A company that purchases data from another search engine (that most likely also uses aggregated personal data to deliver results) with just two products (search + browser) compares its app data usage to a behemoth that strives for the most personalized experience possible in exchange for personal data in order to display personalized ads.
Google's apps offer opt-in voice search (solving Audio), optional end to end encryption for bookmarks & search history (solving Browsing History), while location and diagnostics are opt in as well and it's also up to you if you want to store your address book of store you credit card with Google (solving Contacts & Financial Info).
Yes, most people will probably use Google Contacts, Maps, unencrypted bookmarks & browsing history and and store their credit card data in the browser, but you're not forced to do that.
I really wish DDG would innovate on search, improve their own crawlers & indexing and then attack Google head on by comparing better results with the ad-ridden, SEO-flooded shit show that Google results have become. Instead, their marketing keeps on comparing apples to oranges and just keeps on playing the privacy angle, which is intellectually dishonest because DDG and Google have completely different goals.
Boy do I hope for some real competition in the search engine market. Brave and Neeva can't launch soon enough. I'm so sick and tired of giving DDG changes upon changes only to switch back to Google because the results haven't improved much.
> I really wish DDG would innovate on search, improve their own crawlers & indexing and then attack Google head on by comparing better results with the ad-ridden, SEO-flooded shit show that Google results have become.
DuckDuckGo's organic results are proxied from Bing (or sometimes Yandex). Their crawler (DuckDuckBot) just fetches favicons and scrapes data for a few Instant Answers.
Most of DuckDuckGo's non-privacy-related selling points are their instant answers, which in my experience are really good.
Alternative indexing engines to the "Big Three" English indexers (Google, Bing, Yandex) with decent privacy include Mojeek, Right Dao, Gigablast, Gowiki, wbsrch, and others. I've counted 16 English alternatives in all.
> Most of DuckDuckGo's non-privacy-related selling points are their instant answers, which in my experience are really good.
And yet has no undeprecated pipeline for submitting non-"essential bug fixes" to[1].
I really love the idea of having an engine that does just a little bit more for me up front, but not if it's all closed off; that's what I'm trying to get away from.
Google just doesn't optimise their software and deployments. I can run searx, email, git, jitsi, invidious, and other various software on an old Xeon PC from aliexpress.
Meanwhile youtube stores 10 versions of the same video on their platform, and dares bring up costs vs revenue arguments.
I guess the majority of people on HN already know this more or less. The problem is still this: We still don't have good alternatives to Google's products and services.
1) Android: Google still owns all our phones. Even on rooted phones it hard to remove google services that god know send so many requests containing whatnot to the eeee addresses. Just install no-root firewall and you will be amazed the amount of pending requests that accumulate in 1 hour.
2) Google search: I guess I can manage with DDG but when it's not that straight forward search, subconciosuly I'm still thinking that let's just do a quick google search to see if i'm not missing anything. And often I find better results. While adblocks makes sure I filter most of the crap.
3) Gmail: Yes there are alternatives but switching emails is hard. It's a big commitment for most people to switch a 10 year old gmail address. And it still works great at filtering spam and whatnot.
And same for maps, youtube and all their services.They really have a big leverage on everyone.
Quiting facebook and instagram was child's play in comparison. I haven't logged in for almost an year now. Quitting google is really hard otoh.
There is one good argument for Google, and that is it’s free as in beer. For most people, any price over $0 is a dealbreaker.
However, assuming you’re willing to pay for privacy, switching e-mail is super easy. For example, from the Fastmail UI, you literally log in to your Google account and all your mail is transferred to Fastmail.
Switching to DDG? It’s 95% as good.
Switching to Apple Maps or OSM? It’s 95% as good.
Google Drive? There are 100 competitors.
There is one site you cannot do without, and that is YouTube. Everything else from Google can easily be ditched, the only two things in your way could be a reluctance to pay money and a slight feeling of unease at having to get used to something else.
I would say for personal stuff (ie, non-programming) it is. For programming, I continually have to switch back to google. DDG is way worse for me. Maybe it's just me, but the types of things I search for just don't work on DDG and I've wasted way too much of my time looking for answers using DDG, only to find them quickly with Google. It totally frustrates me, because I would much rather use DDG.
The user pays for Google in the end, just not consensually. It's a closed loop. All the money ultimately comes from the users. Product or politics, all advertisers are expecting to get some return.
Unfortunately it's in human nature to not want to pay. Search needs to be a utility that we all fund to make it the best tool for society.
All the money comes from some of the users. Sure Google is collecting everyone's data, but in the end the vast majority of it is worthless. I'd be surprised if even 1% of users are profitable for the ecosystem. The tiny minority clicking on ads and buying products is subsidizing everyone else.
That is the genius of the design. The trick is, you give millions of people "free" email. Scraping emails aside, the real money comes from anyone that "needs" to email a large number of gmail/yahoo users. So if I am a business owner and 30% of my customers are using yahoo and 50% are using gmail and I have a lot of customers, the volume of email I will be sending to those companies is rather large. After a point I will have to buy into a whitelist/approve-list to get around throttling or being flagged as a spammer. Google/Yahoo don't know that you are my customer after all, so they have to prevent actual abuse of their system given the massive number of email accounts they host.
So I have to recoup that cost. I pass that cost onto all of my customers by mixing it into the cost of goods and services. If you buy things from me, even if you are not a subscriber to google/yahoo, you have in effect paid for those services. This is somewhat invisible to the people with those email addresses but does actually affect them, if only a little bit.
Google would tell you that you can simply start with a low volume and ramp up slowly. In reality this is simply not practical for most businesses. This gets into discussions around queue-per-domain management and rate-limit-per-domain, but quickly falls apart when you have to notify a large number of your customers on a time sensitive transaction that is out-of-band from their web browsing experience. A modern work around is to have a cell phone application for notifications rather than email assuming you let your own customers choose that over smtp in their profile. Another work around is to use an email campaign provider that already pays into the whitelists, but then I have to give your email address to a potentially shady company that may cross-sell / cross-market to you.
I switched to DDG and ProtonMail with very little effort, even after using multiple GMail accounts for well over a decade. I occasionally retry searches on Google if the DDG results aren't good enough, but Google rarely finds anything DDG can't.
Android has proven much more difficult to drop, although I'm hopeful that Librem and PinePhone are paving the way for an eventual alternative. I'm still using Android for now, but I at least try to source my apps from F-Droid instead of the Google Play Store.
Maps and YouTube have been a little difficult. I'm trying to use OsmAnd on my phone, but I still find myself going to Google Maps somewhat frequently. I've replaced the YouTube app on my phone with NewPipe and I try to watch content on alternative platforms when possible, but there's a lot of stuff posted exclusively on YouTube.
> I switched to DDG and ProtonMail with very little effort, even after using multiple GMail accounts for well over a decade. I occasionally retry searches on Google if the DDG results aren't good enough, but Google rarely finds anything DDG can't.
Same. Paid Protonmail was quick and easy to get my domains working, and DDG works 90% of the time. I occasionally have to throw things to Bing or Google but DDG is pretty good.
For any readers I strongly recommend buying a domain name and then trucking it to whatever email provider you want. Jonny-C-Doe.com let's you keep the same front end name while changing the back end if, say, you don't like protonmail.
Google Maps has the wrong street names near me, so I looked for something from OpenStreetMap. But there's nothing that works with Android Auto. In fact, there are only two Android Auto navigation apps, Google Maps and Waze. Both owned by Google, and Waze seems happy to send me through the most confusing intersections if it thinks it will save 5 seconds of driving time.
I've submitted multiple corrections to Google Maps and all of them eventually were fixed. I even got a same day response one time, with the longest taking about 3 weeks. I haven't made any corrections recently. Have you attempted to submit feedback on the Maps site?
As counter anecdata, I've reported a concrete coatings company claiming to be inside of a post office. I've reported it several times over the course of several months and nothing has happened. See for yourself: https://goo.gl/maps/LvAZXpSJgURoUqYk8
And with the blackhole that is Google support, what's the point in feeding the beast? We're all better off using Open Street Map and not rewarding Google for their poor behavior.
Their website lists their address as a PO box which is probably causing problems. Some automated process added the business to Maps and the only solution might be for the business to take action and claim the listing on maps and update it.
Have you tried https://www.magicearth.com?
I’m using it on iOS where it supports Car Play.
From a quick search it seems to me that it also supports Android Auto.
For search: Use Startpage - gives you Google results with privacy.
For email: Most people have multiple emails - work, school, personal, from the early 2000s. It's not out of this world to switch to an encrypted email service.
Android: Never used it because I like iPhone. And, iPhone is a pretty great alternative to Android - definitely more private. But isn't there GrapheneOS and LineageOS?
> For search: Use Startpage - gives you Google results with privacy.
FYI, Ads company brought up Startpage. Despite their public statement with privacy for Startpage, I don't trust them since they can 180 it without any repercussion.
Yes, are you aware billion dollar corporations get away with leaking terabytes of information, so a smalltime ad company will get away with leaking data over time? Are you aware someone has to manually pursue startpage?
If I can't ssh into their servers and have a look-see or run my own instance, then their claims are unverifiable.
You're completely right, Big Tech gets away with a lot - including collecting/selling a ton of data to make profit. That's because their revenue model is based on behavioral advertising. For Startpage it's always been based on contextual advertising. And, you don't need personal data for that.
And, it happens that System1 is interested in "capturing" that revenue from contextual advertising.
"System1 is interested in Startpage's ad revenue, not its data," the company said. "The reason a company like System1 openly owns other search engines and consumer tech products like Info.com and Mapquest is that they want to capture that ad revenue that is slowly shifting to private search engines. There has been a steady increase in people using private search engines and therefore a steady increase in their revenue. It is a growing market that they feel will continue to thrive and grow." (https://www.computing.co.uk/news/4017337/privacy-focused-sea...)
That being said: At the end of the day, it all comes back to trust. Even with OSS, you have to trust that they won't change the code. And, you should use products that you trust to best protect your privacy.
As mentioned above - I'm a Startpage employee. I know quite a bit about the subject so I jump in when it comes up.
Advertising on a search engine is main form of revenue > pays employees > updates > keeps current users and gets new users. You could make the argument for crowd sourcing, but it doesn't always work.
This is true but I think the point is about not having your email touch Google's servers - forwarding from your Gmail account means Google still gets to see your incoming email.
Switching email is the easiest, because service level is similar elsewhere. The migration just take a long time, but keeping the legacy gmail in parallel of the new account is not too bothersome. It's also a great occasion to use your own domain, so a future switch to another hosting is even easier.
Android: iPhone. I don't know if I trust Apple more than Google, but at least on the surface level our interests align better. Might try a Librem 5 or Google-less Android in the future.
Google search: DDG. Agreed with your points there, sometimes it's tempting to go back to Google.
Gmail: Hey.com commercial account, plus a custom domain and individual aliases for each service I give my email address to. That helps with portability somewhat, in the future at least.
Maps: Apple Maps has been pretty nice. Might give OpenStreetMap a try.
YouTube: Invidious.
Android Auto: Apple Car Play. I wish there were a better option that didn't depend on Apple.
Google Drive: OneDrive, but I'm looking for alternatives.
Half the data Chrome collects is harmless, and the other half is up to the user to give up:
- Location data: you are asked and must approve for Chrome to use (at least on macOS)
- Financial data: you must enter it manually and click "save for future use".
Could it be better? Sure! But I think DDG is exaggerating here. We're not _that_ bad.
This is kind of deceptive. Approving location data to be saved or used during a web search is not the same thing as approving location data to be used for advertising and product personalization. Same with contact information, same with browser history, same with search history and unique IDs.
Also, none of that data is harmless.
> I think DDG is exaggerating here
Google shouldn't be basing advertising off of individualized browser histories in the first place, I don't think it's an exaggeration to call that a massive privacy issue. It's a single category, but one that encompasses basically everything you do online.
And while you can technically turn this off in Google settings, doing so will break a large number of Google products and features in other apps because Google ties access to browser histories and app data into other products in a way that is impossible to disentangle from normal functionality.
Back when I used to use Google Maps, turning off location-based advertising disabled my ability to save locations. Like, I couldn't mark a place on the map as my home on my local device unless I gave Google permission to advertise to me based on my location. Every time I wanted to navigate there, I needed to type in the full address. Even weirder, turning off web history took away my ability to use voice commands with my contact list on Android phones. I couldn't tell my phone "call mom", because that feature required access to my search history.
So this phrase "we're not that bad" creates this impression that Google isn't perfect but is still basically respecting privacy choices everywhere, and that any violations are just accidental -- when in reality trying to opt out of these systems is met with outright hostility from Google products, and giving an inch in any area is often interpreted by Google as permission to use that data in any way they see fit.
The system is a lot deeper and more deliberate than the parent comment suggests.
> location data to be saved or used during a web search
Does location data even help with relevance?
During road trips in 2018, location relevant results were turrible. Too many times I'd have to manually add my current location. eg "dog parks albuquerque nm" Sorry, no, I don't care about Dog Park Pub and Office Supplies in Duluth MN. Absolutely enraging.
Ya. My guess is that proper nouns are weighted much heavier than distance when displaying results. I also guess that indexing of stuff gets worse in smaller markets.
I vividly recall wanting to pick up some flowers while driving north of Phoenix. Google was useless. No local businesses. Just national chains and stuff from other time zones. Infuriating.
It turns out, solving the problem of being an assistant device approaches the "AI complete" boundary, and the set of data interconnections needed approaches "arbitrary." Hence, the interpretation that the data should be usable as Google sees fit.
> It turns out, solving the problem of being an assistant device approaches the "AI complete" boundary, and the set of data interconnections needed approaches "arbitrary."
Wait, why do you say that? There's nothing inherent to the way that assistants work that mean that they need full access to everything in my life.
Human beings are "AI complete", but when I go to the library and ask them to help me find a book, they don't demand that I show them my phone contacts first. Data access and intelligence are separate concepts.
And Google's voice assistant could figure out what phone number I mean when I say "call mom" without doing anything involving AI at all, because I actually explicitly put that information into my address book in machine-readable, labeled fields. The assistant doesn't need to have an advanced AI to solve that problem, and it certainly doesn't need to look at my search history.
But beware, Chrome's lead on render speed is most likely thanks to the performance data they collect.
Any other browser you may choose might not collect that data, but don't be surprised if it halves your battery life and takes twice the time to render stuff (such as Firefox in macOS about 6 months ago, don't know how it performs now).
There are reasons for data collection, and I don't think everything is used for malitious intent, which is DDG's point.
>There are reasons for data collection, and I don't think everything is
used for malitious intent, which is DDG's point.
That is not DDG's point at all. Their point is right in the linked tweet - "Spying on users has nothing to do with building a great web browser or search engine."
I think it opens many file pointers and keeps them open. Trying to run chrome with anything that has io operations on an older machine and you can see how chrome hogs resources.
If you chose to allow Chrome to know your location, so it can show you on the map, do you consent to have your location tracked continuously and associated with your Google account?
That Q&A is very careful to avoid stating that location data is not sent to Google when "location history" is turned off. You really think that by flipping a switch on your account page, they are going to start discarding some of the data they are sent from client devices?
But would people necessarily associate "I gave Chrome the OS-level location permission, so I could enable location on <non-Google website>" with Chrome itself tracking the location and connecting it to a Google account?
I have long ago turned all of Google's activity tracking preferences off and erased the existing activity, yet once in a while some Google service reveals to me that it knows something it shouldn't.
Google Takeout is a good way to find out all the things you thought you deleted, but are still hanging around on their servers. Even stupid banner photos from PicasaWeb and G+ 8 years ago were buried in my Takeout that I had zero access to see or delete, but they were there (and probably still are).
The interesting thing is the failure mode if you don't agree to continuous tracking. Google uses the last place it was allowed to track you to instead of allowing the user to specifically enable a location update for "near me" queries to maps or the assistant. It may not be meant as one but it feels like a dark pattern, particularly when you can tap an icon to update your position in maps but any "near me" requests still go back to the last tracked location.
When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address.
Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.
If they don't store IP addresses then (I believe) they can't use wifi-router-based methods to find your location. Your browser also doesn't get a popup asking to give ddg your location.
So yeah I stand by my link and my interpretation of it.
It's actually annoying, you have to go turn on a setting somewhere. I've had a few folks frustrated with this, I think for most users if they give google access to their location they expect google will remember it.
Fair point, I do believe we shouldn't live in a world where we have to continously watch what flags has our software enabled, but I guess I'm someone who's always alert (or at least that's what I tell myself).
At this point, I think mine is more of a nihilism towards this as I cut everything at the only reliable level: the network.
But even then, I've hammered myself way too much over privacy, and it didn't make me any happier, since, at the end of the day, if anyone wants to track you, they'll track you.
I also think that data that might be harmful to a user because it could record them breaking a law should be thought of differently than data that could be harmful when used maliciously by a third party. Even allowing for the often oppressive and unfair application of the law, data that is harmful to the user when sent to the authorities should be considered differently than other data because there is obviously a balancing question around relative harms to different parties. If you witness a crime, reporting it might be good, but it isn't always.
I wasn't saying what we should do[1], just saying that if the reason data collection hurts a person is that the data is evidence of a crime then the situation involves more than just that person and we should think about it that way. It stops being enough to say that we should avoid all harm to the user. Instead, we need to ask if the harm to the user in recording the data might prevent or address greater harms.
[1] Personally I feel like providers should be legally barred from doing anything other than responding to warrants for information related to a real person and they should, in that case, be prevented from including any information linked through statistical imputation.
Consider the UK is right now [0], as we speak, passing a bill that forces an ISP to hand over browsing data, without a warrant, to non-law enforcement agencies (a list of which is in the source below). Agencies like the DWP (who handle unemployment, and have been subject to much criticism on how they make decisions and handle clients) will have warrantless access to browsing data for specific people.
A little far fetched, but if you're employed by one of those agencies, your boss (or bosses boss etc) can access _your_ data, find out how often you're googling basic information and use that information against you.
Since I didn't explicitly say it, I'm not okay with giving out browsing history and 100% stand behind privacy controls and laws that prevent this completely.
thank you. unfortunately your comment was frustratingly indistinguishable from the "i've got nothing to hide" fallacy often seen in comment threads like this. when there's no way to tell you're being humorous, your language does the work of someone being serious.
as the tumblr kids say, satire requires a clarity of purpose and target lest it be mistaken for and contribute to that which it intends to criticize.
Most people are not at risk for being unjustly harmed by law enforcement due to their online data. The people that are at risk are outliers, and still worthy of concern.
Our company has decided we no longer need whiteboard interviews as we just contract with Google for candidates' search history (filtered for technical issues only of course!).
(In case anyone thinks google sells search history retail: this is a joke...at least for now).
They wouldn't sell browsing histories; that data is a valuable asset. They would follow the model used by most "AI" products: an "AI"/"smart" service that launders candidates' history data into an opaque score. The hiring company's workload is reduced to mapping a score value onto their hiring plan, and Google will make a carefully worded claim that they are not selling personal information.
Sometimes I worry that after all the concerns about data collection, and even if most people would say they don't want to give up that data in a survey. But:
When presented with a screen that's hiding a silly cat picture they would just instinctively would click "I agree" 99 times out of 100, and at that moment, and maybe most, they really don't care...
Hot take: why the duck would you need all that info? Stick to the ducking results and show clearly marked ducking sponsored results based on search keyword, not the shadow avatar of me you're creating one "harmless" bs at a time.
Is there anything that _cant_ be better? I'm sure as engineers we can all come up with proposed improvements on pretty much anything. :)
>But I think DDG is exaggerating here. We're not _that_ bad.
The point (that DDG is making, paraphrased here) is spying on the user is not necessary to build a great browser/search engine. Do you disagree with that? I don't.
I agree. The word "spying" is thrown around a bit loosely. I suspect most users are oblivious, but the information is there to see; the choices are there to make.
That said, I have to make a conscious choice to avoid Google data collection wherever I can, but I still end up using many Google products. I was more accepting when data collected was silo'ed in individual Google services. Now that those barriers are down [1], it will probably take government intervention to re-isolate key platforms (like Chrome, Android, Youtube, Search, Ads, Maps, etc.)
For a first step these labels are okay but I would like for the developers to have to provide more details on the what/why/whatfor for all these points to settle exactly this dispute.
I think a critical view is important to prevent further advancement in privacy violations. If we are all okay with Chrome now, they're likely to include more privacy violating data collection in the future. A critical view doesn't necessarily mean the product is bad (it's very good at its job), but it is important to understand how much of our data we're allowing to be collected, especially when the user approves of it mindlessly (we've all been there).
Location data is sent by default to the default search engine and there's no way to disable that unless you deny location permissions from the OS to Chrome. If you want to use a map and give permission only to that (Bing maps for example) you have to allow Chrome to gather location data which will also be sent to the default search engine (usually Google). There's only the illusion of choice there (you can change the default search engine and send location data somewhere else though).
I am in agreement. You can choose not to log into Google from Chrome, for example. I don’t think Chrome misleads when it collects these specific information. Where it collects, it’s obvious— I didn’t see anything in the OP picture that was a surprise/hidden collection.
Under no circumstance do I want my browsing history being sent to a server. That's a pretty black and white issue being violated here. Extremely anti-user.
It's not remotely "anti-user". I want my browsing history sent to a server. I want that history available from all my devices. I suspect most users want that as well. I love it that on Chrome iOS I see history from my desktop Chrome. Even Firefox has this feature. Nothing "anti-user" about it
It's extremely anti-user. There is zero reason for this data to be passed unencrypted to Google, other than for them to spy on you. It would be trivial to implement syncing in a way that didn't expose all of your browsing habits to a spyware company.
Chrome's the fastest browser on the market. That, along with some nice marketing strategy is what makes it the absolute market leader.
The reason Chrome is so fast, is most likely thanks to the performance (harmless) data it collects.
Firefox may be proud of not collecting as much data, but (at least on macOS) they spend twice the battery to render twice as slow.
Not saying you shouldn't be able to choose what data you're collected (which, you are) but there are reasons (not necessarily evil) to get that data to the devs.
Please... 90% of users don't even know what web browser they are using. I can't count the number of times I've gone to someone's house to fix their computer, and they don't know what Internet Explorer or Chrome is. They just know what icon to click to get to the internet.
What makes it the absolute leader is the void left by a dismal IE, and a completely lost Firefox, a few years back. Today's lead is coasting. I don't know OSx, but perceived performance in Linux/Windows is not any better than today's Firefox/Chromium derivatives, if any at all.
You keep saying "harmless", and keep missing the point. If you don't want data to be used against users, don't collect it. And use explicit opt-in for everything.
This argument is like the classic _well, if you haven't made anything wrong, why do you care if the state collects that much info about you?_. The problem is not being harmless today. Is that, when the moment of being harmful come, then it's too late.
Today's lead isn't remotely "coasting". All you have to do is read the list of new features added every release. If Chrome was coasting that list would be empty.
"nice marketing strategy" is I think a fairly strong euphemism for the ways in which Google has its tentacles in absolutely everything. From Android to search to identity through a google account, gmail, and so on.
The browser itself is trivial to separate from Google, which is why (completely ungoogled) Chromium exists, but to get yourself out of the Google services web is very, very, hard.
Any company would have to comply with the data that they held, perhaps, which is precisely why this comes up when suggesting that perhaps they should have a little less data in the first place.
Why is stuff like saving browsing history, doing voice search or autofilling credit cards suddenly a bad thing? Chrome lets you turn all of that off in a single click if you want. I have personally found most of the features on that list to greatly enhance my web experience.
If the data stayed local, I would agree with you. ...but the issue is that they upload it and merge it into a profile of you that they keep, sell to 3rd parties, and is available to governments to inspect.
What do we suppose this picture is actually comparing?
I think these are self-assessments, and crowing that you've assessed yourself as not having problems is not a very reliable sign that you don't have any problems.
Is there more context for this? I'm seeing an infographic sourced to "Apple App Store as of March 2021," but I don't own an iPhone so I don't know where this information comes from. Are these boxes permissions declared by the app, data collection as detected by some heuristic at Apple, or what?
I am going to make the real controversial opinion:
Who is surprised here? Google makes money by spying on people. Everything they make is designed to make money. Search history gathers what you are interested in. Android and Chrome vacuum your physical data and more. YouTube both gathers your interests and might become a serious advertising platform someday. Gmail vacuums up what Android messaging misses. Google Ads, Fonts, and Analytics catch anyone who isn't using Chrome with the help of webmasters. Every major Google product is designed around one purpose: knowing everything about you.
I have used Firefox for years and years because this is obvious to me. Google shuts down divisions that make a lot of money all the time. Yet somehow, they are just spending ungodly amounts of money on all this "free stuff." Please. I don't care if you watch a 30 minute YouTube video on how to set all of your Google settings in just the right way for them to graciously not upload live video of your face. Two patches later you have to do it again. This is all while trusting this highly sketchy company to honor its settings. It's like trying to set the perfect contract with a demon or wish for a monkey paw. The real way to win is to not do it.
I don't think many people here are surprised, but putting this information front-and-center for ordinary people is an important step in raising the general awareness of privacy issues in nontechnical communities.
I think that the average person on the street might jokingly say that Google knows everything, but seeing the extent of that data collection right in front of them might have a different emotional impact.
Because it won't change. Everyone here knows what Google is and I will bet you that over 90% of HN unique users come from a Chrome browser.
It will only get worse. Google always steps on everyone when it dominates a market. Gmail marked your private email server as spam by mistake? Good luck even finding someone to care. Chrome is at this very moment disabling the HTTP2 standard push feature, essentially asserting Chrome as the real standards body.
This is what all of us chose. Without some regulatory body stepping in, privacy will never come back. Even then, that regulatory body will probably be completely staffed by Googlers, since they are experts in Internet privacy.
I disagree. Change is possible, though it may be a while before we see it across all mainstream products. But, the EU and California are making progressing in pushing Big Tech to making changes to their data collection policies, consumers are opting for privacy friendly products (DDG saw the dramatic increase in search of 62% in 2020), and companies are making structural changes in some of their products.
And yes, privacy law is needed to bring privacy back. But, it's also people and privacy friendly products. We have some power. Don't dismiss everyone because one company is too big.
What major tech company monitors you less than Apple?
Microsoft?
We live in an era where you can be a tinfoil hat closed off out of touch Linux user or just deal with it. Nobody likes it so you're not special for touting an obviously majority opinion. But the utility it brings to connect people makes most forget and not care.
PS Also, I'd rather share *some* data with a company that proactively (1,2) teaches users how to minimize data sharing and is moving to an opt-in model rather than opt-out. I realize that this is a marketing strategy also. But at least it's not disingenuous.
This is cool and I'm glad to see Apple reporting on it - but do they offer you a way to simply bypass it and achieve better privacy without breaking things? Like send fake location data, randomize a device ID per app, etc. XPrivacy did this quite nicely on Android and I'd love to see something similar on iOS.
When Google Ads is linked to Google Analytics, the links append the 'gclid' query parameter to the URL they point to. This value is how a downstream conversion, collected by Analytics, is associated with the upstream ad click from Google Ads. The 'gclid' parameter is unique to the ad impression, i.e. it's a join key to both the term that was searched, and the user who searched for it.
Well, I do everything I can to avoid tracking. I don't use any G$$gle service, browse with Firefox with a bunch of anti-spying extensions.
Startpage is good, I switch to it if qwant doesn't produce the required result. But I heard it feeds into G$$gle.
DDG will still have a hard time competing with Google in both search quality and revenue even if only keyword-based ads is allowed and used in future. Privacy is a nice feature to have, but not sufficient.
Okay maybe it won't overtake the tech giant but what about just providing a private choice? And what about Startpage?
1. Startpage provides Google results while protecting privacy.
2. So far, contextual marketing has been profitable for both Startpage and DDG. It's not Google level revenue, but interest in private search is growing significantly.
What part of those vague descriptions covers Google's practice of reading messages sent to a GMail address that are purchase receipts and adding it to a list of places you've shopped at?
In the last weeks I had seen a phone repeating the entered password in a clear voice (after a "security update" none less), and other showing in google maps the exact point where a home video has been recorded while playing the video.
Firefox has been faster than Chrome for months now. I switched over to it on Windows and I'm enjoying myself so far. It's not for everyone though, so I get your apprehension.
Enabling either the OpenGL or WebRender compositor might help in case of performance issues (`layers.acceleration.force-enabled` and `gfx.webrender.all` in `about:config`).
Firefox does not sync to my Google account. I appreciate that Firefox Sync exists, but I've already got a lot of configuration invested in my Google profile, and it's not worth the effort to switch to another sync system.
Why not use a Firefox fork like Waterfox? That fixes a number of the complaints people have with Firefox while not pushing us towards a browser engine monopoly - which you do by using a Chromium based browser.
Besides, the Basic Attention Token crap in Brave is kinda shady.
Nothing, so long as you're okay with telemetry, bundled junk like pocket, and the removal of the compact UI (see the thread from yesterday - https://news.ycombinator.com/item?id=26464533).
Firefox's internals are great -- it's never been faster or as stable, and for that we made real sacrifices like losing XUL extensions but increasingly I don't understand Mozilla's decision making.
EDIT: I understand many of the things I'm talking about can be fixed with about:config. I had a list of over 30 flags in my notes and it was becoming untenable to patch all my devices whenever a feature I needed was changed or removed. Whereas with Waterfox, I so far have only one about:config change:
Because the direction Chromium is heading is in large part controlled by Google, more than Firefox. Also Chromium still has Google bits, otherwise ungoogled-chromium won't exist right?
I see. I generally agree with that, which is one reason why I'm a Firefox user, but I'm not totally sure I buy it as a reason not to use Brave. It's a fair viewpoint, though. I could see it being a reason for being against Brave if the Google-ness of Chromium is able to make Brave less private.
I think Google recently took out the syncing capability from Chromium. Things like that.
Edit: Also the manifest v3 thingy which made Ublock Origin operation restricted, also I think it prevented CNAME uncloaking. Idk whether Google went ahead with manifest v3 though.
It's produced by a "Reputable" company and has a good update process. I can TRUST my software updates from brave.
"Ungoogled Chromium", while FOSS, have no good update method, and since i'm not going to build it myself, I don't have the same level of trust that something malicious hasn't been implanted.
Brave provides similar features to ungoogled chromium and I don't have to support Mozilla or Google and their practices.
Big issue is the trust factor. As well as all the Chrome zero days going out, not having security updates in a timely manner is risky.
Brave is still new and when it comes to security, we will have to see how it turns out.
You put quotes around reputable and rightly so. Brave just bought a ton of clickstream data, harvested stealthily by another "privacy-focused" browser. When it comes to privacy, no, I don't trust Brave an inch.
Are they not violating GDPR because of that? Surely they don't need to know most of that data to process search queries? Or it is a classic example of trying to bypass regulation by creating the fake need for this data in their T&C.
Another question is that why regulators don't look into that? If I search for "Pythagorean formula", do they need my address for that?
I think the business model like Google should be outlawed (and I believe it already is illegal in the EU) and it should not be possible to pay for a service with your personal data.
Yes, I get the argument that if services become paid, then a lot of people won't be able to afford the subscriptions, but we could have a law that email operators should provide basic email service for free, just like banks have to provide basic bank accounts free of charge.
Look at what the last paragraph says despite the title:
The updated version of Google’s code of conduct still retains one reference to the company’s unofficial motto—the final line of the document is still: “And remember… don’t be evil, and if you see something that you think isn’t right – speak up!”
I feel terribly misled—for several years now, I thought they removed "don't be evil" entirely (apparently, courtesy of overhyped news headlines and whatnot). Obviously it doesn't matter much in the grand scheme of things (I don't suddenly trust Google a whole lot more), but it feels bad to have both believed and passed on misinformation.
(And, yeah, it's also my fault for not having checked primary sources at the time.)
I always find it funny that some think we have this company that at some point decides to go rogue but because they had a "do no evil" in their motto they couldn't proceed. So they decide to remove it to unblock themselves.
Hasn’t quite a lot of time passed since they gave up on that motto? I’m not upset about the content of the “article”, I hope it wasn’t a secret to anyone that Google, the owner of the worlds largest web advertising platform, has been collecting data from users this whole time.
There was not anything in that list that I wasn't already aware of. I was expecting some kind of smoking gun that caused me to say "Aha! THAT is how I know Google is EVIL!" and it was never there. Half the things are opt in, the other half are disclosed if you read the TOS/AUP at all or even just think about why they don't charge for basic services. So yawn whatever.
All is about threat model. I really would love to switch to firefox but afaik it's less secure. So who would hurt me more, so random dude or corporation? My choice is simple.
It's the same with all messengers. I use facebook messenger (because everybody around me use it) and i know that they collect a lot of data (and have acess to my chats). For me, still threat isn't facebook but my acquaintances who use weak password, so they're easy target (and my messages would be compromised).
We have to change our mind about computers. Everything can be exploited and used against us.
> I really would love to switch to firefox but afaik it's less secure.
Afaik it’s more secure. Personally, I’ve enabled DNS-over-HTTPS and HTTPS-only mode, which are both available as standard options in Firefox. There are more security options on the about:config page.
Of course, there’s also Enhanced Tracking Protection, which is enabled by default. It’s more of a privacy feature, but it has a positive effect on security as well..
Firefox doesn't have a Spectre vulnerability that allows websites to read crossorigin images, videos, and JS that won't be fixed for another month or 2 :)
Google's apps offer opt-in voice search (solving Audio), optional end to end encryption for bookmarks & search history (solving Browsing History), while location and diagnostics are opt in as well and it's also up to you if you want to store your address book of store you credit card with Google (solving Contacts & Financial Info).
Yes, most people will probably use Google Contacts, Maps, unencrypted bookmarks & browsing history and and store their credit card data in the browser, but you're not forced to do that.
I really wish DDG would innovate on search, improve their own crawlers & indexing and then attack Google head on by comparing better results with the ad-ridden, SEO-flooded shit show that Google results have become. Instead, their marketing keeps on comparing apples to oranges and just keeps on playing the privacy angle, which is intellectually dishonest because DDG and Google have completely different goals.
Boy do I hope for some real competition in the search engine market. Brave and Neeva can't launch soon enough. I'm so sick and tired of giving DDG changes upon changes only to switch back to Google because the results haven't improved much.