Hi,
tim smy wrote (15 Jan 2011 18:35:50 GMT) :
> I would to suggest duckduckgo.com as the default search engine it
> has a tor page and has good privacy panel
We already had a TODO item about this[0] in the todo/discuss state.
Thanks for the heads up!
[0]
https://amnesia.boum.org/todo/DuckDuckGo/
> Privacy
> Google tracks you. We don't.
T(A)ILS shall not rely on such good-willing promises
=> T(A)ILS shall protect users from DuckDuckGo as much as from
Scroogle or anyone else.
> SSL version w/ HTTPS everywhere.
Scroogle also has a SSL version, which is used in T(A)ILS.
> HTML & Lite (non-JS) versions.
Scroogle has no JS or non-Lite versions :)
> Tor hidden service (about).
What would be the advantage in T(A)ILS?
> POST/Refcontrol settings.
> Privacy Settings
> For more info on these privacy settings, check out the Privacy Policy.
> Redirect:
> If On it prevents sharing of your search with sites you click
> on.
This hides to the clicked websites:
- the fact the user is coming from DuckDuckGo
- the search that was performed, in case GET is used -> see the
second "privacy" setting
On the other hand, I wonder how this is implemented without telling
DuckDuckGo what site the user is going to visit... which would be
pretty bad privacy-wise.
> Address bar:
> If On, searches will appear in your address bar (GET vs POST
> requests).
I fail to understand the privacy enhancement this brings. Could
someone explain? I can clearly see the privacy downside in case
referrers are not disabled.
> HTTPS:
> If On, searches on the site will always go to the encrypted
> version.
This would be a great thing to have.
> they are on by default.
According to the settings page I just visited the HTTPS setting is Off
by default.
Worried about how the default settings could be changed, I have had a
quick look to their website and it seems this can be done using [URL
parameters](
https://duckduckgo.com/params.html) rather than cookies,
which is probably desirable in T(A)ILS context. We should be careful
about this though: using a non-default set of URL parameters would
help DuckDuckGo fingerprint T(A)ILS users.
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| So what?
