Private Google Search Alternatives

Google NSA skin using Stylish Browser PluginA few weeks back, I dropped Google search in favor of DuckDuckGo, an alternative search engine that does not log your searches. Today, I’m here to report on that experience and suggest two even better secure search tools: StartPage and Ixquick.

The probelm with DuckDuckGo

As I outlined in my initial blog post, DuckDuckGo falls down probably as a consequence of its emphasis on privacy. Whereas Google results are based on an array of personal variables that tie specific result sets to your social graph…a complex web of data points collected on you through your Chrome Browser, Android apps, browser cookies, location data, possibly even the contents of your documents and emails stored on Google’s servers (that’s a guess, but totally within the scope of reason). This is a considerable handicap for DuckDuckGo.

But moreover, Google’s algorithm remains superior to everything else out there.

The benefits of using DuckDuckGo, of course, are that you are far more anonymous, especially if you are searching in private browser mode, accessing the Internet through a VPN or Tor, etc.

Again, given the explosive revelations about aggressive NSA data collection and even of government programs that hack such social graphs, and the potential leaking of that data to even worse parties, many people may decide that, on balance, they are better off dealing with poor search precision rather than setting themselves up for a cataclysmic breach of their data.

I’m one such person, but to be quite honest, I was constantly turning back to Google because DuckDuckGo just wouldn’t get me what I knew was out there.

Fortunately, I found something better: StartPage and Ixquick.

Google but without all the evil

StartPage is a US version of the Dutch-based search engine Ixquick.

There are two important things to understand about StartPage and Ixquick:

  1. Like DuckDuckGo, StartPage and Ixquick are totally private. They don’t collect any data on you, don’t share any data with third parties and don’t use cookies. They also use HTTPS (and no Heartbleed vulnerabilities) for all transactions.
  2. Both StartPage and Ixquick use proxy services to query other search engines. In the case of Ixquick, they query multiple search engines and then return the results with the highest average rank. StartPage only queries Google, but via the proxy service, making your search private and free of the data mining intrigue that plagues the major search engines.

Still some shortcomings remain

But, like DuckDuckGo, neither Ixquick or StartPage are able to source your social graph, so they will never get results as closely tailored to you as Google. By design, they are not looking at your cookies or building their own database of you, so they won’t be able to guess your location or political views, and therefore, will never skew results around those variables. Then again, your results will be more broadly relevant and serendipitous, saving you from the personal echo-chamber that you may have found in Google.

Happily private

It’s been over a month since I switched from DuckDuckGo to StartPage and so far it’s been quite good. StartPage even has a passable image and video search. I almost never go to Google anymore. In fact, I’ve used a browser plugin called Stylish to re-skin Google’s search interface with the NSA logo just as a humorous reminder that every search is being collected by multiple parties.

For that matter, I’ve used the same plugin to re-skin StartPage since where they get high marks for privacy and search results, they’re interface design needs major work…but I’m just picky that way.

So, with my current setup, I’ve got StartPage as my default browser, set in my omnibar in Firefox. Works like a charm!

Ed Sez – Tips from Edward Snowden on Foiling the Snoopers

At the recent SXSW conference, Edward Snowden supplied people with tips to complicate the lives, if not totally block, those that stick their noses in your online business.

Not to be confused with trying to ruin the chances of the NSA averting a nuclear strike by terrorists on my own country, I do feel there are some well-reasoned limits to what the US government should be doing, especially when it comes to figuring out ways to undermine secure Internet protocols. After all, when, as purported by Snowden, the NSA begins devising backdoor hacks into our web browsers, you can be certain that this only makes it easier for others (perhaps dangerous) individuals from doing the same.

In other words, in the name of the War on Terror, the NSA might actually be planting the seeds for the death of the Internet…or at least a 9/11 style assault on the world’s computer infrastructure. Students of the origins of Bin Laden and his connections with the US War on Communism might be right to feel a little déjà vu.

A related threat, of course, is that criminals might stand on the shoulders of the NSA’s good work and do some very bad work against you and your bank account and your identity.

Anyway, that’ my soap box speech on this.

But back to my recent spat of blogs on privacy and how to cover your virtual butts. Snowden did hand out a few treats for the kids at SXSW: two browser plugins that he regards as good ways to enhance your privacy against NSA or NSA-inspired hackers.

The first is Ghostery, which allows you to view what web services are collecting data on you when you visit a given web page. It goes further by letting you (Ad Block style) block, pause or allow such collection.

I’ve been using it for a few days and have found it fascinating just how many scripts are gathering info on me when I land on a given page. Right now, I have everything turned off, so that should take care of that.

I did experience one problem watching an embedded video on a website. In these cases, you can pause all of Ghostery or try to figure out which one of the dozen or so scripts it’s blocking is the required one for the video and then decide if it’s worth it.

The other plugin is called NoScript, which simply shuts down all scripts, including JavaScript, Flash, etc. I haven’t tried this out, but I’m expecting it be something I will only use sparingly given the amount of jQuery and other useful bits embedded in many web interfaces.

 

This Too Shall Pass – Deleting My Facebook Account

Screen Shot 2014-03-15 at 10.18.57 AMI’m killing my Facebook account.

And with it, I’m severing that company’s ability to collect data on my web habits, whereabouts, social connections (including off-Facebook connections) and financial transactions.

Apparently, I’ll also be reducing my exposure to NSA malware, as Mark Zuckerberg revealed in a public thrashing of Obama and the intelligence services that have been spreading malware through imposter Facebook sites.

This really won’t be that hard. Last year, I began experimenting with not using the social network, just to see how that was. This impulse was born from a general annoyance about FB’s murky privacy policies and the general tone of content on FB which had became increasingly irrelevant to my real social connections with people. (Remember when people started to appreciate that group emails were rude and began with the lines, “sorry for the group email!”…That’s how Facebook seems to me now, without the apologetic preface.)

BTW, if you’ve got your own suspicions about Facebook, the Electronic Frontier Foundation has put together a great timeline of Facebook’s shifting privacy policies. Reading their timeline is a great way to get your head around how free Internet services (FB, Gmail, etc.) are really about hooking you in with very clear and considered privacy policies that are planned to be revoked once they’ve got you dependent on them…or at least that’s how the timeline suggests this business model works.

Of course, deleting my Facebook account won’t be without costs.

If you’ve been a rolling stone like me, you have friends in many far-flung places. Facebook did make those connections feel stronger, so that aspect will be missed. But I’m online and quite findable, so if my pals from Japan or Europe want to find me, they only need know my name.

It turns out that completely deleting your account is a two-week process, described quite well on Digital Trends. The trick is that once you delete your account, you cannot log in for two weeks, or your account will be reactivated. That means you should first delete all apps from phones, tablets, etc. before deleting your account. You should probably delete your cookies too, just to be sure you don’t inadvertently reactivate it by triggering all those FB web beacons that mine the Interwebs.

Anyway, I’ll give my FB contacts a few days to run across my post and then I’ll zap it for good.

Better living through anonymity!

Back to Firefox – Update on Sync

This goes out to all you paraoid netizens out there, and if you’re not one, you should be…

As a follow-up to my last post on moving off Chrome and back to Firefox for privacy and security reasons, I wanted to document that I gave Firefox Sync a closer look.

Mozilla, the folks that develop Firefox, has a very detailed information page on Firefox Sync, but to sum up, this feature allows one to share add-ons, bookmarks, passwords, preferences, history and tabs across all your computers and other devices.

Firefox Sync PreferencesDouble-plus-good: you can decide what to sync and what not to. Because I’m trying to be extra careful with my data, I opted for syncing only my add-ons, bookmarks and preferences. One important note on syncing add-ons, this will install your add-ons across your devices, but not necessarily configure them, so you might have to do that part manually.

If you opt to sync your history, it will do so up to 60 days.

Reading over the security details of Firefox Sync, it seems like you’re in pretty good hands since sync uses an encryption key. I consider passwords and history going beyond my tolerance threshold, but these are likely pretty secure for most folks. My rule is to assume that hackers access my sync data: What can I live with leaking out to the public?

Add-ons? okay
Bookmarks? I guess so.
History? Not really
Passwords? Are you kidding?

When I set up sync, I also added Firefox as my default phone browser which I find no problems with yet and it’s nice to know that I’m surfing as privately on Android as on OSX.

Return to Firefox

Firefox Logo by Andrew McCarthy & Kara Zichittella : Appicns“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
–Eric Schmidt, Google CEO

“If you want to stay anonymous online, you have to break links at every step”
–Ashkan Soltaini, privacy consultant

I’m breaking up with Google, one service at a time. Last week it was Google’s search engine, which I swapped for DuckDuckGo. This week, it’s Google’s Chrome Browser.

As I said a week ago, recent revelations of the commodification of our personal information, the revolving door our personal information swings through between tech companies and the world governments and the increasingly effective hacking of our financial transactions and personal information, has made me rethink my decision to trade privacy for convenience.

Step one was to wean myself off of Google.com.

Step two will be to sever another link in the chain between me and Google’s databases: the Chrome Browser.

To be fair, Chrome can be configured and used in a very private and secure way. You can surf “incognito,” leaving no history of what pages you have traversed. You can also use the browser so that it deletes your cookies when you end a session.

And as always, some of the best encryption freely available comes built into the Chrome browser.

So, you could easily argue that dropping Chrome is actually less secure.

But, I think you could equally argue that handing over your private data to any company is taking a big leap of faith. Especially, when that data can add up to a very personal and detailed profile of you. For example, the consolidation of Google Plus, Gmail and YouTube accounts meant that user data across these sites could now be consolidated into a single database of web activity that included a matrix of personal email, web searches, social connections, video views and even the text of attachments. Worse, Google claims ownership to this data once you “share” it with them.

So just because Chrome can be directed (by advanced users) to minimize the data shared with Google, you have to wonder. A breach of this very robust personal data is entirely possible. Indeed, the Chinese apparently already did this. And, as privacy expert Ashkan Soltaini (quoted above) notes, why help snoopers, hackers and commercial interests gather intelligence on you by (unnecessarily) relying on its browser?

¡Adiós el Chromo!

I was once a big Firefox fan, so switching back was not that hard. I stopped using Firefox, only because another Firefox-clone, called Flock, came out in 2009 with many social networking features built in. This was largely around the time the Add-on marketplace for Firefox wasn’t really keeping up. But the people behind Flock eventually abandoned the project and so I was momentarily back in Firefox. But around that time, Firefox (at least the Mac OS version) was pretty lousy in terms of handling complex websites that were deploying AJAX and other javascript intensive activities.

One of the best things about Chrome, in fact, was its speed…and some built-in development tools that I felt were way superior to their closest Firefox Add-ons, like Firebug. So, I started using Chrome…until a week ago.

First and foremost, Firefox comes to us from Mozilla, an open-source organization that has proven itself deeply concerned with protecting privacy and security on the web.

Firefox Privacy Settings

I’ve experimented with the privacy settings in Firefox, and I consider my current setup a work in progress. My focus here is to give some guidelines for how one might configure Firefox to maximize their privacy while not making everything a test of their faith.

Search

  • Remove Google, Bing and Yahoo! from the search engines installed in Firefox
  • Add a private search engine as the default. As of this writing, I use DuckDuckGo right now, but I’m experimenting with others.
  • Optional: I added the Omnibar add-on for a more Chrome-like experience, which as far as I can tell does not report back what you enter it to the developer’s database. If you’re concerned about this, just don’t add the Omnibar.

Privacy

  • Obviously be sure to select the “Tell sites I do not want to be tracked” setting.
  • History and Cookies: I go back and forth between not capturing history, keeping all history and deleting history upon closing Firefox. Currently, I have everything deleted when I end the session.
  • Set the browser to Never Accept Third Party Cookies

Security

  • I use a master password…and you’d be crazy not to. To understand why, just open your preferences and, under Security, click the Saved Passwords button. Then click Show Passwords. There they are…hopefully you’re not sharing your screen when you do this!

Sync and Advanced

  • I don’t sync, but I’ve been tempted to. I need to research this more before committing, but on the face of it, it feels less secure to do so.
  • Network, you can set up a SOCKS Proxy, but I use Private Internet Access VPN, when I’m using public wi-fi, so I haven’t explored this.
  • Make sure you have Auto-updates installed to be confident Firefox has the latest security patches, etc.

It’s been fun to be back in Firefox. I feel a little bit like a rebel, in fact! And the good news, the browser feels more light-weight and agile then in the past with all those heavy JavaScript-ladden sites running at a good clip! And, whoa! The developer tools are now built into Firefox, so that means one less Add-on slowing things down.

Meanwhile, I’m continuing to explore other secure ways of living online. Coming soon: Thumb drive applications, Gmail alternatives and a secure way to get Google search without using Google!

A Technophiles Journey Off the Grid

Cookie Monster freaks out over cookies on his computer

Image by Surian Soosay

Okay, so it is likely impossible to actually “use” the Internet without it “using” you back. I get that. Terms of service get changed without clear explanation, cookies get saved, NSA snoops do what NSA snoops do. The whole business model of the Interwebs is set up to trade your info for access.

I’m under no illusions.

But, after the Great Target Hack and Edward Snowden’s revelations regarding the NSA (I think we were all waiting for these things to happen), I’m finding myself rethinking the trade offs I made concerning privacy and online anonymity for online convenience (and laziness).

There was a time, when I used to block cookies and obsess over terms of service agreements. Hell, I even used Tor from time to time.

But, after awhile, it just became easier to stop worrying and learn to accept a level of personally sanctioned data breach. But now with all the stories of identity theft, commercialization of your personal info and multi-governmental and corporate sweeps of such data…it’s time for a little reflection…and retreat.

So, I’ve decided to experiment with reducing my digital footprint and I’ll post updates from time to time on how’s it going, in addition to my occasional posts on library projects.

Among my experiments, I’m planning on moving out of Googlelandia as much as possible, starting with changing the default search in my browser and moving back to Firefox. I’ll cover the Firefox post next time, but for now, let’s look at life without Google Search.

Most people online probably don’t remember a world before Google and those that do, don’t want to remember. Needless to say, Google’s initial search algorithm was so good, that it rapidly conquered the search market to the point that Yahoo! handed over its search to Microsoft and the dozens of smaller search engines were quickly forgotten. Anyone remember Web Crawler? Exactly!

Screen Shot 2014-02-13 at 12.52.53 PMAside from Bing (hack!) and the Bing-lite Yahoo! search, there really aren’t many alternatives worth turning to when one needs anonymity. That is, except for DuckDuckGo, a search engine that uses secure HTTPS, does not use cookies by default and generally does not collect any data linked to you (see their privacy statement for more info).

And the search results are not that bad.

But they aren’t great.

Life on DuckDuckGo will be very reminiscent of the best old-school search tools from the pre-Google 90s. Gone will be the kinds of results that require an analysis of your personal search history, online social habits and analysis of your cookies. Often you’ll get exactly what you’re after, but just as often, you’ll get it a few results lower on the page, just below some commercial sites that are using keyword tricks to rise to the top.

For example, I’m thinking about what color scheme I want to go with for my new flat and used DuckDuckGo to find sites that could help me with that. So I did a search for something like: “paint interior design color tools.” The first result led to a 404 page. The second result was not too bad, a Benjamin Moore paint selecting tool for professional painters. Other results were somewhere between these two extremes, with many of them going to pages that were slightly relevant but failed in the “authoritative” category.

Google expends a lot of effort at weeding out, or drowning out, pages with low street cred, and you’ll probably hardly ever get to a 404 page thanks to their very busy and persistent robots. Something else that will be hard to find in Google is nothing. In Google, the dreaded “Sorry. No results were found” message would be an amazing and rare feat of your talents for obscurity. Not so in DuckDuckGo…these come up from time to time.

DuckDuckGo also lacks an image and video search functionality. For this, they provide a dropdown that lets you search via Google or Bing.

I’d also add, that I’m using DuckDuckGo in a Firefox omnibar plugin, so as I type, I get suggested hits. These are also not as accurate or relevant as the Google version, but I’ve also limited it by not preserving any search history in Firefox.

After a few days of trying this out, I do like DuckDuckGo enough to keep using it, but I have had several lapses of risky searches on Google. This is especially true for professional work, where Google knows my work interests quite well and serves up exactly what I need. But for general searches, DuckDuckGo is a good tradeoff for privacy wonks.

Stay tuned for more journeys off the grid including my return to Firefox and experiments with thumb drive applications…