[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: DuckDuckGo now operates a Tor exit enclave

On Sun, 15 Aug 2010 17:40:16 +0200
Michael Scheinost <michael@xxxxxxxxxxxxx> wrote:

> Hi all,
> thanks a lot for your answers.
> I did some additional reading and now have a vague idea how tor exit
> enclaving works.
> As far as I understand, enclaving doesn't break tor anonymity and
> privacy. Quite contrary to this, anonymity may be even enhanced by it
> (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhatisExitEnclaving).
> On the other hand, there are still some points coming up with the post
> of Eugen that remain unclear to me:
> 1. Eugen is posting this text from
> http://www.gabrielweinberg.com/blog/2010/08/duckduckgo-now-operates-a-tor-exit-enclave.html
> without any comment to this mailinglist. This blog enrtry looks alot
> like an adveritsment to me. Eugens intentions are hidden. So perhaps he
> is connected to duckduckgo.com in some way or perhaps he is not.

I don't know whether Eugen Leitl is connected to DuckDuckGo, but he has
routinely posted/forwarded Tor-related news stories to the mailing
list.  Search for his name in the archives at

As for whether the blog post is an advertisement, Gabriel Weinberg
created, owns, and operates DuckDuckGo, and readers of his blog are
presumably interested in his business ventures and already aware of

> 2. Why is it offering HTTP
> If duckduckgo.com really cares for the anonymity and privacy of its
> users, why do they offer unencrypted HTTP?

From a comment posted by âphobosâ (Andrew Lewman) on

| The reason we as tor allow http and do not automatically redirect to
| https is that some companies and countries block ssl websites by
| default. I've seen this in action at a few banks around the world. They
| feel they need to surveil their employees to meet audit requirements.
| If we automatically redirected to the ssl site, many people would be
| sad. Some countries in the Middle East block ssl versions of sites, but
| not the non-SSL version. Simply forcing SSL everywhere is fraught with
| complexities. However, enabling SSL for users to choose is a fine
| option. You'll notice my links were to the ssl version of a site if it
| existed.

DuckDuckGo probably allows non-SSL access for the same reasons.

Also, they would need to have an HTTP service that redirects to their
HTTPS URL in order to support users typing âduckduckgo.comâ into a
browser without a URL scheme, such a redirect can't be sent before the
browser has sent the request (and URL) in the clear, and once the user
has sent a request in the clear, sending the response back in the clear
doesn't hurt their privacy any further.

> Even if tor users are encouraged to use HTTPS, some of them will forget
> doing so.


But it wouldn't be needed *if* you could ensure that you are using the
exit enclave.

> 3. "This site requires JavaScript."
> In my opinion this point is the worst: When I entered
> https://duckduckgo.com with NoScript enabled (my default) I can read the
> message "This site requires JavaScript." just below the search box. So
> duckduckgo.com wants its user to turn on java script. But with java
> script enabled your anonymity is nearly switched off.

It looks like they mainly use JavaScript to load search results lazily
(when the user scrolls down so that the end of the page is visible).
Their FAQ (<https://duckduckgo.com/faq.html>) says that they are
actively working on a non-JavaScript version.  I hope they finish it
soon; their site wedged my browser the first time I tried it.

For now, Torbutton can block many of the scary JavaScript-based attacks
while still allowing JavaScript to run.

> Perhaps duckduckgo.com's primary intention is not offering anonymous
> services. Probably they just want to offer another alternate search
> engine. And perhaps they just think offering a tor enclave is a nice
> addon. So perhaps in conclusion, they didn't think much about anonymity
> and privacy. I don't know it.


> But why was this ad posted to the tor mailinglist?

I don't know why Gabriel Weinberg didn't post a link to his blog post
to the list himself.  Advertisement or not, it is certainly an
appropriate news item for this list.

Robert Ransom

Attachment: signature.asc
Description: PGP signature