Private Windows, now more Private
-
Why not chose StartPage instead? Startpage proxies Google results through its service and returns the same Google quality search results without the tracking. It also lets you chose if you want your data to pass through European or US Servers. DuckDuckGo is an US based company whereas startpage is based in the EU therefore enjoying stricter privacy laws and is not subject to "gag orders", NDA agreements or US National Security letters. Claiming that since you store no user data makes it impossible for the US Government or any secret US court to serve DuckDuckGo and its companies with an NDA, "gag orders" or similar is ignorant at best because this fact does not limit the ability of the US authorities to serve them with such letters or compel the company to install a backdoor, hand over TLS encryption keys or implement any similar measures without telling anyone because that is the sole purpose for such orders. Saying that Lavabit was in an entirely different circumstance is ignorant as well. StartPage was awarded an European Privacy Seal Award which DuckDuckGo does not have. Moreover, DuckDuckGo's Founder, Gabriel Weinberg has been involved with and chaired data gathering companies which he later sold. https://8ch.net/tech/ddg.html I am going to copy-paste the most important points raised on that board along with links to archived pages:
"Gabriel Weinberg, the founder of DuckDuckGo, used to run the Names Database [https://archive.is/9wR4O] This was a website that aimed to connect people who had lost contact by gathering lots and lots of e-mail addresses. Getting access could be done by either paying money, or submitting lots of e-mail addresses of other people. Since the service revolved around gathering personal information, it is very suspicious for Gabriel Weinberg to start a business that is privacy-oriented. [https://archive.is/N2qe8]
Lastly, DuckDuckGo used to set a tracking cookie, even though they claimed they didn't. This was done by a third party they cooperate with, which means that it wasn't necessarily intentional, but if it's unintentional, it shows a worrying lack of care. [https://archive.is/qntuk]"
I'd love to hear your take on this
@jon @OLGAA @jonmc
I hope that I did not come across as rude or critical in a destructive manner. I just want to point out some things that I learned about and certainly want to know more on this story and whether or not this information is false, outdated or if these things have been fully addressed by now.Best Wishes,
George
-
@cqoicebordel You are talking about the Blog homepage, you linked the main page, that's why I couldn't see Twitter. Yes, the Blog frontpage has Twitter. As for Wordpress I could only find it on a prefetch tag (I block prefetching) and apparently something about emojis (I still need to check how the script works). As for Google fonts I could not see it, the Vivaldi HTML doesn't contain it and Twitter also doesn't load it, maybe the wordpress prefetch does it, or the emoji call.
-
@humanoidvivaldionsteroids I'm just a user so I can't give an official statement, but I'll guess for DuckDuckGo contacted Vivaldi and StartPage/Ixquick didn't.
As for Weinberg having previously a non privacy company, I would guess it could be he noticed it was not cool and changed his mind. I know, hard to believe, humans are stubborn stupid and never change or accept others views, but there actually exist human beings that do this.
The links though point to some real facts, like DuckDuckGo being american means we can't be certain the US government has not demanded them to disclose all their info to them. And the 3rd party cookie was also very stupid on DDG part.
But complementing the cookie, this is actually very ironic, because your link points to a now defunct blog by Alexander Hanff, who you can find on Twitter and clearly labels himself as Co-Founder of Think Privacy AB, whose website is https://think-privacy.com/ where you can't access without allowing cookies, or more specifically Local Storage. The LocalStorage doesn't contain anything, but still is required. Quoting Sheev Palpatine from Star Wars: "Ironic, he could save others from cookies, but not himself."
I also find stupid that the site doesn't work without JavaScript. And also they use Google fonts, which means that they are sending user data to Google which is ridiculous for a company whose objective is to improve privacy.
-
@an_dz: Yeah, sorry, wasn't specific enough. I talked about this current page in the blog (not the forum). The network panel tells me that the call to gfonts is from https://vivaldi.com/assets/js/script-abbbdeed63.js (which is called in this page).
Also, jQuery is doing a request to https://fonts.googleapis.com/css?family=Lato (which is calling the woff2 font).
I think jQuery is the only culprit for all the requests to gfonts. But I'm not sure 100%.
For Wordpress, it was only an emoji (https://s.w.org/images/core/emoji/2.4/svg/1f986.svg). But it's enough to follow users (referer+ip).But it doesn't matter in the end : vivaldi.com leaks data to others company. In the current case, Wordpress, Twitter and Google.
-
@humanoidvivaldionsteroids: Or searx.me. Which is an open source proxy of all majors search engines (and some not majors at all)
-
@an_dz Thank you for your reply, unfortunately I did not check his website and indeed it appears as a SNAFU on his part and quite ironic indeed. Double standards and (I guess) shame on him. Even some facts that I have listed are thin in evidence because there are no other good secondary sources that I was able to find on this matter and I concede the first point about his old company, Names Database. I do not want to nitpick but I think that as soon as DDG receives a letter asking them to do something without following the standard disclosure procedures they should contact rights and advocacy groups such as the ACLU and the EFF and make some noise about it just like Signal did:
https://signal.org/bigbrother/eastern-virginia-grand-jury/
I have used DDG for a year and a half but their search results aren't as good as what google provides, especially the instant answers or information boxes for certain terms. I use a combination of StartPage and google until I might switch solely to StartPage or ay other search engine besides google that can offer the same search results as G or Bing. Also in DuckDuckGo's privacy policy it states " we may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites. We do not use any third parties to do the code insertion, and we do not work with any sites that share personally identifiable information (e.g. name, address, etc.) via their affiliate programs. This means that no information is shared from DuckDuckGo to the sites, and the only information that is collected from this process is product information, which is not tied to any particular user and which we do not save or store on our end. It is completely analogous to the search result case from the previous paragraph--we can see anonymous product info such that we cannot tie them to any particular person (or even tie multiple purchases together). This whole affiliate process is an attempt to keep advertising to a minimal level on DuckDuckGo."
While I am fine with them to earn a commission from my purchases I assume that they do not manipulate the shopping results in any way, Maybe it's just me being a bit too pedantic but they should display this message more prominently in shopping search results either before or during a shopping search . When a search engine or a service provider states total privacy it either should be all or at least not state that it is total privacy and explain the balance and the trade offs that need to be made to ensure quality service. I do recognise that you cannot have the cake and eat it too but if it is indeed this way then make it abundantly clear and do not claim total privacy when it is unrealistic to achieve it. I still think that DDG is a great search engine but there are some things that are less talked about when it comes to service providers and specialised search engines like DDG and StartPage. I hope that they can be more transparent about past and future incidents since an official response or public debate is always a good way to back up your claims and reinforce the viability of your business model.
Just my 2c. -
@cqoicebordel: what about Brave browser? Isn't that based on chromium? That has private tabs too.
-
@opticyclic As @Cqoicebordel has said, the main Chromium code (the one developed by Google and available at the Chromium project website) doesn't allow private tabs. This feature has to be built from "scratch".
Brave did this, but it took them many, many hours to develop. And since it's a completely new feature not available in the Chromium code they must lose lots of hours of development to fix their code when they merge the upstream code from the Chromium project. If Chromium changes something in the way tabs are handled (which is all the time because of security patches) Brave has to adapt their code for those changes, and since this is a very big code they made it's also a lot of stuff to fix.
Vivaldi has also made changes in the Chromium code they need to keep updated as well, but in other areas. Both Vivaldi and Brave don't have infinite developers and so each choose what Chromium changes to work and keep. Don't expect Brave to add panels, notes, mouse gestures and the other Vivaldi features because most of their devs are working on maintaining this big feature of them.
Right now Vivaldi doesn't have enough people to maintain another Chromium change (And a big one).
-
Just a simple question - Firefox can do containers for different sites u wish. to make sure they do not track you btw tabs or outside containers. is this something thats possible in Vivaldi or will be ?
-
@lordy Vote for the feature requests: Multi-account Containers and the Profile Manager linked to from that thread.
-
I love your browser, thank you. I am slowly transitioning away from Chrome and am planning to replace it with Vivaldi.
I know that providing complete online privacy is a chimera, especially in the U.S. with much of the service providers n few few hands, but the lead Vivaldi is taking to add whatever is feasible and not too onerous to use is heartening.
I have not searched within the forum, yet, but if there is a way to donate my little dollar contribution, I will.
-
Glad you are enjoying Vivaldi! The best way you can help Vivaldi is to tell your friends.
If you really want to send a little money Vivaldi's way, though, the only route for this currently is to purchase something from the Vivaldi Store
-
if you so believe in privacy, why there are still no private tabs?
why no master password to protect your saved login/passes or profile?
why no simple button to globally disable javascript?
etc. etc.for me caring looks different.
-
@schreck There is a difference between caring about a thing, and caring only about that thing.
-
@schreck Vivaldi is not a password manager. Install a separate pw-manager to protect your sensitive information – that's the same with all browsers: The passwords are protected by your operating system, you can only view them by inputting your password. And yeah, anyone who gets a hold of your computer while you are logged in can access your accounts – but in this case you created the vulnerability, because no one other but yourself should have access to your operating system's personal user account.
Private tabs might come, but you can use private windows for now.
You can disable javascript for webpages with an extension.
Point is, if you know what you are doing, none of these are dealbreakers.
-
so no development in this area, but many in design.
sry, but thats still a joke to me.
funny that opera12 had an option to encrypt the pw.dat so simple tools like
"nirsofts operapass" could not read it. just start "chromepass" and see everything in clear text.
for me that is a huge security hole. -
@schreck said in Private Windows, now more Private:
opera12 had an option to encrypt the pw.dat so simple tools like
"nirsofts operapass" could not read it. just start "chromepass" and see everything in clear text.It's funny how our experience in this field is so different... I have used 3rd party tools to read the passwords from the old Opera's
wand.dat
file multiple times, whereas once I lost my passwords from Vivaldi after a system re-install, there was literally no tool to retrieve them ("chromepass" turned out completely useless in this regard). In the end, I had to give up, even though those were my passwords. -
which tool can decrypt the wand.dat if the master pass is set??
-
@schreck IIRC it was "OperaPassView" - but it was years ago, I don't use Opera 12 as a browser anymore - I removed all of my personal data from there and I keep using it only as a mail client.
-
thats the point, it cannot be decrypted, if the master password in opera is set!