On Mon, Nov 30, 2015 at 1:56 PM, rysiek <rysiek@hackerspace.pl> wrote:
DuckDuckGo to the rescue.
DuckDuckGo is an obvious honeypot. Why does anyone use it?
On Mon, Nov 30, 2015 at 3:06 PM, Rayzer <Rayzer@riseup.net> wrote:
OBVIOUS honeypot? Why do you say that? There's nothing particularly OBVIOUS about it or someone besides you would notice...
First of all, DDG's claims of privacy follow the implausible general model of "heyyy, just trust us!" But there's a historical reason as well. On the first day DuckDuckGo was announced, I did a whois query on duckduckgo.com. The domain was registered to an address in Annapolis, MD. A small building near the Naval Academy. Not proof of course, but suggestive. The whois record was changed soon thereafter.
Dnia poniedziałek, 30 listopada 2015 15:30:47 Jason McVetta pisze:
On Mon, Nov 30, 2015 at 3:06 PM, Rayzer <Rayzer@riseup.net> wrote:
OBVIOUS honeypot? Why do you say that? There's nothing particularly OBVIOUS about it or someone besides you would notice...
First of all, DDG's claims of privacy follow the implausible general model of "heyyy, just trust us!"
That's true. However, that's still better than Google or Bing, which don't even go that far. Also, I kind of like the fact that the results are not "bubbled" into whatever "insights" are gathered from my search history. Now, that is not to say that such "insights" are *not* gathered -- they very well might be! -- and I do not trust DDG all that much more than Google or Microsoft, but at least I seem to be getting search results I need, not the ones that the company thinks I need.
But there's a historical reason as well. On the first day DuckDuckGo was announced, I did a whois query on duckduckgo.com. The domain was registered to an address in Annapolis, MD. A small building near the Naval Academy. Not proof of course, but suggestive.
Pics or it didn't happen.
The whois record was changed soon thereafter.
...first to a big white building in Washington D.C., but that had to be a fluke -- as mere minutes later it was a compound in Beghazi; there it staid for a couple of months, afterwards moving to the Red Square in Moscow, Russia, and then to Langley, Virginia, before finally arriving at the location currently visible in WHOIS. Don't ask me how I know, though. What I'm trying to say, I guess, is: it would be nice if we had something more to work with than just "some guys on the Internets said that for realz the WHOIS showed Annapolis." -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
On Mon, Nov 30, 2015 at 8:32 PM, rysiek <rysiek@hackerspace.pl> wrote:
That's true. However, that's still better than Google or Bing, which don't even go that far.
Is a wolf in sheep's clothing better than an overt wolf?
What I'm trying to say, I guess, is: it would be nice if we had something more
to work with than just "some guys on the Internets said that for realz the
WHOIS showed Annapolis."
Fair enough. You have no particular reason to believe me; and a domain registration address adjacent the Naval Academy doesn't prove anything. Nevertheless that's why I consider DDG an obvious honeypot. YMMV.
Dnia poniedziałek, 30 listopada 2015 21:13:50 piszesz:
On Mon, Nov 30, 2015 at 8:32 PM, rysiek <rysiek@hackerspace.pl> wrote:
That's true. However, that's still better than Google or Bing, which don't even go that far.
Is a wolf in sheep's clothing better than an overt wolf?
It is not. I have not seen anything that suggests it is indeed a wolf, however. And even if it's a wolf, it's at least a different wolf than Google or Bing. These two have had enough sheep meet by any book.
What I'm trying to say, I guess, is: it would be nice if we had something more to work with than just "some guys on the Internets said that for realz the WHOIS showed Annapolis."
Fair enough. You have no particular reason to believe me; and a domain registration address adjacent the Naval Academy doesn't prove anything.
Not to mention registration in Benghazi and Langley, am I rite? I do have no particular reason to believe you, that's true. And a "because I said so" level of proof for registration address adjacent to Naval Academy does indeed prove nothing. Now, if that's true, probably somebody else dug something up also, right?
Nevertheless that's why I consider DDG an obvious honeypot. YMMV.
Even if, not worse than Google or Bing. And they even sport a Tor Hidden Service, but I am guessing that's just to piss Juan off. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Dnia wtorek, 1 grudnia 2015 09:37:04 Ben Mezger pisze:
I switched to search.disconnect.me. Results are waaay better than those from Duckduckgo.
Thanks, gonna test it; however, I tend to be quite happy with DDG results. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
Ben Mezger wrote:
I switched to search.disconnect.me. Results are waaay better than those from Duckduckgo.
That's my usual search engine... I also want to point out that 'Startpage', another supposedly 'secure' search engine, seems to have a 'lean to the right'. When I do news searches an abnormal amount of returns are to sites like Newsblaze etc. RR
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 1 Dec 2015 08:26:35 -0800 Rayzer <Rayzer@riseup.net> wrote:
Personally I'm apoplectic over their XMPP server, DukGo.com.
Has it ever been online for longer than ten minutes at a stretch? - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "I'm done with this analogy." --Artie, _Warehouse 13_ -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWXeUSAAoJED1np1pUQ8Rk6NQP/3irjl9d8hhusKxVKMv8/L9/ SfVCVgxUISg0wSr9RQV6pEqMVQl51smOAxi6nXeL6XJNS+ezW9wTK7CoKwK0PFub qbCJS+pJmpNR1+YTsF9D11vW0wvgCZ4TCdXs1kEMICTv2ZKxgVpSd2bfvcby05wD 87Kh6Ow3GDJy1qluLByhOgEe/eQTCp9K7hZSrbdkQfntQ6tvw5jZ3alCAHCg51WF i+G5x9dm93CqgXGDgngCw5LoRot6CY7qAMXEliGd0RRPrlZFgt9hzEEEyThNlbRo aN032+T2yWfUTGUWZGJUZoC3hZJDEOfy5od3X18J23/WNrQSElIstmCbHbK8J8sp y7Nlt0pAtbI5HDqDkPPUrUVVhT69/xBBrYVWvRedJ6x0OY6sn1LlRbz03By/efrJ YsI1MNlNM20o75ddER9tdUoHAlqvLuDRQO/dssGlADxGiGqXcA8kDmFynfiTWkmv qqHIjJQ5MJ5BRavH42maDwcSAebxfCoF1yIFkoxA13RXLHoKyPUej9IR722yrSG6 ac19OtdLKGF9m6Jzm+Pb9TqACFe+jTks1TzFDfPGftTf1pCw0Rvz5rRFOEa5RK9b 4WMAIZYhPkH7f5PeSkJDc4h311AFi7LqUTljHy6kP1dYiNzBaUzXyB8cIqU07P34 x3kXIydc0Xei//iwQGUD =9uA6 -----END PGP SIGNATURE-----
On 12/01/2015 10:21 AM, The Doctor wrote:
On Tue, 1 Dec 2015 08:26:35 -0800 Rayzer <Rayzer@riseup.net> wrote:
Personally I'm apoplectic over their XMPP server, DukGo.com.
Has it ever been online for longer than ten minutes at a stretch?
I've never noticed a loss of connectivity ... otoh I'm not one of those fed lurkers whose uptime is 1956days (and logging) either. RR
On Tue, 01 Dec 2015 10:44:44 +0100 rysiek <rysiek@hackerspace.pl> wrote:
Nevertheless that's why I consider DDG an obvious honeypot. YMMV.
Even if, not worse than Google or Bing. And they even sport a Tor Hidden Service, but I am guessing that's just to piss Juan off.
Hehe =P Anyway, I think one of DDG's strongest features is that DDG is not google... I just noticed, dukgo.com redirects to duck.co - maybe that means they are not completely controlled by the US gov't. Or maybe it means that colombia is even more fucked than I thought. Oh, namecheap handles .co domains... Oh, .co registry : Internet S.A.S (subsidiary of Neustar), Oh, https://en.wikipedia.org/wiki/Neustar and so on and so forth...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 01 Dec 2015 10:44:44 +0100 rysiek <rysiek@hackerspace.pl> wrote:
Even if, not worse than Google or Bing. And they even sport a Tor Hidden Service, but I am guessing that's just to piss Juan off.
It's entirely possible that some folks who work at DDG are lurking on this mailing list, so there could be more truth to that than you expect... :D - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "I'm done with this analogy." --Artie, _Warehouse 13_ -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWXeSxAAoJED1np1pUQ8RkljkP/20ObrrHRqool/apwR15QIig 4/PD1saWOuYH8rQtgRzUastkB1MZ2COqfuRKCNt3FxEM5wAYSWAqHGTGSvErIfPg HEABStD6pPfjtnPPQ+ki4vpbjqeVHm2d2Js8x3d5Ln03wmLoYk7kVWDQ+UhrVO9K xWXtFtIUV6OQwX6FdPRU6uKuXlyhB629LwNFuIFkArAIOzOVXXJFmwIUrSC2Mlbb gZTHkjLxntOA6AkKZN12F8YAhju5UnO/c45+tvJg5rRFN3nURsSnX8RZqjWK39tF MvxCUDD2u7RKksDOj6hKsgDwXHdPidyBkUAvDI/vVYOENTuKeap8DSppm74Tqq8d 8XRrCaN0ElKr8KyznAKJqEeI78mfAB+Q0wiugPzu4MasXIO+m+K7pQO4XB3p1Ip+ sZCSu2yMhhlxt7pKjKXGdpx4rTyC4eFjyYrRv8Lbegix7ca/FaLc+lpEuL9UMlf+ //LdrDPmtQIbmjYwKZahKLC5vwP7HKesuU38Vm5IIUla0Xkd6RNr3+McauKVcZ+U AsIt3fhqdT43Zwde8kjVYRykPQHhvxD+YBSdRUyIkqd/GDkw4PhhC8BKsDKhdt8m L23+dXzp8/HdxNbp6j55bUaKv92X2heYqhbq1u4JBIF021z4tK/rZFW5AbzuYvrh xDD/lBEKQA82SK1060fo =9BG2 -----END PGP SIGNATURE-----
On Tue, Dec 1, 2015 at 1:44 AM, rysiek <rysiek@hackerspace.pl> wrote:
Fair enough. You have no particular reason to believe me; and a domain registration address adjacent the Naval Academy doesn't prove anything.
Not to mention registration in Benghazi and Langley, am I rite?
Huh? That has nothing to do with anything I wrote. I said YMMV, but I didn't realize you'd be driving a clown car...
On Mon, Nov 30, 2015 at 5:11 PM, Jason McVetta <jason.mcvetta@gmail.com> wrote:
DuckDuckGo is an obvious honeypot.
Then search a deeper layer... http://monitortwo3m3d4b.onion/
participants (8)
-
Ben Mezger -
grarpamp -
Jason McVetta -
juan -
Rayzer -
Razer
-
rysiek -
The Doctor