FA+
Shop
EF Weekly (Lol, Weekly, uh-huh) Journal 002: Search Engines
12 years ago
»»» E n c r y p t o F u r s «««
ENCRYPTION = FREEDOM So I'm going to be updating several things tonight so look forward to that. But I also recently learned a few things about DuckDuckGo that I thought would be prudent to share. If you don't know what that is: DuckDuckGo is a search engine that claims privacy in its use. But before you go off and start using it, check this out.
Okay so DDG was apparently a great new search service that enabled users to search for stuff without being tracked. Long story short; DDG got caught in a semi-lie about whether or not it uses a tracking cooking by default, and kinda retaliated against the person that outed them. The problem is fixed now (I think) but there's an issue that rivals the semi-lie ten fold...
DDG is a US hosted service. According to FISA laws, the US government can basically make them record your search information on a case by case basis and gag them as well. Meaning its illegal for them to tell anyone they are doing it. Here, I'm not going to bore you with the details, I'll let the security pro that outed DDG to let you in on them: http://www.alexanderhanff.com/duckduckgone
Anyway, the idea here is that if you want to have a bit more trust in a services guarantee that your data is private, you have to go with services that are outside the US. Or at least use a darknet like TOR or I2P along with frequently changing your browser fingerprint and "identity" often. But more on that stuff later.
So now that you know not to use DDG anymore (this makes me really sad, the service is really cool, damnit) EncryptoFurs is going to give you an alternative. An alternative that doesn't put tracking cookies in your browser or log anything you search for. It uses SSL too.
StartPage
Startpage is pretty cool, you can add it to your browser if your using Firefox and another cool thing is that yesterday when FF version 23 came out they modified it so that when you add a search engine to your browser it works in the address bar as well. so now all you have to do is add Start Page to Firefox and you can do your searches from your address bar. (For those of you that knew about this stuff and how it was a pain to to make search engines work in the address bar: FINALLY amirite?) And the address bar will do a search based on which engine you have picked in the little drop down menu next to the search bar so you can use any search engine in your address bar that you can install as a search service for Firefox.
So you learned three things today: don't use DuckDuckGo anymore, StartPage really is the most private search engine you can use, and Firefox made searching easier in version 23. Woo!
Okay so DDG was apparently a great new search service that enabled users to search for stuff without being tracked. Long story short; DDG got caught in a semi-lie about whether or not it uses a tracking cooking by default, and kinda retaliated against the person that outed them. The problem is fixed now (I think) but there's an issue that rivals the semi-lie ten fold...
DDG is a US hosted service. According to FISA laws, the US government can basically make them record your search information on a case by case basis and gag them as well. Meaning its illegal for them to tell anyone they are doing it. Here, I'm not going to bore you with the details, I'll let the security pro that outed DDG to let you in on them: http://www.alexanderhanff.com/duckduckgone
Anyway, the idea here is that if you want to have a bit more trust in a services guarantee that your data is private, you have to go with services that are outside the US. Or at least use a darknet like TOR or I2P along with frequently changing your browser fingerprint and "identity" often. But more on that stuff later.
So now that you know not to use DDG anymore (this makes me really sad, the service is really cool, damnit) EncryptoFurs is going to give you an alternative. An alternative that doesn't put tracking cookies in your browser or log anything you search for. It uses SSL too.
StartPage
Startpage is pretty cool, you can add it to your browser if your using Firefox and another cool thing is that yesterday when FF version 23 came out they modified it so that when you add a search engine to your browser it works in the address bar as well. so now all you have to do is add Start Page to Firefox and you can do your searches from your address bar. (For those of you that knew about this stuff and how it was a pain to to make search engines work in the address bar: FINALLY amirite?) And the address bar will do a search based on which engine you have picked in the little drop down menu next to the search bar so you can use any search engine in your address bar that you can install as a search service for Firefox.
So you learned three things today: don't use DuckDuckGo anymore, StartPage really is the most private search engine you can use, and Firefox made searching easier in version 23. Woo!
Thanks for the information as usual
You were right.
SP is based off of Ixquick.
But SP uses primarily indexes Google, whereas IQ grabs from everything
For more reliable searches I just use google through vtunnel and mess with the scripting options(on this proxy searches may be broken using the default ones).
I never used DDG, and do not allow cookies from sites that don't absolutely require them, so I should be moderately-anon. Using TOR at the moment is like being secretive by having a conversation in Klingon... fairly secure but makes you stick out like a sore thumb to anyone listening.
With that said I would like to add that browser fingerprinting is starting to get more prevalent in the corporate world. It's not just hackers and governments that are using this method of tracking anymore. As a result, we can theorize that technology will come out rather soon that will benefit those looking to obfuscate such things. I've been looking at the firegloves firefox addon but I'm still researching the consequences of using it with the standard tor browser without any modifications. I'm a little concerned that what goes on under the hood of the tor browser will be altered in such a way that anonymity cannot be expected upon use of Firegloves because it modifies a lot of the same things that the Tor addon does. But the point of trying it out is the randomization feature that it has. If one could perform controlled randomization of their browser fingerprint, tracking will start to fail. With that said, Firegloves hasnt been updated in forever and it does NOT implement controlled randomization in the way that would be best.
On a more serious note about Klingon: If you can deal with being told to GTFO occasionally, as long as you implement a solid method of browsing and encryption, screaming at the top of your lungs in Klingon may be a viable choice for some that wish to be anonymous. Of course, it really is kinda like walking in to a starbucks and screaming in klingon at the cashier. A lot of businesses aren't going to be to interested in communicating with you. Hopefully I can figure out the proxied exit node thing soon.
I'll inevitably end up on tor, but after the recent tor breach I'm holding off for a while. It's going to be under more scrutiny and probably have a few undiscovered exploits patched because of it, so I figure it's best to wait until then.
I'd heard of fingerprinting quite a while back, tested FF as-configured and I did get a unique id. Not surprising.
Whenever a solid print randomizing add-on shows up you show probably make a post about that too... no doubt it will become a more prevalent issue.
The exploit that brought the hosting network for tormail and others down relied upon those that switch off tor mode thus enabling JavaScript. as long as you use an ONLY TOR browser, have JavaScript disabled ALWAYS, and don't for some reason share cookies with another browser, you are invulnerable to it. That's not to say that there are not other vulnerabilities. Just that this particular vulnerability is an easily avoided one.
In fact, Tor relatively recently did away with the distribution of a stand alone tor button for JUST THIS REASON. So heed that warning. That goes the same for those who use the Advanced Onion Router (AdvOR). It's also worth noting that simply visiting a tor hidden service is a risk. Because of the nature of tor, it is the tor hidden services that will be the first choice in discovering exploits. If you never visit any tor hidden services you can be safer. Obviously the "R" at the end of 'safe' being emphasized for a good reason. There is no such thing as perfect security.
Add-on for randomizing FF's browser fingerprint. Only issue I've had with it is occasionally being redirected to the 'mobile' version of some sites.
Also, messing with tor I see that FA bans exit node IP's. Added some bridges and the problem seems to have gone away.
And as for combining the search and address bar into one, that seems kinda inadvisable, because then a malformed URL might be submitted as a search to whichever search engine, and therefore potentially logged by them, needlessly.
In any case, ask yourself: do I trust google?