Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In related news, DuckDuckGo has seen a huge spike in traffic (https://duckduckgo.com/traffic.html). Even if the NSA has probably circumvented DDG's privacy features, it's still worth using them for trying to preserve user privacy. And in my experience, DDG's search results have improved drastically, to the point that I very rarely have to resort to Google.


I wonder what Gabriel Weinberg would do if the NSA told him to hand over his SSL keys so they could view all his traffic. Would he shut down like Lavabit did? Would be interesting to get a statement out of him about this.


Have to give you more than an upvote here. This is an excellent point, and could be extended to many companies that are concerned with privacy. It would be great if their leaders made preemptive public statements on how they would handle that situation.


What we need is not someone who will shut down the server like Lavabit did, but someone who will refuse to hand over the keys and yet keep the service running. Someone who will fight. I get it, it's better to shutdown than to be evil and hand over the keys, but it's much better to fight.


If this scandal has taught us anything, it's that the services you use don't matter.

You have to assume everything sent over HTTP(S) is insecure. If it cannot be MITMd now, it can be stored and decrypted later.

Even if you connect via more secure means, you cannot trust service providers to tell the truth about the data they collect or store.

In short, you can't trust anyone or anything anymore. Trust is a weakness.


You also can't trust the low level components of your computer. http://c2.com/cgi/wiki?TheKenThompsonHack


You've got to draw the line somewhere, unless you're fine with the conclusion that you can't trust any form of computing technology (which leaves you powerless against mechanized systems of control).

It seems like we should be able to progress on this front, but I haven't seen much work towards it. Trustable computers are necessary but clearly not sufficient to push back against tyranny, which is why I (like everyone else) just assume my computing base is solid (or at least not infecting the software I'm writing), while working on software to help get us out of this VC-fueled "web 2.0" trap.


> You've got to draw the line somewhere

This is the heuristics I use:

1) You can generally trust network equipment because there are many types of it, produced by many companies all over the world.

2) This means any backdoor in your computer that transmits information over the network would be trivial to detect and therefore useless for NSA et al.

With that in mind, the most dangerous backdoor that could feasibly exist is probably the one that subverts the RNG. Here is a discussion about a hypothetical backdoor in the hardware RNG built into new Intel CPUs: http://crypto.stackexchange.com/questions/9210/technical-fea...


There'd be plenty of ways to use existing network traffic as a side channel when you've tapped the network a few hops away (eg adjusting packet timings or sequence numbers). Also, a backdoor doesn't have to be active all the time (although that would hinder dragnet surveillance)

https://news.ycombinator.com/item?id=6149345


Much of DDG's privacy stems from not having any user data to store in the first place. While that can be circumvented to some extent, it's hard to do so without outwardly visible consequences.


What exactly is preventing the government from ordering DDG to store queries and the IP addresses that make them?


Nothing, but an IP address is not equivalent to a user. The accuracy of the tracking would be quite poor.


I have tried DDG a bit for the last week, but unfortunately for me its results have been so much inferior to Google's that I had to give up on it. I hope it gets there.


I use DDG as my default, and when I'm not getting the results I know I could get with Google, I go to Google. It's usually pretty obvious. This way I support DDG, while not sacrificing my productivity (too much).


Amen. DDG has weaker results on local searches but has better, more diverse results than Google on general topics. I use it all the time now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: