It's Data Privacy Day 2018! I'm the Founder & CEO of DuckDuckGo, the Internet privacy company, here to answer questions about privacy, with other DuckDuckGo staff. Ask Us Anything!

Would you ever cooperate with government bodies to create a backdoor to any of your programs?

No.

so does DDG have a Government Privacy or other Warrant Canary?

Warrant canaries are problematic for a number of reasons, but in our case it is irrelevant because we do not store any data so there is nothing to hand over. Case in point, for the ten years we've been around, we haven't received any warrants.

thanks for the explanation and the direct refutation of any government attempting to access your service through legal or non-legal means, its good to get a clear answer.

what is it about Canaries that makes them "problematic"?

Here's a couple articles on the subject.

How do you guys make money? I did a quick scan of the web site and only saw donations mentioned. I love your product and it is the default search for all my browsers.

It’s a myth you need to track people in web search to make money. We primarily make money by serving ads just based on the keyword you type in, and not any personal information or search history, which we don’t have per our privacy policy.

For example, if you type in ‘car’ you will get a car ad. It’s that simple. For more details see our help page on the subject.

How else do you make your money since you said "primarily"?

We make a small amount from affiliates, also anonymously -- see our help page for details.

Do you use the verb "Google" in conversation?

I personally don't, though I don't get offended when people do. It has become a generic term like Kleenex at this point.

I just wanted to say thanks. I just checked and I bookmarked DDG on April 3, 2009, so I've been using it at least since then.

Also, sometimes I will link to a DDG search result here on reddit (for example, I love /r/whatisthisthing) and sometimes I get a comment like "Oh, DuckDuckGo? You're one of those types huh? How's that tinfoil hat fit you?"

Does it bother you as much as it bothers me that some people think taking reasonable steps to protect your privacy automatically makes you some kind of whack-job, terrorist, pedophile, or worse? Because it bothers me a lot.

I use that Snowden quote sometimes, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." It doesn't seem to help much against people who are determined to believe otherwise.

Yes, that does bother me though thankfully this view is rapidly becoming a thing of the past. We've been doing research and have found privacy has really become a mainstream concern and growing fast. This past year has really pushed it over the edge with nearly daily headlines of data breaches, reports of invasive ad targeting, election meddling, etc.

What are your favorite ways to help non-security-aware people that this is a thing they need to not only think about, but implement?

Just today I did a short video address for Data Privacy Day on this issue. The two issues I highlight that I think resonate (as they should) are:

• Google is now tracking you on 76% of websites, with Facebook lurking on about a quarter. The data they collect as you browse the web, combined with your search history, likes, and other information, leads to huge personal profiles that are used to target invasive ads at you across the Internet.
• They also are used with sophisticated AI algorithms to put you in the Google and Facebook Filter Bubble, in which both companies show you biased results based on what they think you want to see, filtering out things like opposing viewpoints.

In terms of help we suggest:

• Get the DuckDuckGo browser extension and mobile app that blocks Google and Facebook trackers across the Internet along with other privacy essentials.

• Switch away from Google to private alternatives.

• While Facebook is harder to leave, it's worth trying to live without Facebook, freeing yourself from their invasive ads and the Facebook Filter Bubble.

• Secure your devices.

As someone that only recently began using more secure internet practices is there anything that I can do about the profile that Google etc have already build on me?

Yes, we have an article about deleting your Google history.

Can you name some organizations that condemn your work? Why?

Iran and China block us. I suppose that rises to condemnation.

I've been using DDG for a long time, but Google's search results are often still better. No dead links and search results based on my context (e.g. software development) - how will Search quality be improved in the future?

Thank you for being a long-term user! We really appreciate it. We've been working hard on making our results better, and really think they have massively improved over the past years to the extent where they are on par for most users. Of course, there are always areas where we can improve, and really look at and welcome all feedback. There is a feedback box on the search results page that is the best way to communicate with the team.

Be rest assured, however, that we are constantly looking to improve search quality.

Do you struggle with context-based results because no data is stored?

Not generally since most of the time intent is pretty clear from the search terms. In cases of ambiguity it is best to add another search term, and that usually clears it up.

What’s the extent DuckDuckGo relies on Amazon’s AWS?

Are you concerned this reliance/relationship might create a vulnerability (or back door) for the US government to unscrupulously monitor searches, especially for non-stateside users?

We use AWS to make our site fast around the world. All traffic sent to DuckDuckGo is encrypted (A+ at SSL Labs including PFS), and that encryption protects your query in transit to our servers, which are controlled by us at the OS level, with special attention given to security. Since we don’t log personal information there is also nothing to recover of value from a user perspective on these machines’ disks.

Additionally, all sites need to be hosted somewhere, and to be fast, in a significant data center. Such co-located hosting has significantly less security, much more vulnerable to physical tampering.

If I were to search for "isis bomb making videos" from my home IP with no VPN using duckduckgo, should I still expect a knock on the door? This is hypothetical, but I'm serious about the question.

No, you should not expect a knock at the door. We've been around for about 10 years and have heard about no such knocks.

The connection between you and us is encrypted, so no one in between you and us can see your search terms. Then, we don't store your IP at all, so there will be no record of it after your search.

Note, though, a lot of sites off the search engine could be monitored, and if you want to browse completely anonymously, Tor is a good idea.

Thanks for the response!

As a follow-up, what would you say if someone were to challenge you on the ethics of not policing or flagging searches and potentially allowing a user to use your site for ends that could endanger the public at large?

Real, sophisticated bad guys can easily make their online activity anonymous. These technologies are readily available across the world and can be used with or without DuckDuckGo. We allow everyday people to keep their sensitive information private, out of the hands of advertisers and Big Tech.

What made you relate privacy with ducks?

As you might have guessed, they are not related at all :).

I actually came up with the name DuckDuckGo before envisioning a search engine. It popped into my head one day on a walk with my wife, and I liked the name so much that I decided to use it for whatever I worked on next, which ended up being a search engine.

How can a general young US citizen keep privacy today without being called into suspicion by means of "If you have nothing to hide then why not show what's inside?"

I've tried to understand a way to verbalize why that argument is a bad idea, however, I just don't have the words.

Also, any recommendations for a less "I'm watching you" PRISM/Echelon type experience? I know it's hard today but if there is a way to keep things like UI but allow for privacy, that would be great : )

Hi! Yes, the good news is that privacy is now mainstream and you needn't feel ostracized for wanting to reasonably protect your privacy. People recognize it is a fundamental right and you don't need to prove the necessity of fundamental rights to anyone. Also, it's a simple answer to say to people everyone wants to keep certain things private, and you can easily illustrate that by asking people to let you make all their email, texts, searches, financial information, medial information, etc. public. No one wants that.

In terms of having a more seamless private experience, that's exactly why we launched our new app and extension - check it out as it seems that is what you're looking for.

How do we know that you're not a secret Google project that reports everything to Google?

If we're a secret Google project, no one's told me about it :).

Also, I would hope it would be easier to get duck.com not to point at Google search and confuse people, easier to get us as a default search option into Chrome (like we are for Safari and Firefox), and easier to change the default search engine on the Android search widget, which remains impossible.

What's the story with duck.com?

Any short aliases to get to duckduckgo.com?

ddg.gg goes to duckduckgo.com. duck.com was inherited by Google in an old acquisition (of On2), predating us, but it used to point to a history page about the old company. Only when I inquired about it did it mysteriously start pointing to Google search.

What thing on the web is something everyone considers “Safe” but is not actually safe?

Oh man, these are large pet peeves of mine :)

I'll give you two:

• So-called incognito mode doesn't do what most people think in that “Incognito” mode doesn't really make you incognito! It’s an extremely misleading name and in my opinion should be changed. All it does is delete your local browsing history after your session on your device, but does nothing from stopping any website you visit from tracking you via your IP address and other tracking mechanisms like browser fingerprinting. We did a study showing how much people misunderstand private browsing modes.

• Browser "do not track" settings. You'd think if you turned on do not track, you might not be tracked? Not so. It is a voluntary standard and hardly any site does anything to adhere to it, including pretty much all of Big Tech. In my opinion it should be completely removed from browsers until it has mandatory compliance with regulatory teeth behind it.

What is your goal for this year? What is DuckDuckGo's endgame?

Our goal this year was kicked off last week and is to help people more easily protect their privacy as they search and browse the web, no matter where they go on the Internet. In particular, we've made a new app and extension with all the privacy essentials in one seamless package: tracker blocking, upgraded encryption, private search, and more. It's available on all major platforms and the idea is on any device you should be able to look up DuckDuckGo and be easily protected with one download.

Which Google Services do you still use?

None on a regular basis. Occasionally I have to go to YouTube when it is the only place a video resides.

Would it be possible to publicly share a hypothetical response to a secret government warrant? Like a made-up user with made-up searches and show us exactly what would be handed over to the government? I remember Open Whisper Systems did that for a Signal user and it was really cool to see.

We really have nothing to hand over to the government since, unlike say messaging or email, we don't need to collect or share any personal information at all. That's one great thing about web search, that all searches can be independent and so you don't need to save anything about the person searching after the search.

Any plans for additional duck duck go services such as email?

Just last week we launched our first new product that extends our privacy protection beyond the search box while browsing, available for all major platforms. With that, we're going to have our hands full for a while.

However, we do have a list on our blog of Google alternatives for email and other services.

What is your preferred web browser for a windows machine?

On Windows, Firefox, Brave, and Vivaldi are all good choices. I personally use macOS though.

Preferred browser for macOS? What extensions do you use? :)

I personally switch between those and Safari depending on the context -- and I use our new extension along with Lastpass and Pocket.

Hey u/yegg, did you know it was your CAKE DAY?

I do now :).

could you please make "exact phrase" with "-" mean ACTUAL EXACT PHRASE BETWEEN THE " "'s please? it would be nice also if the -exclude this word ACTUALLY EXCLUDED THE WORD AFTER - PLEASE.

Thank you for the feedback. Duly noted.

Is there any plans on a website where new urls can be submitted to improve your search results? Like Google has.

We generally pick up new URLs without submissions. However, if there are search results issues, the best way to report them is via the Feedback button on the results pages. They are all read and go to the right place in our systems.

Why is the US so far behind Europe on data privacy? While they're implementing GDPR, we're rolling rules that allow ISP tracking. Is it a cultural or political thing?

It's political. Culturally, the US is similar on privacy and in fact protecting privacy has truly become mainstream. I believe because the will of the people is there, it is only a matter of time until we follow suit.

Is there any desire for DDG to become politically active in any way, shape or form? Endorse candidates? Create forums for politicians to discuss and debate privacy issues? Also, what organizations do you believe are most effective right now in terms of fighting for privacy rights? (EFF and EPIC come to mind - any others?)

We've been donating to organizations that share our vision and values for many years, and our donations page lists and links to a lot of great organizations that fight for privacy rights.

We've also become more active ourselves, such as signing on to court cases where we can add unique value or putting out our own statements. We would like to do even more though, and plan to step up these efforts over the next few years.

on the DDG Answers API page there's a line

For the same reason, we cannot allow framing our results without our branding.

What does "framing" mean here? (i.e., what sort of things are not allowed?)

Also is there any hope that we might have a full search API in the future?

Thank you for providing such an excellent service.

You're very welcome.

What that means is to make an iframe of duckduckgo.com and make it appear as if it is another search engine, i.e. white-label DuckDuckGo. Does that make sense?

A full search API is not on our roadmap right now.

Have you always been a privacy advocate or events you can mention made you notice the importance of not letting your data public for anyone collect it?

I've always been into personal freedom, and I believe having privacy is a fundamental constituent of being free. I came across the more nuanced issues with privacy and the Internet in grad school; I went to the Technology Policy Program at MIT.

With search privacy in particular, I hadn't considered the full implications until actually seeing search logs and seeing how truly private they are. People ask their search engine their most intimate questions, such as medical, financial, and political. Those should be private, and studies have shown that people actually curb their searches once they realize they aren't totally private on other search engines.

Ever thought about hosting a free private email?

DuckMail has crossed our minds :), though no immediate plans.

How do you see yourselves growing over the next few years?

Our vision is to raise the standard of trust online. That’s what we hope to do long-term, and we are always open to and thinking about ways to further execute on this vision.

Our current plans on doing so include:

• Continuing to provide a solid private alternative to Google search. Google has more data on people than any big tech company by far, and search data is arguably the most personal, as people search for their most intimate financial, health, and personal problems.
• We just expanded beyond our roots in search, with updated mobile apps and browser extensions that protect you beyond search, wherever you happen to go on the Internet. See our announcement for more details.
• Last year we kicked off a major focus on general privacy education, on our blog, newsletter, and social media.
• We continue to make substantial donations to like-minded organizations.
• We plan to continue doing our own primary privacy research and advocacy where we see we can make a significant impact.

Where can I learn more about online privacy?

This past year we launched a blog at spreadprivacy.com with great information. In particular I'd recommend signing up for our privacy tips newsletter which will send them to you on a good schedule. All the content is also online here.

In another comment from you guys I found this link: https://www.google.com/maps/timeline Any other links to 'instantly' spread awareness?

https://myactivity.google.com/myactivity

Google has become a verb to search for things. How could you make DuckDuckGo into a verb?

Started using your search engine a couple of months ago. I hated that Google would track my location in maps and suggest Home or Work without me telling it to store those addresses against my name.

Now that Ive turned off the setting to monitor places I often visit, whenever I go Home or to Work, it asks me if I want to turn the setting back on. Only those two places. Bastards.

Hah, thanks for being a DuckDuckGo user! "Duck it," "DuckDuckGo it", "DDGd it" could be a thing :), but sadly I don't think we're going to get rid of Google as verb -- it's too ingrained at this point to the extent it is generic like Kleenex.

will ddg ever be able to filter by dates beyond 1 month? filter by past year would be great. while i'm at it....how about showing web page dates in search results? i prefer using ddg and will continue to do so but dates are lacking. thanks!

I hope so :). We are working on it. Past year (or better yet custom range) is closer.

Have you ever been contacted by bigger data-tracking services? Google or Facebook for example?

It depends what you mean by contacted. We've spoken to a lot of different companies in one way or another.

Why did you decide to make a browser for the mobile platform at this time?

We lay out the full reasoning on our blog announcement. Summary is:

• We've wanted to do this for a long time, but were focused on getting search great first.
• Now that we're bigger and feel we have search under control (though it is always a moving target and improving) we could make progress on our broader vision of raising the standard of trust online.
• We found that many people want privacy protection, but find the current array of solutions to difficult to figure out.
• So we set out to develop one package that you could get on all major platforms which would contain all the privacy essentials (tracker blocking, encryption, private search, etc.) and work seamlessly without compromising your Internet experience.

Often these days there are a lot of bots and astro surf.

This might be a little out of your usual wheel house, but do you know any ways that the average internet dweller like my self can combat these?

I suggest disengaging with Facebook altogether. That may sound extreme, but I've been happily Facebook-free for many years, and studies are slowly showing this has health benefits.

On Twitter and other social media you can try to be discerning about who you follow.

In comparison to Google you don't offer some functionalities like Maps, Drive, a translator GMail etc. (I know that there are other services which offer these) Are there any plans for such services in the future?

In terms of search -- I know this isn't what you meant but wanted to clarify -- we do have maps and local results on the search engine, including larger, interactive maps.

In terms of the wider ecosystem, we don't have plans at this time. We have our hands full with search and our new apps and extensions that extend our privacy protection beyond the search box. Related note: here's a list of alternatives to Google services we recommend.

If a search engine remembers that you (e.g.) live in San Francisco and that therefore your query 'Giants' is more likely to pertain to the baseball team than to large humans seems to be a plus that you don't offer.

Having ads that are more actively interesting to you ('this guy likes the Giants.. perhaps he might actually want this foam finger that's on sale' in california) versus 'well.. maybe a book on big people' is not necessarily a bad thing by itself.

Can you articulate explicitly (or point to a resource) that explains what is problematic about getting and/or retaining some of this data? Do you e.g. object purely to the fact that the data on you is stored for philosophical reasons, or do you believe they are doing 'something nefarious' with it behind the scenes, or...?

When most people say they want personalization in a search context they actually want localization. They want local weather and restaurants, which can actually be provided without tracking, like we do at DuckDuckGo. That’s because approximate location info is automatically embedded by your computer in the search request, which we can use to serve you local results and immediately throw away without tracking you. Giants is an example like this actually.

On the other hand, more personalization has serious downsides. You expect unbiased results, but that’s not what you get with personalization. You get results tailored to what they think you’re likely to click on, based on the data profile they’ve built on you over time. These personalized results are dangerous because to show you results they think you’ll click on, they must filter results they think you’ll skip. This is commonly referred to as the Filter Bubble.

So, if you have political leanings one way or another, you’re more likely to get results you already agree with, and less likely to ever see opposing viewpoints. In the aggregate this leads to increased echo chambers that are significantly contributing to our increasingly polarized society.

This Filter Bubble is especially pernicious in a search context because you have the expectation that you’re seeing what others are seeing, that you’re seeing the “results.” On DuckDuckGo, we are committed to not putting you in the Filter Bubble. We don’t even force people into a local country index unless they explicitly opt-in.

Additionally, most intent can really be inferred from the query, and in an ambiguous situation it is as easy as adding another word.

In an ad context, there are similarly pernicious results. The hyper-targeting ad system is designed to enable the targeting of the most susceptible, and can also be used to facilitate discrimination. In a search context, these ads are generally not even useful since most often the ad is related to the search term as that is a much better indication of what you want right then.

Hello Gabriel and all the members here today. Love your mission!

At what point in your life was it that you thought that privacy really matters?

For me personally, rather early. I've always been a private person and value the fact that people need privacy in order to feel comfortable thinking freely.

https://8ch.net/tech/ddg.html

Any comment on that?

All nonsense.

I occasionally get trolled around my previous company, Opobox, an early social networking company that I ran from 2003-2006. As far as I can tell, the trolling theme is that since I ever was associated with any kind of social networking company, that somehow taints me/DuckDuckGo. Its purpose was to help reunite old friends and classmates, and it actually helped develop my privacy views and practices for what became DuckDuckGo.

For example we did what I think were some innovative things at the time:

• We collected the minimum amount of information possible.
• Allowed people to automatically remove all their minimal information permanently with one click or email.
• Actually charged money as a business model instead of using advertising.
• Never worked with any third-parties in terms of data targeting (and didn't need to since that wasn't our business model).

Of course, these also made the company ultimately not able to compete in the space, which was completely subsumed by Facebook.

I took these privacy ideas to DuckDuckGo, though, and realized in the case of Web search the minimum amount of information needed is actually zero. Hence, our privacy policy.

2FA is a great way to make accounts safer, right? But most people use Google Authenticator. What's your opinion on that?

2FA is indeed great. We have an article about why.

I use Authy to store my 2FA tokens.

Does duck duck go use hosted services such as AWS? and if so how is customer privacy protected on these platforms?

We do use AWS to make our site fast around the world. All traffic sent to DuckDuckGo is encrypted (A+ at SSL Labs including PFS), and that encryption protects your query in transit to our servers, which are controlled by us at the OS level, with special attention given to security. Since we don’t log personal information there is also nothing to recover of value from a user perspective on these machines’ disks.

Additionally, all sites need to be hosted somewhere, and to be fast, in a significant data center. Such co-located hosting has significantly less security, much more vulnerable to physical tampering.

[deleted]

Ads are simple in that they're just based on the keyword, e.g. you type in 'camera' and get a camera ad. In fact, that's the way they work on most search engines too. All of that tracking of your search history is usually used to target ads at you off search engines, because on the search engine what you type in is such a great indicator of what you want right then.

Originally, I was dissatisfied with Google results in a number of ways, including too much spam in the results and lack of instant answers (this was 2007). I ran it by myself for the first few years, self-funded, and then we raised one round of funding in 2011.

How do I proactively encourage DuckDuckGo's crawlers to crawl my websites?

On a similar note, is there something like Google Webmaster Tools but for DuckDuckGo? If not, then please consider adding it.

You shouldn't need to do so, i.e. we should pick them up automatically.

No webmaster tools at this time, though duly noted.

Why did you block Tor exit nodes for awhile? This issue seems to have mostly resolved itself.

We do not intentionally block Tor exit nodes. Occasionally we have some routing issues and try to resolve them as quickly as possible.

Hey!

I love DuckDuckGo and use it everyday!

Do you offer internships for students? I love DuckDuckGo and would love to help out.

My skills are programming in Swift, some HTML and JavaScript, and some web security.

Thanks!

Unfortunately, no, we currently do not have an internship program. We're a small, distributed team, and don't have the resources to support one at this time. We are hiring though!

Where can I get DDG stickers?

DM tagawa and he may be able to hook you up.

How does your new android browser differ from some of the other privacy options out there like Firefox focus, brave, or even Firefox w/ add ons (unblock, privacy badger,https everywhere)?

We're trying to put all the privacy essentials we can make seamless -- tracker blocking, upgraded encryption, private search and more to come -- all in one package, across all major browsers and platforms (including Android). In this respect, on any major mobile device or desktop browser, you should be able to look up DuckDuckGo and with one download get seamless privacy protection as you search and browse the web.

With regards to other extensions, we found that they generally lack some combination of all the essentials (e.g. missing encryption, private search), aren't totally seamless (i.e. break some of the web), or aren't available across all major browsers and platforms.

Is there any system for consumers that's actually hack proof? No platforms seem safe from exploitation.

If you're looking to be anonymous online, I believe Tor is the closest you're going to get.

However, I believe it's a myth that if you're not completely anonymous, you aren't making progress on data privacy. Most people just want to reduce their online footprint as much as possible, in a seamless fashion, and that can be easily accomplished with apps and extensions like we provide.

What is the future of Instant Answers on DuckDuckGo?

We are proud that we were arguably the first search engine to truly embrace instant answers, and they are certainly here to stay. We are in the process of upgrading our instant answer architecture and then we will evaluate whether we can restart community efforts in improving them. Right now though we are focused internally on improving the main types like maps, local, news, and images.

If you could give everyone on the internet one tip about maintaining their privacy (other than using DuckDuckGo), what would it be?

It would be to block all the hidden trackers across the web since that will help reduce the effects of the filter bubble and invasive targeted advertising. Since we now do offer that protection, I'll give you another one.

Every device has some basic things one should change to be more private, like setting a pin code. We've made device guides that only take a few minutes to implement.

Happy cake day: who are you selling our information to?

We don't collect or share any personal information. That's our privacy policy in a nutshell.

Why would you call it duck duck go? It is honestly the only reason I am not using it.

I think you're thinking of a different service.

Fick I thought I corrected that spelling.

Hah, no worries -- just was funny :).

I like the name, though appreciate you do not. We've talked about for April Fools one day (which we've never participated in), introducing a setting that allows people to change the name if they want to Innitech or something like it.