[malthejorgensen]

Headline is a bit rich, since duckduckgo exists (and Bing/Microsoft if you really stretch it).

I get the point though -- duckduckgo doesn't provide a browser. But I'm guessing Brave doesn't provide hosted email service (Gmail), file and document hosting (Google Drive and Docs) so the analogy breaks down either way.

That snark being said, I do want more privacy on the web -- so yay Brave!

[katsura]

> duckduckgo doesn't provide a browser

That's not entirely true. They do have a browser for Android and iOS[0]. When I search they frequently show a small pop-up to install it.

[0] https://apps.apple.com/us/app/duckduckgo-privacy-browser/id6...

[vertis]

This was my first response as well (and posted a sibling that said the same).

[mikepurvis]

Do we know if DDG passes through every query on demand, or does it have a caching layer or something where popular queries only hit Microsoft once a day?

[ffpip]

Bing search API terms of use do not allow caching [0].

"You must use results you obtain through the Services only in Internet Search Experiences (as defined in the use and display requirements) and must not cache or copy results. "

But they may have a special agreement in place due to the number of searches happening on DDG (100 million + daily [1]). They're larger than Bing in many countries.

[0] - https://www.microsoft.com/en-us/bing/apis/legal

[1] - https://duckduckgo.com/traffic

[ehsankia]

Does it matter? If it's proxied through a single API "user", Microsoft can't track individual DDG users, right?

[mikepurvis]

I think it still matters— maybe it's way harder to track an individual user, but you could still do some inference about queries which lead to other queries, or watching for bursts/crescendos of traffic on a particular topic in response to current events.

[ehsankia]

Your first claim, I'm suspicious this can be done after a certain scale. If DDG is sending queries from millions of users, it's much harder to untangle them.

Your second query, absolutely, Microsoft is getting very good aggregated data from their API, which is useful to them, but that's not really a privacy violation for individual users.

[mikepurvis]

Yeah, that's fair— once the queries are anonymized and stripped of any locale information, there isn't too much more to go on. And while there may be technical reasons to want to cache popular searches, then you're mostly just denying your upstream analytics which are fairly reasonable for them to want to have.

OTOH, Debian deliberately provides the technical means for third parties to host verifiable mirrors of their package repository, and then makes the analytics an opt-in thing (popcon).