Please let me pay for this service. It looks worth having and: 1) I'd like to know that it is funded by users, rather than advertisers and thus can resist privacy invasion presuures. 2) I'd like to have some basis for belief that it will be around longer than it takes the VC money to run out, (or the marketing budget, or whatever non-sustainable pot it comes from).
DuckDuckGo has been profitable since 2014 through private search ads, and our company is not controlled or beholden to venture capital (or VC or other money).
Our product vision is an "easy button" for privacy, an all-in-one privacy app. Email protection is part of that, along with search, browsing, etc. Put another way, we see email protection as part of our core product, and within our app we autofill duck addresses in email forms.
We will take your comment into consideration, though we prefer free services where possible so more people can get privacy protection, which is in line with our mission. This service comes with it a set of privacy guarantees here: https://duckduckgo.com/email/privacy-guarantees and we will not be putting ads on it.
This answers the VC money fear, but not everything else OP brought up.
If a product is subsidized by a company's other products, it's hard for me to believe it'll be around forever. For an email product, that's a huge problem, because I use my address in hundreds of contexts that take a long time to identify and migrate, much longer than a typical company's sunsetting notice.
EDIT: The parent comment was edited to note that they perceive DDG Email as part of the core product, not a separate product. That's helpful to know, but I'm still skeptical that that's sustainable in the long term. This would not be the first time a feature was cut from a product because it was too expensive to maintain. I'll be waiting to see their unified privacy solution really take off before I place any bets on this feature.
The business case seems pretty obvious: They're using this as a way of getting people to install a browser extension / app, and changing their default search engine. A search user is valuable, which makes customer acquisition expensive. This also makes their extension way more sticky.
Just because you're a product doesn't mean the service is not sustainable. It should be very easy for them to figure out whether the feature is profitable or not compared to other acquisition methods.
Perhaps for them it's a loss leader, but for someone using this to sign up to stuff.. I would like to use this for almost all services but given the business model here I would be uncomfortable using this beyond the more spammy stuff (not that that's not useful!)
I can't speak for their circumstances, but I'd assume a VC-backed company describing themselves as "not beholden" to VCs means they're default alive without additional fundraising, and that they haven't given over majority control of the board to their investors.
Part of privacy is reliability and certainty. Just take people's money like Proton, you can still have a free tier.
You have "email protection" but do you have nice stuff like sandbox detonation and private intel partnerships with companies like Proofpoint? That as a premium might be worth charging. Heck, even public yara rule scanning and allowing inbox owners to set things like DMARC enforcement and custom rules and actions would be a nice premium.
Fastmail’s email servers are in the US and the company is in Australia. Both are in the five eyes jurisdictions, plus Australia has some draconian laws (see Assistance and Access Bill, though email itself is generally not a secure enough channel). ProtonMail is in Switzerland, which is better surveillance-wise, but it still complies (as one would expect a company to) with court orders and has disclosed the IP address of an activist due to a court order.
Fastmail supports IMAP, which means you can use any email client on a desktop or phone. ProtonMail does not support IMAP directly on desktops and requires a “bridge application” for IMAP. This is provided for paying customers. ProtonMail does not have any support for IMAP on smartphones, where you’re either left to using the browser or using the ProtonMail app.
I love that DuckDuckGo is based in Paoli. Grew up in the area and it's crazy to think there's an innovative tech company in a sleepy Philly suburb haha. Keep up the great work!
Even if ads do not appear on the product, it doesn’t mean that the data isn’t used to drive ads revenue. Are these addresses used for conversion measurement?
In terms of value to the end user, and a mission of expanding privacy-improving practices through their services, I can see why a feature like email protection would be prioritized over a proprietary index.
While one may marginally improve some aspects of the service and has strategic value, the other actually moves the needle in terms of an end-user's overall privacy.
What’s the point of email forwarding for a search engine that no longer has an index? Licensing Bing results is all of DDG business but a rounding error for Microsoft. That’s a very precarious positron to be in.
Email forwarding and search are orthogonal products solving different issues, so first, I’d point out that the value of the email forwarding service doesn’t change.
But presumably DDG has contractual agreements with Microsoft so “no longer has an index” is a hypothetical that isn’t really grounded in reality or something that would be likely to happen without warning.
And if Bing is no longer viable at some point for some reason, that would be a good reason to change the priority of building an index.
But clearly DDG feels secure enough in their current agreement, and as of now, we have no reason to believe otherwise.
This is also the reason I'm not particularly excited about DDG in general. They have exactly the same business model as Google, so there is no reason for me to feel confident they won't follow the same trajectory as Google.
But they don't. Google is much bigger than search from an office competitor to a cloud provider to a phone software vendor. DDG will not become google. Something with a bigger reach like tiktok might.
Being funded by search ads was never an issue with google and privacy until they switch from contextual ads and morphed into personal ads.
DDG winning search on bing search isn't the same trajectory. At best lycos like would be the most likely trajectory.
Google in 1999 was an upstart search provider promising a clean, minimal, user-focused ad-supported search experience as an alternative to entrenched search engines like Lycos, Altavista, Yahoo.
DuckDuckGo in 2022 is an upstart search provider promising a clean, minimal, user-focused ad-supported search experience as an alternative to entrenched search engines like Google.
I'm old enough to remember when Google was the new and exciting thing (just give it a try and ignore the stupid-sounding name!). For the longest time there wasn't even such a thing as a Google account, it just saved preferences like safe-search locally using cookies, and ads were just a small distinctly colored text bar above the organic search results, directly related to your search keywords.
The original Google ads were actually to the side - no way of confusing them with organic listings. Ads above results weren’t rolled out until 2007ish. Internally there was a lot of debate as to whether this might be confusing to users/evil, so the decision was to only show ads above results on queries that appeared to be high commercial intent. RIP old Google
Not sure how paying for this service makes it any less likely that DDG will flip a switch to make that targeted advertising money though. That temptation will exist either with a paid service or a non targeted ad supported service.
Nothing is guaranteed, but at least you are the customer not the product if it's a paid service.
I have very little tolerance for companies that double-dip though. I subscribed to the New York Times for a while, but cancelled, in part, because they still stuffed their pages with ads both explicit and implicit.
You need to be explained why it's cheaper to publish news to a website than print physical papers every morning and deliver them to homes across the country every single day in time for it to be relevant?
I currently use Neeva. They're okay, but I'm still looking for a better option. I don't subscribe to their paid version because the upgrades you get just seem like silly gimics to me. They have some good ideas but fall short on execution in my mind.
I really want the option to turn off certain sites (eg. w3schools) entirely from search results, not just demote them.
Personally I see a difference between a search company funded by ads vs a privacy company that leverages anonymous search ads to pay for its privacy offerings. I mean yeah DDG could completely flip its business model but what would they actually flip to? Their only main differentiator is that they are privacy friendly.
As long as ads are their core revenue stream, there is a risk of compromising users. If you aren't paying for hte product, you aren't the customer, as the old saying goes, and no superficial rationale for why they are "different" will change this.
I don’t understand why people think the converse of “if you are not the customer, you’re the product” is true.
Contrapositive yes, converse no. Companies could still make money from both sides of a market. Look at the lack of net neutrality. Look also at how ISPs used to be able to sell your data, despite you paying them !
In the meantime, you can pay either Apple or Fastmail for this feature as part of their larger product offerings. Maybe there are other paid services which offer this as a feature. These are just the ones I'm aware of.
I think the honest answer there is that there is no way to promise that (who knows who's managing the project in the future). But I do know that the folks currently on the team are planning that, when we do raise the prices, we only do so for new subscribers (but again, this is not a promise, just my personal expectation).
How much would you pay? I've moved to posteo and I can't think of paying more than 1€/month for email. I never considered Protonmail because 4€/month is what i consider way too much for email. My root server is 6€/month (atom/4gb/1tb/100mbit).
I personally pay 10$ a month for GSuite basically to handle the mail of my personal domain name. Is it worth it? I'm not sure yet but I had way to much issues with email not delivered in the past (blacklisted IP ranges, reputation, etc.) when I had my own mail server.
I prefer paying 10$ a month and forget about mail server issues and wondering if my mail is going to the spam folder..
Plenty of stuff you pay for has ads. Newspapers, Cable tv even Netflix are talking about getting them. The corporate imperative to serve the shareholder trumps all others.
Newspapers is free or dirt cheap. You basically pay the paper and distribution costs if anything. Those that do charge to read it online don't show ads to subscribers.
> Cable tv
The main selling point of cable TV was no ads. Eventually they started adding ads, and that's probably the reason cable tv is fading away.
> Netflix
Doesn't have ads right now, and if they do in future, people will just move away.
Please stop censoring search results, no matter how morally/politically opposed to them the organization may be. Privacy + Censorship is not a good mix.
We are not (and never were) censoring results. I realize I caused the misunderstanding due to own my unfortunate phrasing in a tweet, and since then, how our news results rankings work has been highly misinterpreted.
We (DuckDuckGo) subsequently made a help page to explain it in detail: https://help.duckduckgo.com/duckduckgo-help-pages/results/ne.... Tl;dr: we don’t censor, we don’t move things so far down that they are effectively censored, we don't evaluate individual stories or narratives for "truth", and we don’t rank based on any political agenda or opinions. This is just a summary though so would read the help page for details.
I also put out a clarification thread about various misconceptions that included this topic amongst others (like the fact that no, we’re not owned by Google), but the help page referenced above is the best and most thorough explanation of our news rankings. https://twitter.com/yegg/status/1515635886855233537
I think you lost all credibility when you made that tweet. If you want to regain it, you should be completely transparent about which sites you have taken any specific ranking action regarding, and why. This should be relatively easy to do, as you say you take action very rarely.
I'm sorry, but this does not seem to counter your initial tweet at all. Your first tweet said, and I quote, "At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation."
This is censorship, since DDG is now deciding what is considered "Disinformation".
Your clarification thread does not state DDG is not down-ranking these sites based on what DDG feels is "disinformation". It merely asserts DDG is not purging results - these are two very different things.
Just to be clear, I too support Ukraine, and am aghast at the deliberately misleading information ("disinformation") coming out of the Russian War Machine. However, as I previously wrote, the truth needs no defense. Hiding away things we don't like doesn't make them go away, it just makes them go underground. We need this information freely available so it can be discussed and disproven out in the open.
If users wanted curated search results, they might as well use Google or Bing...
Lastly, to repeat, Privacy + Censorship (of any kind) do not go together. This was quite a large misstep for DDG, and has burned a lot of trust.
They rank based on relevancy. Domains that are found misleading readers often are less relevant than domains that are misleading readers less often. That's it. All search engines have to make these calls all the time, and I see no viable alternative approach that would be better. There is no 'natural' ordering of the web...it's all judgment. If you think DDG's results are less relevant than those you get elsewhere, use the better engine!
Not sure if you read the whole thread as it says explicitly "We are not ranking based on any political agenda or my (or anyone else's) personal political opinions. We are also not assessing any individual news stories."
To be clear, that means we do not have a definition of "disinformation". I'm to blame for tweeting something that was highly ambiguous but we were never actually doing what we've been accused of doing.
@yegg Even if you don't agree with one side, you can't consider the side to be "spam", "disinformation" or "propaganda" and hope people will just be OK with that. What is spam to you, is useful information for somebody else, some people love what Tucker Carlson have to say, others prefer Brian Stelter. That's why freedom of speech exists[1]. I think the right approach to down ranking is having a banner with a link with undeniable proof of what the article says is wrong, which is very hard to do, I get it. Otherwise, is preferential down ranking, and whatever you argue on Twitter won't change the minds of people. I too have been using DDG from the beginning, and I'm grateful more private alternative to Google exists, I just hate censoring as much as privacy violating businesses.
I think you may have misinterpreted how this works. We do not do any page or story or narrative level assessment or fact checking at all, or any fact checking for that matter.
Please don't post like this to HN, regardless of what someone else did or you feel they did. Regardless of what you do or don't owe them, you owe this community better if you're participating in it.
Prompting the user to install a browser extension to use an email forwarder looks like a dark pattern to me.
This lowers my trust in DDG.
It's the same approach all companies use, once they grow. "Everyone is telling you they are the good guys, but they are throwing invasive technology at you! Fight back! ... by installing our invasive technology! Trust us, we are the good guys!"
We offer an all-in-one privacy app. The extension/app generates the addresses and autofills them into email forms, and so you need the extension/app for those key parts of the functionality. Once signed up you can use it somewhat though without the extension/app by giving out your personal duck address directly, and trackers will be stripped from messages sent to it and then forwarded to your regular inbox.
That said, we may indeed offer sign up outside the app/extension, but right now as a forwarding service, we are very sensitive to abuse of the system and so limiting it a bit helps to ensure we are on top of any abuse that doesn't bring down the whole system.
As said, we may support this in the future. We did a lot of testing and found unequivocally that most people would prefer to have generated addresses automatically available in context within email fields when they use signup forms vs. having to go back to another website to get them (which most wouldn't actually do).
I agree with you in so far, that you would probably have 1000 times less users if you would cater to people like me.
But it still feels wrong to me. Instead of giving company A their email, you are suggesting people give company B full access to all their browsing data. The "Trust us we are the good guys" approach just does not click with me.
Understood, though just to be clear, email field identification happens client side, so we don't get your browsing history. More fundamentally though, we make a browser, and our privacy policy is to never create search or browsing histories.
I said you get access to peoples browsing data. Your extension can access everything on every page people visit. And can send that data eveywhere.
That you promise to behave well does not change that. It is the "Trust us" argument again. If we could trust companies, we could give them our real emails.
> If we could trust companies, we could give them our real emails.
I'm assuming you realize that there is more than one company, and that one can trust different companies to different extents. I trust DDG more than I trust most other companies. I trust DDG more than I trust Amazon, and I've given Amazon my email--a decision I sometimes regret!
If the approach DDG proposes would be to "Trust us with your email rather than company B", that would be a fair argument.
But DDG proposes "Trust us with all your browsing data, including your private emails, your bank statements, all your passwords, everything you read and write rather than manually type the temp email". To me that seems pretty extreme.
That is not exactly what they propose. That is, however, the proposition, because of the way browser makers bundle permissions.
I suggest that DDG proposes, "Trust us with access to many things, most of which we promise we won't even look at, none of which we will ever keep." Given that the extremeness is the result of browser makers, I think DDG has earned my trust. Your mileage may vary.
Right. The idea would be that users might not want that subset of functionality at all. In those cases, why not degrade gracefully?
"Why do you need my house keys to deliver mail?"
"So we can put packages inside the house in case it's raining hard and you are not at home."
"That's OK, I have a good porch and would rather you put everything not fitting in the mailbox there"
"Studies show that users prefer dry packages and may be concerned with theft. We need this in order to provide secure delivery in all conditions, take it or leave it"
Wouldn't that require making and maintaining separate versions of the app for every possible subset of permissions? That sounds like a nightmare not just for DDG but also for new users that have to figure out which version they need to install.
So you offer a privacy app that needs to see everything I'm doing online, just like a VPN, but at the html level. And that "html vpn" is free, funded by god knows who. I wouldn't use it, but I admit this might be a valid business idea. I'll also add that this "vpn" app trades a bit of DDG's reputation for attention.
But the app changes my default search page and new tab home page without my permission. I installed the app to get my duck email address then immediately disabled it.
I'm not sure which "app" you are referring to in this case, but generally private search is a key part of being private online. In every browser but Chrome, you can, however, subsequently change the search engine if you want. It's not our fault you can't do it in Chrome -- that is their restriction.
The Waitlist suggested access to this was tied to device identifier.
When I tried today I was not waitlisted, but I also wasn’t challenged to identify myself that I saw. I created my forwarder. I’m puzzled how, if this is connected to my device ID in some way, I will be able to access it on my next device.
It is not connected to your device id. The waitlist worked on your device by storing a local token, and we never had your device id. On other devices/browsers you will need to authenticate via an email code/link forwarded through the service.
I really don’t see the issue here. It’s completely understandable that DDG would not want to offer an easy API for this. This is likely seen as a “DDG app” feature exactly like Safari’s Hide My Email and like every browser’s password manager.
They could offer an external UI, but this is a beta and DDG is not an ISP. If you want email forwarding, you already have plenty of choices — and catch-all addresses and plus signs.
It is cognitive dissonance, with DDG. A large proportion of their users are exactly the sort of people who will not thoughtlessly install unnecessary extensions into their browsers. It is increasing attack surface, when minimizing should be a goal of privacy services. By the time you end up at DDG, you usually have been trained not to click on untrusted links and not to install dodgy browser extensions 'for your chance to win', and then confronted with a push to install what appears to all intents and purposes to be a dodgy browser extension.
I did a little digging into the source and discovered that every email sent by your email alias to your main email, includes a password capable of deactivating that email alias. Imagine you want to forward an email sent to you through an alias, to someone else. You've now given that person control over your email alias.
Every email from an email alias includes a link. That link is used to look at the details of that email alias and gives you the option to deactivate it. You'd think there would be some login verification to prevent just anyone from using that link, but no, anyone that has this link, can now deactivate your email alias. The password itself is formatted in json, compressed with deflate, and simply tacked on to the end of the link's URL. When you click on the link, the destination webpage takes the end of the URL, decompresses the deflate, and serves a deactivate button to deactivate the email alias. When you click on that button, the email alias's address and password are sent to DDG's API and your email alias is disabled.
Another thing that worries me is that you can pretty much direct email to anybody without their consent, no verification is required from their side. Dream work for spammers and scammers.
Let's say I have made an alias from bob@duck.com to bob@example.com, I don't need any verification from Bob to be allowed to do that. Therefore I can do stuff with that email now, including registering in websites with the duck email, and send emails to Bob from that website.
Well I can't tell in how many ways that can be harmful, but for example if Bob is tricked to click to the legit link from the website and enter his personal information, then I can change the alias to my own email, reset the password and have full access to Bob's verified account, so yeah, that's one big flaw IMO.
But that's only if someone knows that your email is bob@duck.com, right? (And the same would happen if someone knew your true email address was bob@example.com - they could just send emails there.) I think the intended use case is that you use a different and unique alias, e.g. randchars83@duck.com, for every service. At least, that's how we intend Firefox Relay to be used. Then you can just throw away that alias if it starts getting used for unwanted messages.
> Email Protection is not available in this browser
> Email Protection is also available on desktop with the DuckDuckGo app for Mac (beta), as well as DuckDuckGo extensions for Firefox, Chrome, Brave, and Edge.
What, I need to install a piece of software to my computer or an extension to my browser to use a service? That's invasive and, without a very good explanation (that is nowhere to be seen on that page), massively hurts my trust in the company.
> That said, we may indeed offer sign up outside the app/extension, but right now as a forwarding service, we are very sensitive to abuse of the system and so limiting it a bit helps to ensure we are on top of any abuse that doesn't bring down the whole system.
This is a satisfactory explanation. But it's neither on the signup page, nor on the announcement page.
... and it's still really easy to accuse you of just trying to get some app installs - which would be fine if you admitted it.
I've eventually settled on using fastmail and their masked email feature which can create addresses on my own domain for this. I love DDG and appreciate anyone helping in this space to make email more manageable but I assume these addresses will be quickly blocked from many services just like the firefox relay addresses are.
I wish there was a way for these relay services to be effective since they are much, much easier to get someone to use than telling them to just up and move from gmail to fastmail.
Fastmail is awesome. I'd combine DDG Email with their Masked Email in the cases where you want to strip image tracking and opaque tracking urls from your links.
Just in case you happen to be a 1Password user as well, there is an integration where they can auto-generate masked emails for you: https://support.1password.com/fastmail/ It makes it very convenient!
Auto-generated masked emails using Fastmail and 1Password has worked very well for me when I'm using Firefox, with the 1Password extension installed, on my laptop.
I can't for the life of me, however, figure out how to get 1Password to auto-gen a masked email from their iPhone app or desktop app.
You can also use a custom domain (and/or anything else Fastmail lets you choose), this way you can put all the randomly generated emails coming to you in a single folder (as a rule).
I've heard of fastmail in years past. Your comment got me curious again about it. How's the deliverability of their service? I guess with anything "email related", the hardest part is making sure that the emails I send actually ends up where I intend to go. (Goes without saying, outbound emails are NOT spam but legitimate emails.)
I’ve never had any deliverability issues with Fastmail and am happy with their uptime. I originally used google apps (aka gsuite/workspaces these days) but had enough headaches using it for personal email that I switched and the quality of service feels the same to me.
I was a paid Fastmail user for something like 3 or 4 years, largely as a consequence of the good standing they seemed to have among the audience on HN. Deliverability (and uptime) with Fastmail is excellent.
However, during that time I filed two support tickets and neither left me feeling particularly warm and fuzzy about the faces behind the business that I was pledging my annual subscription to. The response in the latter instance in fact was so bad that it's what motivated me to look elsewhere rather than renew. I was prepared to pay more just to know that I wasn't doing business with bullies/jerks. I ended up going with a smaller provider. Without checking, my annual expenses are actually around half as much, IIRC.
Are you worried that a smaller provider may be less reliable in the long run, or you are already prepared to just switch your domain again if it becomes an issue? If you are ok sharing it, what is the provider?
I really wanted to switch to Fastmail a few years back but 1) its registration page was intermittently down for me and 2) when I caught it during uptime, it sent me to phone SMS verification which I found invasive given it is a paid service. I was ready to give it a chance anyway, but no SMS got delivered to me in the end.
"Smaller" in this case just means smaller, not newer. They've been in business for a long time, and I expect them to be around for a while. The downsides tend to be in the opposite direction: they're old, and their webmail/account management interface until recently showed its age. This was not a problem in my book; I don't use webmail. The greater concern with mail providers involves the risk that they would pull something like what Gmail did and withdraw from offering standards-based email (i.e. no more IMAP). In that respect, what the sluggishness to get with the trends really means is a lower risk rate of churn, and I'm happy with that.
Your profile doesn't list a way to contact you privately.
As of last year, it's supposed to be one of the services listed on <https://www.fsf.org/resources/webmail-systems>, but it's not. I just reached out to Greg Farough to follow up on why.
Thanks, that FSF link might be good enough. (I don't want to identify this account and don't immediately know how to set up an anonymous throwaway email)
By the way, according to my Mail's connection doctor on mac, it appears to use IMAP when talking to gmail as of now. I wasn't aware Google was phasing out proper IMAP support, my concern was more about them being known to ban accounts with little recourse.
I’m always interested in discovering paid service email providers who respect privacy. Could you please email me the provider name/URL on my temp email listed on my profile? Thanks.
Unfortunately, this seems to require the "DuckDuckGo Privacy Essentials" extension to use it in your browser, which for Chrome at least requires permission to "Read and change all your data on all websites." It's not clear to me why an extension is necessary at all, let alone an extension that much more broad than just email and requires such extensive permissions.
I wonder how the privacy aspects of this compare to Firefox Relay?
Having used Firefox Relay a bit, I'm pretty happy with it but the free tier is relatively limited. DDG email seems to allow unlimited addresses but after a quick look it's not obvious that you can turn them off if an account is getting too much spam.
Just like Apple too, who also released an email privacy service, thread here: [1] But comparing that thread with this one, people seem oddly more skeptical of DDG than they are with Apple
Also, friendly reminder that Safari collects your browsing history and admits so in their TOS [2]. Whereas DDG merely has access, but says they do not collect anything
“Email is not encrypted” and “all of your emails are relayed to another system” are largely different things with different threat models (I trust DDG as much as one can in this sort of system)
This is cool - but I feel like to do this well you need to co-mingle valid and masked emails on the same domain. Otherwise services can and will prevent folks from signing up with @duck.com emails.
Apple does this well with their email masking service; all emails have an @icloud.com domain, the same as primary emails. A service can't simply block @icloud.com without blocking millions of primary/default addresses.
Feels like it tries to solve the same problems as Mozilla Relay [1] (they call it Firefox Relay, but the addresses are @mozmail.com soooo) except Mozilla lets you attribute specific aliases for things.
Good to see more like it, but having only 5 addresses for free feels like DOA now. Even during the waitlist they didn’t increase the number, kinda shameful.
I was able to generate a random private duck address (o8oyr2f8@duck.com) that's connected to my name@duck.com which then forwards to my personal gmail. I can change the forwarding address too which helps when I move from gmail to a private-er service. Please send me your best educational spams at the address above. It will self-destruct shortly when I generate a new private address. Really cool to see more offerings like these.
You do if you want to autocomplete your email address in fields I guess, but I agree it isn't a very good reason for an extension. It's one of those convenience extension that, would it be made by any other company, I'd be very suspicious of.
Bystander impression from other comments I've read on DuckDuckGo posts recently: they have good intentions but behind-the-scenes are a bit less rigorous on privacy than would be ideal. Is this an accurate impression from anyone who knows more?
For example, see discussion in this thread[0]. Even though the article itself seemed misleading, many commenters raised some good points.
They have pushed that contract to the limit thankfully. You can load up Firefox with ad blockers and then compare and contrast with their browser. They do as well as allowed, and have extra value adds. More well intentioned than brave imo.
Could someone explain a bit about where this fits in?
Is this an e-mail provider? A client? Something else?
If I have X Provider and I access it using Y client (ie, Thunderbird), what exactly does this add/replace/enhance? Where does "Relay" fit in since some people here mention it?
So I could set up a new e-mail address, have it forward to my existing e-mail address, and DDG does some filtering/spam protection before it does the forward?
I refuse to believe that anyone who thinks that 1984's main takeaway is that there is no objective truth and that any attempt to stand against propaganda is a greater crime than the propaganda lies themselves has actually read it.
The problem with minitru is that 2 plus 2 does not, in fact, equal 5. It's not that saying one fact is true is somehow immoral.
>I refuse to believe that anyone who thinks that 1984's main takeaway is that there is no objective truth and that any attempt to stand against propaganda is a greater crime than the propaganda lies themselves has actually read it.
The issue has never been about truth itself. It's always been that you should allow no single entity to be the arbiter of what is the truth, because everyone has an agenda, and organizations have multiple people with multiple agendas.
I (the author of the tweet you referenced) commented on this subject on this thread here: https://news.ycombinator.com/item?id=32597340. We didn’t do that, e.g., we actually did not (and do not) censor anything for political purposes, we don’t do any URL-level fact checking, etc.
No one gets to be the decision maker on what is misinformation and what isn't. Nobody is the exception to that rule. No matter how good faith and good their intentions are. It's not how you're doing it, it's that you're trying to do it at all that is the problem.
Except we're not doing it at all. The above comment references our news rankings help page, which has the most detailed explanation of how they work: https://help.duckduckgo.com/duckduckgo-help-pages/results/ne.... In actuality, we have no definition of misinformation, are not fact checking any articles or stories, etc.
I don't like the naturalistic fallacy (nor any others) that people use to justify things as being Good™. And dicks are objectively* funny so "naturalistic phallacy" makes makes for a funny phrase, that implicitly mocks the Naturalistic Fallacy but it's too long her for a HN username.
*In the military this is considered objectively true, and drawing dicks on things is one of humanity's oldest memes.
I’m the founder and CEO of DuckDuckGo. We are not (and never were) censoring results. I realize I caused the misunderstanding due to own my unfortunate phrasing in a tweet, and since then, how our news results rankings work has been highly misinterpreted.
We (DuckDuckGo) subsequently made a help page to explain it in detail: https://help.duckduckgo.com/duckduckgo-help-pages/results/ne... Tl;dr: we don’t censor, we don’t move things so far down that they are effectively censored, we don't evaluate individual stories or narratives for "truth", and we don’t rank based on any political agenda or opinions. This is just a summary though so would read the help page for details.
I also put out a clarification thread about misconceptions that included this topic amongst others (like the fact that no, we’re not owned by Google), but the help page referenced above is the best and most thorough explanation of our news rankings. https://twitter.com/yegg/status/1515635886855233537
Its not the results I'm worried about with DDG, after all you just use bing behind the scenes although I think there's some shenanigans there too.
It's your deep financial ties to Microsoft that's worrying. And it seems you're willing to turn your back on privacy/tracking for your friends when Microsoft asks.
As for our private search engine, it is in actually way more than Bing at this point. We have approximately a millions lines of search code at this point, many tens of millions of dollars invested in them and a staff of about 200.
Who yegg is is well known on HN, but you yourself are anonymous so it's a bit weird to see this exchange. Maybe (1) click on the name of the person before asking them who they are and (2) flesh out your profile to return the favor?
> In addition to down-ranking sites associated with disinformation, we also often place news modules and information boxes at the top of DuckDuckGo search results (where they are seen and clicked the most) to highlight quality information for rapidly unfolding topics.
DuckDuckGo's search manipulation is just no different to Google's since essentially they are using Microsoft Bing's search results. [0] So the manipulation, down-ranking and censoring of search results was inevitable with tons of evidence of this: [1][2][3][4]
"At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation.": [1]
At this point, DDG is a front for Microsoft using 'privacy' buzzwords. Might as well use Brave Search then.
During the Russia / Ukraine conflict the Duck Duck Go founder decided to filter out any results which are deemed as Russian misinformation. Censorship of any kind, is always still in the end, censorship.
This is the gist of what everyone is upset about, of those who are upset. The entire point of DDG was that the search results were never to be tampered with for personalization reasons, censoring results due to political reasons seems to be a slippery slope.
Censorship is always censorship, yes, and naivite is always naivite. Meet the tolerance paradox!
Also, search engines have _as their sole purpose_ sorting their list of links by some measure of quality. Removing useless nonsense is what we go there for.
"The entire point of Company was ABC, doing 867 seems to be a slippery slope." Huh?
I don't see how capturing personal information from users for any reason has anything whatsoever to do with omitting perceived misinformation from all users across the board. One can agree or disagree with the decision, but they are two entirely different issues in entirely different areas, and one is in no way a "slippery slope" toward the other.
I’m sure I’m in the minority but after the recent thing where the CEO was explaining why they were delisting political news they didn’t like I’ll never trust them again.
Email tracking is just done through image downloads right? So if images are blocked by default then tracking isn’t possible? Image blocking is easy enough to do.
This is a great idea, but it's going to take nearly zero time for companies to decide not to accept private duck addresses for business purposes.
DDG is signing themselves up for a hard challenge, though I think they're up to it. Once you offer a service like this, you take upon yourself the burden of maximizing the outbound signal-noise ratio for emails, or you run the risk that other email providers identify your node as damaged and route around it. So they'll have to be on top of uses of their service for spam and aggressively police and kill those accounts. I'm excited to see what special sauce they're bringing to the field in this space.
I don't understand why it needs me to install a browser extension. That's a very weird requirement to sign up for an email address? Could someone explain why an extension is needed or why it was designed like this?
I’m using duck.com, Hide My Email and Firefox Relay. All work fine, but I think Firefox Relay has better UI to manage aliases: it has tags and can block promotional emails. And I like that it’s a paid service.
I already use spamgourmet (a old great free service in the same features) and despite the fact it has several very different domains, it's rejected sometimes.
Something as high profile as ddg will be flagged very quickly.
The only one that can get away with it is gmail with the "+" aliases, because nobody can afford to reject it.
Fastmail also has the feature of being able to generate throwaway email addresses for sign-ups and it doesn't require installation of any extension - they call it masked email in the settings[0]. Pretty happy with it.
We've banned this account for repeatedly breaking the site guidelines.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
It seems like DuckDuckGo's raison d'etre is being "not Google". Personally, I don't care about these "evil tracking" where my screen size and user agent might get logged through some telemetry.
What I'd pay for in an email client is a way for it to help me sort through the giant stream of stuff I constantly receive.
For example when I buy something online I get 4 different email threads in Gmail: 1. order confirmation 2.it was shipped 3.it's arrived 4.fill up this survey
I want my email client to cluster all those into one. Basically sift through my crap and summarize what's important and delete the unimportant stuff because I hate having to constantly keeping my inbox tidy.
I’m building https://pretzelbox.cc which is like mailinator for your own domain. While it doesn’t generate email addresses for you, since it’s a domain inbox, you can use whatever string@you-domain.com to make it work.
It’s getting a bit of traction even with the rubbish website :).
The idea of on-demand addresses is great. I operate my mail server since 2006 now and implemented such feature straight away. I started to never use the same mail address again. name-something@domain just forwards to the inbox of name. After a time I lost track about all the addresses I "generated".
But one thing was nice, I registered my mail with a hotline agent via phone. I told them my mail is name-$YOURCOMPANYNAME@domain. They replied, oh you are a colleague, then I can give you discount :)
How did you end up resolving the issue with too many generated emails addresses? I built and use my own domain inbox which buckets emails by email addresses (https://PretzelBox.cc) but more and more, I find myself using just one or two email addresses.
My way dealing with email has converged over the years to the following.
First, there two different kind of on-demand addresses.
1. Registration, these emails are stored in the password manager
2. Throw away, one time addresses
Second, I maintain a two mail folder method: inbox and archive. Sent mails are put into inbox, too. This makes mail threads a whole. From there they are either purged if spam or moved over to archive.
From here I can answer your question, how I manage all those generated addresses. The folders are indexed. So I am able to find anything (if not encrypted). In particular I can retrieve all my used addresses.
- Simple PHP web page for adding and listing existing aliases to/from a database. Adding a new alias has to be quick. Type in a description, and copy out the generated alias to clipboard for use elsewhere.
- Startup script that fetches the aliases from DB and modifies a mail client configuration so that all randomly generated addresses are annotated with a short descriptive text indicating to whom the address was issued and makes it so that replying sets the From header to the alias.
Actually, I do not actively generate, meaning create, a new addresses.
I use a filter I'm the delivery process in Exim which truncates a suffix from the local name.
It's a good service and I've used it a few times, but the requirement to use an extension is a bit of a pain point.
Especially as the extension seems to try and install some adblock style stuff which I already use ublock for and overwrites the default search engine with no option to disable it. Every time I need to generate a new email I need to re-enable the extension, copy the email address and then disable the extension again. Not nice UX.
Another (useful) service that could have been run on client, and not have to allow access to the contents of my email to an unrelated company.
Sadly, the current situation with mobile and desktop software makes it much easier to run this in a datacenter. Access to my email's content, and especially binding my identity on many web sites to the duck.com domain, likely is worth something, too.
The concept is great, and compared to other companies, i trust duckduckgo more...but, there still a for-profit company (nothing wrong with that)...so how will they sustain this? Maybe i'm not so smart with funding models, but i would feel better if there was some sort of pricing...to make me feel like as a user i'm not the product...am i paranoid for being suspicious?
Just a note... an email anonymous relay that lets you use custom domains is a much better alternative if you ever plan on migrating away. SimpleLogin is open source and allows you to export the information so that if their service ever goes offline you have a backup and can recover your aliases.
The pushback on the extension requirement is insane. Feels like you could have been advertised this as a “DDG App” feature and maybe that would have saved you a bit.
As a Safari and Hide My Email user I completely welcome this service. If anything, it pushes more companies to do the same.
Will DDG ever drop Bing index (yes, I've heard of mythical DDG crawler)? In current form, calling DDG a search engine is an overstatement, it's more like a Bing proxy. By a nature, what was censored in Bing is censored on DDG.
I can't think of a situation where I'd want to use this - if I don't trust the provider, I'm using a throwaway email like mailinator.com. Curious to hear about what use cases this would fall into?
If you want to take it to next level after mailinator.com, I’m building https://pretzelbox.cc - an inbox for your domain. Use whatever string@your-domain.com and we’ll forward emails to your linked email account.
DDG's complicity in the censorship around COVID has me avoiding any & all they do forevermore. I also recommend family & friends who ask against using them, and advise my clients the same.
You need to put your real address as the from address in replies, not the duck address. DuckDG then strips out the real one and replaces it with the duck one, it seems.
Interesting. Just noticed that DDG have removed a graph with traffic from their stats page [1]. I wonder if it is because the daily average stopped growing like it used to...
Safari extensions are a PITA compared to the others. However considering that they already have apps in the store, I assume they will start including the extension at some point.
Coincidentally we just this week added tracker removal to https://relay.firefox.com/ (needs to be explicitly enabled due to the risk of breakage).
I should note though, that while it is open source (and freemium), it's reliant on quite some infra that makes it pretty much impossible to self-host, if that's something you're looking to do.
Please let me pay for this service. It looks worth having and: 1) I'd like to know that it is funded by users, rather than advertisers and thus can resist privacy invasion presuures. 2) I'd like to have some basis for belief that it will be around longer than it takes the VC money to run out, (or the marketing budget, or whatever non-sustainable pot it comes from).