Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Ether Rag: Duck Duck Go: Illusion of Privacy

Yosem Companys companys at stanford.edu
Sun Jul 14 12:09:07 PDT 2013


http://etherrag.blogspot.jp/2013/07/duck-duck-go-illusion-of-privacy.html

Duck Duck Go: Illusion of Privacy

There have been several articles in the press recently about users
flocking to DuckDuckGo in the wake of the recent NSA snooping
revelations.  If you are in this category this post is meant for you.

If you use DuckDuckGo solely for the myriad of other benefits, such as
reducing advertiser tracking, filter boxing, etc. move along nothing
to see here.  DuckDuckGo will provide you at least that level of
“privacy”.

Update: Wow, I didn't expect this blog post to spread so widely.
First of all, let me say to those accusing me of hating on DDG, I am a
DDG user.  I think they have a great service.  This post is solely
about the misconception that seems to have spread primarily from The
Guardian article that DDG can somehow protect you from NSA monitoring.

DDG stated, "We literally do not store personally identifiable user
data, so if the NSA were to get a hold of all our data, it would not
be useful to them since it is all truly anonymous."  I would like to
direct readers to this article which basically nullifies whatever
protection DDG thinks it can provide, or you the reader think you
have.

Standard Wiretaps

DuckDuckGo can easily be compelled either under the Communications
Assistance for Law Enforcement Act (CALEA), standard court orders, or
by secret orders from the Foreign Intelligence Surveillance Court
(FISA) to provide tap-on-demand.  I don’t think anyone can dispute
that.  If you are specifically targeted in an investigation, you can
bank on the fact that all of your searches and their history “going
forward” after the court order will be collected on you and stored.

Google has at least a transparency report detailing the number of
non-FISA requests it receives and now a “ballpark” reporting of FISA
requests.  Users should demand the same of DuckDuckGo.

Deep Integration

DuckDuckGo has made a lot of hay about their privacy, but like many
other technology companies they have remained silent about their
collaboration, if any, with law enforcement and security agencies.

Why shouldn't they?  They are reaping the benefits of an uninformed
populace flocking to their service to avoid the NSA dragnet.  The
privacy they offer is privacy from third-party advertisers and
cross-site tracking.

The MarCom departments of big players like Google, Yahoo!, Microsoft
and others are getting good at crafting extremely carefully worded
denials through lies of omission.

DuckDuckGo says:

DuckDuckGo does not store any personal information, e.g. IP addresses
or user agents
But what if DuckDuckGo provided a splitter-feed to the NSA?
DuckDuckGo can claim without lying that they store no personal
information, but that speaks nothing of a collaborating partner
storing it.

Can they refuse to collaborate with the NSA if approached?  If one
looks at the recent reports about Yahoo! and others the answer is “No,
you cannot”.   Yahoo! apparently made concerted efforts to resist,
sending lawyers into battle, and ultimately (and silently) lost the
fighting the FISA Court.  “Silently” because their loss and the ruling
that handed it down is also secret.

Assume, nay bank on, the fact that corporations located within the
United States can be and are being compelled to participate in
programs like PRISM and are legally powerless to refuse.

The NSA Can’t Lose

Let’s be realistic, if services start popping up on the internet that
shield substantial amounts of communications from the NSA that the NSA
thinks is valuable, how long to you think the NSA will allow that to
persist before making efforts to abate it?

What can they do?

According to the Washington Post a NSA initiative called “Upstream”
siphons off of “communications fiber cables and infrastructure as data
flows past” at all the major “choke points” of the internet.  So, we
can assume that the NSA has access a substantial amount of ingress and
egress packets to DuckDuckGo.

However, DuckDuckGo is using SSL encryption.  Without DuckDuckGo's
private SSL certificate, your search queries (but not your location)
are invisible.  What is a spy agency to do?

What is a SSL certificate key after all?  It’s simply a small block of
data, often in the form of a file.   And it’s a file that must be
installed on every webserver or load-balancer in a data-center.  If
you possess DuckDuckGo’s cert, you can decrypt all traffic to
DuckDuckGo.  The NSA could get the DuckDuckGo master cert in one of
three ways:

Be given the cert
Physical access to servers or load-balancers
Remote access to servers or load-balancers

Let’s eliminate (1) for the sake of argument.

Option 2

Many smaller internet companies, including DuckDuckGo, do not operate
their own data-center, but instead are “hosted” in another provider’s
datacenter.  In DuckDuckGo’s case, they are hosted by Verizon Internet
Services.  We’ve all learned about the cozy relationship between the
NSA and Verizon, it is quite imaginable that Verizon would simply give
them access to a DuckDuckGo server, or the load-balancer which is
likely owned and operated by Verizon and upon which the SSL decryption
key is installed.  They don’t need continuous access, 30 seconds is
all that would be necessary to copy the cert.

Option 3

If Google’s servers can be compromised by a bunch of Chinese hackers,
and if the computers controlling Iran’s uranium enrichment equipment
can be compromised without even being connected to the internet, how
long would a service like DuckDuckGo (or Verizon Internet Services)
standup against a concerted effort by the NSA?  Verizon Internet
Services is almost the better target given that penetrating their
infrastructure gives you access to potentially all companies hosted by
them.

Again, this is a “get in, and get out quick” type operation.  All they
need is the key, they’ve already got the data.

In Summary

This is not an indictment of DuckDuckGo per se.  Except in as far as
they are taking advantage of the hysteria to their own ends.  Every
provider needs to be upfront with saying, “If it is indeed true that
the NSA is monitoring our ingress/egress traffic, we can make no
guarantee of privacy regardless of encryption or other efforts on our
part.”

In the larger picture, this is the crux of the problem not just for
DuckDuckGo, but the internet as a whole.  Until and unless agencies
like the NSA are forbidden from conducting dragnet collection and
analysis of data, there can be no privacy.  Privacy is merely an
illusion at this point.



More information about the liberationtech mailing list