[liberationtech] DuckDuckGo vs Startpage

Wed Jun 26 15:11:47 PDT 2013

Jacob Appelbaum:
> Mike Perry:
> > In terms of data confidentiality and integrity though, I think it is
> > probably true that the Tor hidden service trust root is much stronger
> > than the browser CA trust root, even given the 80bit name hash and
> > RSA-1024 sized keys (which probably are roughly equivalent to each other
> > in strength for most purposes).
> > 
> 
> I think it also changes how people might begin to start attacking a user
> - it is not as easy as just throwing up a Tor node, allow and exit and
> running some general tools.
> 
> > However, Mozilla is working on supporting cert pinning for https, which
> > we should pick up in Tor Browser in the next few months. Basically, all
> > we have to do after that is pin our search provider's actual leaf
> > certificate in Tor Browser itself, and the https usecase becomes both
> > stronger than the hidden service case in terms of data confidentiality
> > and integrity to the actual search engine (who knows what happens after
> > that, of course), and roughly 4X faster...
> > 
> 
> However - Tor will not protect users after the exit node - so if there
> are libnss bugs, the exit or things beyond it may tamper with it. The
> attack surface is smaller for Tor HS users, I think.
> 
> > 
> > Still, despite all of this, I still think hidden services have an
> > important roll to play in Tor. The search engines of today just aren't
> > the proper use case for them right now.
> > 
> 
> I'd like to see an omnibox search that allows people to choose - I would
> especially like it if that one was totally unfiltered, even for porn or
> other thought crime.

Good points. While I am against having the default be 4X slower just for
this, I will happily merge omnibox .src files for both the hidden
service version of DDG and an unfiltered StartPage if anyone provides
them and put them in order right after vanilla StartPage and DDG
engines.

-- 
Mike Perry