DuckDuckGo is a private search engine. It is adamant about spreading privacy around the internet. However, there is one issue we discovered that raises privacy concerns. Your search terms, while they may be sent over your network in an encrypted form, show up in plain text in browsing history.
Is DuckDuckGo Really Private?
DDG may work well for reducing advertiser tracking, avoiding filter bubbles, and limiting data profiling, however as this post explains, it may not offer the protection from surveillance organizations that some think. DuckDuckGo, along with many other private search engines, saw a massive influx of users after Edward Snowden sparked general interest in privacy, specifically from government surveillance agencies. Snowden endorsed the use of private search tools for their lack of tracking. However, he also endorsed the use of other data protection measures to create a complete privacy suite. Snowden explains that no privacy tool, or system, is perfect. But more privacy is a good thing, across the board, even if it doesn’t quite protect you from all angles.
DuckDuckGo Doesn’t Offer Forward Secrecy on a Local Level
While DuckDuckGo may not track my searches or link them to my personal information, this is a clear lack of privacy. As a private search engine, DuckDuckGo gives the expectation of privacy. But anyone with access to your computer can view your searches, in plain-text in your browsing history. If any user, or person with access to my computer, can view my search history, there is a clear conflict with the privacy claims that DDG delivers.
By comparison, StartPage and Search Encrypt don’t display search terms in your history. If you try to go to the links in your history, you will be returned to the search engine’s homepage. That is not the case for DuckDuckGo and Google, which take you right back to the results you were viewing before. This may seem like a minor issue, because users could just clear their history. However, privacy by design means that the most private settings are enabled by default. This extra step makes privacy inconvenient, and the product less user friendly. Privacy by design is essential, especially for privacy based products. The expectation of private search engines is that they deliver on their privacy promises, in this case, DuckDuckGo has failed.
If your DuckDuckGo searches appear in your history, that means Google can access and track your searches even on this search engine. This is especially true if you use Chrome for your browser. Users who want to search the web privately, but who are less technically adept, may assume they are protected, when there is really a clear vulnerability in DuckDuckGo.
DuckDuckGo vs. Search Encrypt
Search Encrypt and DuckDuckGo are both “private search engines”. Both Search Encrypt and DuckDuckGo work to minimize tracking on the internet. There is a key privacy issue that we found with DuckDuckGo that Search Encrypt solves. We’ve discussed encryption before, and Search Encrypt is serious about it (encryption is in our name). By using advanced encryption your search term can’t be found by looking in your browser history or anywhere else on your computer.
Read More: How Does Search Encrypt Work?
DuckDuckGo Displays Search Terms in URL
When you search on DuckDuckGo your search term is visible in the address bar of your browser. As a result, your search term shows up in your history. If the point of DuckDuckGo is to remain more private while searching the web, it doesn’t make sense to have your search terms visible to anyone with access to your computer (or your network). Search Encrypt encrypts your search term right away and then does not display what you searched for in your browser or in your history. We keep your search term in encrypted form, and when you’ve finished searching your search term encryption key expires so that no one has access to what you searched for.
Your search URL on DuckDuckGo: https://duckduckgo.com/?q=your+search+term&t=h_&ia=web
Your search URL on Search Encrypt: https://www.searchencrypt.com/search?eq=a87bqOs2rgTwaGJUXynoh5UJhJnK20sr2B%2BcvCdzoyk%3D
You can see in the image above that using DuckDuckGo or Google leaves your search terms unencrypted and visible to anyone on your computer. Using Search Encrypt as an alternative gets rid of the need to clear your history. If you forget to clear your browsing history after searching on Search Encrypt, don’t worry – your search term is encrypted and will disappear after you’re done searching.
DuckDuckGo Shows Which Links You’ve Clicked On
Let’s say you’re searching for “cars” on DuckDuckGo. If you search and click on one of the search results you’re taken to that web page. The problem is, if you return to the search engine and perform the same or a similar search, any of the search results you’ve already visited are shown in a different color.
Notice that since we’ve visited cars.com before, the link appears in purple rather than blue. This may seem to be a convenient feature, but we see a privacy issue here. If someone else is using your computer, they can see which websites you’ve visited, and can determine what sort of searches you’ve been doing.
DuckDuckGo’s Bangs Don’t Protect Your Privacy
One of DuckDuckGo’s features that many of its users find attractive is “bangs”. These are like shortcuts that you can use to search other websites directly from DuckDuckGo. Say, for example, you want to search for something on Amazon, you can do so directly from the search engine rather than having to navigate to Amazon first by typing ‘!’ and then selecting Amazon. Unfortunately the functionality of “bangs” is often misrepresented and misunderstood. There is an expectation of privacy when using DuckDuckGo. Bangs are represented as a way to search other websites on the internet with the “privacy protection” of DDG, but this is not the case. If you use DuckDuckGo and use bangs to search Google, there is no additional privacy protection. This is the same as going directly to Google and searching from there. Google can still track your search and the metadata associated with it.
It’s confusing to us why DuckDuckGo, if it’s focused on privacy would provide a tool that directly takes people away from a private environment back into Google’s data collection. There is no warning message or prompt that let’s users know that using bangs redirects them to sites that track their data. If DuckDuckGo is going to carry the name of a “private” search engine, they should put that into practice from end-to-end and not just selectively.
Using DuckDuckGo? Try Search Encrypt Instead.
If you’re using DuckDuckGo because you’re concerned about keeping your searches private, it probably isn’t the best choice. DuckDuckGo doesn’t track your search terms to create data profiles about you, but it doesn’t use the level of encryption that we do. Search Encrypt is a private search engine and has some of the industry’s leading encryption measures. There are too many great privacy-friendly products available to use just mediocre or incomplete tools. There are many alternatives to Google and DuckDuckGo that offer more complete and responsible privacy protection.