browser extension.
- They provide privacy education.
I loved it when I first heard about it. In short, it's a search engine that doesn't track you and helps educate you about online privacy. What a concept!
How do they do that, you may be asking? Firstly, according to their official documentation, they don't store:
- Your search history
- Your IP address; or
- Any details about the user agent that you used (usually your web browser).
Secondly, when you click on a search result, they don't send the linked site the search term(s) you used, nor your IP address, nor any details of your user agent.
This is important because, without this information it's much harder to create a browser fingerprint. If you're not sure what that is, a browser fingerprint is analogous to your physical fingerprint; it's something that uniquely identifies you online.
If someone knows your IP address, then they have a pretty fair idea of where you were when you searched. If you extract details about your browser, it's even more telling. This can include details such as:
- Which one it is (Firefox, Safari, Google Chrome).
- Its version number.
- Your device's screen resolution.
- Whether you're using a desktop or mobile device, what it is, and its version number.
- The plugins you're using and whether they're active or not, etc.
From all of this information, and more, you can be pretty sure that:
- You've got the same user
- You can watch where they go, and from that information, you can get a pretty clear idea of where they go on a regular basis.
I don't want to freak you out though, but it's something that really frustrates me, and I hope you too.
Safe to say, without this information your time online is a lot more secure.
With all that said, let's consider a further three reasons why you'd use it instead of Google.
One: You Know Your Privacy Level
Whether you install the app, the browser extension (Firefox and Safari), they show you your privacy grade. This shows you how much a site can be trusted, both before and after DuckDuckGo's Privacy Protection service is applied.
Two: It Forces Sites to Use Encrypted Connections
It forces sites to use encrypted connections (HTTPS) when they're available. By using encrypted connections, you protect yourself from attack vectors, such as MitM (Man in the Middle) attacks, along with, seemingly innocent alterations to your browsing sessions, such as one, reported by Troy Hunt some time ago. Have a look at the URL, and see what shouldn't be there.
Three: You Escape Advertising Trackers
The DuckDuckGo tracker blocker stops advertisers from tracking you on the sites you visit. Take the example below, where it blocked Google, Amazon, Nielsen, comScore, Krux, and several others, during a quick visit to The Guardian.
There is a catch!
Now, these are solid reasons to use it. However, there's another side to the story. The privacy that DuckDuckGo affords you only extends to online tracking and advertisers.
If, however, an organisation such as the NSA were to demand access to DuckDuckGo's servers and get the SSL certificate, then they could then un-encrypt all of the communication with their servers. However, that's a conversation that I'm going to leave for another time.
For now, we're going to stay focused on helping you browse more privately online, so that it's much harder for advertisers to track you around the internet, and potentially manipulate you or to target their advertising to you too specifically.
What do you think?
Like what you're hearing? Want to give it a try? Well, no matter if you're using Safari on macOS or iOS, or Firefox on Windows, Linux, or Android, in a few short minutes, you can.
Change Your Browser's Default Search Engine
If you're short on time, watch the short video below.
Otherwise, here's a step-by-step guide to show you how to change your browser's default search engine.
In Firefox open "Preferences", then click the "Search" tab. Then, under "Default Search Engine", choose "DuckDuckGo" from the drop-down list.
In Chrome, yes, Google Chrome, under settings, scroll down till you come to "Search Engine", then click "DuckDuckGo" from the list. With these changes made, any searches that you go through the address bar are sent to DuckDuckGo instead of Google.
In Safari's settings, click the "Search" tab, then in the Search Engine drop-down, click "DuckDuckGo". It's been there since late 2014.
Install the Browser Extension
Now let's go further, and install the DuckDuckGo Privacy Essentials add-on for both Firefox and Safari. We'll start off with Firefox. Open the configuration menu, and choose "Add-ons", then click "Extensions" in the left-hand side navigation menu.
Once there, add "DuckDuckGo Privacy Essentials" in the search bar, and click return (or enter). When it appears in the search results, click "Install".
Now for Safari; open https://safari-extensions.apple.com in Safari, and search for (again) "DuckDuckGo Privacy Essentials". You'll see one result appear. Click the "Install now" link to install the extension.
Let's Test it Out
When you've installed the extension in both browsers, you'll see a new toolbar icon appear, showing the DuckDuckGo logo. As it's ready, it's time to test it out. And what better way, than to eat your own dog food, and test it out on my freelance website, which you can see that I've done in the screenshot below.
When I did this test, I was a little surprised, to be honest; not entirely, but a little. I wouldn't have thought I'd get a 'D' rating. However, at least it's upgraded it to a 'B'.
Let's dig in and find out why my website got such a low rating, and what was changed to improve it. The encrypted connection was already there, as I use an SSL certificate from Let's Encrypt to serve the site only over HTTPS.
Now let's look at the blocked trackers. If you open that section, you can see that the top offenders are Twitter, Google, AddThis, and Disqus.
That's hardly surprising, as I try and make it easy to share content on Twitter and Google (I'm not entirely against these sites), and Disqus is the comment engine, which I love most of all the comment engines available at the moment.
What surprised me, however, are that these aren't the only ones. Trackers from VigLink, BrightTag, BlueKai, eXelate, and AppNexus were also blocked. I'll be honest, I've never heard of any of these, and have no idea what they are.
I can only assume that they were bundled in as part of the plugins that I've used — plugins that I'll be eagerly reviewing by the time you read this.
Now for the third and final part, Privacy Practices. It's given me a rating of "Unknown Privacy Practices". Interesting. What exactly does that mean?
Let's find out. At the bottom of that section, you can click a link that takes you to https://tosdr.org/, which is "Terms of Service, Didn't Read". Having a quick read through their About page, here's what the site is about:
"Terms of Service; Didn't Read" (short: ToS;DR) is a young project started in June 2012 to help fix the "biggest lie on the web": almost no one reads the terms of service we agree to all the time.
Makes sense to me. Though I've tried to be more diligent about actually reading Terms of Service, given all the apps and services that I use on a regular basis, it's nigh-on impossible.
Install the App
Okay, we've changed your search engine, and we've installed the browser extension. Now, let's go the final step and install the app. It lets you browse with complete privacy confidence. Using an iOS device? Download it here. Using an Android device? Download it here.
Is Google Really Evil?
Before we finish up, I want to be clear that I'm not saying that Google is evil or that you should never use it again. What I am saying, however, is that it's not the only game in town and that you should strongly consider whether it's the right one for you.
If, after reading through this post and the linked articles, you're still comfortable using it, knowing what you know now, at least you've made an informed choice. However, if you want to change, then options await you.
I have to be honest, while I love DuckDuckGo, it's not quite as feature-rich as Google. However, then, if they don't have the resources that Google has, nor are as old (DuckDuckGo was founded back in 2008), then that's understandable. Despite that, however, it's still a competent search engine.
What do you think? Are you willing to try it out? Have you made the switch already? What's your experience been like? Please share your thoughts in the comments below.
Coming up next?
Now that you've learned about DuckDuckGo, in next week's post, I'm going to step you through another alternative, perhaps a better one - Qwant. See you then.
Join the Email List
If you enjoyed this post, why not join the email list and get all future posts straight to your inbox? In addition, you'll get background information, extra research, and other content that's only available on the list. I promise I'll NEVER spam you. And you can unsubscribe at any time.