Qwant sometimes hits Tor users with this puzzle after they submit a query. Then after solving the puzzle, they're brought back to an empty form so they must re-type their query.

This is an examination of the integrity and credibility of the following projects that attempt to advise privacy-focused consumers.

Harmful endorsement: DuckDuckGo ("DDG")

Why it's harmful: article

(*) DDG claims they do not track users, but they cannot prove it. So when a third party like Switching Software or ThinkPrivacy states DDG does not track you, they are asserting something they can't. They should not be endorsing DDG in the first place, but if they insist, then they should instead say something like "DDG claims not to track you" so as to avoid deceiving people about the verifiability of the claim.

It's particularly interesting to note that ThinkPrivacy gives the highest endorsement to Startpage, which was bought by US advertising company "System1". Yet ThinkPrivacy loudly condemns for the very same reason. Why? Dan Arel works for Startpage. This arose out of a scandal where Mr. Arel was advising the privacytools.io project at the time PTIO was considering pulling their endorsement of Startpage.

To be fair, DuckDuckGo has a much more extensive history of undermining privacy both directly and by proxy through partnerships with privacy abusers than Startpage.

Harmful endorsement: Qwant

While Qwant has some privacy strengths that make it substantially more trustworthy and privacy-respecting than DuckDuckGo, it still has noteworthy issues that undermine privacy:

1. Privacy
   1. Tor hostility -- Tor users are sometimes forced to solve a CAPTCHA, and it's implemented in a destructive manner. That is, the search query is collected before Qwant decides to push a CAPTCHA. Since the user has already invested effort in typing the query, the user is coerced to solve the puzzle in order to not throw away their effort to that point. Then after successfully solving the puzzle, the query is wiped out anyway and the user is forced to retype their query.
   2. No proxy feature. Some search engines like Searxes and Metager give an alternative proxy or cached link that avoids directly connecting to the site in the results. This is useful for all users but it's important to Tor users because many sites block or mistreat Tor users, in which case Tor users must visit the site indirectly. Qwant neglects to accommodate.
   3. Qwant's swag store accepts Paypal, who then shares customers data with 600 companies amid other abuses.
   4. Qwant's swag store says "follow us on Facebook", leading users into mass surveillance and makes no mention of their Mastodon account.
2. Microsoft partnership has been ongoing.
   1. Qwant patronizes Microsoft for its advertising network
   2. Qwant claims they no longer use Bing search results, but this is disputed. (And then they admit to it)
   3. Qwant uses Microsoft Azure cloud services.
3. Qwant's swag store sells apparel made of cotton, which is bad for the environment.
4. Qwant has ties to Fight for the Future Inc, an organization that claims to fight for net neutrality yet uses CloudFlare themselves.

We won't document all of Microsoft's wrongdoing here, but MS has a long history of privacy abuse and still today they are embroiled in privacy scandals such as financial facial recognition technology to AnyVision and violating the GDPR.

(*) Qwant claims they do not track users, but they cannot prove it. So when a third party like Switching Software states Qwant does not track you, they are asserting something they can't. They should not be endorsing Qwant in the first place, but if they insist, then they should instead say something like "Qwant claims not to track you" so as to avoid deceiving ppl about the verifiability of the claim. OTOH, Qwant would be violating the GDPR if they did track you contrary to their privacy policy, so perhaps it's fair enough for Switching Software to make this assertion (unlike DDG, who is bound only contractually & they've shown to violate it already).

It's worth considering that sites that endorse DuckDuckGo and nothing else are actually more harmful than sites that list other alternatives like Qwant, b/c there is more likeliness that users opt to use DDG when it's the only endorsed choice.

(part 2: messaging services)

(part 3: s/w repos)

There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted:

• Nefarious History of DDG founder & CEO:
  • DDG's founder (Gabriel Weinberg) has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006)
  • Weinberg's motivation for creating DDG was not actually to "spread privacy"; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg's means (not ends) in that endeavor. Clearly he doesn't value privacy -- he values perception of privacy.
• Direct Privacy Abuse:
  • DDG was caught violating its own privacy policy by issuing tracker cookies.
  • DDG's app sends every URL you visit to DDG servers. (reaction).
  • DDG is currently collecting users' operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the "network" tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
  • DDG is accused of fingerprinting users' browsers.
  • When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
  • DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium.
• Censorship: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
  • DDG is complying with the "celebrity threesome injunction".
• CloudFlare: DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity:
  • Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network.
  • Privacy: All CloudFlare sites are surreptitiously MitM'd by design.
  • Net neutrality: CloudFlare's attack on Tor users causes access inequality, the centerpiece to net neutrality.
  • DDG T-shirts are sold using a CloudFlare site, thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying "DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs." (2019)
  • DDG hired CloudFlare to host spreadprivacy.com (2019)
• Harmful Partnerships with Adversaries of Privacy Seekers:
  • DDG patronizes privacy-abuser Amazon, using AWS for hosting.
    • Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide.
    • Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes.
    • Amazon paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
    • Amazon runs sweat shops, invests in climate denial, etc.. the list of non-privacy related harms is too long to list here.
  • DDG feeds privacy-abuser Microsoft by patronizing the Bing API for search results and uses Outlook email service.
    • Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations)
    • Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress.
    • Microsoft paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
    • DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==> "...duckduckgo-com.mail.protection.outlook.com"
  • DDG is partnered with Yahoo (aka Oath; plus Verizon and AOL by extension). DDG helps Yahoo profit by patronizing Yahoo's API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways:
    • Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills)
    • Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay.
    • Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace.
    • Verizon supports the TTP treaty.
    • Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration.
    • Yahoo recently recovered "deleted" e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy.
    • Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers.
    • (2014) Verizon fined $7.4 million for violating customers’ privacy
    • (2016) Verizon fined $1.35 million for violating customers’ privacy
    • (2018) Verizon paid $200k to fight privacy in CA. See also this page
    • (2018) Verizon caught taking voice prints?
    • more dirt (scroll down to Verizon)
    • (2016) Yahoo caught surreptitiously monitoring Yahoo Mail messages for the NSA.
• Advertising Abuses & Corruption:
  • DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources.
  • Tor Project accepted a $25k "contribution" (read: bribe) from DDG, so you'll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over Ss -- and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG -- a likely consequence of EFF's close ties to Tor Project.

For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC:

18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum.

18:20 < psychil> we've seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al.

18:21 < psychil> all CISPA-sponsoring companies

18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn't be pushed on every user weighing their choice of browsers

18:26 -!- mode/#tor [-b psychil@!@*] by ChanServ

18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)... PLUS brain - good bundle. I am happy. And please, don't rush to change Reality (do it slowly with love and respect). Because it's home for many ppl. They construct their lives in it. Think twice before ruining that. Please.

18:27 -!- mode/#tor [+b psychil!@] by ChanServ

18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD]

Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn't align with their view / propaganda.