Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Do privacy apps really keep me private?

//
Do apps like HTTPS Everywhere, Disconnect and DuckDuckGo actually help keep your searches private?

It depends on what you mean by privacy, as the apps you’re asking about actually do different things.

And it also depends on exactly who you do, or do not, trust.

It’s that trust issue that everything pretty much hinges on.

Become a Patron of Ask Leo! and go ad-free!

HTTPS Everywhere

HTTPS Everywhere is a browser plugin available for most popular browsers, with the exception of Internet Explorer. It’s provided by and produced with support from the Electronic Frontier Foundation1.

Despite its name it does not make https work “everywhere”.

Its job is very, very simple:

  • If you visit a site using http (no “s”)
  • AND that site actually supports https
  • HTTPS Everywhere will THEN switch your connection to that site to https

Since there’s no real “test” for whether a site supports https, the plugin uses a database of known sites that is updated periodically, and to which you can make local modifications.

Note that if a site does not itself actually support https, then HTTPS Everywhere cannot force the https connection – you connect via the normal http anyway.

HTTPS Everywhere: privacy

The privacy given by HTTPS Everywhere is simply that offered by making sure you use the https protocol wherever it is supported. That means your connection cannot be monitored by someone listening in2.

What https (the protocol) and HTTPS Everywhere (the add-on) do not control is what happens on your computer, and what happens at the service provider’s servers. Your computer, including any malware that may be on it, can monitor what your browser does. The service you’re contacting via https can do whatever it wants with the data you send it.

HTTPS Everywhere: trust

Browser Extension WarningHTTPS Everywhere is a browser add-on that can monitor all of your browser’s activity. By using it you are trusting that the EFF, its development partners, and in fact the individual developers are not using this ability for purposes other than advertised. HTTPS Everywhere is an open-source project, and available for independent verification.

You are also trusting that your computer is malware-free, and that the service you’re contacting is secure, and not using your information maliciously (two different things).

HTTPS Everywhere: my bottom line

Personally, I trust the EFF. I also trust my machines, and I only use services that I trust. As a result I can recommend HTTPS Everywhere, and in fact have it installed myself. Just be aware of what it does, and does not do. All it does is enable https connections for those services that support https.

Disconnect

Disconnect.me is a browser plugin available for most popular browsers, again, with the exception of Internet Explorer.

Its job is simply to block requests that are made by web pages to known advertising and other tracking services. It claims more and faster coverage than other blocking technologies. It also shows you graphically what requests have been blocked, and allows you to add exceptions as desired. It does not affect connections that are not blocked.

Disconnect: privacy

Advertisers and other web visit-based tracking technologies that are in Disconnect’s database are prevented from providing their services, and thus are not informed when you visit web pages. Your activities are not shared with them.

Disconnect: trust

Disconnect is a browser add-on that can monitor all of your browser’s activity. By using it you are trusting that the company behind it is not using this ability for purposes other than advertised, and that it does what is advertised; since for many types of blocks there is no visible change. Disconnect is an open-source project, and available for independent verification.

Disconnect: my bottom line

Disconnect.me on Ask Leo!I have enough faith in Disconnect to say that if you feel you must use a blocking technology it’s a fine one to use.

However, that doesn’t mean I don’t have a problem with it.

The fundamental assumptions that Disconnect.me and apps like it make are simply that all advertising is bad, and all tracking is bad; and that both practices expose information of a personal nature to people that it shouldn’t be exposed to.

I disagree.

As I’ve said elsewhere, advertising is a cornerstone of what keeps Ask Leo! and hundreds of thousands of websites like it viable. I can’t speak for the other sites, but I can say that if enough people were to block ads Ask Leo! simply would not exist. Period. Ads are essential to keeping the information you and I rely on every day free. The fact that ads you see might be relevant to you reflects a certain level of tracking, it’s true. But that tracking is used only by algorithms that provide relevant ads. No one is watching.

Similarly, other services that might be considered “tracking” are, in reality, key components of understanding exactly how my website is being used, or actually themselves adding functionality to the site. This is critical for me to continue to build a successful business around freely handing out valuable information. I can easily assume that the same is true for other sites.3

And finally, the assumption being made is that what tracking is happening is somehow personal. In my opinion this is simply wrong. As I’ve also said before, you and I are not, as individuals, all that interesting. In aggregate it’s very valuable to see that “a lot of people are reading this article”, or “clicking on that ad”. No one cares that “Leo’s reading this article”, or that “Leo just clicked on that ad”. Unfortunately, since information is collected at the individual level, too many people don’t trust that it’s only being used in aggregate, and somehow feel that they – personally – are being tracked.

So, no, I cannot in good conscience recommend this, or any blocking tools that interfere with honest website owners such as myself.

DuckDuckGo

DuckDuckGo is an alternative search engine, created in response to the feeling that other search engines, most notably Google, are using individual search habits to track people and provide relevant advertisements. It claims not to track you in any way, and displays only a limited number of advertisements, clearly, in its search results. DuckDuckGo was, I believe, one of the first to automatically switch to an https connection regardless of how you arrive at the site.

DuckDuckGo: Privacy

To the extent that they do what they say, they are indeed giving you an extra level of privacy. Your search activity is not being tracked.

DuckDuckGo: Trust

When you use DuckDuckGo you are trusting that they will do what they say, and not track you.

DuckDuckGo: my bottom line

I tend to judge a search engine by the appropriateness and relevance of its results. To me the answer to a given search query is by far the most important thing. While I’ve tried alternate search engines from time to time, in my opinion Google search still wins that race. (DuckDuckGo actually gets its results from a variety of sources.)

So I stick with Google.

However there’s nothing wrong with using alternatives like DuckDuckGo.

My bigger concern is in thinking that you’re getting something significant when, in my opinion, you’re not. As with blocking, above, I just don’t agree that there’s currently a significant threat to personal privacy when using mainstream search engines, including Google. Yes, aggregate information is collected and used for assorted reasons, but once again you and I just aren’t that interesting as individuals. Even advertisements that seem to “follow you” as a result of previous searches simply reflect the technology’s ability to try to present you with things that are in fact more relevant to you. That doesn’t mean that someone cares or is watching; it means that somewhere a computer algorithm is working.

But as always, the choice remains yours, and that’s one of the very wonderful things about the internet in general: choice. And as I said, I have no issues with choosing DuckDuckGo.

Footnotes & references

1: Full disclosure: Ask Leo! supports the EFF with occasional monetary donations.

2: For purposes of this article I won’t debate the security of the https or ssl protocols. There are obscure ways that they can be compromised, particularly in corporate settings. In addition, the more paranoid may well believe that government agencies can crack https. This is a belief that I do not subscribe to.

3: Indeed, sometimes important functionality is disabled by Disconnect.me, such as the site search functionality here on Ask Leo!.

5 comments on “Do privacy apps really keep me private?”

  1. Leo, I enjoy your articles.
    I don’t mind ads. Sometimes an ad can be helpful. But, I do detest pop-ups and pop-behinds. To me, pop-ups are counter productive. As they irritate me I associate that which is being advertised as being negative. The same applies to PUPs, Potentially Unwanted Programs, being checked by default when installing a downloaded software program. A term for PUPs which I’ve seen many times when reading articles on the internet is ‘crapware’. Hence, I’ve given a name for software which by default checks the installing of crapware : Manure spreaders. Adobe Flash is often a manure spreader as it often tries to slip in a McAfee installation when Flash is updated.

  2. I’ve been using the search engine Ixquick in place of Google. My employer provides me with a g-mail account. Even though I only use it for internally communicating on the company’s intranet, I stumbled onto the fact that it also is connected to and includes certain functions of the Google search engine. I discovered this while using my home computer, which is not connected to my employers intranet in any way, shape or form. I was at home, on my laptop, poking around the Google settings and it brought up my employee e-mail address and account. Some settings I am allowed to change, others I am not because I am not the “g-mail” account administrator. Call me paranoid, but I would rather not take the chance that my employer could potentially access my Google search history. Enter Ixquick. Their privacy policy is below:

    {Copy/paste of copyrighted material removed. It can be found here: https://www.ixquick.com/eng/privacy-policy.html }

  3. I learned somewhere recently and checked it out as best as possible about a feature of some search engines called a “filter bubble”. What this supposedly does is: if you are searching on a controversial subject, depending on what info the engine has already garnered about you the results returned in a search will be filtered to adjust to your bias and not necessarily show you both sides of a story. I am not terribly concerned about ads but this does bother me. Supposedly DuckDuckGo does not do this so I occasionally use this but normally stick with Google.
    Any comments?

  4. I have been using duckduckgo for quite sometime now and since using it i don’t get all the irritating pop-ups as it blocks them ,so for this reason i use duckduckgo and it works.

  5. Thanks Leo my questions? was answered in this email that you sent to Me,as always i trust your judgement Earl Ewards

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.