DuckDuckGo Doesn’t Hide or Encrypt Your Search History
DuckDuckGo is a private search engine. It is adamant about spreading privacy around the internet. However, there is one issue we discovered that raises privacy concerns. Your search terms, while they may be sent over your network in an encrypted form, show up in plain text in browsing history.
DDG may work well for reducing advertiser tracking, avoiding filter bubbles, and limiting data profiling, however as this post explains, it may not offer the protection from surveillance organizations that some think.
DuckDuckGo, along with many other private search engines, saw a massive influx of users after Edward Snowden sparked general interest in privacy, specifically from government surveillance agencies. Snowden endorsed the use of private search tools for their lack of tracking. However, he also endorsed the use of other data protection measures to create a complete privacy suite. Snowden explains that no privacy tool, or system, is perfect. But more privacy is a good thing, across the board, even if it doesn’t quite protect you from all angles.
Forward Secrecy on a Local Level
While DuckDuckGo may not track my searches or link them to my personal information, this is a clear lack of privacy. As a private search engine, DuckDuckGo gives the expectation of privacy. But anyone with access to your computer can view your searches, in plain-text in your browsing history. If any user, or person with access to my computer, can view my search history, there is a clear conflict with the privacy claims that DDG delivers.
By comparison, StartPage and Search Encrypt don’t display search terms in your history. If you try to go to the links in your history, you will be returned to the search engine’s homepage. That is not the case for DuckDuckGo and Google, which take you right back to the results you were viewing before.
This may seem like a minor issue, because users could just clear their history. However, privacy by design means that the most private settings are enabled by default. This extra step makes privacy inconvenient, and the product less user friendly. Privacy by design is essential, especially for privacy based products. The expectation of private search engines is that they deliver on their privacy promises, in this case, DuckDuckGo has failed.
If your DuckDuckGo searches appear in your history, that means Google can access and track your searches even on this search engine. This is especially true if you use Chrome for your browser. Users who want to search the web privately, but who are less technically adept, may assume they are protected, when there is really a clear vulnerability in DuckDuckGo.