DuckDuckGo’s surprisingly simple plan to make the internet more private

Gabriel Weinberg doesn't want to blow up the internet. He just wants to blow up the trackers.

DuckDuckGo CEO Gabriel Weinberg at the company's office.

DuckDuckGo CEO Gabriel Weinberg.

Photo: DuckDuckGo

DuckDuckGo has been on a tear the last couple of years. In mid-2018, the company's data showed it was getting about 18 million searches a day; now that number's pushing 100 million. Both numbers still look like rounding errors next to Google's gargantuan scale, but DuckDuckGo has cemented itself as one of the most important players in search.

But Gabriel Weinberg, DuckDuckGo's founder and CEO, doesn't see search as the endgame for the company. DDG is a privacy company, set out on building what he calls "an easy button for privacy." Weinberg's is a slightly unusual vision for privacy on the internet: He wants to let people use the apps they want, the way they want, without being tracked or having their personal data collected and used against them. And it should all happen in the background. Privacy, he said, should be "really making one choice: the choice that you want privacy, you don't want to be coerced."

Weinberg joined the Source Code podcast to discuss what we talk about when we talk about privacy, how a company like DuckDuckGo can compete in a world dominated by the data gatherers and whether products can be both private and best of breed.

You can hear our full conversation on the latest episode of the Source Code podcast, or by clicking on the player above. Below are excerpts from our conversation, edited for length and clarity.

I want to know how you define privacy, both in your own head and at DuckDuckGo. I get the sense that when we talk about privacy, it sounds like we're talking about the same thing. But we're actually talking about 1,000 things that only slightly overlap, and so it's hard to have one coherent conversation about privacy, because we don't even know what we're talking about. But I'm assuming at some point, you've had to, like, write on the whiteboard, "Here is what we mean when we talk about privacy." So define it for me.

I've literally done the digital equivalent of writing on the whiteboard! Yes, you're right, people have lots of different definitions. And I think a common definition is, "Privacy is protecting your personal information." I do not think that's the right definition, to be clear.

I think the definition is a little more abstract, but wider than that, which is: It is protecting your personal autonomy. And the flip side of that is, it's protecting you from not being coerced to make decisions you wouldn't otherwise make. And when you think about it from that perspective, all sorts of things relate to privacy. The filter bubble and misinformation, where you're getting presented with information trying to coerce you based on your personal attributes, that is a privacy violation that people don't often connect with privacy. Same with commercial exploitation. So you can be coerced in a lot of different ways. And our solve for that, generally, is to give people solutions to not only protect their personal information, but to make it so they're not really trying to be manipulated online.

Does that then lead you down the road of thinking the solution to everything is choice and transparency?

No. And the reason is that choice and transparency — sometimes what they call notice and consent, where you get all these cookie dialogs, asking you to make all these controls — can be really complicated and confusing. And our basic product vision is "privacy simplified." And simplified is really making one choice: the choice that you want privacy, you don't want to be coerced. Not 1,000 choices. In fact, I think that's generally what people want.

We like to call it the "easy button" for privacy. That's what we're trying to build. And I think that's what people want: They don't want tons of different choices and controls, they just want not to be tracked and targeted online.

I think that's what people want: They don't want tons of different choices and controls, they just want not to be tracked and targeted online.

How much are you either hoping for or banking on regulation to help you on that front? We've had lots of debates about the default screen on Android where you have to choose your search engine when you load it, and that was a good idea that kind of broke in the execution. But that's the sort of thing that I think could be a push to end some of that inertia. But I also get the sense that, especially here in the U.S., if that stuff is ever coming, it's not coming anytime soon. So is regulation part of your planning?

Our focus has always been purely from a product perspective. We've been succeeding in spite of those headwinds, and we're not banking on regulation, but we would welcome it, and we do welcome what's going on in the House and in the U.S., and think that there really is a chance for unlock there.

You mentioned search preference menus. We are working with governments across the world to try to implement that well. And I do think that if those anti-competitive mechanisms were removed, by regulation or otherwise, we would be much bigger than we are now. Because right now, it's just difficult to switch on some devices. On Android, if you want to use our search engine across the device, it takes by our count over 15 different taps or clicks just to do that. And it really should be one. In a real competitive landscape, it would just be a one-click type of switch.

There's a huge, ongoing perception that you still have to sacrifice product quality for privacy, that privacy is a thing you get at the expense of something else. And so just purely by saying, "We are the privacy-preserving one," you plant this thing in people's brains that says OK, well, it's gonna be a little worse, but it's good for privacy, and am I willing to make that trade-off? You mentioned feeling like you had reached sort of a reasonable par with Google in order to then go focus on other stuff. What do you make of that perception gap at this point?

Yeah, I think that it is a vestige, at least for us, that isn't really real anymore. But you're right: It is embedded in people's minds that there has to be a trade-off. But we don't think it's true.

Now, granted, it is true for lots of products. And I think part of the reason there is, a lot of privacy products were not companies. They weren't built with high-quality UX in mind. They were often run by enthusiasts who had the best intentions in mind, but they weren't trying to build businesses to compete with the biggest tech companies in the world, like we are.

We need to change that narrative over time. There are a couple headwinds on that, though, just to be completely frank about it. One is, people just think it's not even possible to get privacy. And so we have to educate them that this easy button is real. We have to explain to them, yes, if you stop the trackers from loading, they won't track you.

The other headwind is that there's been several studies that have done this: You have the same set of search results and put different logos on it, and if you see the Google logo, you perceive it to be more relevant. So over time, we have to just overcome that with our own brand, and let our users tell other people that you're not really sacrificing anything here.

One thing that we've seen over and over is these privacy-first options, saying, "We won't let anybody track you. (Except for us.)" And then it's like, well, now all I'm doing is choosing to trust you instead of Google. And I've been trusting Google for two decades. So I might as well just keep doing that. I've even talked to people who are afraid to download VPNs now, because if you download a VPN, somebody else is just going to look at your web traffic now. I would think even if you're right, even if your intentions are good, even if you're handling everything correctly, to say "trust us" and have people believe you just seems so hard right now.

Yeah, I think what you're getting at is, you know, there's not a lot of trust in the world.

And deservedly so!

Yeah! Look what happened to the internet. It's been overrun by untrustworthy companies, and tracking and whatnot. And that's why we set up the company vision to begin with, "to raise the standard of trust online." And so we then focused right from that point to say, we don't track you ever, and established that trusted brand, and both just in our privacy policy and kind of a legal way, but also just in all of our product design, communications, etc.

We're just saying we throw everything away. And you can just use us more privately.

And so we're not saying, "Hey, we're going to store your information, and then trust us to keep it safe." We're just saying we throw everything away. And you can just use us more privately. The question that always comes up is, then how do you make it good enough? Like, how do I get local weather or restaurants if you don't know who I am? And the short version of that is, your computer can send that information on the fly for that request, and we can use it to show you local coffee shops, and then throw it away, never storing it or saving it. We don't have a copy and the government can't come get it, etc. And that's effectively how it works.

Right. But even in that transaction, I have to believe you that it's not being stored anywhere. And you have to prove this crazy counterfactual, which is like, how do you show me that you don't have my data?

There's no way to prove a negative. So at some point, it's turtles all the way down. But, you know, we have a very strict privacy policy. We would get in trouble, ultimately, if it was violated. And all of our code for our apps and extensions is open source. So you know, people look at it, and can kind of see what's going on. But then you ask, Well, are you running that code, or are you modifying it or something? And so there's some level of trust that is needed. But I mean, our whole company's purpose is for this purpose: to help you protect your privacy.

Do you spend a lot of time having to make your life harder in the name of privacy?

Yeah. I mean, we have architected lots and lots of systems to maintain people's privacy that no one would ever architect but for this problem. And we would love other companies to do it, and so we're trying to start explaining how they work. And internally, we have tons of other reviews and internal audits just to make sure we've never done anything or will never do anything against our code policies, even accidentally.

And a good example of this is, how do we A/B test the site? How do we make improvements while keeping everyone anonymous. And had to develop a completely anonymous A/B testing system, where we basically just show different versions of the page and count what happens. The drawback in that system, which is making it harder, is that we can't keep somebody in one of the variants, because we don't have any session data. We don't have any way to tie searches together.

So I could be both in the A and the B group.

Yeah, you can reload the page and then see something different. And then you're in both groups. It averages out, it just makes our life a little harder, statistically. But we had to build that system from scratch, we can't use name-your-big-data-analytics, we don't use any third-party software for that kind of stuff.

That gives you a pretty long to-do list, full of things that ordinarily you'd just call in an API and move on with your day.

Yeah, we don't have any third-party scripts on our site. Never have. But it means we have to develop more than other companies to make that all work.

Are there pieces of it that just straight up don't exist in a privacy-preserving way that you're comfortable with?

In search? Yeah. All of these content providers we use, we've architected to protect user privacy, so they remain anonymous. Any content that we call from anybody, we call on the user's behalf from our servers. We don't pass the IP address or part of the IP address or a hash or anything that is personally identifiable or can tie searches together. And then we bring back the content, and then format it for the user. But a lot of that didn't exist. We had to architect those systems, depending on the provider, and work with them to make it all work.

When you say you don't store anything, is that literally true? Do you save things for like two seconds in order to execute whatever you're needing to do, and then it gets deleted? What does it mean to not store anything?

So we believe that means don't write anything to disk, don't log anything that could tie anything back to an individual. So that means your IP address, or a unique cookie. We don't write any of that down, effectively. And the same with the email: It passes through us in memory, and we never store it or log it to disk. So any information that we would write would be completely anonymous information. So for example, we save a record of what queries occurred, but without any information associated with the individual with it. So nothing related to your computer or IP address or anything like that.

So the way to do that is not to collect it for as long as you need it and then get rid of it, it's just to never ask for it in the first place. Like, DuckDuckGo is just not asking for that information from me when I come to the site or open the app.

That's right. It's a little more complex than that, because the way the internet works, it just sends your IP address and your device ID and stuff. So you actively have to not store it. I mean, storing it is an act, but all the computers are set up by default to do it.

So why work on email? I'm curious kind of why that felt like sort of the next natural extension of this.

Thinking about where people spend the most time online, in other places besides search and browsing, email is on that next list, as [are] other apps. So those are the two protections that we started to focus on next.

We're not asking people to switch their email provider or email service. We're saying more like, 'the same inbox, more privacy.'

For email, in the simplification that we're trying to do, we're not asking people to switch their email provider or email service. We're saying more like, "the same inbox, more privacy." The same way we've been doing with our browser extension. So you can keep your current email provider, but you get this new email address — or set of addresses you can generate — that get delivered to your regular inbox with trackers removed. And then app tracker blocking for Android, initially, will help protect you and all the other apps you use. We're gonna make all that third-party tracking kind of go away on Android.

As people have adopted more tracker blocking on the web, more email tracking has popped up. People are using an email address as the main identifier now in a lot of places. And so it's the natural place to get protection next. And then apps [are another] Wild West, like the web was 10 years ago, where there's just tons of tracking embedded in apps, and it's not transparent. And it's just ripe for someone to come in and help protect it.

Is your way of thinking about it that you want to build privacy layers around those apps, or that you want to build your versions of those apps? You're making me think of that scene in "Silicon Valley" where Jian Yang has the whiteboard and it's like, "New Twitter, New Instagram, New Google." Are you just going to build Private Twitter and Private Instagram and Private Google? Or do you want to become the tracker blocker around all of those existing things?

It's the tracker blocker. We believe "privacy simplified" means not having to change as many workflows as you can. And so ideally you'll use the same websites, the same apps, and they won't break, but you'll get all sorts of new privacy protection.

Now, some apps we think you should switch off. That's the Googles and the Facebooks. Some of them are so big, and they're the main tracking networks that you really probably should avoid. But other things like your general utilities, a DoorDash or something like that, they have trackers embedded in them. We would like to help you just keep visiting those sites and apps, but in a much more privacy-protected way. And if it works well, it'll be seamless. You just set it up once and you're protected.

Workplace

Everything you need to know about tech layoffs and hiring slowdowns

Will tech companies and startups continue to have layoffs?

It’s not just early-stage startups that are feeling the burn.

Photo: Kirsty O'Connor/PA Images via Getty Images

What goes up must come down.

High-flying startups with record valuations, huge hiring goals and ambitious expansion plans are now announcing hiring slowdowns, freezes and in some cases widespread layoffs. It’s the dot-com bust all over again — this time, without the cute sock puppet and in the midst of a global pandemic we just can’t seem to shake.

Keep Reading Show less
Nat Rubio-Licht

Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.

Sustainability. It can be a charged word in the context of blockchain and crypto – whether from outsiders with a limited view of the technology or from insiders using it for competitive advantage. But as a CEO in the industry, I don’t think either of those approaches helps us move forward. We should all be able to agree that using less energy to get a task done is a good thing and that there is room for improvement in the amount of energy that is consumed to power different blockchain technologies.

So, what if we put the enormous industry talent and minds that have created and developed blockchain to the task of building in a more energy-efficient manner? Can we not just solve the issues but also set the standard for other industries to develop technology in a future-proof way?

Keep Reading Show less
Denelle Dixon, CEO of SDF

Denelle Dixon is CEO and Executive Director of the Stellar Development Foundation, a non-profit using blockchain to unlock economic potential by making money more fluid, markets more open, and people more empowered. Previously, Dixon served as COO of Mozilla. Leading the business, revenue and policy teams, she fought for Net Neutrality and consumer privacy protections and was responsible for commercial partnerships. Denelle also served as general counsel and legal advisor in private equity and technology.

Entertainment

Sink into ‘Love, Death & Robots’ and more weekend recs

Don’t know what to do this weekend? We’ve got you covered.

Our favorite picks for your weekend pleasure.

Image: A24; 11 bit studios; Getty Images

We could all use a bit of a break. This weekend we’re diving into Netflix’s beautifully animated sci-fi “Love, Death & Robots,” losing ourselves in surreal “Men” and loving Zelda-like Moonlighter.

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Workplace

This machine would like to interview you for a job

Companies are embracing automated video interviews to filter through floods of job applicants. But interviews with a computer screen raise big ethical questions and might scare off candidates.

Although automated interview companies claim to reduce bias in hiring, the researchers and advocates who study AI bias are these companies’ most frequent critics.

Photo: Johner Images via Getty Images

Applying for a job these days is starting to feel a lot like online dating. Job-seekers send their resume into portal after portal and a silent abyss waits on the other side.

That abyss is silent for a reason and it has little to do with the still-tight job market or the quality of your particular resume. On the other side of the portal, hiring managers watch the hundreds and even thousands of resumes pile up. It’s an infinite mountain of digital profiles, most of them from people completely unqualified. Going through them all would be a virtually fruitless task.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email: akramer@protocol.com), where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Fintech

A crypto advocate’s plea: Cool the Twitter trash talk

A top blockchain advocate says the SEC is wrong in its efforts to regulate crypto, but crypto advocates’ personal attacks aren’t helping.

Chamber of Digital Commerce founder Perianne Boring spoke with Protocol about how crypto can strike a better tone.

Photo: Chamber of Digital Commerce

Chamber of Digital Commerce founder Perianne Boring cites a Bible verse to sum up her philosophy about how the crypto trade group should take on the industry’s many critics.

Her Twitter page refers to Ephesians 4:29, which says — oh, let’s use the King James version, it’s more fun: “Let no corrupt communication proceed out of your mouth.” For her, it’s a reminder that trash talk in defense of crypto is unacceptable.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Latest Stories
Bulletins