Why would someone trust DuckDuckGo or other providers with a similar privacy policy?

  • DuckDuckGo is a search engine that claims it will not share your results with others. Many of my skeptical coworkers think it may be a scam.

    Is there any proof that any web search engine will protect your privacy as it advertises?

    The founder, Gabriel Weinberg, has a blog at: http://www.gabrielweinberg.com/blog/ It's not "proof" by itself, but taken together will all the other indicators that have been mentioned by others, the amount of effort someone would have to go to in order to fake all these signals of authenticity is very significant!

    I've suggested an edit to this. Why single out DuckDuck? The same question applies to Google (*especially* to Google), Bing, Yahoo and all the others.

    @deworde: It applies to DuckDuckGo. Specifically because of their privacy policy, your edit changes the question.

    @Dave The question was "Why should I trust them", not "Why should I trust this specific thing about them" If another site offered the same privacy policy or said that your data would be encrypted over the wire, the same concerns would be valid. Even Google's policy promises certain things, and the same question applies to them.

    @deworde: I'd agree, except, DuckDuckGo have a very specific (and MUCH more private) privacy policy, designed to entice users to use it rather than other search engines, with more loosely worded privacy policies. Their uniqueness comes from that, and historically, was a much larger focus - http://duckduckgo.com/about - I stand by my original comment - your edit has changed the question.

    I have edited this back to be specific around DuckDuckGo - I think the answers given are applicable to other providers if they use the same sort of privacy policy, but the question was sparked from this specific provider.

    I say close this question as too localized. You'd need the founder of the company or someone who makes decisions there to answer this question... Whoa, wait a sec!

  • D.W.

    D.W. Correct answer

    9 years ago

    There is no proof that DuckDuckGo operates as advertised. (There never is, on the web.) However, that is the wrong question.

    DuckDuckGo is very clear in its privacy policy. DuckDuckGo says it doesn't track you, it doesn't send your searches to other sites, by default it does not use any cookies, it does not collect personal information, it does not log your IP address or other information about your computer that may be sent automatically with your searches, it doesn't store any personal information at all. Those are pretty strong promises, with no weasel-wording. And, as far as I can see, DuckDuckGo's privacy policy seems like a model privacy policy. It is a model of clarity, plain language, and lack of legal obfuscation.

    And privacy policies have bite. The FTC has filed lawsuits after companies that violate their own advertised privacy policy. (Not just little companies you've never heard of: They even went after Facebook!) The way privacy law works in the US is, basically, there are almost no privacy rules that restrict what information web sites can collect -- except that if they have a privacy policy, they must abide by it. Breaching your own privacy policy may be fraud, which is illegal. Also, violating your own privacy policy represents "unfair or deceptive acts or practices", and the FTC is empowered to pursue anyone who engages in "unfair or deceptive acts or practices" in court. DuckDuckGo would be pretty dumb to breach their own privacy policy; their privacy policy is clear and unambiguous and leaves them little wiggle room.

    No, I don't think that DuckDuckGo is a scam. I think that's crazy talk. Given the incentives and legal regime, I think you should assume DuckDuckGo follows their own privacy policies, until you find any information to the contrary.

    Your reliance on legal incentives seems to assume the site or owner are located in the US. I never feel very trusting of a site when `whois` tells me `Registrant Contact: WhoisGuard Protected`.

    @HughAllen - Since whois can be completely faked, what's to prevent someone from spoofing a legitimate address from a business in NYC to the Whitehouse? Well one may be fishy, but ultimately I need a D&B number to prove incorporation of some type.

    @HughAllen There are perfectly legitimate reasons to guard against another site revealing your information, and just because WhoIs shows as US isn't proof that the *business* is registered there. Paranoia will destroy ya, but the right place to look would be a registry of incorporated businesses.

    @HughAllen Also, even if it was registered internationally, these laws are generally applied globally. And in most places you'd be able to get around them, your site's reliability would be severly compromised.

    @HughAllen consider also that there were cases of US government taking over .com domains of entities outside US which violated US laws. So having .com site and committing a felony in the US is usually not a very smart move for an entity whose business is entirely web-based.

    @HughAllen - Does it matter if where they are located? If they do business with american citzens as proven by several recent cases, there is an expectation that a company even located in a country where said action is not illegal, must take measures so american citzens cannot violate the law. If you have a .com, .org or .net domain and are in the business that might be gray, then you better understand the laws which apply to you, as a business owner and the people who visit your website.

    3 years late… just wanted to drop that a privacy-protected `whois` doesn’t prevent finding the location of an officially registered company: DuckDuckGo, Inc. is ”…headquartered in Paoli, Pennsylvania, USA…” as Bloomberg’s info and even the Yellow Pages entry seem to confirm. Maybe just pick up the phone and give the founder, “yegg” a call in case of doubt? ;)

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM