Brave Tells Truth About DuckDuckGo Privacy

August 12, 2022

DuckDuckGo advertises itself as the only search engine that protects users’ privacy. While that used to be true, unfortunately it is no longer the case. The Register explains the details in, “Brave Roasts DuckDuckGo Over Bing Privacy Exception.” Brendan Eich is the CEO of Brave, an Internet browser that blocks trackers, cookies, creepy ads, and simplifies privacy. Brave even boasts it can outmaneuver Mozilla Firefox, describing its services as limited. Eich stated that DuckDuckGo allows Microsoft Bing and LinkedIn trackers accessibility in its Android, macOS, and iOs browsers.

Eich pointed out that DuckDuckGo’s contract with Microsoft exempted LinkedIn and Bing from being blocked. DuckDuckGo claims to Eich exaggerated the claim and he was referring to ad clicks. The search engine said its ads remain private. Privacytests.org tested Brave’s assertion and they could only test the Android versions. Brave did block more ads and link tracking than DuckDuckGo. Arthur Edelstein runs privacytests.org and works for Brave. He claimed that he created privacytests.org before his Brave employment and that his tests are objective.

While the tests about Brave and DuckDuckGo might be biased, Big Tech can circumnavigate privacy blockers:

“In other words, here’s how you route around privacy protections to measure your ads, whether people want this or not. Back in 2012, when Google agreed to pay a $22.5 million civil penalty to settle Federal Trade Commission charges that it misled Apple Safari users by stating it would not place tracking cookies or serve them targeted ads, the issue was the gap between what Google said and did.

Here we have Microsoft Bing Ads counseling customers how its technology facilitates tracking without third-party cookies, regardless of whether users have expressed the desire not to be tracked by adopting a privacy-oriented browser.”

Currently, there are laws to protect users’ privacy, but are only enforceable if the tracking is deemed deceptive. Google was fined for dropping cookies on Safari, but only when the search engine said it would not. California has a new regiment of privacy laws, which could set the standard for the US if someone in the state complains. Until then be aware you are being tracked and your history is sold.

And how did DuckDuckGo respond? Waddled backwards.

Whitney Grace, August 12, 2022

Google Kicked Out of School in Denmark

August 11, 2022

Like its colleagues in Netherlands and Germany, the Denmark data protection authority has taken a stand against Google’s GDPR non-compliance. European secure-email firm Tutanota reports on its blog, “Denmark Bans Gmail and Co from Schools Due to Privacy Concerns.” Schools in the Helsingør Municipality have until August 3 to shift to a different cloud solution. We learn:

“In a statement published mid July, the Danish data protection agency expresses ‘serious criticism and bans … the use of Google Workspace’. Based on a risk assessment for the Helsingør Municipality, the data protection authority concluded that the processing of personal data of pupils does not meet the requirements of the GDPR and must, therefor, stop. The ban is effective immediately. Helsingør has until August 3 to delete pupil’s data and start using an alternative cloud solution. … This decision follows similar decisions by Dutch and German authorities. The issues that governmental institutions see themselves faced with has started with the invalidation of Privacy Shield back in 2020. Privacy Shield has been a data transferring agreement between the USA and the European Union and was supposed to make data transfers between the two legally possible. However, the agreement has been declared invalid by the European Court of Justice (ECJ) in 2020 due to privacy concerns. One major problem that the EU court pointed out is that data of foreigners is not protected in the USA. The protections that are there – even if limited – only apply to US citizens.”

So the NSA can gain unfettered access to the personal data of Europeans but not US citizens. We can see how authorities in the EU might have a problem with that. As the Danish agency notes, such a loophole violates rights considered fundamental in Europe. Not surprisingly, this Tutanota write-up emphasizes the advantages of a Europe-based email service like Tutanota. It is not wrong. It seems Denmark has woken up to the Google reality. Now what about Web-search tracking?

Cynthia Murrell, August 11, 2022

Is The TikTok Google Allegation Accurate?

July 21, 2022

Good question. I know that any outfit offering a “service” has individuals who can look at data, metadata, and any other “stuff” associated with a particular entity; for example, spend limit, contacts, and geodata. Privacy and security depend on access controls. In theory, certain data are sandboxed and special approvals may be needed to get into that nifty play area. The hitch in the git along is that a system fails, a senior executive needs something now to close a big deal, a friend begs for help with such and such a problem. There’s also just the endemic “good enough” and “close enough for horse shoes” attitude which affects TV personalities interaction with Air France to a busy parent trying to buy a hamburger and shake for a hungry lacrosse player at 4 pm on a blistering day in rural Kentucky.

That means… gaps, slip ups, work arounds, and doing what’s needed to fill time or get something done fast.

I read “Nothing Is Private: TikToker Who Says She’s a Former Google Admin Warns Workers about Work Accounts.” The information in the article is about a revelation on TikTok. The problem is that I am not sure the behavior described is accurate. Heck, it could be fabricated for some clicks and maybe an appearance on the Joe Rogan podcast. Fame is where you find it today.

The article states as what a TikTok denizen said:

Whatever you put in that account—whether it’s emails, photos, Google Drive documents, or anything else—is not private.

Okay, clear enough.

For fun, let’s assume the Xoogler spilling the beans on the utility of having access to billions of users information is sort of true.

Shocking?

Nah.

The write up says:

that means that a company has access to all of the documents within someone’s company Google account, which can include things like email drafts, G-chats, and Google Drive uploads. This also reportedly applies to universities with student Google accounts. Furthermore, one does not have to leave the job or university for their administrators to obtain this access. “I can get into any of it,” Lauren says. “Any of it!”

Ads, folks. Ads mean money. Who can resist generating revenue, beating performance targets, and getting a big bonus. Once Google would toss in a ski trip or a mouse pad. Go for it. The incentive plan is what makes the Googlers spin.

What’s the fix? The answer is:

Delete. Delete. Delete.

Sounds like reasonable advice if deletion is indeed “real.” Data are backed up and delete usually means removing a pointer to an object in a file. Those back ups, the copies of data tables in a marketing department laptop, or the data required to whip up a projection based on use of information to spur quicker depletion of ad inventory.

Probably not deleted.

Let’s assume the write up describes something the Google does not, could not, would not, and will not do. Wow. Bullet dodged.

But… what if…? Wow. Bullets incoming.

Stephen E Arnold, July 21, 2022

The Murena: A Semi Dark Phone

June 10, 2022

Mobile phones are outstanding surveillance devices. Forget Google. Technology exists to suck down quite a bit of information no matter what phone one uses. Innovators keep trying to create black phone or completely secure devices. There is a market for these gizmos even if the phones are produced by law enforcement; for example, the ANON.

I noted “The Murena One Shows Exactly How Hard it Is to De-Google Your Smartphone.” The write up is interesting. I noted this passage:

You just can’t have the full Android experience without inviting Google into the equation. Instead, when you log into Google or use its services, Murena tries to mitigate the data Google can collect.

Several observations:

  • Innovators face a similar challenge de-Cooking the iPhone and de-China-ing the Oppo, OnePlus, Xiaomi, and other Middle Kingdom devices
  • The write up makes it clear that Google is the Big Dog when it comes to the Google ecosystem. Not even the Apple has such a lock. For one example of the penetration gap, see this write up.
  • One does not need to expend much effort to access data generated by mobile devices. Those apps? Yep, they are helpful.

How does one avoid leaking data? Some in the European Union use typewriters and carbon paper. Consider that perhaps.

Stephen E Arnold, June 10, 2022

DuckDuckGo: A Duck May Be Plucked

May 25, 2022

Metasearch engines are not understood by most Internet users. Here’s my simplified take: A company thinks it can add value to the results output from an ad-supported search engine. Maybe the search engine is a for-fee outfit? Either way, the metasearch systems gets the okay to send queries and get results. The results stream back to the metasearch outfit and the value-adding takes place.

One of the better metasearch systems was the pre-IBM Vivisimo. This outfit sent out queries to an ad-supported search engine, accepted the results, and then clustered them. The results appeared to the Vivisimo user as a results list with some folders in a panel. The idea was that the user could scan the folders and the results list. The user could decide to click on a folder and see what results it contained or just click on a link. The magic, as I understood it, was that the clustering took place in near real time. Plus, the query on the original Vivisimo pre-IBM system could send the user’s query to multiple Web search engines. The results from each search system would be de-duplicated. An interesting factoid from the 2000s is that search systems returned overlapping results 70 percent of more of the time. Dumping the duplicates was helpful. There were other interesting metasearch systems as well, but I am just using Vivisimo as an example of a pretty good one.

Privacy, like security, is a tricky concept to explain.

Using privacy to sell a free Web search system raises a number of questions; for example:

  1. What’s privacy in the specific context of the metasearch engine mean?
  2. Where is the money coming from to keep the lights on at the metasearch outfit?
  3. What about log files?
  4. What about legal orders to reveal data about users?
  5. What’s the quid pro quo with the search engine or engines whose results the metasearch system uses?
  6. What part of the search chain captures data, inserts trackers, bugs, cookies, etc. into the user’s query?

None of these questions catch the attention of the real news folks nor do most users know what the questions require to answer. The metasearch engines typically do not become chatty Cathies when someone like me shows up to gather information about metasearch systems. I recall the nervousness of the New York City wizard who cooked up Ixquick and the evasiveness of the owner of the Millionshort services.

Now we come to the the notion that a duck can be plucked. My hunch is that plucking a duck is a messy affair both duck and duck plucker.

DuckDuckGo Browser Allows Microsoft Trackers Due to Search Agreement” presents information which appears to suggest that the “privacy” oriented DuckDuckGo metasearch system is not so private as some believed. The cited article states:

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.

You can read the cited article to get more insight into the assertion that DuckDuck has been pluck plucked in the feathered hole of privacy.

Am I surprised? No. Search is without a doubt one of the most remarkable business segments for soft fraud. How do I know? My partners and I created The Point in 1994, and even though you don’t remember it, I sure remember what I learned about finding information online. Lycos (CMGI) bought our curated search business, and I wrote several books about search. You know what? No one wants to think about search and soft fraud. Maybe more people should?

Net net: Free comes at a cost. One does not know what one does not know.

Stephen E Arnold, May 25, 2022

Using a VPN in India?

May 10, 2022

I read “VPN Providers Are Ordered to Store User Data for 5 or More Years in India.” The land of Khichdi is a fair piece from rural Kentucky. On the other hand, the VPN providers and crypto exchange platforms can be as near as one’s mobile phone or laptop. So what?

The write up points out:

The Indian government has published a directive that will force VPN providers and crypto exchange platforms to store user data for at least five years, even when customers have since terminated their relationship with the companies in question. Decision makers at businesses who don’t comply with the new ruling could face up to one year in prison, with it going into effect in late June 2022.

Yes, just another law. What makes this interesting is that  VPN, according to some enthusiastic promotional material, preserves one’s online privacy. That sounds like a great idea to many people.

What happens if those VPN records are reviewed prior to their deletion by the VPN providers who insist that the users’ data are not preserved? I also like the VPN vendors who suggest that logs are not preserved.

If India’s directive yields some bad actor identification and incarceration, what other countries will use India’s approach as a springboard. The abuse of some online capabilities has been friction free in some places. Russia appears to have some doubts about VPNs. China? Yep, China too.

Perhaps the days of laissez-faire will end with a reprimand from Yama?

Stephen E Arnold, May 10, 2022

Google: Visits to Paris Likely to Increase

April 22, 2022

In the unlikely publication for me, Adweek published an interesting story: “French Sites Ordered to Stop Using Google Analytics Is Just the Beginning.” That title seems ominous. The election excitement is building, but the actions of Commission  Nationale de l’informatique et des Libertés is likely to grind forward regardless of who wins what. The Adweek write up states:

…the French data watchdog—Commission Nationale de l’informatique et des libertés (CNIL)—ordered three French websites to stop using audience analytics site Google Analytics, deeming the site to be illegal under the General Data Protection Regulation.

The article adds:

This means that companies based in Europe using Google Analytics—which reads cookies that are dropped on peoples’ browsers when they visit a site to gauge whether they are a new or returning user—were shipping people’s personal information to the U.S.

Are Google Analytics a problem for CNIL? Probably not for the agency, but the CNIL seems poised to become a bit of a sticky wicket for Googzilla. After years of casual hand slapping, an era of RBF (really big fines) may be beginning. Google executives might find that CNIL can make a call to a fancy Parisian hotel and suggest that the Googlers be given rooms with a less salubrious location, tired decorations, and questionable plumbing. Mais oui! C’est domage.

On a positive note, Google is taking action itself. Privacy, security, fraud — well, sort of. “Google Sues Scammer for Puppy Fraud” reports:

The complaint … accuses Nche Noel of Cameroon of using a network of fake websites, Google Voice phone numbers, and Gmail accounts to pretend to sell purebred basset hound puppies to people online.

And the conduit for these alleged untoward actions? Google. Now how did Google’s smart software overlook fake websites, issue Google Voice numbers, and permit Gmail accounts used for the alleged bad puppy things? Nope. AARP connected with Googzilla. Yeah, smart software? Nope.

Stephen E Arnold, April 22, 2022

Tim Apple and Unintended Consequences: AirPods?

April 19, 2022

Apple in my opinion emphasizes privacy. (How about the iPhone and the alleged NSO Group Pegasus functionality?) “Ukrainians Are Tracking the Movement of Russian Troops Thanks to One Occupier Looter with AirPods.” I am not sure if the write up is accurate. The source says “truth.” But…

The tracking thing is interesting; for example, Phone home malware on an iPhone, an AirTag hidden on a Russian T-14 Armata, or AirPods. Head phones? Yep.

The cited article reports:

A Russian soldier stole [a Ukrainian’s] AirPods (wireless headphones) when looting [the Ukrainian’s] apartment while Russian occupying forces were in Gostomel. Russian soldiers withdrew, but thanks to the technology on Apple devices, Ukrainians can keep track of where their headphones are. Find My technology on Apple devices lets you find the location of a lost device on the map if it’s near Bluetooth smartphones or connected to Wi-Fi.

What can one do with the help geo-location functions? One idea is to use the coordinates as a target for a semi-smart missile. (This is not a criticism of smart software. It is part of the close enough for horseshoes methods which can often deliver the payload somewhere unintended.)

Now about that Tim Apple privacy thing? Pravda or falsehood?

Stephen E Arnold, April 19, 2022

Does Apple Have a High School Management Precept: We Are Entitled Because We Are Smarter Than You

April 19, 2022

The story “Ex-Apple Employee Takes Face ID Privacy Complaint to Europe” contains information about an Apple employee’s complaint to the “privacy watchdogs outside the US.” I have no insight into the accuracy or pervasiveness of Apple’s alleged abuses of privacy. The write up states:

Gjøvik [the former Apple employee blowing the privacy horn] urges the regulators to “investigate the matters I raised and open a larger investigation into these topics within Apple’s corporate offices globally”, further alleging: “Apple claims that human rights do not differ based on geographic location, yet Apple also admits that French and German governments would never allow it to do what it is doing in Cupertino, California and elsewhere.”

What I find interesting is that employees who go to work for a company with trade secrets is uncomfortable with practices designed to maintain secrecy. When I went to work for a nuclear engineering company, I understood what the products of the firm could do. Did I protest the risks some of those products might pose? Nope. I took the money and talked about computers and youth soccer.

Employees who sign secrecy agreements (the Snowden approach) and then ignore them baffle me. I think I understand discomfort with some procedures within a commercial enterprise. A new employee often does not know how to listen or read between the lines of the official documents. My view is that an employee who finds an organization a bad fit should quit. The litigation benefits attorneys. I am not confident that the rulings will significantly alter how some companies operate. The ethos of an organization can persist even as the staff turns over and the managerial wizards go through the revolving doors.

As the complaint winds along, the legal eagles will benefit. Disenchanted employees? Perhaps not too much. The article makes clear that when high school science club management precepts are operational, some of the managers’ actions manifest hubris and a sense of entitlement. These are admirable qualities for a clever 16 year old. For a company which is altering the social fabric of societies, those high school concepts draw attention to what may be a serious flaw. Should companies operate without meaningful consequences for their systems and methods? Sure. Why not?

Stephen E Arnold, April 19, 2022

Google and Tracking Magic

February 4, 2022

Tracking user locations is baked in to Google’s apps, and that is unlikely to change as long as tracking data (“anonymized,” we are repeatedly assured) remains a valuable source of revenue. CNet considers, “Can You Really Stop Google from Tracking You? Here’s What We Know.” The short answer—you can try. Reporter Kelsey Fogarty writes:

“If you use Google’s apps on your iPhone or Android phone, it’s a good possibility you’re being tracked. And turning off your location history in your Google account doesn’t mean you’re in the clear. Disabling that setting may seem like a one-and-done solution, but some Google apps are still storing your location data. Simply opening the Google Maps app or using Google search on any platform logs your approximate location with a time stamp. In the latest lawsuits against the giant search engine company, Google has been sued by several states due to its use of location data. They allege Google makes it ‘nearly impossible’ for people to prevent their location from being tracked. After a 2018 investigation by the Associated Press, Google added features to make it easier to control what location and other data is saved, and what is deleted with features like Your Data in Maps and Search, which give you quick access to your location controls. However, DC Attorney General Karl Racine said, ‘Google falsely led consumers to believe that changing their account and device settings would allow customers to protect their privacy and control what personal data the company could access.’ Google has since defended itself.”

Of course it has. The company points to several measures one can take to “turn off” tracking, insisting control is in the hands of users. However, the write-up hints, there is no guarantee they will actually work. See the article for these methods—they may at least improve one’s odds. Or not. Google does promise one thing: users who turn off tracking will receive a less personalized experience, meaning less relevant ads and less helpful local search. Who needs privacy when one must have the name and number of the closest tapas joint.

Cynthia Murrell, February 4, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta