Re: [T(A)ILS-dev] search engine

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mtim smy at <-
Mtim smy at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The T\(A\)ILS public development discussion list
Subject: Re: [T(A)ILS-dev] search engine
Hi,

tim smy wrote (15 Jan 2011 18:35:50 GMT) :
> I would to suggest duckduckgo.com as the default search engine it
> has a tor page and has good privacy panel

We already had a TODO item about this[0] in the todo/discuss state.
Thanks for the heads up!

[0] https://amnesia.boum.org/todo/DuckDuckGo/

> Privacy
> Google tracks you. We don't.

T(A)ILS shall not rely on such good-willing promises
=> T(A)ILS shall protect users from DuckDuckGo as much as from
Scroogle or anyone else.

> SSL version w/ HTTPS everywhere.

Scroogle also has a SSL version, which is used in T(A)ILS.

> HTML & Lite (non-JS) versions.

Scroogle has no JS or non-Lite versions :)

> Tor hidden service (about).

What would be the advantage in T(A)ILS?

> POST/Refcontrol settings.

> Privacy Settings
> For more info on these privacy settings, check out the Privacy Policy.
> Redirect: 

>      If On it prevents sharing of your search with sites you click
>      on.

This hides to the clicked websites: 

  - the fact the user is coming from DuckDuckGo
  - the search that was performed, in case GET is used -> see the
    second "privacy" setting


On the other hand, I wonder how this is implemented without telling
DuckDuckGo what site the user is going to visit... which would be
pretty bad privacy-wise. 

> Address bar:    
>      If On, searches will appear in your address bar (GET vs POST
>      requests).

I fail to understand the privacy enhancement this brings. Could
someone explain? I can clearly see the privacy downside in case
referrers are not disabled. 

> HTTPS:    
>      If On, searches on the site will always go to the encrypted
>      version.

This would be a great thing to have.

> they are on by default.

According to the settings page I just visited the HTTPS setting is Off
by default.

Worried about how the default settings could be changed, I have had a
quick look to their website and it seems this can be done using [URL
parameters](https://duckduckgo.com/params.html) rather than cookies,
which is probably desirable in T(A)ILS context. We should be careful
about this though: using a non-default set of URL parameters would
help DuckDuckGo fingerprint T(A)ILS users.

Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| So what?

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[T(A)ILS-dev] search engineRe: [T(A)ILS-dev] search engine->
lists.autistici.org administrated by postmasterLurker (version 2.3)