Whatever this product is I feel the name is already a hindrance. Normal products don't have privacy in the name. Rightly or wrongly you will be judged when you say 'btw I use ... Privacy...'.
The product should have strong privacy built into it and a commitment from the owners to keep it this way. Calling it something mundane and then competing on the merits of the product will favor mass adoption.
How many users of WhatsApp really understand the implications of E2E? Would they have installed it if it was call 'Chat App Privacy Pro'?
To be fair I think the name of the product is "DuckDuckGo Privacy Pro". It's also Facebook Messenger, Microsoft Outlook, Google Search or Mozilla VPN (not just VPN).
> No need to install a separate VPN app. Once you sign up for Privacy Pro, you can install our VPN right in your DuckDuckGo browser
> we use the open-source WireGuard protocol
Any info on how that is implemented?
Did they build some plug-in, where a user can enter VPN details/credentials?
Asking since I'd love to have something, where I can add my own self-hosted VPN details to have browser only (not the whole machine) connected through VPN.
> So if you'll pardon my pun, I think they've probably just duck-taped a standard VPN client app into their browser app
If it's true, then I'll only double the pun.
But that's why I'm also curious about the "No need to install a separate VPN app" part.
Never tried WIreGuard in Windows, but AFAIK it tries to mean serious business, "no connection runs past". So there should be things similar to WinPcap or something like that under the hood.
And they're unlikely to work without installation. Moreover, quite likely require a reboot after the install. But I could be wrong.
Most likely SOCKS5? At least in Firefox there's builtin UI for configuring it separately from OS. Chromium is more annoying and needs command line flags.
They claim to use wireguard, which might be something a browser extension can start on-demand?
AFAIK, there's still no proper SOCKS user authorization. So if I do something like that on my own VPS, I'll quickly have like 10 000 open connections from Pakistan there.
> At least in Firefox there's builtin UI for configuring it separately from OS
Yes, also extensions like FoxyProxy.
SOCKS4/5 configuration in Firefox is a pure joy. Adding a Putty tunnel there is probably the only simple way to achieve what I described in the comment above.
> And we have a strict no-logging policy; we don’t log or store data that can connect you to your online activity, or to any other DuckDuckGo services, such as search.
These days the bar for privacy should be higher than "we don't log your activity, trust us." We should aim higher than VPNs.
I've been enjoying iCloud Private Relay. Basically it's a type of onion routing. From a privacy perspective, it narrows your leap of faith to "trust that the system is architected the way we say it is and there's no out-of-band collusion among the relays." With that, the entry node (Apple) shouldn't be able to see your destination and the exit node (Apple partner) shouldn't be able to see your IP.
Fun fact: it breaks Google search for me and forced me to switch to DDG! I got a captcha almost all the time. In a way, I see that as a positive sign that it's really working to protect privacy.
I didn't even realize DDG had a browser. I've been using Brave for a few years now which has also offered a built-in VPN (which I don't use). If anyone has chose DDG over Brave, what were the deciding factors?
Can't comment on Windows or iOS, but the Android browser is neat!
Good:
- I like that you can pin websites for easy access, the grid is visible when the address bar is focused or when you open a new tab. Similar to Firefox but more intuitive!
- It blocks a fair amount of ads (incidental blocking, because they block trackers)
- The history is cleared after a period of inactivity or when you dismiss/quit the app, and you can "fireproof" specific websites that you want to preserve
- The accessibility features like text size and page zoom actually work, unlike Chrome or Brave where it's been broken forever (at least for me)
Less good:
- The search settings are often "forgotten". It doesn't seem to be related to the history clearing but things like "disable ads" or "safe search off" are often reset...
- I believe all the icons on the favorites grid that I like so much are fetched via a duckduckgo service, ie DDG sees the domains you've favorited...
- Some network errors result in a black page, especially anything SSL-related. Very frustrating when it happens in a captive portal...
Really can’t recommend the DDG browser on iOS for what it’s worth - it’s buggy, and has an incredibly frustrating habit of glitching it when you swipe to navigate back from a page.
In my experience, personal info removal is a scam. I haven't used DDG specifically, but other services I tried just send you a list of companies you still have to contact yourself.
DuckDuckGo team member here - Personal Information Removal fully automates the process of opting out from data broker sites, all from your device. So you don't need to contact companies yourself. More about how that works at https://duckduckgo.com/duckduckgo-help-pages/privacy-pro/per...
I haven't used it, and only going off what is written, but:
>We scan dozens of these sites for your info and, if found, request its removal, even handling back-and-forth confirmation emails for you automatically behind the scenes.
There is really very little upside to this service. If one wants a plain old wireguard VPN you should just use Mullvad. It's cheaper and has more geographic reach.
But using a VPN for privacy is a bad idea in the first place. At least Apple and Vivaldi get that and have moved to two party privacy designs.
Comcast has no vested interest in not sharing/re-selling my data. also it provides a stable IPv4 with geoip tagging that both serves to de-anonymize me and make it easier for third-parties to track me.
My VPN provider has a vested interest in not sharing or re-selling my data, if caught doing so it would cause a major loss of business for them and potentially permanently tarnish their reputation. Additionally they provide a stable IPv4 shared with many other users. Tracking is still possible, but is far less trivial and not so easily correlated with a county/state.
So I use a VPN. It keeps me safe from script-kiddies who might discover my IP when I visit their website. I provide free help for people having trouble with HTML/CSS, so I visit a lot of strange places.
Comcast and $VPN_PROVIDER have a vested interest in staying in business, so they will gladly hand over the data to the friendly neighbourhood intelligence agency when requested.
Agree, personally though $agency isn’t part of my threat model while my ISP most certainly is. I would even pay a premium if they offered similar privacy controls as a VPN, but they’d be publicly admitting to shenanigans that most of their customers are blissfully ignorant of!
I've had an ISP literally send me a piece of mail telling me they were going to monetize my browsing data. The VPN at least claims it's trying to protect my privacy.
The most common use case is when you don't trust your local network connection. In some places, ISPs collect and sell browsing data. In many places, public wifi hotspots do too. Whether or not one or the other is more trustworthy is a personal judgement call.
There's few use cases outside of placebo. Torrenting without your ISP yelling at you, for one. Getting access to region-locked content, for another. Maybe regional pricing?
You're right that at the end of the day, it's just someone else seeing where you visit. And frankly, I think VPN users would be a higher target of surveillance anyways.
And if the VPN's company is from any 5-9-13-whatever-eyes country, you can assume all that information is being collected by them anyways.
One use-case you didn't mention is when the user doesn't want ShadyISP to sell their browsing habits (which are conveniently linked to a billing address, name, and more), despite the user understanding that governments could still potentially have access.
>You're right that at the end of the day, it's just someone else seeing where you visit
You write this as if it's some trivial little detail. Who that someone is that is privy to your browsing habits is a significant detail.
Everyone with an internet connection should at least read the Key Findings, just the first few pages of that report.
I assume that regional or small ISPs have similar practices, but these big ones have been M&A’d into massive orgs having control of “a much larger and broader cache of consumer data than ever before, without having to explain fully their purposes for such collection and use, much less whether such collection and use is good for consumers.”
That's fair. Governments may get it either way, but I doubt they bother to sell the data - and a paid-for VPN obviously wouldn't want to sell it, assuming they're worried about getting caught and losing customers.
I mean, I trust Mullvad not to sell my internet traffic to 25 of the highest bidders, or hand it over to whatever three letter agency wants it because I say something that's a bit to unamerican.
And I get to circumvent the prying eyes of my ISP, office's BYOD network, etc.
Is odd to me that this company choose to use the domain spreadprivacy.com to promote his products. Not the best branding approach to gain naming recognition and trust.
It’s still just censored AF Bing underneath - DDG doesn’t have its own index. Just use Brave Search (which _does_ have its own index) and in 1% of the cases it doesn’t do the trick, go to Google.
Their browser is not available for Linux. I strongly contend that a company that has privacy products, but shows no awareness of Linux, is not one that takes privacy seriously.
The product should have strong privacy built into it and a commitment from the owners to keep it this way. Calling it something mundane and then competing on the merits of the product will favor mass adoption.
How many users of WhatsApp really understand the implications of E2E? Would they have installed it if it was call 'Chat App Privacy Pro'?