This is a machine-translated copy of an article written in German mirrored on this website. The original article is here:

Der Irrglaube von der NSA-sicheren Suchmaschine [] []

DuckDuckGo : The mistaken belief of the NSA-safe search engine

Since the beginning of Snowden revelations, the privacy-friendly search engine DuckDuckGo has seen increasing traffic. But it does not protect them from the NSA.

By Patrick Beuth
January 13, 2014, 12:49 pm 45 comments

Gabriel Weinberg should be very grateful to the NSA . When last summer it became known how comprehensive the US-intelligence trawl monitoring was, the traffic to Weinberg's privacy-friendly search engine DuckDuckGo increased rapidly. By now they are fairly consistent with about four million searches per day - twice as much as before the Snowden revelations began in June 2013.

What is visible here is a desperate act. DuckDuckGo encrypts the data transmission via SSL and promises not to collect personal user data, to use cookies in the default setting, to operate no tracking and not to pass on search terms to the operators of the pages in the search results. Many people may therefore believe that DuckDuckGo is an NSA-safe search engine .

It is not that simple. DuckDuckGo is a US company and is thus subject to US law. A court could force Weinberg to issue its SSL keys, as did the email provider Lavabit . The secretive FISA court may also force DuckDuckGo to collect and post user data without informing users.

DuckDuckGo also operates its service on Amazon servers, also a US company - which also cooperates voluntarily with the local intelligence services. Amazon is the cloud service provider of the CIA . Patrick Beuth

Maybe many know it all and still prefer to use DuckDuckGo than Google. Weinberg had said at the end of 2012 in an interview with ZEIT ONLINE that he wanted to offer not only more privacy than the competition, but also the better search results. In fact, his search engine works well for English-language topics, at least as an adjunct to other providers DuckDuckGo is absolutely suitable.

Compared to Google, the numbers of DuckDuckGo are still hardly worth mentioning. Google has about three times as many search queries a day as DuckDuckGo does every year, according to TechCrunch .

And although other privacy-friendly offerings such as Startpage and Ixquick have reported a significant increase in traffic since mid-2013. Overall, however, that does not mean that they move significant user groups away from established search providers. If the increases should go to the expense of the major search engines, then only at a barely perceptible level. In any case, figures collected by comScore reveal no negative development on Google, Bing or Yahoo. No change in search behavior

In other words, the NSA revelations may already lead to declining sales for network technology vendors like Cisco. The forecasts for American cloud providers may also be gloomy, analysts expect 2016 losses between $ 35 and 180 billion . But in the search engine market, the NSA has not yet led to a change in behavior.

It could just protect the European offers Startpage and Ixquick actually from the NSA. Both are not subject to US law and transmit all data encrypted. In order to get information about users there, the NSA would have to hack itself in their data centers. Not that she would not do that, her program Muscular does just that .

Update : Readers have pointed out to us a) that the initial number of 400,000 queries we've ever seen at DuckDuckGo is wrong - that's four million.

b) that DuckDuckGo relies on Perfect Forward Secrecy , whereby a forced release of the SSL key does not yet enable a retroactive decryption of transmitted data.

c) that Startpage is also hosted in the US and thus subject to the Patriot Act. However, according to a company spokesman, this is not true: some of the servers are in the Netherlands, he said on request, and all European users are taking action. In the US there are servers for US users belonging to the Dutch company Surfboard Holding BV - the operator of Startpage and Ixquick. However, as a Dutch company, Startpage is not subject to either the Patriot Act or the Foreign Intelligence Surveillance Act (FISA), so it does not have to help the US authorities.

Apart from that, there would be no usable user data on the servers - which also applies to DuckDuckGo, as the company itself reports.