DuckDuckGo's homepage. Photo: DuckDuckGo.
Show Hide image

Has Edward Snowden changed the way we think about search engines?

DuckDuckGo, a browser which doesn't track your online activity, has increased its traffic six-fold since the Snowden revelations.

Heard of Gabe Weinberg? No, me neither. But earlier this week, the CEO appeared on CNBC to announce that his search engine company, DuckDuckGo, has seen a 600 per cent surge in traffic over the past two years. In a playing field utterly dominated by Google – with Bing And Yahoo! stumbling on behind – this is an intriguing turn of events.

Clues to the site’s success lie in its simplicity. The homepage is pared back, bar the logo’s manically grinning duck (see image above), and, crucially, the site markets itself on the fact that it doesn’t track your online activity. Unlike Google, DuckDuckGo doesn’t supply sites you click on with the search terms you use, and it doesn’t store information about you once you leave. There are no personalised ads –  just ads on the search results page prompted by the keywords you search for. As Weinberg told CNBC: "We make money just with keyword advertising. Type in car, and you get a car ad. It's really that straightforward." 

In practice, this means that those used to Google’s personalised search results may find DuckDuckGo a little frustrating to use. It won’t get to know you, and rank links accordingly. It won’t remind you which one of those news stories you’ve clicked on before (unless your browser has remembered this for you – in which case the site shows a little tick next to the link, rather than turning it purple).

But the timing of the site’s surging popularity suggests it’s part of a wider, and seemingly growing, interest in online privacy. In the weeks after Edward Snowden revealed the mass online surveillance of citizens by the US’s National Surveillance Agency and Britain’s GCHQ, DuckDuckGo reported a 90 per cent hike in traffic.

This is presumably because, as part of the revelations, it became clear that these national surveillance agencies regularly request access to user data from online companies like Google – and any company that collects huge amounts of data on your activities can therefore be forced to hand intimate details of your online life over to the government. DuckDuckGo and sites like it don’t have the data in the first place, so couldn’t pass it on even if ordered to. 

DuckDuckGo’s daily traffic since 2010. Photo: CNBC screenshot.

Yet the CNBC interviewers, while interested in Weinberg’s model, seemed a little nonplussed at the idea that widespread collection of data by websites is anything but a foregone conclusion. One asked how DuckDuckGo expects to make money without collecting user information, when Google, for example, uses its user data to power its huge ad networks, and tie into other parts of its business. Yet Weinberg claims that simple keyword advertising is the “most lucrative” type of ad, especially if companies are bidding against each other to come up whenever someone searches “car” or “mortgage”.

Support from big-hitting tech companies will help, too. 2014, Apple include DuckDuckGo on its default browser list for Safari, which implies that in the industry, at least, the site is now becoming a serious, mainstream alternative.

Google, meanwhile, is making some moves to give users greater control over their data. In 2014, it introduced introduced a “do not track” option, so marketers can't target you with ads – but this only acts as a “do not track request”, which can be ignored by non-participating websites. (More information on how to turn that on here.) The “incognito” browsing option, contrary to popular opinion, only prevents your own computer collecting information for its internal history. It doesn’t change the way Google tracks your activity.  

The real question now is whether DuckDuckGo’s new users are those already concerned with privacy or those particularly spooked by Snowden’s revelations, and whether the average person is bothered enough to switch search engine. Weinberg quoted research in the CNBC interview which found that 40 per cent of Americans would prefer a non-tracking search engine. This implies that a large market is out there, which could grow even larger if consumers are faced with quite how much data companies hold about them. Google currently processes more than a trillion searches per year, so if DuckDuckGo could tap into even 10 per cent of this, its growth over the past couple of years could be just the beginning. 

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.

Show Hide image

7 problems with the Snooper’s Charter, according to the experts

In short: it was written by people who "do not know how the internet works".

A group of representatives from the UK Internet Service Provider’s Association (ISPA) headed to the Home Office on Tuesday to point out a long list of problems they had with the proposed Investigatory Powers Bill (that’s Snooper’s Charter to you and me). Below are simplified summaries of their main points, taken from the written evidence submitted by Adrian Kennard, of Andrews and Arnold, a small ISP, to the department after the meeting. 

The crucial thing to note is that these people know what they're talking about - the run the providers which would need to completely change their practices to comply with the bill if it passed into law. And their objections aren't based on cost or fiddliness - they're about how unworkable many of the bill's stipulations actually are. 

1. The types of records the government wants collected aren’t that useful

The IP Bill places a lot of emphasis on “Internet Connection Records”; i.e. a list of domains you’ve visited, but not the specific pages visited or messages sent.

But in an age of apps and social media, where we view vast amounts of information through single domains like Twitter or Facebook, this information might not even help investigators much, as connections can last for days, or even months. Kennard gives the example of a missing girl, used as a hypothetical case by the security services to argue for greater powers:

 "If the mobile provider was even able to tell that she had used twitter at all (which is not as easy as it sounds), it would show that the phone had been connected to twitter 24 hours a day, and probably Facebook as well… this emotive example is seriously flawed”

And these connection records are only going to get less relevant over time - an increasing number of websites including Facebook and Google encrypt their website under "https", which would make finding the name of the website visited far more difficult.

2. …but they’re still a massive invasion of privacy

Even though these records may be useless when someone needs to be found or monitored, the retention of Internet Connection Records (ICRs) is still very invasive – and can actually yield more information than call records, which Theresa May has repeatedly claimed are their non-digital equivalent.

Kennard notes: “[These records] can be used to profile [individuals] and identify preferences, political views, sexual orientation, spending habits and much more. It is useful to criminals as it would easily confirm the bank used, and the time people leave the house, and so on”. 

This information might not help find a missing girl, but could build a profile of her which could be used by criminals, or for over-invasive state surveillance. 

3. "Internet Connection Records" aren’t actually a thing

The concept of a list of domain names visited by a user referred to in the bill is actually a new term, derived from the “Call Data Records" collected by hone companies. Compiling them is possible, but won't be an easy or automatic process.

Again, this strongly implies that those writing the bill are using their knowledge of telecommunications surveillance, not internet era-appropriate information. Kennard calls for the term to be removed form the bill. or at least its “vague and nondescript nature” made clear.

4. The surveillance won’t be consistent and could be easy to dodge

In its meeting with the ISPA, the Home Office implied that smaller Internet service providers won't be forced to collect these ICR records, as it's a costly process. But this means those seeking to avoid surveillance could simply move over to a smaller provider. Bit of a loophole there. 

5. Conservative spin is dictating the way we view the bill 

May and the Home Office are keen for us to see the surveillance in the bill as passive: internet service providers must simply log the domains we visit, which will be looked at in the event that we are the subject of an investigation. But as Kennard notes, “I am quite sure the same argument would not work if, for example, the law required a camera in every room in your house”. This is a vast new power the government is asking for – we shouldn’t allow politicians to play it down.

6. The bill would allow our devices to be bugged

Or, in the jargon, used in the draft bill, subjected to “equipment interference”. This could include surveillance of all use of a phone or laptop, or even the ability to turn on its camera or webcam to watch someone. The bill actually calls for “bulk equipment interference” – when surely, as Kennard notes, “this power…should only be targeted at the most serious of criminal suspects" at most.

7. The ability to bug devices would make them less secure

Devices can only be subject to “equipment interference”, or bugging, if they have existing vulnerabilities, which could also be exploited by criminals and hackers. If security services know about these vulnerabilities, they should tell the manufacturer about them. As Kennard writes, allowing equipment interference "encourages the intelligence services to keep vulnerabilities secret” so they don't lose their own access to our devices. Meanwhile, though, they're laying the population open to hacks from cyber criminals. 


So there you have it  – a compelling soup of misused and made up terms, and ethically concerning new powers. 

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.