DuckDuckGo’s surprisingly simple plan to make the internet more private

Gabriel Weinberg doesn't want to blow up the internet. He just wants to blow up the trackers.

DuckDuckGo CEO Gabriel Weinberg at the company's office.

DuckDuckGo CEO Gabriel Weinberg.

Photo: DuckDuckGo

DuckDuckGo has been on a tear the last couple of years. In mid-2018, the company's data showed it was getting about 18 million searches a day; now that number's pushing 100 million. Both numbers still look like rounding errors next to Google's gargantuan scale, but DuckDuckGo has cemented itself as one of the most important players in search.

But Gabriel Weinberg, DuckDuckGo's founder and CEO, doesn't see search as the endgame for the company. DDG is a privacy company, set out on building what he calls "an easy button for privacy." Weinberg's is a slightly unusual vision for privacy on the internet: He wants to let people use the apps they want, the way they want, without being tracked or having their personal data collected and used against them. And it should all happen in the background. Privacy, he said, should be "really making one choice: the choice that you want privacy, you don't want to be coerced."

Weinberg joined the Source Code podcast to discuss what we talk about when we talk about privacy, how a company like DuckDuckGo can compete in a world dominated by the data gatherers and whether products can be both private and best of breed.

You can hear our full conversation on the latest episode of the Source Code podcast, or by clicking on the player above. Below are excerpts from our conversation, edited for length and clarity.

I want to know how you define privacy, both in your own head and at DuckDuckGo. I get the sense that when we talk about privacy, it sounds like we're talking about the same thing. But we're actually talking about 1,000 things that only slightly overlap, and so it's hard to have one coherent conversation about privacy, because we don't even know what we're talking about. But I'm assuming at some point, you've had to, like, write on the whiteboard, "Here is what we mean when we talk about privacy." So define it for me.

I've literally done the digital equivalent of writing on the whiteboard! Yes, you're right, people have lots of different definitions. And I think a common definition is, "Privacy is protecting your personal information." I do not think that's the right definition, to be clear.

I think the definition is a little more abstract, but wider than that, which is: It is protecting your personal autonomy. And the flip side of that is, it's protecting you from not being coerced to make decisions you wouldn't otherwise make. And when you think about it from that perspective, all sorts of things relate to privacy. The filter bubble and misinformation, where you're getting presented with information trying to coerce you based on your personal attributes, that is a privacy violation that people don't often connect with privacy. Same with commercial exploitation. So you can be coerced in a lot of different ways. And our solve for that, generally, is to give people solutions to not only protect their personal information, but to make it so they're not really trying to be manipulated online.

Does that then lead you down the road of thinking the solution to everything is choice and transparency?

No. And the reason is that choice and transparency — sometimes what they call notice and consent, where you get all these cookie dialogs, asking you to make all these controls — can be really complicated and confusing. And our basic product vision is "privacy simplified." And simplified is really making one choice: the choice that you want privacy, you don't want to be coerced. Not 1,000 choices. In fact, I think that's generally what people want.

We like to call it the "easy button" for privacy. That's what we're trying to build. And I think that's what people want: They don't want tons of different choices and controls, they just want not to be tracked and targeted online.

I think that's what people want: They don't want tons of different choices and controls, they just want not to be tracked and targeted online.

How much are you either hoping for or banking on regulation to help you on that front? We've had lots of debates about the default screen on Android where you have to choose your search engine when you load it, and that was a good idea that kind of broke in the execution. But that's the sort of thing that I think could be a push to end some of that inertia. But I also get the sense that, especially here in the U.S., if that stuff is ever coming, it's not coming anytime soon. So is regulation part of your planning?

Our focus has always been purely from a product perspective. We've been succeeding in spite of those headwinds, and we're not banking on regulation, but we would welcome it, and we do welcome what's going on in the House and in the U.S., and think that there really is a chance for unlock there.

You mentioned search preference menus. We are working with governments across the world to try to implement that well. And I do think that if those anti-competitive mechanisms were removed, by regulation or otherwise, we would be much bigger than we are now. Because right now, it's just difficult to switch on some devices. On Android, if you want to use our search engine across the device, it takes by our count over 15 different taps or clicks just to do that. And it really should be one. In a real competitive landscape, it would just be a one-click type of switch.

There's a huge, ongoing perception that you still have to sacrifice product quality for privacy, that privacy is a thing you get at the expense of something else. And so just purely by saying, "We are the privacy-preserving one," you plant this thing in people's brains that says OK, well, it's gonna be a little worse, but it's good for privacy, and am I willing to make that trade-off? You mentioned feeling like you had reached sort of a reasonable par with Google in order to then go focus on other stuff. What do you make of that perception gap at this point?

Yeah, I think that it is a vestige, at least for us, that isn't really real anymore. But you're right: It is embedded in people's minds that there has to be a trade-off. But we don't think it's true.

Now, granted, it is true for lots of products. And I think part of the reason there is, a lot of privacy products were not companies. They weren't built with high-quality UX in mind. They were often run by enthusiasts who had the best intentions in mind, but they weren't trying to build businesses to compete with the biggest tech companies in the world, like we are.

We need to change that narrative over time. There are a couple headwinds on that, though, just to be completely frank about it. One is, people just think it's not even possible to get privacy. And so we have to educate them that this easy button is real. We have to explain to them, yes, if you stop the trackers from loading, they won't track you.

The other headwind is that there's been several studies that have done this: You have the same set of search results and put different logos on it, and if you see the Google logo, you perceive it to be more relevant. So over time, we have to just overcome that with our own brand, and let our users tell other people that you're not really sacrificing anything here.

One thing that we've seen over and over is these privacy-first options, saying, "We won't let anybody track you. (Except for us.)" And then it's like, well, now all I'm doing is choosing to trust you instead of Google. And I've been trusting Google for two decades. So I might as well just keep doing that. I've even talked to people who are afraid to download VPNs now, because if you download a VPN, somebody else is just going to look at your web traffic now. I would think even if you're right, even if your intentions are good, even if you're handling everything correctly, to say "trust us" and have people believe you just seems so hard right now.

Yeah, I think what you're getting at is, you know, there's not a lot of trust in the world.

And deservedly so!

Yeah! Look what happened to the internet. It's been overrun by untrustworthy companies, and tracking and whatnot. And that's why we set up the company vision to begin with, "to raise the standard of trust online." And so we then focused right from that point to say, we don't track you ever, and established that trusted brand, and both just in our privacy policy and kind of a legal way, but also just in all of our product design, communications, etc.

We're just saying we throw everything away. And you can just use us more privately.

And so we're not saying, "Hey, we're going to store your information, and then trust us to keep it safe." We're just saying we throw everything away. And you can just use us more privately. The question that always comes up is, then how do you make it good enough? Like, how do I get local weather or restaurants if you don't know who I am? And the short version of that is, your computer can send that information on the fly for that request, and we can use it to show you local coffee shops, and then throw it away, never storing it or saving it. We don't have a copy and the government can't come get it, etc. And that's effectively how it works.

Right. But even in that transaction, I have to believe you that it's not being stored anywhere. And you have to prove this crazy counterfactual, which is like, how do you show me that you don't have my data?

There's no way to prove a negative. So at some point, it's turtles all the way down. But, you know, we have a very strict privacy policy. We would get in trouble, ultimately, if it was violated. And all of our code for our apps and extensions is open source. So you know, people look at it, and can kind of see what's going on. But then you ask, Well, are you running that code, or are you modifying it or something? And so there's some level of trust that is needed. But I mean, our whole company's purpose is for this purpose: to help you protect your privacy.

Do you spend a lot of time having to make your life harder in the name of privacy?

Yeah. I mean, we have architected lots and lots of systems to maintain people's privacy that no one would ever architect but for this problem. And we would love other companies to do it, and so we're trying to start explaining how they work. And internally, we have tons of other reviews and internal audits just to make sure we've never done anything or will never do anything against our code policies, even accidentally.

And a good example of this is, how do we A/B test the site? How do we make improvements while keeping everyone anonymous. And had to develop a completely anonymous A/B testing system, where we basically just show different versions of the page and count what happens. The drawback in that system, which is making it harder, is that we can't keep somebody in one of the variants, because we don't have any session data. We don't have any way to tie searches together.

So I could be both in the A and the B group.

Yeah, you can reload the page and then see something different. And then you're in both groups. It averages out, it just makes our life a little harder, statistically. But we had to build that system from scratch, we can't use name-your-big-data-analytics, we don't use any third-party software for that kind of stuff.

That gives you a pretty long to-do list, full of things that ordinarily you'd just call in an API and move on with your day.

Yeah, we don't have any third-party scripts on our site. Never have. But it means we have to develop more than other companies to make that all work.

Are there pieces of it that just straight up don't exist in a privacy-preserving way that you're comfortable with?

In search? Yeah. All of these content providers we use, we've architected to protect user privacy, so they remain anonymous. Any content that we call from anybody, we call on the user's behalf from our servers. We don't pass the IP address or part of the IP address or a hash or anything that is personally identifiable or can tie searches together. And then we bring back the content, and then format it for the user. But a lot of that didn't exist. We had to architect those systems, depending on the provider, and work with them to make it all work.

When you say you don't store anything, is that literally true? Do you save things for like two seconds in order to execute whatever you're needing to do, and then it gets deleted? What does it mean to not store anything?

So we believe that means don't write anything to disk, don't log anything that could tie anything back to an individual. So that means your IP address, or a unique cookie. We don't write any of that down, effectively. And the same with the email: It passes through us in memory, and we never store it or log it to disk. So any information that we would write would be completely anonymous information. So for example, we save a record of what queries occurred, but without any information associated with the individual with it. So nothing related to your computer or IP address or anything like that.

So the way to do that is not to collect it for as long as you need it and then get rid of it, it's just to never ask for it in the first place. Like, DuckDuckGo is just not asking for that information from me when I come to the site or open the app.

That's right. It's a little more complex than that, because the way the internet works, it just sends your IP address and your device ID and stuff. So you actively have to not store it. I mean, storing it is an act, but all the computers are set up by default to do it.

So why work on email? I'm curious kind of why that felt like sort of the next natural extension of this.

Thinking about where people spend the most time online, in other places besides search and browsing, email is on that next list, as [are] other apps. So those are the two protections that we started to focus on next.

We're not asking people to switch their email provider or email service. We're saying more like, 'the same inbox, more privacy.'

For email, in the simplification that we're trying to do, we're not asking people to switch their email provider or email service. We're saying more like, "the same inbox, more privacy." The same way we've been doing with our browser extension. So you can keep your current email provider, but you get this new email address — or set of addresses you can generate — that get delivered to your regular inbox with trackers removed. And then app tracker blocking for Android, initially, will help protect you and all the other apps you use. We're gonna make all that third-party tracking kind of go away on Android.

As people have adopted more tracker blocking on the web, more email tracking has popped up. People are using an email address as the main identifier now in a lot of places. And so it's the natural place to get protection next. And then apps [are another] Wild West, like the web was 10 years ago, where there's just tons of tracking embedded in apps, and it's not transparent. And it's just ripe for someone to come in and help protect it.

Is your way of thinking about it that you want to build privacy layers around those apps, or that you want to build your versions of those apps? You're making me think of that scene in "Silicon Valley" where Jian Yang has the whiteboard and it's like, "New Twitter, New Instagram, New Google." Are you just going to build Private Twitter and Private Instagram and Private Google? Or do you want to become the tracker blocker around all of those existing things?

It's the tracker blocker. We believe "privacy simplified" means not having to change as many workflows as you can. And so ideally you'll use the same websites, the same apps, and they won't break, but you'll get all sorts of new privacy protection.

Now, some apps we think you should switch off. That's the Googles and the Facebooks. Some of them are so big, and they're the main tracking networks that you really probably should avoid. But other things like your general utilities, a DoorDash or something like that, they have trackers embedded in them. We would like to help you just keep visiting those sites and apps, but in a much more privacy-protected way. And if it works well, it'll be seamless. You just set it up once and you're protected.

Policy

Musk’s texts reveal what tech’s most powerful people really want

From Jack Dorsey to Joe Rogan, Musk’s texts are chock-full of überpowerful people, bending a knee to Twitter’s once and (still maybe?) future king.

“Maybe Oprah would be interested in joining the Twitter board if my bid succeeds,” one text reads.

Photo illustration: Patrick Pleul/picture alliance via Getty Images; Protocol

Elon Musk’s text inbox is a rarefied space. It’s a place where tech’s wealthiest casually commit to spending billions of dollars with little more than a thumbs-up emoji and trade tips on how to rewrite the rules for how hundreds of millions of people around the world communicate.

Now, Musk’s ongoing legal battle with Twitter is giving the rest of us a fleeting glimpse into that world. The collection of Musk’s private texts that was made public this week is chock-full of tech power brokers. While the messages are meant to reveal something about Musk’s motivations — and they do — they also say a lot about how things get done and deals get made among some of the most powerful people in the world.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Fintech

Circle’s CEO: This is not the time to ‘go crazy’

Jeremy Allaire is leading the stablecoin powerhouse in a time of heightened regulation.

“It’s a complex environment. So every CEO and every board has to be a little bit cautious, because there’s a lot of uncertainty,” Circle CEO Jeremy Allaire told Protocol at Converge22.

Photo: Circle

Sitting solo on a San Francisco stage, Circle CEO Jeremy Allaire asked tennis superstar Serena Williams what it’s like to face “unrelenting skepticism.”

“What do you do when someone says you can’t do this?” Allaire asked the athlete turned VC, who was beaming into Circle’s Converge22 convention by video.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

Is Salesforce still a growth company? Investors are skeptical

Salesforce is betting that customer data platform Genie and new Slack features can push the company to $50 billion in revenue by 2026. But investors are skeptical about the company’s ability to deliver.

Photo: Marlena Sloss/Bloomberg via Getty Images

Salesforce has long been enterprise tech’s golden child. The company said everything customers wanted to hear and did everything investors wanted to see: It produced robust, consistent growth from groundbreaking products combined with an aggressive M&A strategy and a cherished culture, all operating under the helm of a bombastic, but respected, CEO and team of well-coiffed executives.

Dreamforce is the embodiment of that success. Every year, alongside frustrating San Francisco residents, the over-the-top celebration serves as a battle cry to the enterprise software industry, reminding everyone that Marc Benioff’s mighty fiefdom is poised to expand even deeper into your corporate IT stack.

Keep Reading Show less
Joe Williams

Joe Williams is a writer-at-large at Protocol. He previously covered enterprise software for Protocol, Bloomberg and Business Insider. Joe can be reached at JoeWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Policy

The US and EU are splitting on tech policy. That’s putting the web at risk.

A conversation with Cédric O, the former French minister of state for digital.

“With the difficulty of the U.S. in finding political agreement or political basis to legislate more, we are facing a risk of decoupling in the long term between the EU and the U.S.”

Photo: David Paul Morris/Bloomberg via Getty Images

Cédric O, France’s former minister of state for digital, has been an advocate of Europe’s approach to tech and at the forefront of the continent’s relations with U.S. giants. Protocol caught up with O last week at a conference in New York focusing on social media’s negative effects on society and the possibilities of blockchain-based protocols for alternative networks.

O said watching the U.S. lag in tech policy — even as some states pass their own measures and federal bills gain momentum — has made him worry about the EU and U.S. decoupling. While not as drastic as a disentangling of economic fortunes between the West and China, such a divergence, as O describes it, could still make it functionally impossible for companies to serve users on both sides of the Atlantic with the same product.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Latest Stories
Bulletins