Eric Schmidt, chairman of Google’s parent company Alphabet, has openly stated recently that Google’s hold on information is so powerful, it could even influence people’s political views. Ya think?!
The only thing worse than this influence is the fact that Google has become deeply embedded in our lives. If you so much as view a web page with a single Google ad, they can track you in very clever ways.
When you use Android + Google search + Google Maps + view web sites with ads, Google is essentially gathering data on everything you do.
It would be naive to assume that this data isn’t finding its way into the hands of folks like the NSA… The point of the Ed Snowden “revelations” wasn’t to make you safer; it was to scare the living crap out of you. Nothing changed, despite the very public declarations that all is better now.
Well, okay… But Google search is handy. Is there a better alternative? There sure is!
Getting Started with DuckDuckGo
Right, so this is pretty quick. Just go here: https://duckduckgo.com
Now, search for something.
Wasn’t that easy?
By default, DuckDuckGo claims they do NOT save your search history, track your browser, record your IP and associate it with your browsing habits/history, etc.
In short, they apparently do not do everything Google does… but they do give you nice search results!
Tweak your Privacy Settings
This is pretty easy, as well. First, click the “hamburger” button in the upper right corner of the DuckDuckGo search page:
Next, you’ll need to:
- Click the Privacy button
- Make sure HTTPS is ON (should already be on by default)
- Turn GET requests OFF
- Make sure Redirect (when necessary) is ON
- Click Save and Exit
What you just did is to ensure that all your searches go over HTTPS, aka SSL, aka an encrypted connection. As I said, this should now be the default for all DuckDuckGo searches.
Next, you turned off GET requests, which I’ll get to below.
Finally, you want to make sure Redirect is on because DuckDuckGo tries to protect your privacy by preventing the web site you’re going to from knowing the search terms you used to get there. In other words, the remote web site will know you came from DuckDuckGo, but they won’t see anything else.
The DuckDuckGo browser Add-On: Don’t use it
Okay, this one is going to annoy you. Go ahead and install it if you want to, but it reduces your privacy.
Here’s why.
Remember when you turned off GET requests above? Well, by default, DuckDuckGo and Google both use GET requests for searches. When you search via the Chrome or Firefox DuckDuckGo search bar, they both always do GET requests.
Simply put, a GET request means that your search terms are visible in the address bar of your browser. With POST requests, those search terms are invisible.
A picture is worth a thousand words, so:
Note in the above image that the search term I typed was “test”. Also observe in the address bar the part ?q=test. That’s your search term.
Why does this matter?
When you use HTTPS to browser a web site, the traffic between the web site and your browser is encrypted. That means nobody can spy on or modify the content you’re viewing (more or less). BUT… The actual URL (or web address) you are visiting is visible to your ISP and anyone else who’s watching!
UPDATE:
Wrong! As Frog pointed out in the comment section below, the URL (with GET vars) is not visible to your ISP or anyone else watching. It is visible in server logs (i.e. Google’s server logs), your browser history, and referrer headers (like for JavaScript or image requests from within the page you’re viewing). It’s still safer to use POST requests if you want to be extra-secure, but not for the reason I originally wrote above. And certainly, your ISP cannot see anything! Thanks, Frog!!
With HTTP, the URLs you visit are known by anyone watching, and the content of those web pages can be seen and even modified by Evil People.
With HTTPS, the URLs you visit are still known by anyone watching, but the content of those web pages cannot be seen or modified by Evil People.
With HTTPS + POST requests, the URL doesn’t reveal anything, and the content of those pages cannot be seen by anyone except you.
So, you want to use POST requests. When you tell DuckDuckGo to prefer POST requests, your browser sends your search terms in a different way such that those search terms are not visible in the address bar, like so:
Note here that I searched for “cheese”. But now look at the address bar. The URL is just duckduckgo.com, without any “stuff” at the end.
That’s because my browser sent a POST request to duckduckgo.com – over an encrypted HTTPS connection – so no one watching has any idea of what I actually searched for!
Nifty, yes?
Just remember: to use POST requests, you’ll need to bookmark https://duckduckgo.com and click it each time to do your searches – instead of using your browser’s built-in search bar.
Other Options
Finally, there are some other things you can set in DuckDuckGo’s options.
For example, in Settings -> General, the default for directions and such is Bing Maps. You can change that to something else if you’d like.
You can even turn off advertisements on the General page for 0 tracking.
So there you have it: use DuckDuckGo, and you’ll be searching and surfing with a lot more privacy!
“With HTTPS, the URLs you visit are still known by anyone watching.” — This is just not true! Only you, your browser and the server will see the URL. However, the use of POST instead of GET requests is still advised if you do not want your browser to record sensitive data in its browsing history or the WWW server to have that data displayed in its access log.
EEK!! You are correct. I’ll update the article. Thanks!!