This is an examination of the integrity and credibility of the following projects that attempt to advise privacy-focused consumers.

site mission statement of purpose
de-Google-ify These ethical alternatives will help you de-Google-ify your life, have a calmer and far less intrusive online experience.
Frama promotion, dissemination and development of free software, enhancement of open source culture, and an online platform of open services.” (full charter)
PRISM-Break Help make mass surveillance of entire populations uneconomical! We all have a right to privacy, which you can exercise today by encrypting your communications and ending your reliance on proprietary services.
PTIO You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. PrivacyTools provides services, tools and knowledge to protect your privacy against global mass surveillance.
Security Checklist An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.
Surveillance Self-Defense our [EFF’s] expert guide to protecting you and your friends from online spying.
Stallman (advice is tech freedom centric but RMS also has a respectible stance on privacy issues)
Switching Software Ethical, easy-to-use and privacy-conscious alternatives to well-known software
ThinkPrivacy It’s your data. It’s time you take control of it.

Harmful endorsement: DuckDuckGo (“DDG”)

Why it’s harmful: article

site DuckDuckGo endorsement site’s position & mission are inconsistent endorsement or condemnation contains misinfo or withholds pitfalls
de-Google-ify yes yes, if you consider DDG an unethical alternative site withholds DDG wrongdoing, and makes a positive claim that DDG has no filter bubble (which is disputed)
Frama no (and in fact DDG blacklisted Framabee) no n/a
PRISM-Break yes yes, by economically supporting privacy abusing surveillance capitalists (direct adversaries of the PRISM-Break mission) site withholds DDG wrongdoing
PTIO yes yes, financing privacy abusers works against PTIO’s mission. site cautions about UKUSA, but withholds most DDG wrongdoing
Security Checklist yes depends on user’s previous tool whether DDG is an improvement site withholds DDG wrongdoing and also makes unverifiable* claims
Surveillance Self-Defense almost meh, you decide Endorsement is kind of implied by TB advocacy & presentation of default search engine without caution
Stallman no no page overlooks most DDG issues, but it was only meant to expose one issue
Switching Software yes yes, if you consider DDG an unethical alternative site withholds DDG wrongdoing and also makes unverifiable* claims
ThinkPrivacy yes yes, financing privacy abusers works against TP’s mission. site withholds DDG wrongdoing and also makes unverifiable* claims

(*) DDG claims they do not track users, but they cannot prove it. So when a third party like Switching Software or ThinkPrivacy states DDG does not track you, they are asserting something they can’t. They should not be endorsing DDG in the first place, but if they insist, then they should instead say something like “DDG claims not to track you” so as to avoid deceiving people about the verifiability of the claim.

It’s particularly interesting to note that ThinkPrivacy gives the highest endorsement to Startpage, which was bought by US advertising company “System1”. Yet ThinkPrivacy loudly condemns for the very same reason. Why? Dan Arel works for Startpage. This arose out of a scandal where Mr. Arel was advising the privacytools.io project at the time PTIO was considering pulling their endorsement of Startpage.

To be fair, DuckDuckGo has a much more extensive history of undermining privacy both directly and by proxy through partnerships with privacy abusers than Startpage.

Harmful endorsement: Qwant

While Qwant has some privacy strengths that make it substantially more trustworthy and privacy-respecting than DuckDuckGo, it still has noteworthy issues that undermine privacy:

  1. Privacy
    1. Tor hostility – Tor users are sometimes forced to solve a CAPTCHA, and it’s implemented in a destructive manner. That is, the search query is collected before Qwant decides to push a CAPTCHA. Since the user has already invested effort in typing the query, the user is coerced to solve the puzzle in order to not throw away their effort to that point. Then after successfully solving the puzzle, the query is wiped out anyway and the user is forced to retype their query.
    2. No proxy feature. Some search engines like Searxes and Metager give an alternative proxy or cached link that avoids directly connecting to the site in the results. This is useful for all users but it’s important to Tor users because many sites block or mistreat Tor users, in which case Tor users must visit the site indirectly. Qwant neglects to accommodate.
    3. Qwant’s swag store accepts Paypal, who then shares customers data with 600 companies amid other abuses.
    4. Qwant’s swag store says “follow us on Facebook”, leading users into mass surveillance and makes no mention of their Mastodon account.
  2. Microsoft partnership has been ongoing.
    1. Qwant patronizes Microsoft for its advertising network
    2. Qwant claims they no longer use Bing search results, but this is disputed. (And then they admit to it)
    3. Qwant uses Microsoft Azure cloud services.
  3. Qwant’s swag store sells apparel made of cotton, which is bad for the environment.
  4. Qwant has ties to Fight for the Future Inc, an organization that claims to fight for net neutrality yet uses CloudFlare themselves.

We won’t document all of Microsoft’s wrongdoing here, but MS has a long history of privacy abuse and still today they are embroiled in privacy scandals such as financial facial recognition technology to AnyVision and violating the GDPR.

site Qwant endorsement site’s position & mission are inconsistent endorsement misinforms or withholds pitfalls
de-Google-ify no no n/a
Frama no no n/a
PRISM-Break no no n/a
PTIO yes yes site withholds Qwant wrongdoing
Security Checklist no no n/a
Surveillance Self-Defense no no n/a
Stallman no no n/a
Switching Software yes yes, if you consider Qwant unethical site withholds Qwant wrongdoing and also makes unverifiable* claims
ThinkPrivacy no no n/a

(*) Qwant claims they do not track users, but they cannot prove it. So when a third party like Switching Software states Qwant does not track you, they are asserting something they can’t. They should not be endorsing Qwant in the first place, but if they insist, then they should instead say something like “Qwant claims not to track you” so as to avoid deceiving ppl about the verifiability of the claim. OTOH, Qwant would be violating the GDPR if they did track you contrary to their privacy policy, so perhaps it’s fair enough for Switching Software to make this assertion (unlike DDG, who is bound only contractually & they’ve shown to violate it already).

It’s worth considering that sites that endorse DuckDuckGo and nothing else are actually more harmful than sites that list other alternatives like Qwant, b/c there is more likeliness that users opt to use DDG when it’s the only endorsed choice.

(part 2: messaging services)

(part 3: s/w repos)

  • Palaress@lemmy.161.social
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    Hi, I am bit late to the party, but whatever.

    First of all, thanks for the post and all its information and references. I totally agree on DDG, but would like to discuss Qwant a little bit.

    One of your points is Tor hostility. I just checked with my own Tor Browser, and I can access qwant.com easily without problems. I have even renewed my identity and the tor circuit several times, without any pop ups, captchas etc. so the probably fixed this.

    In your linked article about partnership with Microsoft the last article says:

    The user is not talking to Microsoft

    At last, let’s talk about you, users. When you use Qwant, you will always be connected to machines that we own and operate directly. You will never be connected to Azure’s cloud machines, and your personal data is never shared with third parties. We use Azure for Qwant’s back office purposes, namely computing the index of the Web. We take this opportunity to remind you that as soon as you connect to our search engine, our servers anonymize your data, especially your IP address which is salted and hashed. That is, we add noise and a breakdown of this IP address to make it anonymous when we ask to display ads or have to store data in our logs. Only this anonymous data is being used in our internal network.

    And even though I don’t like it, I can understand it. Small companies have limited budget and can not afford there datacenter to be even bigger then they are for stuff the don’t need 24/7 in production.

    As your other points do not focus on the privacy of the search results (and users of the search engine), I personally do not care. Is there any indication (or even proof) of Qwant not beeing private or secure?

    What search engine do you use personally, or/and can you please list a few which are better in your oppinion?