Michael Carbone: > On 06/24/2013 08:20 PM, Mike Perry wrote: > > I've had a number of people tell me that they vouch for DuckDuckGo. > > What does this even mean? Nobody seems to be capable of rationally > > explaining it. > > > > Have you inspected their datacenter/server security? Have you > > audited their logging mechanisms? > > The data center thing is a non-sequitur -- no third-party service has > this type of the transparency. My understanding is that you don't need > to trust these service providers to use them anonymously as they are > friendly to Tor and no scripts/cookies/etc -- hence the difficulties > you mention later on with Bing & Google. So it doesn't split either > way between StartPage or DDG. They are equivalent in not allowing > personal audits of their servers.
I was questioning where the "vouching" comes from. "Vouch" is a pretty strong word -- it typically suggests that you are laying down your reputation on the line to support someone or something else, either by oath or by evidence. My general point is that DuckDuckGo seems to have a lot of appeal behind it, causing many people to endorse it in extreme ways without any supporting evidence. I want to understand where that support is coming from. As you point out, the two engines seem largely identical from the perspective of third party "vouching"/audits wrt privacy. > > Note that I don't vouch for StartPage. I merely think that > > StartPage provides superior search results to DDG. > > Since this is the only criterion you base your choice of search engine > on, then perhaps StartPage is the way to go for you. If I were to > argue for DDG, I would point to its much more friendly user > interface/experience (including the html version) and the great !bang > syntax. Maybe it also provides better results for "mainstream" things > as you alluded, I don't know. But there's certainly nothing wrong with > appealing to mainstream folks, this is TBB after all. > > I think these are the reasons why it is gaining a lot of users ( > https://duckduckgo.com/traffic.html ). Either way, users will be able > to choose the other search engine in the omnibox as you mention. That's great! I am glad they are succeeding, and hopefully are in no danger of going away! > > Every time Tor tries to start a conversation with either Google or > > Microsoft on these two topics, they both give us a litany of > > excuses as to why fixing the situation is a "hard problem", even > > after we present potential cost-effective engineering solutions to > > both problems. > > > > For this reason, the loss of either DDG or Startpage would scare > > the shit out of me, but right now, neither one has done enough for > > Tor to warrant the default search position**, and since StartPage > > tends to index more of the deep web faster, it is my opinion we > > should stick with them as the top position, and have DDG in > > second. > > > > ** Sure, DuckDuckGo runs a hidden service, and also one of the > > slowest Tor relays on the network (rate limited to 50KB/sec or > > less), but it is quite debatable as to if either of these things > > are actually helpful to Tor. In fact, such a slow Tor relay > > probably harms Tor performance more than helps (in the rare event > > that you actually happen to select it). > > The hidden service is a plus, no? They seem to be trying at least, > does Ixquick have either? Maybe it'd be good to reach out to DDG about > their relay. IxQuick has so far successfully negotiated with Google against outright banning us. Google sees a spike in IxQuick traffic every time we increase StartPage's prominence in TBB, and this does not go unnoticed by Google. Unfortunately, Google's knee-jerk reaction to each increase so far is to argue harder in favor of banning all Tor users from both Startpage and Google, so we'll have to wait and see how this plays out... Backchannel like that (and direct-channel refusals to work with Tor) really makes you wonder about Google's commitment to privacy and the freedom of access to information. > Just trying to rationally explain it. I would not rationally use the hidden service version in lieu of https by default. As I alluded to through my questioning of the https backend link to Bing, the transit path from Tor to DDG is not the weakest link in an already-https search engine. Further, claims that the performance is the same or similar are not rigorous. Hidden service circuits require ~4X as many Tor router traversals as normal Tor exit circuits to set up, and unlike normal Tor exit circuits, they are often *not* prebuilt. Once they are set up, they still require 2X as many Tor router traversals end-to-end as normal circuits. You could easily circle the globe several times to issue a single search query. And all this is to use the Tor hidden service's 80bit-secure hash instead of an https cert, along with all of the other issues with Tor Hidden Services that have accumulated over the past decade due to the lack of time for maintenance on Tor's part? I am not convinced. Sorry if all of these seem like harsh truths, but I am a realist and a pragmatist, especially when it comes to making decisions about the default behavior of our software. -- Mike Perry
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech