So Gen and I were talking the other day about the September 2013 announcement that Google was encrypting its network traffic between its data centres. Google was trumpeting it as a victory for its users’ privacy, saying that the encryption meant that garden-variety ne’er-do-well interests couldn’t snoop on the traffic. All traffic is still logged and recorded in the bowels of the Google datacentres. It’s not as big a win for privacy that Google would like you to think it is.
It reminded me of a discussion I had with my colleagues about the 2011 launch of Google’s “secure search” (https://google.com – note the “s” in the address). Google also trumpeted that as a victory for its users privacy, saying that the secure search meant that evil interests couldn’t snoop on the traffic. Again, all it really did was use an encrypted connection to protect the data transfer from your browser to Google’s servers and back again. This would foil things like garden-variety adware, spyware or malware. That’s nice, but Google still logs all your searches and still will surrender their records to authorities on request. Neither one really protects your privacy against those who can request the information under law. The casual user isn’t going to know the difference. They should.
I know what you’re thinking, “But if you have nothing to hide, then you have nothing to be afraid of”. Here’s the problem: The search records are kept without any possible indication of the context of the search. Let’s say a user searches for a few terms around the “9/11 was an inside job” idea. They could easily end up on someone’s watch list, when in reality, they could be doing research to make videos on YouTube that debunk the conspiracy theories…
Perhaps this little demonstration can explain it best. In 2006, AOL goofed and accidentally released the search data they had collected from their users over a three month period. The database is searchable, and it contains IP addresses (converted to “User numbers”), search terms, and any search results that the user clicked through.
The database is at www.aolstalker.com and the idea is simple. Enter a search term to get a report of people who searched for that term. Then, you can clik on the user name to see what else he searched for. So I searched for one of the most commonly searched terms on the internet – “porn”. The database spit out the first ten results, and we see, “User 39509” was pretty active, searching for “pre teen porn pics”, and the user apparently found a link they liked as there’s a record of the site they clicked through. Clicking on the User Name shows a list of other search terms the user searched. The other search terms don’t show anything related to porn searches, but that one search term likley has that user on a watch list now.
I was in the middle of researching another follow-up post for the blog on the Trans-Pacific Partnership, so during our conversation my mind wandered to Duck Duck Go. They’re headquartered in Paoli, Pennsylvania. It’s unclear at this point what the TPP is going to mean for companies like Duck Duck Go. The TPP IP-logging requirements may mean that they may have to start logging information, and that could make the Duck Duck Go search engine little more than a nice idea in short order.
This is when Gen mentioned something that she was recently looking at – a search engine called ixquick. (How’s that for an industrial strength lead-in for a blog post topic?)
Ixquick is also an encrypted search engine that does not record any information about you or your search, but Ixquick is headquartered in the Netherlands. All the IP-logging requirements in the TPP won’t matter. The Netherlands are not a signing party to the TPP. Ixquick has a plan in place for any governments who come knocking for info. From their web site:
Ixquick has always been very outspoken when it comes to protecting people’s Privacy and civil liberties. So it won’t surprise you that we are a strong opponent of overreaching, unaccountable spy programs like PRISM. In the past, even government surveillance programs that were begun with good intentions have become tools for abuse, for example tracking civil rights and anti-war protesters.
Programs like PRISM undermine our Privacy, disrupt faith in governments, and are a danger to the free Internet.
Ixquick and its sister search engine StartPage have in their 14-year history never provided a single byte of user data to the US government, or any other government or agency. Not under PRISM, nor under any other program in the US, nor under any program anywhere in the world.
Here’s how we are different:
Ixquick does not store any user data. We make this perfectly clear to everyone, including any governmental agencies. We do not record the IP addresses of our users and we don’t use tracking cookies, so there is literally no data about you on our servers to access. Since we don’t even know who our customers are, we can’t share anything with Big Brother. In fact, we’ve never gotten even a single request from a governmental authority to supply user data in the fourteen years we’ve been in business.
Ixquick uses encryption (HTTPS) by default. Encryption prevents snooping. Your searches are encrypted, so others can’t “tap” the Internet connection to snoop what you’re searching for. This combination of not storing data together with using strong encryption for the connections is key in protecting your Privacy.
Our company is based in The Netherlands, Europe. US jurisdiction does not apply to us, at least not directly. Any request or demand from ANY government (including the US) to deliver user data, will be thoroughly checked by our lawyers, and we will not comply unless the law which actually applies to us would undeniably require it from us. And even in that hypothetical situation, we refer to our first point; we don’t even have any user data to give. We will never cooperate with voluntary spying programs like PRISM.
Ixquick cannot be forced to start spying. Given the strong protection of the Right to Privacy in Europe, European governments cannot just start forcing service providers like us to implement a blanket spying program on their users. And if that ever changed, we would fight this to the end.
I’ve been using ixquick for some searches, and I’m going to continue to try ixquick for a while, to see how it goes, but I think if they’ve been in business for 14 years, they must be doing something right.