[nunobrito]

DuckDuckGo is only private if you trust their word.

Over the years they continue to refuse access for a trusted third-party auditor to review their infrastructure and validate (or not) their claims of privacy.

The preference of Android to place DDG in Europe (31 out of 31 countries) is strange when considering privacy as argument. Then is placed this "info.com" as second option on all European countries (31 out of 31 countries) which is virtually unheard about, and again a US-based service which again raises eyebrows on privacy.

Europe-wide has a search engine that deserves our preference, and that is http://qwant.com

Precisely because it is built and hosted in Europe. Yet, it is displayed as the last option and only as an option for 8 out of 31 european countries. Very strange. Talking from Germany, the preference here would be http://ecosia.com

[Accacin]

Not doubting you, but do you have any sources for your claims?

I will use Qwant in the future but at the minute it's not suitable (IMO) for daily usage.

Ecosia seems like a great idea, but these kind of 'Search and earn' sites have always seemed like a scam to me and I can't find any reason to trust Ecosia over DDG.

[nunobrito]

I'm a software auditor in Europe (per times consulting the European commission itself), mostly for open source licenses but also for cybersec and privacy matters.

This topic with DDG is recurring since years. You cannot verify the infrastructure, it is not hosted on EU-bounded servers and they have been asked for cooperation. Nothing moved as far I follow.

With Ecosia you are right. The point is that Ecosia accountable to European Law in case of scam. You can trust germans to close down the service if ever deemed to be a scam.

[gdm85]

Not sure if you are aware of this (I hope it's not on purpose), but your personal website mentioned on your 'About' description contains some questionable content (gambling?) in indonesian language.

If I may ask, was it hacked, you lost the domain or you have put that content there on purpose to generate some revenue?

[nunobrito]

Thanks. Seems my own domain got expired some months ago and then taken over by someone else. It was old, nothing updated in years. I removed from it from the profile box, thank you for letting me know.

In the old days was just used for hosting a blog and some papers to share with others. I guess nowadays having a personal domain becomes increasingly less needed.

[teekert]

I'd argue it is increasingly needed, but it depends on your needs/goals ;)

[gdm85]

You're welcome; I figured it was something like that.

Sorry "vultures" took it over, I would use something like GitHub/GitLab pages if you are looking for minimum maintenance.

[m00dy]

What would be the practices for infrastructure review ?

[nunobrito]

Usually involves talking with someone on the architectural level (Chief Architect, maybe CTO, VP or head of engineering if knowledgeable enough). Then involves onsite visits, questioning about where the data is hosted and factual verification of these claims.

Depending on company size/challenge, you might do some tests on their claims from the outside over the period of 24 months. For example, registering an account and then verifying if that one-time email got leaked into some other service.

Or, on cases of higher-criticality you will have monitoring of what data is coming out from the datacenter where the apps are running.

Direct access to source code reviews is rare. Albeit depending on the level of cooperation it could be a possibibility.

[DavideNL]

What do you think about Startpage?

And, which European search engine would you recommend?

[jakub_g]

Startpage was acquired by an adtech company a few months ago https://www.ghacks.net/2019/11/16/startpage-search-owner-cha...

[DavideNL]

Yes i'm aware of that, but they were not 'acquired'... although it's definitely not a good development, i'd argue Startpage is still better (privacy wise) than for example Google.

[krageon]

> i'd argue Startpage is still better

Why would you argue this? Adtech companies are one of the big sources of problems with privacy online.

[nunobrito]

That one was verified and passed.

While sharing coffee with a colleague years ago, he argued that something smelled odd about them. In is opinion was a front for the CIA or some other sponsored group that harvests data.

Mind you that he provided no facts to support this claim.

I tried to inform myself as much as possible about them, about their technology and people working there. Very scarce info exists. Try it by yourself, then let me know if you do manage to find more info about them.

My only recommendation at the moment is qwant on the european side. Not because of privacy, but mostly to enable diversity of choice on the continent. In case of war or embargo, consequences here would be devastating on the tech-side.

[seiko988]

I've had very good results with cliqz as far as European search engines go. https://beta.cliqz.com/

[Zhyl]

I find cliqz is very good at natural language queries, but doesn't have the index size a lot of the time. You either end up with 10 results that are exactly what you were searching for or nothing.

[cren]

I agree about Qwant being unsuitable for daily usage. I had to stop using it after entering a search query via the omnibar in Firefox would sometimes fail, apparently at random, and redirect me to Qwant's homepage instead of the search results.

[nunobrito]

Wouldn't know. It works OK for me and I use it on daily basis across several devices.

[raverbashing]

> to refuse access for a trusted third-party auditor to review their infrastructure and validate (or not) their claims of privacy.

Which company would accept (and pay for that) given there's no legal requirement for it?

Here's a better test: DDG sets exactly one cookie in my browser, with a short value (not unique enough to track anything). Makes me trust them more than some BS popup saying "we care about your privacy"

I don't see why I wouldn't trust DDG in relation to their alternatives

[nunobrito]

> Which company would accept (and pay for that) given there's no legal requirement for it?

Maybe relevant for a company whose business model is built around the promise of preserving end-user privacy?

> I don't see why

Data storage and network communication occurring inside the European space alone, rather than sending packets from European users to elsewhere unknown. Being fully accountable to European law, with base offices and employees in Europe so they are subject to the same data-protection rules as other locally-based companies.

When looking at other alternatives such as Ecosia, Qwant: they do offer this and yet are seldom presented as a search engine option by Android. Strange.

[raverbashing]

> When looking at other alternatives such as Ecosia, Qwant

W.r.t. them I agree, but have they been subject to a 3rd party audit (honest question, I'm not familiar with them)?

I'm not saying we should trust DDG (or any search engine) 100% without proof, but the best way of keeping your privacy is not collecting data and it seems DDG is doing that.

[Fnoord]

We don't know what they are collecting. They could just as well be an NSA front and easily profile based on IP searches. In the end, American companies bend to US law. That is why Europeans should desire a European alternative in the first place. The workaround is using Tor.

[adgasf]

A short cookie with a browser fingerprint will be enough for tracking.

[raverbashing]

Cool, are they calling APIs that give fingerprinting data? Using tracking images?

Because unless you have evidence they're abusing their data collection (as, you know, a lot of websites do) I'm not buying the FUD.

[Kiro]

What makes you blindly trust DDG and give them the benefit of doubt compared to other companies?

[ForHackernews]

You mean compared to Google and Facebook?

DDG is a tiny company that owes its small measure of success to building and maintaining a good reputation among devs and other tech-savvy, privacy-conscious users.

[rambojazz]

> DuckDuckGo is only private if you trust their word.

This a million times. For the same reasons why I don't trust proprietary (closed source) crypto software.

[latexr]

> Talking from Germany, the preference here would be http://ecosia.com

Which is essentially Bing[1], including the ads[2].

[1]: https://ecosia.zendesk.com/hc/en-us/articles/206153381-Where...

[2]: https://ecosia.zendesk.com/hc/en-us/articles/206019452-How-d...

[klntsky]

> a search engine that deserves our preference ... because it is built and hosted in Europe

Why not the opposite? It is easier for the government to seize your data if the service is under their jurisdiction.

[krageon]

> Why not the opposite

Companies that are US-based can be depended upon to leak like a sieve with very little prompting. Given that, the EU option is the smart option. In the EU, there is at least a modicum of accountability and some expectation in the law (in theory but more importantly in practice) that people are respected and left alone.

[crocodiletears]

Hadn't heard of Qwant. Looks like they do their own indexing, which is good to see. Definitely an engine to keep an eye on.

Ecosia is just repackaged Bing, ostensibly with a second filter/ranking pass over Bing's results iirc. Is there much difference between the two from an end-user perspective, beyond the ecology gimmick?

[nunobrito]

Ecosia is a small Berlin startup. They are profitable and happy to just relay the results from other search engines.

Qwant is far bigger. Aims to be a complete replacement for Google in Europe with their own datasets. They have difficulties in funding and their survival is mostly depending on public funding and eventually being accepted as default choice for companies across Europe.

From that perspective, it makes a huge difference when more people become aware that independent options exist.

[yodsanklai]

> that is http://qwant.com

Plenty of pictures and distracting news on the front page.

[baruchel]

You should rather try the lite version:

https://lite.qwant.com

[nobodyshere]

Just cut them out with adblock and you'll be fine.

[mikorym]

Can't we have an open source search engine with publicly sourced "indices"? Anyone who wants can then crawl the web and build a graph of parts of the internet. The search part and the crawling code would be open source. What's the problem?

[fghtr]

Here you go: https://yacy.net

[Zhyl]

What's the status with YaCy like these days? I tried installing it about 7 years ago and the results left something to be desired.

[fghtr]

It is still far from being actually useful afaik. We need much more people involved I guess.

[mikorym]

Apart from people, what are the main challenges to get to a stage where it is usable? My guess is that maintaining large indices is nontrivial in multiple aspects.

[krageon]

Ecosia is from what I can tell a frontend for Bing. That is again a US-based solution, even if their veneer is from somewhere else (is it? I can't find it easily).

As for Qwant, it says it's based in France but I know nothing about it.

Just from the face of it, it's not clear that these solutions are better (Qwant is a maybe and Ecosia is a definitely not). This ambiguity coupled with their relatively unknown nature could be one reason why the EU did what it has done.

[johnofthesea]

as far as I know https://swisscows.com is also hosted in Europe

[itair]

Qwant use Bing for 64% of is search.

https://m.nextinpact.com/brief/en-septembre-2019--les-result...

[amelius]

> Europe-wide has a search engine that deserves our preference, and that is http://qwant.com

Strange thing is that the domain qwant.eu is for sale.

[bitL]

Does it matter though? If you want some semblance of privacy, use VPN + Tor while searching anything, and make sure no personally identifiable information goes through it. Every company has to adhere to its local law, so expecting privacy is naive.

DDG's advantage is much less bloat and almost as good results as Google (in some areas arguably better), while not feeding their personalized ad machine. Qwant is worth trying as well.

[_Codemonkeyism]

"The preference of Android to place DDG in Europe (31 out of 31 countries) is strange when considering privacy as argument."

DDG Marketing.