quandyalaterreux wrote

If the point of DuckDuckGo is to remain more private while searching the web, it doesn’t make sense to have your search terms visible to anyone with access to your computer (or your network).

  1. The claim "or your network" is absolutely false as DDG uses HTTPS.

  2. It's not even a problem, just don't record your history, or delete all duckduckgo.com/* urls from your history.

  3. Never use DuckDuckGo nor this "SearchEncrypt" instead use Tor if you want privacy by design with whatever search engine or website you want.


quandyalaterreux wrote (edited )

How much more? Your ISP won't know that you visited gmail but if you are using https then the local ISP would not know your account name anyway. And if you are not using https then the exit node would know your account name and that is a lot less private.

The Tor Browser includes HTTPS Everywhere and in fact gmail is preloaded in the HSTS preload list so HTTPS should be forced. In the first case the ISP will know that you visited gmail, whereas in the second the ISP won't know that - which is a net gain in privacy terms.


quandyalaterreux wrote

Surfing yes. Checking e-mail, no. They even talk about this in their docs. If you use an account that is tied to you you aren't getting the same kind of protection that TOR was designed for.

You can sign-up using the Tor Browser with a web email service that allows Tor (such as tutanota.com) and hence your identity won't be tied to that email (unless you leave personally identifiable information, email is unencrypted by default so don't forget about that).


quandyalaterreux wrote

For Tor never use it with anything besides the Tor Browser.

For something else, you can include privacy.resistFingerprinting -> true privacy.firstparty.isolate -> true and some others (but not all, ask if you're unsure): https://www.privacytools.io/#about_config Also there's another one for anti-font fingerprinting but I can't recall its name.

Don't forget to test on https://browserprint.info


quandyalaterreux wrote

I just learned the hard way that if you try to configure Tor to use a whole bunch of bridges at the same time, it will struggle to connect to the Tor network.

Tor never connects to a lot of bridges at the same time.

Also since Tor 0.3.0.x two bridge lines are required for normal, obfs4 bridges.

Alternatively just use Snowflake since meek will be basically gone as a pluggable transport.


quandyalaterreux wrote

also, and primarily, when tor users try to acesss a cloudflare page they are presented with a google captcha that they have to solve

By default that's no longer the case.

Don't get me wrong though, Cloudflare is still evil for a bunch of other reasons (see www.crimeflare.com)