Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, I have a problem with that too, but then I'm talking about the average user, which is never going to install Tor in order to connect to DuckDuckGo. And to tell you the truth, I don't trust DuckDuckGo that much either, as they can always turn around and start collecting data without me knowing it. But for us, the technically inclined and privacy aware, there are always solutions.

But for the average user, until a better Google comes along, I think it's OK to trust Google with their searches. And compartmentalization is paramount to information security, my point being that trusting some other company besides Google with that data is not acceptable, which is why I find that intercepting HTTPS connections is simply wrong and evil, regardless of reasons. This besides the fact that intercepting HTTPS traffic increases the attack surface, making users less secure.



I see a distinct difference between DDG and Google.

We know Google does what it does. DDG's reason for existence is predicated on not doing so.

If DDG were found to be lying, I'd guess >80% of its customer base would evaporate overnight. It would mean destroying many years of branding, trust and relatively difficult cultivation of user browser defaults.

But that's worth gaming out - what would make it worth it to light all that on fire? About the only thing I can think of is a Lavabit-style conundrum, wherein our intelligence-overlords threaten someone's freedom. So, absolutely could happen, absolutely would come out.

So that's why I trust DDG to be less forthcoming with their logs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: