Subscribe
Share
Share
Embed
Most people know DuckDuckGo as a search engine, but they're also creating a full privacy ecosystem covering a browser, VPN, data broker removal, and app tracking protection. In this Techlore Talks interview, Henry sits down with Peter Dolanjski, Director of Product at DuckDuckGo, to cover what Google is actually collecting, why incognito mode doesn't do what most people think, how DuckDuckGo's contextual ads differ from Google's behavioral targeting, and more.
🔗 SOURCES & LINKS
• DuckDuckGo: https://duckduckgo.com
• Duck AI: https://duck.ai
• No-AI DuckDuckGo: https://noai.duckduckgo.com
⏱️ TIMESTAMPS
🎥 VIDEO
Watch on YouTube
🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★
🔗 SOURCES & LINKS
• DuckDuckGo: https://duckduckgo.com
• Duck AI: https://duck.ai
• No-AI DuckDuckGo: https://noai.duckduckgo.com
⏱️ TIMESTAMPS
🎥 VIDEO
Watch on YouTube
🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★
Creators and Guests
What is Techlore Talks?
Techlore Talks brings you in-depth conversations with the experts at the forefront of privacy, security, and digital rights. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode features meaningful discussions with the people building, researching, and advocating for digital freedom.
From cybersecurity researchers and privacy tool developers to open-source advocates and digital rights activists—if they're shaping how we protect ourselves online, they're on this show.
Topics include: privacy tools and technologies, cybersecurity threats and defenses, open-source software, surveillance and digital rights, encryption, tech policy, and digital sovereignty.
New episodes released regularly. Subscribe and join the community at techlore.tech.
The vast majority of free apps on Android have Google trackers.
This is why people make claims that microphones must be listening to me.
Hello, everybody, and welcome to Techlore Talks, where I invite on experts and other leaders in the field to talk about digital freedom, privacy, security, and digital rights.
Today, I have Peter from DuckDuckGo, who's going to discuss the company's mission, how they try to provide privacy-focused search,
how they compare to mainstream alternatives like Google and Microsoft Bing, their unique features,
their stance on data collection, their broader ecosystem as a whole, like the browser and how
it fits into the broader picture and their views of what privacy should entail, as well as their
general demographic and why they really try to target the mass audience and how they plan to do
that. DuckDuckGo is one of the biggest players in the space, and so I'm really excited to have on
Peter to learn more about what goes on behind the scenes at a company like DuckDuckGo. Let's get
into it. Welcome, Peter. I have Peter on today from DuckDuckGo, if you don't mind just quickly
introducing yourself a little bit and what you do. Yeah. Hey, Henry. Thanks for having me. So I'm
Peter Dolansky. I'm at DuckDuckGo. I'm on the product team at DuckDuckGo. I tend to work on our
browsers and our privacy protections at DuckDuckGo and sort of been working in the space of browsers
and privacy for, I think, more than 15 years now overall. So I'm sort of steeped in it.
Yeah, I saw on your LinkedIn that you were at Mozilla before DuckDuckGo. That seems like a pretty natural kind of selection of companies to work for. Do you mind expanding on how that came about?
Yeah, absolutely. So, I mean, going all the way back to just before Mozilla, I was always a Firefox fan early on. Obviously, it was a very, you know, one of the first sort of mission driven community sort of driven initiatives that got a lot of traction.
a huge Firefox fan. I made an effort to try to join the team. I joined over Mozilla,
spent eight years there, very much a proponent of their mission overall. I started in some other
areas, but eventually took on product lead of Firefox Desktop, so Firefox for Windows, Mac,
Linux, and then privacy and security areas of Firefox as well. And so I worked on a lot of the
technologies, privacy technologies they have in Firefox.
I know you've talked about some of them on your channel before, the enhanced track protection
and a bunch of other capabilities in Firefox.
And then after about eight years there, I got to know some of the DuckDuckGo folks.
DuckDuckGo has always partnered with Mozilla in some way for DuckDuckGo search as part
of one of the search options, of course, in Firefox.
And DuckDuckGo team at some point convinced me six years ago to come work on privacy and browsers at DuckDuckGo.
And I've been at DuckDuckGo ever since the last six years.
Very nice.
And then before we start diving into stuff, I just want to make sure people get to know you a little bit more.
Sure.
Director of product.
I might hear that and go, okay, director of which product?
What does it actually look like day to day?
What are the decisions that you make?
What is your role if you had to explain to somebody what you do day-to-day at DuckDuckGo?
Yeah, let me first explain it a little bit by describing DuckDuckGo organizationally.
I'm not the only director of products.
We actually have multiple overall.
We hire very senior, very well-rounded people that can work quite autonomously.
We are a very flat structure.
We're a small company.
When I started, I think there were around 80-some odd employees.
Over the last six years, we've grown out to about 400 or so.
And we take on the tech, you know, Goliaths of the world.
So we do a lot with a small team overall.
We tend to have our product people kind of specialize in different areas of the product.
Either some are more focused on the experience of the product and the onboarding of our applications and our browsers.
Some focus a little bit more on, you know, the core browser technology or the privacy features of those browsers.
That's a little bit where I spend most of my time. And then, of course, we have some working on new stuff like AI, our Duck.ai that we've launched pretty recently and is growing very quickly.
So we have product people kind of specialize into these different areas, and they work day to day with engineers, designers, copywriters, et cetera, to decide sort of what features we're going to build.
In the case of privacy, it's evaluating what threat models exist and which threats we want to specifically build capabilities for protecting users from.
And so that will be defining those features, coming up with the projects that we're going to run, and then working with our counterparts on design or engineering to come up with prototypes, test them, play with them, adjust them, and then figure out how to launch those things with real users, and then collect feedback from users and iterate.
And that's basically how we build our products, very much listening to what our users have to say.
Either we go on Reddit, we go on social channels, we listen to users there, we engage.
We do a lot of user research as well to interview people, understand their perceptions and what works for them and what doesn't,
and use that to help shape basically what we're building in the product overall.
Very nice. And then you're focused more on that privacy security development.
Yeah, privacy and specifically browsers are browsers on desktop and mobile.
Great.
Okay, yeah, so I definitely want to touch on your ecosystem later on in the interview.
We'll touch on the browsers.
We'll touch on your new subscription that I know is new, how that integrates with DuckAI.
But I want to start, you know, you brought up the big tech companies, and this is how I really wanted to open this interview was to, you know, someone.
DuckDuckAI is a very well-known brand.
I feel like it's a very unique name, very unique branding.
You guys run billboards everywhere. It's one of the privacy companies that has penetrated, I think, the mainstream awareness very nicely.
But I still think that a lot of people, they still use Google, right? They still use a lot of these very mainstream providers.
And so I want to just start by asking you, what is happening when somebody is using Google on a daily basis?
And what are you trying to offer as an alternative to that? And how do you inject yourselves in that equation?
Yeah, so we can tackle that from a few parts. So maybe just a quick point on your, you know, most people use Google. Yes, obviously, Google from search is dominant 90 plus percent market share globally, multiple antitrust lawsuits against them.
Pretty clear. Most people are very, very familiar with Google. To put it in context to your earlier point, in the U.S., DuckDuckGo search is the biggest non-Google search engine by volume on mobile devices specifically.
So, yeah, I mean, we're hugely popular. A lot of people know us from search, and then we use that to foray into browsers, which I'm sure we'll talk about later.
But so, yeah, to your point, a lot of people know DuckDuckGo.
I'll pair Google and Chrome together because both of those, you know, the Chrome browser and Google search are heavily used by people worldwide.
What is happening when people use these products is you basically on the other side of that have a company that is the world's biggest data collector that is using every tool at their disposal to collect information about you, your actual searches, of course.
But, you know, behaviorally profiling you, collecting what websites you go to and deriving information from that.
And they're using that to, you know, solidify their ad business model, which is entirely based on provided targeted ads based on these behavioral signals and everything else.
And so it is just insane the level of data collection that they've actually been able to amass.
And that tends to come from not only the data collection when you use Google search, but on almost all the websites on the Internet and almost all the apps on mobile phones.
So, you know, the vast majority of websites on the Internet have Google trackers embedded in them.
And the vast majority of Android free apps, we can talk about our app tracking protection that we have a little later.
but we know this through our testing that the vast majority of free apps on Android, for example,
90 plus percent have Google trackers in them. And these trackers are just constantly collecting
all kinds of bits of information about you. And it's not just, you know, I think most people would
assume it to be, oh, they're collecting that I'm into snowboarding or something that doesn't sound
too nefarious. But it's actually, you know, much, much deeper than that. Like, you know,
And apps, they're collecting whether or not you have headphones plugged in or not, your battery status on your mobile device.
We've done a lot of research and sometimes working with newspapers on apps that are supposed to be health-related apps or health websites.
And they are basically sending back details about prescription drugs, health conditions, and so on to Google and others.
Google is just the biggest of them, but there are a whole bunch of other companies, of course, in the mix here.
And so all of that is happening behind the scenes when you're using Google products.
They don't prevent anyone else from collecting this information by default.
And as a result, I think the manifestation of that that most people see is ads following them around online, often creepy ads, price discrimination, other things we can get into.
But this is why I think most people make claims that microphones must be listening to me.
And this is why I'm seeing all these ads following you around.
And I don't dismiss that there could be some microphones and some home products that may be listening to you.
But the vast majority is happening through this web of data collection.
It's almost creepier.
It's happening behind the scenes.
Yeah, absolutely.
It knows you just as well as if the microphone was recording the whole time.
Exactly.
Sorry, I didn't mean to say that.
No, that's that. Yeah, I think I think that's the summary. And so that's the that is the experience that most people have.
Now, like I said, most people see it in those ads following them around.
And that's where they made sense, like something creepy is happening here.
But they don't necessarily understand the details of it because it is so hidden.
And that's what makes it, I think, so nefarious overall.
It's just, you know, all these things are buried in terms and conditions that people obviously don't read when they install apps or agree to those terms when, you know, when they first start using them.
And at the end of the day, it's just this treasure trove of data that's being amassed about them in so many places, which then has all kinds of downstream issues.
Like, you know, then if you have data breaches and all these things, then your data gets out there.
Then it can be used for phishing attempts.
And it's just that it ends up being sort of a nightmare scenario.
And so I think most people, unfortunately, are exposed to that when using, you know, a product like Google Search plus Google Chrome with the default settings and, you know, no extensions out of the box.
Yeah, and I want to dive a little bit more into the technical side of how DuckDuckGo, you know, what does better privacy look like behind the scenes, what you guys can and cannot do.
But just before then, I did have a quick question because I have been seeing a lot more awareness around privacy issues the last couple of years.
It's not inherently a political question, but it is by nature political because we're seeing a lot more reports come out about government agencies that aren't going through legal due process to get data.
They're supposed to go through a judge, they're supposed to get a warrant, and instead of going through that process, they're going to big tech companies that collect this data legally, like Google.
They're requesting that data, and Google says that they have a process
where they try to only give data they need to give up only in certain situations.
But they're giving Google that control.
So I've been seeing a lot more awareness around this
because people are now concerned about who's actually requesting their data
and if it's actually being requested legally or not.
So I'm curious if that's something you guys are following,
and if you just had any views, or if you've seen an uptick in DuckDuckGo usage
as a result of maybe more of these kinds of concerns that people have.
Yeah, a couple of different parts to that. One is we always see an uptick in installs and usage of DuckDuckGo whenever there's any sort of news that's semi-related to privacy.
Everything from Cambridge Analytica style news events to changes in government to, as you described, practices of governments, that always results in an influx of people being interested in how might I do something to better protect my own personal information and data.
And so, yeah, that's always been the case for many, many years overall.
So yeah, I mean, DuckDuckGo has been increasing in popularity over the years to get us into this position where a huge percentage of people are using DuckDuckGo for search and also for browsers as well, which I'm sure we'll talk about.
In terms of the specifics of government bodies requesting data, our position has always sort of been, we're not going to collect any of it and never put ourselves in a position where we have to give up any data about any user to anyone.
And that's how we've built our business.
And so, you know, I don't even think I'm not involved in our legal requests that we get,
but I don't think the government bodies for the most part even bother with us because
they know we don't have anything to give on our users.
And so we follow it in so much as we know it leads to people being interested and worried
about these things.
And of course, we want to do what we can to protect people.
But the best way to do that is simply don't collect that information to start with.
don't build products that are based on harvesting of that data and selling and sharing that data and so forth.
Therefore, yeah, from a brand perspective, that allows us to build trust with people overall.
Very nice. And then there's a ton of things I was writing as you were kind of going through this.
But just to start, if somebody uses Google, but they enjoy the user experience, they have no intention of moving to DuckDuckGo.
Let's just start with that person.
But I think we're going to go into the core differences here and what the limitations might be.
What if someone just goes into their Google account and just selects, like, don't track me?
I know Google has a few little privacy toggles that are very well hidden from users.
But if a user just goes in and turns those off and then turns on incognito mode in their browser,
what are still kind of the concerns that you would have in that scenario?
Yeah, so there's a couple things.
So there's like the Google search and what they collect via search explicitly.
And, you know, I'm not even familiar with all the settings that you can and can't turn off there.
A lot of companies obfuscate these things or change them a lot.
But, you know, let's both presume that, you know, you can turn off sort of the use of the collection of your data through search and so on.
And you are using incognito mode in Chrome.
You still have all kinds of over signals that can be used as identifiers to track you.
And so it doesn't prevent any third parties from necessarily doing that overall.
You need to take it a step further.
You basically need to actually block the trackers running on these websites outright to prevent them from collecting these things that would even be collected in an incognito context overall.
Of course, incognito will do some stuff, right?
Like it's not going to persist the cookies when you're done that incognito session.
And so there might be some temporary identifiers that get blown away when you're done.
So it's not nothing, but it just doesn't go far enough.
And I think most people are under the impression that incognito is a mode that broadly protects your privacy on the Internet.
And really, the reality is that it was really a mode that gives you a little bit more local privacy.
So, you know, on your machine, someone doesn't see your browsing history and that sort of thing.
Like, that's really what those things were designed for.
And so, yeah, I mean, you're just open to all kinds of tracking that happens in non-key
cognitive mode via fingerprinting, via IP address collection, you name it.
There's a number of other techniques that are used there.
Very nice.
And then if we start diving more into DuckDuckGo, you know, let's just stick with search for
now and we can slowly expand into the browser because the browser is going to be its own
can of worms.
But just, you know, in the search side of things, when someone does a search, they type in, hey, like, what's the weather today in San Francisco?
If they put that into Google and then they put that in to DuckDuckGo, what is happening behind the scenes that is fundamentally different from a privacy perspective?
On the Google side, I mean, I can only say in so much as like, you know, it's a black box.
So who knows exactly what they're doing behind the scenes, right?
But generally speaking, my assumption is that, you know, you send a search off to Google and it goes to their servers.
They certainly collect the, you know, who did the search in terms of if you're logged in, which they very much encourage you to do, you know, by trying to auto log you in in Chrome all the time.
They'll associate that search with your identity, presumably, and then use it later downstream for ads or whatever else in some way.
I think that's the main thing that's an implication from a user perspective.
Of course, there's the location aspect of it as well to enable local search results.
In DuckDuckGo, there's a couple of different elements here.
Of course, you may want local search results, in which case we would use your location and
we try to provide clear options for the user there if they want to use the general location
or more specific.
And so there's some control the users have over that.
But if you really want local search results, that's a needed element there.
But on the DuckDuckGo side, the query comes to us and we basically we aggregate sources from a variety of partners.
Of course, as you mentioned earlier, Microsoft and Bing is one of our partners.
But we also have partners on hotel booking systems, sports score vendors, a plethora of other sources.
And we have some of our own index as well.
And so we basically use the combination of that data to serve you up some results just based purely on what that query includes.
So nothing based on what you've historically searched for because we don't have that information.
And that's the main difference.
Whereas Google may use your historical information based on the connection to your identity to tailor results to you.
And so we don't do any of that on our end. And you get you get the results that you get based on, you know, maybe based on your location, if that's included, and just what you have in the actual query.
Got it. And then what kind of so far is that applies if you're logged into a DuckDuckGo account as well?
We don't even have a DuckDuckGo account to log into.
So that's so the things for your ecosystem are kept separate from the search.
is what yeah and exactly so yeah there's no there's no duck.go account related to search
we have like we have the ability to save search settings so that you know in a click a cloud saved
thing it's not an account based that way if if you blow away your data on your browser your search
settings don't get reset and that sort of thing but yeah we don't we don't have an account that
is linked to search in any way the closest thing to accounts that we have is one on the subscription
side, obviously, if you're paying for a subscription, there has to be some account.
And it's usually done through, for most people, through Google Play Store or the App Store.
Or on our sync, we have the ability to sync tabs and a bunch of different things across
your mobile to desktop.
That is also technically an accountless system.
So we use QR codes and sync in between, but there's actually no account.
But it's account-like in nature, which is why I'm mentioning.
But yeah, related to search, there's no account.
I see.
I asked this in a recent, I don't think we've published it yet, but we talked about the concept of personalization.
Companies like Google actually are quite proud that they keep this data over time.
It's for personalization, it's to learn about you over time, and especially now with AI.
As a consumer, there is potentially some more real tangible benefits.
Potentially, right?
If you ask, hey, Gemini, what's the weather near me?
It might remember that last week you typed it in for San Francisco in Google search,
so then it knows that.
I'm sure it already knows that it doesn't need to do that,
but it's just kind of a hypothetical example.
What is your guys' relationship with this personalization?
Do you still have any kind of personalization in a way that could be done
in a privacy-respecting method?
Or is this just something that users lose out on,
or do you not see this as a loss?
What is your relationship with this?
Yeah, I think it's probably most useful to talk about in the context of the traditional search and then towards some of the newer AI approaches.
So on traditional search, yeah, we don't think there's really any loss there for users.
Apart from the local search results, you don't necessarily need to tailor search results based on historical stuff.
We don't see really much tangible benefit for users overall.
And that's why we've maintained that position that that's the approach we're going to take because we don't think there's any downside for the users.
Now, on AI, to your point, I think there's different use cases are emerging where the utility may very well depend on some additional context.
That is quite new in that a lot of people are trying to figure this out, us included, on how to do this in a private manner.
There's different elements to that.
There's like, you know, inevitably there's a bunch of model providers on AI that most, including DuckDuckGo, are partnered with or using, right, between OpenAI and some of the other ones.
The sending, you know, IP address and personalized metadata to those companies isn't necessary for starting to provide more utility in chats and things like that.
And so in fact, our Duck AI that we do offer, which you can access through any browser, but of course, it's also built right into our browsers optionally, and you can easily disable this.
We basically proxy those connections.
We strip off personally identifiable metadata so that the model providers don't get that information.
And I think we're still in the forefront of figuring out beyond that, you know, what is the best way to deliver privacy without tradeoffs on utility?
and that will include keeping context
and building up context based on the types of use cases.
Some of that may include in the future local models for things.
We're still in the pretty early stages of figuring a lot of this out.
So I'm sure you'll hear a lot more from that to go on that over the coming months.
Very nice.
And then just to lock in a couple more privacy,
more technical privacy things before I zoom out a little bit more about broad search
and then we can go to the other ecosystem stuff.
If I was to become a DuckDuckGo employee and I was to get access to your server and I was to look at what data you guys have on every search query.
Yeah.
What does that look like?
Just so people can get an understanding of what data is collected about them when they're using the search.
To be honest, I probably couldn't give you the detailed answer on that with certainty because I don't work directly on search.
But, you know, at a high level, it is pretty much mostly the query itself.
Right.
And then there is some data in there that's used for fraud detection.
We have, you know, we basically our attention policies and everything are such that we delete things as soon as possible.
But I couldn't give you the specifics of exactly what's, you know, associated with those queries overall.
But like what I'll say on this stuff, I'm a little bit more familiar with on sort of the browser side and so on, in terms of usage metrics and things like that.
We don't have any identifiers per user whatsoever.
So at most, we collect interaction data, like how many clicks happened on a certain button and things like that at a very high level.
And so, yeah, I mean, most other browser vendors are collecting unique identifiers per user, even if they're not tied to an explicit identity, like an email address.
We do not even collect that level.
And we have ways of making sure that, you know, we purge data pretty quickly.
And so it never gets to the point where there's, you know, small groups of users, even though there's not really personally identified the data to start with.
We want to make sure that there's no way for us to start to session users based on some attributes about the bits of data that we do collect.
And so we minimize that and have very strict policies on it.
This might also be maybe a little out of your wheelhouse, but I wrote it down.
There's been some talk in some regions about age verification on the search engine level.
which is quite fascinating.
Horrible idea, in my opinion.
But I'm curious if that's something you guys are at least aware of or following.
Yeah, we are aware of it.
Again, I'm not the most familiar with it.
But my understanding in hearing from our policy folks is that I don't believe it applies to DuckDuckGo.
I think it may be different per country and there may be some nuances that I'm not familiar with.
But my understanding is it only applies, you know, to maybe search engines of a certain size or something.
There might be some requirements around it, but I'm not 100 percent, you know, up on all the details of that.
But my understanding is that something we're not needing to worry about at this point in time.
Got it. And so I do want to ask about open source, kind of your views on open source and what is and isn't open source in the DuckDuckDuck ecosystem.
But I guess maybe as a part of that, you guys are still the default search engine in Tor, the Tor browser, which is quite a high threat model tool for people to be using.
It's not your average person.
It just boots up the Tor browser on a daily basis.
And that also, by extension, I think means that on Tails OS, I think DuckDuckGo is also the default, if I'm not mistaken.
So what is the overall threat model and the posture?
Like, who does DuckDuckGo really serve from a privacy angle?
And then how does kind of open source fit into that for you all?
I mean, we serve multiple user types, of course, but the way we look at it and think about it is anyone who's, you know, caring, basically cares and has some propensity to act on their privacy are the types of people we want to serve.
And that, like, if you look at the people today that use specific browsers with all kinds of settings change and have multiple extensions layered on, like, those are not the primary people we're going after.
Of course, we want our tools to work really well for them as well.
But we are going after the people who don't know what to do.
And I've sat in literally hundreds of user research interviews on the average consumers.
And most people fall into this sort of bucket of like they're getting creeped out by ads falling around.
They have some notion that all kinds of data is collected about them that there shouldn't be.
They want to do something about it, but they don't know what to do.
And so those people, they will never, you know, install a browser where they have to go change 20 settings and go install three extensions.
Like that is a little bit too hard for most people.
And so we are trying to basically be, we've often talked about it as the easy button for privacy.
Like just install DuckDuckGo.
Our defaults are what you want.
They will take care of you.
And we will do our utmost to protect you on search, when you browse on other websites, in other apps, and so forth.
So that's the sort of broad audience of people that we're trying to cater to overall.
And so that's like, you'll see that manifest in our product.
We try to keep it simple, clean interface, easy to use.
Our fire button in our apps can delete anything quickly.
People love it.
People love tweeting.
They love changing the animations and everything on it.
Yeah, that's the sort of thing that we want to deliver that really appeals to people.
At the same time, really living up to that brand promise of actually protecting you behind the scenes.
A lot of other companies engage in what I'll describe as sort of privacy washing, where we're private, we keep your information private.
They sort of often mean we'll keep it private to us and won't share with others, but we'll use it quite a bit.
We really try to live up to that privacy reputation in behind the scenes, often not observed by the user overall.
But those are the sort of people that we're really trying to cater to.
Yeah, and I think it's important.
There's definitely a more maximalist privacy posture that you can have.
And I know a lot of our audience is very much into that camp as well.
But I don't think that people should need to have maximal privacy and have to do even all the things that we talk about on this channel.
which is ironic, but people shouldn't have to go through all of that to at least get a nice major upgrade in their day-to-day life.
And I feel like that is where services like yours are really good.
Swap in, like getting everyone in the world from Google to Duck.Go is fantastic.
And it's kind of also, maybe we can talk about this later,
but ecosystems and suites also kind of have this negative association in more of the maximalist community
because people don't want to put all their eggs in one basket.
Proton gets kind of similar flack for that.
But the reality is most people like and enjoy
and have the convenience of an ecosystem
and getting them from one ecosystem to another
that has end-to-end encryption,
that better respects them,
is typically a huge win on a mass level.
Just injecting my own opinions there.
I don't know if you have anything to say to that.
Yeah, yeah, a couple of neat things.
This approach that we've taken to sort of cater to
the average person that just wants
you know, the privacy, basically, day to day, it seems to resonate. Like, you know, our obviously
I've mentioned our search and how much it's used earlier, even our browsers on iOS in the US,
we are the most popular browser on iOS devices other than Safari, obviously, which is included
and Chrome to the earlier point, you know, right in the coattails of Google search.
We are the most popular browser by usage on iOS. And so people are really drawn to it overall.
And to your point, like, yeah, I mean, I think it's great that there are a whole bunch of tools out there.
Tools being extensions, other browsers that have maximalist approaches.
I think it's great. And people, if they know how to use those things, by all means, like, you know, use these tools.
What we have found is that when some of those tools are adopted by people with a little bit less know-how, they become very problematic.
Right. Like like an example might be something like you block origin, you block origin, super popular ad blocker.
You know, obviously player benefits to users in terms of, you know, no ads on a lot of things.
Now, a lot of people we've interviewed have that I've tried it have said, but it causes all kinds of website issues and breakage for them.
And they have to often switch browsers entirely just to make the web work on certain websites and that sort of thing.
And that's a hard problem to solve.
Ideally, you would not have that problem.
And you could take a maximalist approach to everything.
But the reality is the web can be broken if you go a little bit too far on some knobs overall.
And so we really try to take a maximalist approach until the point where it forces someone to go use a privacy invasive product because that defeats the entire purpose of it overall.
And so we spend a lot of time and investment in people looking at, you know, breakage reports on websites, making sure that, you know, we have anti-finger fingerprint protection, making sure we don't go slightly too far, like Tor level far will break all kinds of stuff.
And so it's hard to get that balance right, but that's essentially what we strive for.
Yeah, and it's very necessary.
And again, it doesn't need to take the place of the more advanced tools, which I know we're also big fans of and our community also very much enjoys.
But if the only options were those hardcore tools,
I don't think it would be good for the ecosystem.
So it's important.
I have a few more usability questions about the search.
I know you're talking about the search a lot,
and your main thing isn't even the search, it's the browser.
So we'll get into the browsers in a second here.
How did you guys get DuckDuckGo search in iOS settings?
Because that is impressive, right?
Apple gives you five options, tops.
Yeah. So I'm curious how that happened.
So that that is before my time, if I'm honest about it.
So, yeah, I think that happened before six years ago.
So all I can tell you is the high level there.
You know, certainly I think folks at DuckDuckGo, including our CEO or small company back then, you set up partnership discussions with Apple and we, you know, talk to Apple quite a bit.
A lot of this actually came up quite a bit in the recent Google antitrust lawsuit where there were depositions and discussions with Apple and Google on these default questions.
And so there's actually a public record you can see of our CEO talking about some of those conversations with Apple.
But my understanding is we basically said to Apple, we have the search engines growing in popularity.
We were starting to get a sort of a cult following at that point already organically.
And we basically petitioned Apple through these conversations to include us.
And there was obviously just some decision made to do that.
I don't know the details of what that decision included overall and why they specifically chose us.
But certainly that helped in the early days in terms of awareness overall and building it out.
And then since then, I'm not actually familiar with how Apple's done it since then in terms of what's included in those lists.
But some of the other browsers, they do sort of regional popularity lists.
And so I think they publish this as part of their repos, where they basically list out,
here are the top N search engines that we will include in our list based on popularity per country.
And so based on the organic usage of DuckDuckGo per country, we end up being in the list in Chrome in most places overall.
Very cool. Yeah, it'd be awesome if Apple just allowed custom search engines. Maybe the EU will make them do that. Revenue, ads. You guys run ads in the search. So, you know, we were talking earlier about how Google runs ads and the concerns around that. So what is different about your approach here?
You're absolutely right. We run ads on our search results page. Those ads we are partnered with Microsoft on using the Microsoft Ad Network. So the idea being that an advertiser, if they want to purchase an ad, they just do it on the Microsoft Ad Network and some of those ads will show up on DuckDuckGo.
The difference being that the query itself is really the only information that is used to determine which ad to serve, not some behavioral profile or historical information about the user.
When you search for something in DuckDuckGo, if you see an ad, there's a little, you can learn more about it.
And it sort of explains how our ads work overall.
But the idea being that it's set up in a way that Microsoft cannot use information about our users to behaviorally profile or anything like that either.
And so that those those ads are private for users.
And that's that's really the main difference.
Whereas, you know, Google ones, like I said, are tend to be based on whatever profile they've created about you.
Yeah. And I think maybe that's the overall pattern here.
is kind of the ephemerality, if that's a word, of this.
Because the word I've heard in the past that describes how you run ads is contextual ads,
which is the more maybe technical term for if you type in diapers into your search engine,
that one search might be used to recommend you baby products.
Because based on that search, it'll know, oh, maybe this person has a child on the way
or has a child currently.
Whereas Google might, from a search you did three weeks ago, start continuing to build a profile over time.
So it kind of goes back to what we were talking about earlier, which is what's being, quote, personalized and kept long term and built into a profile versus what is just here in the now.
Is that a good reflection of that?
That's a great reflection of it.
Yeah.
And the other thing I'll say is a lot of, you know, Google, Meta, these big data collector
companies, not only do they collect data about you based on your website visits and searches
in the case of Google, they also have lots of ways to collect data about you, even not
even on the internet, right?
Like, you know, you go to a store and buy something these days, you know, in most stores,
what is the first question the cashier will ask?
Can I have your phone number or email address, right?
And it's like, oh, well, you'll get points or some reward system.
It's like, well, that's the thing that enables them to collect one of those two identifiers, and they only need one, and then directly upload it to Facebook thereafter or Google and then advertise to you as their customer later.
And so now you are seeing ads following you around on these sites or, you know, in the case of search ads could be based on literally something you did in person, nothing to do with what you did online.
And people don't realize this happens and are freaked out by it all the time overall.
And so, yeah, none of that happens on DuckDuckGo with respect to our search ads.
It is just you search for a car, you'll get a car ad.
You search for diapers, you might get a diaper ad.
Got it.
And then that's kind of the search end of the equation.
So now we pivot over to kind of the other stuff you do.
Yeah.
This has, you know, because I've been running this channel now for over 10 years.
And back then, it was just DuckDuckGo.
I don't recall there being anything else.
I remember when you guys released your apps for the first time.
Then you released them for desktop.
Now you have DuckAI.
I think there's even a VPN now, if I'm not mistaken.
So can you kind of walk me through this expansion over time?
What you guys are choosing to expand to, why, and where you think your role is here,
either for yourselves or the people who use DuckDuckGo?
Absolutely.
So we have the DuckDuckGo subscription.
There's two tiers of it.
There's a pro and a plus tier.
Both tiers have the same basics in terms of privacy protections.
So you get a VPN, you get personal information removal, which I can talk about in a minute.
Is the VPN only in your browser or is it system wide?
It applies system wide.
It is in our browser apps.
Like that is how we distribute it.
We don't distribute it as a separate thing.
Like you install our app that includes the VPN either on mobile or desktop.
but it does apply system-wide.
So it is not just for what happens in the browser overall.
So there's a VPN, there's personal information removal
to scrub your data from data brokers online.
There's identity theft insurance in some countries
for people that are worried about that.
And then most recently, as part of DuckAI, our optional AI,
you get access to more advanced AI models with a subscription.
And the second tier in the subscription
is to give you higher limits on some of those more advanced models, basically, overall.
So the reason we went from search-free, browsers-free, all the privacy tools-free,
to having the subscription is there are certain threat models, like IP address collection
and some of this personal data removal, that are inherently expensive to actually deliver
to people. Meaning with the amount of money we make from search ads and as a business,
we couldn't afford to offer all of this for free to people. We wouldn't have a business essentially.
So if you really want these more advanced protections, we made those a paid offering
to make it a sustaining part of our business overall. But our general approach is we give away
stuff for free. So as long as the business can actually support giving stuff away for free,
because we want to deliver the widest set of privacy protections to people.
As many people can get it.
And so that's why your search is free, browsers are free.
If you really want the VPN and the other capabilities, there's an annual fee.
But we've bundled it together so that you get all those things in a low price per month or the year,
as opposed to going and buying a separate VPN and separate other tools.
It tends to be less expensive than doing that.
Yeah, so I guess you kind of, that was going to be my next question,
is where do you see yourself positioning this relative to somebody who wants to use this VPN?
And maybe, I think you guys have email aliasing as well.
So also email aliasing.
That's right.
Why would someone pick your ecosystem instead of picking those individual services?
You just referred to cost there, but I'm wondering if there's kind of any other things.
There's a couple things.
So one is certainly cost.
You get a bundle of all these things together.
The email protection that you refer to is actually a free offering.
That's not you don't need their subscription for that.
That's just included in our apps.
But basically, I think the primary reason for most people is sort of what we talked about earlier is most consumers out there don't want to deal with a lot of complexity.
And we're trying to offer this all up in a simple, easy to use package.
So if you use our browser, you have the email protection, which allows you to do email aliases, builds right in.
You know, when you're filling out forms, you can just click right there.
You know, it generates the ELAS email for you.
VPN buttons right there, apply system wide.
The personal information removal part that I mentioned earlier, that is the way we design.
That's really cool.
Basically, that's like if you have all these data brokers that collect your information, a lot of them provide opt outs where you can go fill out forms and request that they delete your information.
We do that on your behalf.
Now, most other services that offer something like this, they have to collect all this information about you so that they can go request deletion of these things on your behalf.
We actually do it so that runs locally on your computer.
DuckDuckGo doesn't collect that information.
And so your computer in the background and your browser while it's running will go and request that all these data brokers delete your information.
And so it's really designed in this private way where you don't need to send us anything.
To my earliest points about us not wanting that information from you.
And so that's what we're hoping that that package really appeals to people who want all those capabilities at a really competitive price overall.
Very nice. I need to do more research in your data removal service because, you know, of all of them out there, I know it's I'm sure you all saw the Consumer Reports research.
And so the efficacy of them is quite all over the place.
Easy Opt-Outs has been consistently a really easy recommendation
because it's, I think, $20 a year.
And they do a good job.
They were found to do really well.
It's what I'm using right now.
But the idea of using something locally
is always a little bit more enticing to me.
And I think I had redact.dev on here as well,
and they teased that they were working on something similar.
So I need to do a big deep dive on these
because I think that could be the future of this.
And I think you guys already have it.
So it's something I need to dig into.
Regarding your browser,
I'd like to dive into a little bit more of the technical aspects of this.
So is your browser designed to only be an ephemeral experience?
Meaning, for anyone listening, I know your mobile app,
you might log into five services,
but I think even by default, maybe?
Or at least the fire button kind of implies
when you're done with your session, you're done with your session
and you have to log into those services again.
Is that the only use case you have for it?
Does desktop change your use case for the browser?
I'd love to hear a little bit more about just the overall place that you see your browser being in people's workflows.
Yeah, so the short answer is no.
We intend our browsers to be your everyday primary use browser.
Now, where we started years back on mobile was probably fair to say a little bit more ephemeral in that we didn't have a lot.
There was a lot of browser capabilities we never used to have.
I think at some point, I'm not even sure we had bookmarks in there.
Like there was a bunch of, you know, it was much more ephemeral.
And on mobile, that's a little bit more understandable.
Because if you think about mobile use cases on a browser, it's often like you're like click a link to read an article and like you're done with it, right?
Like you never care about saving that and coming back to it.
Or that's the exception.
And over time, of course, people started to do more and more things with their mobile devices and started to use them for purchasing and things like that.
So we've sort of evolved the browser over the years to be,
hey, if you want to use it in an ephemeral way, great, easy to do that.
The fire button's there.
But we've now really built out many more capabilities,
including data syncing so that you can use it as your everyday browser.
On the fire button, to your point that it would blow away cookies
and session data and things like that,
we have started to make that more configurable
without making it harder to use for people who do want to use it in an ephemeral way.
We have started to, and you'll start to see this on our mobile devices first,
as well as our Mac browser, we have this out now.
You can, instead of clearing all your data, you can clear data just for one tab, for example.
And so we give some optionality there.
While, like I said, still easy access to clear everything if you want.
We also have the notion of what we call fireproofing.
And that allows you to basically denote, hey, these are websites that I want to maintain sessions on.
I want to save.
I don't want to blow away all the data.
And so you can fireproof websites.
And so when you do use the fire button, it will keep some as an exception overall.
And so we see sort of a, not quite a bimodal distribution, but the distributions of different types of usage.
Some will use it in this sort of very ephemeral way.
But many, many of our users use it as their primary day-to-day browser overall.
Because I think the reality is that if you look at browser usage, including on desktop,
a lot of people actually have more than one browser, and they've historically segmented their usage.
Often that segmentation is like work versus personal or maybe like, you know, based on use cases or multiple accounts.
You want to have to be logged in simultaneously.
Or people who have been doing that with incognito mode or private browsing mode as well.
And we're basically trying to have it so that you can just use it every day, but we still enable these other use cases.
And so at first, we actually didn't have a separate sort of incognito mode equivalent because our thought process was, well, if most people are using incognito when they want to be private, ours is entirely private by design.
But, you know, some people really wanted that because they were using it to log into another account or something that wasn't specifically about privacy.
And so we started introducing what we call Fire Windows, you know, which is equivalent for the sort of local privacy being able to segment use cases on desktop.
And we are experimenting with that version of that on mobile right now.
And so you'll see it's more and more moved to satisfying really any type of use case people want.
Nice. And so what's the underlying technology for your browsers?
You know, we have we have Chromium based browsers.
We have Gecko based, which is Firefox based browsers.
What's your approach on different?
I think it's different on different operating systems, if I remember correctly.
That's right. So the approach is essentially to build on top of what is made available by the platform.
And that's what we did on mobile historically.
Like everyone's in the same boat there on iOS devices, you know, because Apple doesn't allow for different engines.
There might be some EU rules that might change that somewhat, but I haven't seen any strong evidence for that actually happening.
On Android, we do the same sort of thing we built on the Android WebView.
And then on Mac, when we started building our Mac browser, we could use a lot of the tech we built for iOS and use it.
You build it on the Mac WebView that's available.
And we're partnered with Apple there as well.
So meaning, you know, we feed that we give Apple feedback on on the underlying APIs and they have they've added capabilities and things that we requested over time.
So is it WebKit for macOS?
Yeah, exactly.
So it would be underlying the web view is WebKit for both iOS and macOS.
And then so, yeah, Android is on the Android web view, which is, you know, underline that is Chromium.
And then on Windows, it's very similar to Android in that we actually have our own web view layer that we've built that we've just recently rolled out.
But underlying that is Chromium overall.
What about Linux?
We unfortunately don't have anything on Linux right now.
There isn't anything like this for Linux, right?
That's right.
Yeah, yeah.
So the approach does limit us on Linux.
And yeah, a lot of people in the Linux community
have been asking us for browser.
We don't have one coming at this point in time,
you know, sad to say for those folks,
but maybe in the future.
Yeah, I mean, I do think that is a genuine,
I mean, it kind of represents the,
I guess the countless options that people have on Linux
because I can't imagine there being a central browser platform
that's built into every Linux distro.
So I think that is just a little bit of a limitation
in how the Linux community has evolved over the years.
But it would be cool if there was something like that.
I know there's been some WebKit-based browsers on Linux
that are quite fascinating,
so maybe someday something like that would happen.
Extension support.
So you're relying a lot on whatever the platforms give you,
So I assume there isn't a consistent extension experience is my guess.
That's right.
If you can probably tell the last time I used the DuckDuckGo browser was many years ago,
back when it was probably a little bit more of an ephemeral tool.
So I'm also asking for myself here.
Yeah, extensions, you're absolutely right.
In terms of the platform capabilities, there are some limitations that wouldn't allow us to just deliver
the normal extensions that you might have on some other browsers.
A lot of people have asked for this stuff.
So we are looking at it and trying to determine if there's an approach that makes sense and works.
The other element to this is, to my earlier point on, we are really trying to cater and deliver to the average consumer and take care of the threat models there.
We also do very much have worries about the sort of threat model that comes with extensions.
every month there's a new article about some extension that goes rogue and and collects the
you know people's entire browsing history sells it or something you know and like that is just so
easy for people to focus on themselves on to be clear like i'm not saying we purposely would want
to limit user choice or anything like that we want to make sure that we can deliver for the experiences
that most people want without introducing new threats and so like the way we're looking at is
both from a, you know, is there something we could do to actually enable extensions, but could we also
look at the use cases that extensions deliver and deliver on those natively without most people
needing to worry about introducing some third party they don't trust overall. And so you'll start to
see us experiment more, you know, in our native browsers with dark mode being applied to websites
and like, because if you look at the top extensions, it's like ad blockers, which we already block
any tracking-based ad that comes from a tracking domain.
So we already act as an ad blocker.
The tracker blockers is already covered by us.
They're third-party password managers, of course.
And of course, there is a gap there.
There's a bunch of people that do use third-party password managers.
But again, most people do not.
Even though that they've been growing in popularity,
most people use their browser as their password manager.
So we've been heavily investing in making sure that our password manager built in works well,
syncs across our browser, all that sort of thing, and making it way easier to import your data.
We were one of the first browsers to introduce ability to import data on our mobile browser from,
you know, Safari and from the Google Password Manager overall. And people love it. People,
you know, are using that in our onboarding. And then extensions like dark readers and things like
that. And so some of those things we will start to incorporate natively as best we can, because,
yeah, you shouldn't need to rely on a third party.
But we will have to look in the future
for things like third-party password managers, of course.
Nice.
And on mobile, it's not as much of a concern
because you have autofill that's built into the system.
True, absolutely.
So I guess it's more of a desktop concern,
which frankly, I mean, that shouldn't be your guys' problem.
It is quite unfortunate
because I think autofill would just be better
if it was handled on an OS level.
I still to this day think that what Apple did on iOS
is hands down the best version of password autofill
because it works reliably in every app.
There's no kind of preferential treatment
that Apple gives keychain over other third parties.
Rare Apple win for third-party services, I think.
Yeah, on our mobile browsers,
we have started to include the option,
and it's right there on iOS,
to use our password manager as a system provider there
and tie into that system that Apple and Google have built.
Just because, yeah, I mean, not everyone's going to be using like an Apple device on desktop.
And so like that gives them some optionality if they really want to use ours instead overall.
But, you know, of course, they can use the system one if they want.
Very cool. And I wanted to just ask very, very broadly, actually, why did you guys opt for this like platform based system?
Like why did you not do a Firefox fork or a Chromium fork?
What were kind of the what's the philosophy here?
A couple of things. One is, I mean, if I go back.
historically, we were a very small company when we started on our mobile browsers. Like you're
talking about one or two engineers, you know, total working on these things. And so pragmatically,
it made the most sense. Well, as I said, everyone's in the same boat on iOS. We kind of have to follow
that approach. But pragmatically, it made the most sense to not reinvent the wheel on some of the
underlying capabilities. And as long as we could deliver on the features we wanted and the privacy,
live up to our privacy expectations overall.
And so we applied that same approach
when we looked at desktop as well.
Like, you know, can we use what's already there?
Can we use like, you know,
from a security patch and update perspective,
the fact that like Apple's already handling that
for the most part with OS updates.
And so that you don't have this dual,
you know, the OS has to be updated
and the browser has to be updated
to get certain security patches.
So that was the approach we decided to take on Mac.
And it's worked very well for us.
By the way, it also allows us to do something like distribute in the App Store on desktop on Mac,
where other browsers don't necessarily have that capability overall, unless they're doing something similar to us.
On Windows, it was a little bit different.
We originally started with using the WebView 2, which is available from Microsoft on Windows.
But we certainly had some limitations along the way.
And then we basically had to go a little bit different route.
But the philosophy is the same.
Don't reinvent the wheel for the things that are already solved for people elsewhere and build on top of that to deliver some of these capabilities overall.
The cost of maintaining a fork of some of the other browsers and either inheriting some of the web compatibility issues on some of them or, you know, just maintaining that fork in other cases to make sure there's no privacy invasive aspects to it.
We felt that that wasn't the right trade-off to make
where we could go with this approach overall.
But yeah, we'll see how it evolves into the future.
This approach is working for us for this foreseeable future.
Nice. Do you support passkeys in your password management solution?
We not this moment.
Well, we do, sorry, I should say we do on Mac and I think on iOS.
On Windows, we do not, but we've got a project right now
to look into, you know, enabling that properly. Like it does work in some context, but, you know,
we want to see if we can store some of the passkeys in our password manager directly and, you know,
enable that model for people. Very cool. Progressive web apps. Is that something that you guys support
on desktop? We don't. We don't. No. Yeah. You know, honestly, it's the sort of thing where like,
you know, I remember being involved in the early days of progressive web apps, you know, Mozilla
And like, it seemed to have a lot of promise overall, but the adoption really hasn't been there to a huge degree overall.
Like we even had a version of DuckDuckGo search as a progressive web app up until a couple of years ago, I think.
It's a confusing model for people, unfortunately, at the end of the day.
Like, for example, when we started offering a Windows app, browser app, and we had a progressive version of our search, we started getting all kinds of user feedback that was very confused.
They would say things like they would be in edge using DuckDuckGo, and they thought that that was our browser, or the reverse was true, and they would complain that we blew away all their bookmarks.
And there's all kinds of sort of user, you know, I think issues with understanding that model.
So it's not something we've really thought so hard about enabling.
I'm not going to say we wouldn't do it in the future, but it just doesn't seem like it's taken off to a huge degree.
Right. And what about fingerprinting protection?
You know, we have kind of like the Tor project and all that browsers approach, which is to blend users, make them look together so that websites can't, you know, tell each user apart.
We have kind of Braves approach of randomizing fingerprints.
Each time you boot it up, it's different.
Do you guys have any protections against this?
Yeah, we do.
So there's, you know, there's a couple of different elements to this.
Like one is there's a lot of fingerprinting scripts that are on our third party block list that we have.
And so like, but we've actually blocked the tracking scripts from all kinds of known trackers, inclusive of these fingerprinting scripts.
So that's like the first layer.
Like a lot of other browsers that don't outright block tracking scripts, they only block cookies.
They won't block this.
We block this stuff outright first.
And then we do override APIs as well, similar to what you're describing from others, where we might do some JavaScript injection on the page and override some APIs to sort of fool or obfuscate the user's fingerprint overall.
The approach taken is a little bit different on each platform because like we because on iOS and Mac, we we use WebKit ultimately underneath.
We inherit a lot of their anti-fingerprinting capabilities already.
They're just baked into our browser.
And so then, you know, there's a slight difference on how we do it on different platforms.
But yeah, the idea is that we do try to override a bunch of these APIs.
We do actually have on our website, if you go to DuckDuckGo.com slash compare dash privacy,
we actually have a nice little comparison chart that shows the different protections we have
relative to other popular browsers and extensions as well.
You can compare our extension to other extensions that are out there.
And each one of those has a learn more.
And we have help pages that go into the detail of each of these protections and how they work
and what the limitations are per platform and so on.
Nice. And then something I forgot to double click on is, you know, what is open source in your ecosystem?
Yeah. So we are big fans of open source. We generally open source most things.
I mean, there's some things we don't open source.
The search, we don't open source search.
Search is a, you don't want it to become a gameable system, essentially.
But browsers, we open source.
The only one we haven't open sourced yet was our Windows one because we were doing some re-architecture.
We were waiting on that first before we made it available open source, before we open sourced it and then changed a lot of it.
And so we're actually almost through that.
And so I expect we'll open source it before long.
But yeah, you can see in our repo, most things we have are open source.
And that includes a lot of our underlying capabilities that feed our privacy protections.
We have our tracker radar, which is our crawling system that goes and figures out who are the trackers on the Internet.
That data set that's produced there and all the open source aspects of that are actually used by a lot of academics for research and be actually a lot of other companies use it as well.
Apple included.
Very nice. And one of the things that's in your ecosystem that I haven't used yet.
So I'm genuinely curious how it works.
So you have this app tracking protection.
This is, from my understanding, built into the browser, but it applies system-wide.
I assume that you're going to be running some kind of VPN connection that blocks certain domains contacted by third-party trackers.
Do you mind expanding how that works?
Yes, absolutely.
So app tracking protection is a feature on Android specifically in our Android browser.
It is an optional feature, as you mentioned, it's free.
It uses the VPN APIs on Android.
So when you turn it on, you will have to give VPN permissions to our application.
And it all operates locally on the device.
So while it's using the VPN APIs, it's not sending data to DuckDuckGo servers.
It is basically just forcing all the app traffic on your device to route through a VPN layer on the device where we can identify trackers and block requests to those trackers.
And so just as we block trackers on the web for third parties that exist on websites, if a given app is communicating with third party known trackers and we identify those through testing that we've done, I mentioned earlier that most of the free apps on Android have embedded trackers in them.
So we've done thorough testing and we come up with a block list, which we publish on our open source, and we block requests to those trackers if they're not owned by the same company as the app itself.
Right. So that's where like if it's Facebook using the Facebook app, we're not going to block requests to a Facebook domain.
But if you're like using some random other app and it's trying to communicate with Facebook to a tracking domain, we will block it.
And the cool thing about it is it shows you in real time what's happening.
And people are absolutely shocked by the level of tracking that happens.
It is like, you know, I was actually just, I just turned this on this morning on my device after I reinstalled our app.
So this has only been running, I'll just show you my personal Android device since, I don't know, maybe five hours today.
Eight apps on my device have had 806 tracking attempts.
You know, and if you dig into each one of those, it actually shows you the sort of bits of data.
They're known to collect the trackers, headphone status and battery level and so on and so forth.
And so when people see this, it's sort of a shocking eye opener.
You go to sleep at night, you pick up your phone in the morning and you look in like over the last eight hours.
There's been, you know, 5000 tracking attempts, which is quite insane.
Yeah, I guess something you said that that has me curious.
You mentioned how if somebody has the Facebook app on their phone, you're not going to block, you know, first party Facebook domains.
But what if somebody has, you know, a calculator app that has Facebook trackers and they have the Facebook app on your phone?
Is it granular enough to be able to distinguish which app it's coming from?
Exactly. And this is why, by the way, we do not have it on iOS because on iOS that is not possible.
On Android, it is possible. And so we can say the calculator app is trying to talk to Facebook.
Don't allow it.
Facebook app, trying to talk to Facebook, allow it.
We kind of distinguish between first and third party.
And we are able to do that at the VPN level on Android pretty readily.
We have to basically map out who owns what apps and what tracking domains they own.
And then just make sure to not block, you know, those that are owned by the same company sort of thing to avoid problems.
And we also like, it'll apply to other browsers even if you have it on your device.
However, by default, we tend not to turn that on because that's like in a browser context.
Like if you're going to the Facebook site and then the Facebook site is trying to communicate with Facebook, we don't want to block those requests because that will, you know, break your experience in some way.
And so by default, we have a set of apps that we don't enable it for.
But we were transparent about that.
You can click to see which apps it applies to you and you can override them.
You could say, actually, I want it to apply to these other browsers.
But it's honestly, I've been using it since we built a proof of concept six years ago.
And I feel naked when I don't have it on my device overall.
It's a really great feature.
Yeah, it's a cool implementation for it.
And I was going to ask why iOS wasn't a thing.
So thank you for getting to that.
I assume this kind of choice you made to distinguish between first and third parties is also why you didn't opt for just a DNS block list system.
That's right.
Yeah, exactly.
I know others do provide a similar capability via DNS, but there's tradeoffs there, of course.
And that's one of them that makes it really hard to avoid breakage.
So either you cause a bunch of breakage issues, to my earlier point about not messing with people's day-to-day experience, which causes them to abandon it, or you have to water it down to the level where you just can't block a bunch of things because you fear that it's going to break stuff and then it's not as effective where it can be.
And so this approach of doing it on device allows us to get a little bit more nuanced on that.
Now, it comes with challenges.
Like, we had to work through a lot of, like, there's a lot of Android phones will try to do, like, battery optimization.
They'll wonder why our app is working in the background.
And they'll try to, you know, cut against us and fight us and try to disable it.
But we've been able to put in place, you know, detection of that where we can tell users, like, go turn off this battery optimization that Samsung's trying to apply to keep working and so forth.
And we have a huge percentage of our Android users use it each day and they keep it on constantly.
And they love it.
People share screenshots all the time.
It makes them feel protected as well because they can viscerally see it happening, unlike most privacy issues.
Yeah, the visualization is really important.
And over time, I've seen how for regular people, that stuff really matters.
Absolutely.
One other issue with DNS.
I love DNS because that's how I do a lot of my blocking.
Sure.
But it's not going to block IP addresses.
So if someone's going to contact an IP address directly,
it's going to bypass DNS and it's not going to be blocked.
Do you guys do any filtering on an IP address level as well?
Specifically for app tracking protection?
For app tracking protection, yeah.
No, it is purely based on who's being contacted
and is it a tracker domain or not.
And if it is, we block it.
So presumably we would block most IP address collection
to those third-party trackers.
But that won't, to your point,
that won't, you know,
the first party will still be able
to collect your IP address.
And that's where you would need,
you know, an actual VPN functioning
to help with that problem.
Got it.
I definitely need to ask, you know,
about the elephant in the room,
which was a few years ago.
I know there was a lot of controversy
over the Microsoft exception for,
was it inside the browser
or was the app tracking protection?
Yeah, let me, I can speak to that.
it was relative, it was related to our block list, right? So I mentioned we block third-party
trackers in all of our browsers, and that goes above and beyond what most browsers do. Most
browsers that claim to be privacy-protecting are just blocking cookies. So we were blocking
cookies. We also were blocking the tracking scripts themselves. There was a requirement
for Microsoft partners that Microsoft had in their contracts on search from many years ago,
actually, where, you know, I don't know the details of it, but the clause was essentially
there are certain domains, you know, tracker domains that shall not block if you have a,
you know, any block list that you're applying in your product. We were not, I think at the time,
transparent about that enough. And so even though it's, I think a lot of people misconstrued it as,
oh, we were collecting data and sharing it with Microsoft. Never the case. There were never,
you know, there's nothing, no information from search being shared with Microsoft like that.
It was just that our tracker blocking on third-party websites didn't go as far as,
you know, it potentially could have gone on those couple Microsoft domains, but it was still well
beyond what most other tools provide.
Now, we heard the feedback loud and clear on that.
We should have been transparent about it.
Since that's what led us to go document these things much more granular,
I mentioned earlier, we have these help pages.
We spend months going in and documenting everything worked per platform.
If there's any exceptions we grant, we listed those out.
We also were able to work with Microsoft to change that policy as well,
so that we could start to block those
and there wouldn't be such an exception overall.
But yeah, I understand that people may have been concerned about that
and we hopefully have satisfied those concerns.
Yeah, I think the default is to be quite angry and frustrated,
but I think when you hear more of the details
and also I think the response to it has been quite solid
and it's good to see that kind of change over time.
You mentioned feedback from the community
And I think I saw a recent poll.
It's been a few months now, I think, but you guys polled the community to see what people think about AI.
Yes, yeah.
Yes, AI, no AI.
Yeah, no AI seemed to be quite overwhelming.
But at the same time, you all have AI features that you're continuing to roll out.
So I wanted to see kind of what your guys' views are on AI, how you think it fits in the ecosystem,
and how you're balancing kind of that feedback of people who don't want AI with maybe some of the people who do.
Absolutely. Yeah, it's a great question. Yeah, we had this, we had a poll because we knew, we knew that there was, there's a bunch of different opinions and attitudes about AI out there. And so we wanted to spur some conversation about it. So the, yeah, the poll was, are you yes AI or no AI? And as you stated that a lot of people said they were in the no AI camp.
And if you, if you like, if you look at that and look at, okay, what do people mean by that?
It tends to be, what is the felt experience for most people relative to AI?
It starts with getting, you know, social feeds filled with AI slop.
Starts with, you know, people getting, having their maybe older generation parents sharing clearly fake videos with them and thinking they're real.
And like, you know, say this with some personal experience.
This is a sort of felt experience that a lot of people have with AI, even though there's a whole bunch of other people that are starting to get a lot of utility out of various use cases.
And so all of it gets lumped in in one bucket.
And so I think both of these things are true.
There's real issues with AI that cause a visceral reaction for a lot of people, whilst at the same time there is utility provided by AI in other ways.
And so our approach has been, and, you know, sort of cemented by, you know, what we've seen
a poll like this, it should be optional.
Like we shouldn't shove things down people's throats.
Like if people don't want AI, let's give them our product.
They can turn it off very easily.
In fact, we added it so that you can from the get-go, like, you know, as a global toggle
in our browsers, you can toggle it off.
And then there's no AI entry point for chat.
You can disable, you know, in our search results.
We have a search assist that sometimes will give you AI type summaries.
You can disable that.
You can also adjust it.
Like you can say, I want to see this more or less.
Everyone, they should have the ability to turn it off.
And that's the optional bit.
To the point where we literally changed our app name in the app stores for a while to say AI optional.
Just to make it very, very clear to people.
And that's, like I said, compared to other systems out there, other search engines and whatnot,
that are providing no options to people on this stuff at all.
So that's been the approach.
And to my point earlier,
but there's a whole bunch of people
that get in utility from this.
We want to give them that utility.
Like if people are getting value from it,
we want to do it
and we want to do it in a way
that gives them more privacy.
And that's essentially why we've built DuckAI out
where, as I sort of mentioned earlier,
we try to anonymize the chat metadata.
We, for most model,
for a lot of model providers,
we have a zero data retention policy,
meaning we've got them to agree
to zero data retention.
when any chats are passed on.
For others, there's a minimal data retention.
We're trying to be transparent about that.
And then for all of our providers,
we do no AI training.
So we've set it up so that if you're using our DuckAI
and behind the scenes,
you're using an open AI model
or a model from Anthropoc, whomever,
it's set to no data training.
And while you could probably go use
each of these tools individually
and go into settings and adjust this stuff,
to my earlier point,
Most people don't know you can do that.
We won't figure out how to do that.
If you just use DuckAI, it just handles that for you across all these model providers.
And so that's the balance we're trying to strike is for the people that want this and want to start to get the utility from it, give them the option to do that in a private way.
For everyone else that doesn't want it, let them turn it off.
Including we started adding filters to our images on our search where we could try to filter out known sources that provide, you know, AI slop images, clearly fake images in the results.
I saw that.
I did learn a few months ago that you guys actually have a dedicated no AI domain.
I forgot the exact URL.
NoAI.go.com.
Absolutely.
So you can set that.
Like if you're using us as a search in another browser, you can set that.
We're actually in the middle of potentially playing with having it so that you can install a version of our extension on other browsers that will set that as your domain.
Because some browsers, it's harder to set a custom domain like that.
Also, I mentioned that you can adjust our search settings.
But because we have no account, a lot of people, if they blow away their browser data, it resets on them.
So if they had it set to all these AI things off, and then they blew away all the data, it resets on them.
So we're trying to make it easier to maintain that state.
And we'll probably do that via our extension in the near future if you're using us inside of another browser.
Very cool.
And then something else, just a very quick question on the Duck AI.
It's one of my favorite services you guys have ever released.
I find myself using it a lot.
Great.
Not that I don't want to be just freeloading off of you, but I've been getting away with just, because it's normally like, oh, I just have this quick question.
I want to put it through a more advanced AI model.
But I just don't want it tied to a personal account.
and I want it to be somewhat anonymized,
so I just use DuckAI, and it's been great for that.
But because you guys do a really good job with this,
where when I'm logged in, I can keep creating chats,
and you save all that chat history locally.
I think now you can sync that chat history through an account
if you have an account.
I don't.
So it's just all in each browser,
and each browser has its own history for me,
which is actually a pretty cool workflow.
My question, though, is there a persistent,
because you mentioned that it's anonymized every time you open it,
is there any kind of persistent identifier between chats?
So let's say I'm going to use Sonnet from Claude, Claude Sonnet,
in one chat, and I ask,
hey, look at this video script for me.
Can you fact check it before I publish this video?
And then I open a new chat and I say,
hey, I'm working on a personal video that has nothing.
But will it be able to know that these are the two same people
if it's two different chats?
On the model provider side, you're asking?
Yes, will Claude know that these two chats came from the same person,
or is it designed where both are just coming from DuckDuckGo user?
I think the last, I'm going to be honest with you,
I don't work on this stuff,
so I don't want to say definitively one way or another.
I can certainly check with a colleague.
I think it's the latter, though,
that there is not a persistent identifier on the model provider side.
And that's to my point earlier about stripping out PII in the metadata,
inclusive of IP address and that sort of thing.
And so I think we're looking at ways
of sort of enabling some persistence of that
coming via the client.
But yeah, I'm not familiar with all the details
on what we're currently doing there,
to be honest with you.
Cool.
And then, you know, just to zoom out
and we can start rounding things out here.
I did want to ask, you know, an interesting question
because you guys are developing this ecosystem.
It seems quite intentional.
You're picking strategically services
that you know people,
almost everyone is using at this point.
And if they're not using it,
There's a very intentional reason why you chose to include it, and it still integrates with your other tools.
But what do you feel like today your ecosystem doesn't cover?
Is there something you guys are looking at that is part of a very concerning trend in the privacy space that you guys don't have a solution for yet and that you think needs to exist?
To your point, I think, you know, when we started expanding beyond search and then browsers, we very much took a pretty wide lens on,
all right, what are all the privacy threats that exist in these different spaces?
And that included everything from social media to your phone and your ISP to you name it.
And so we looked across all of these.
We tried to develop a good understanding of each of those threat models and the market overall.
And we basically ultimately had a rubric where we kind of narrowed in to say,
okay, we think these are the spaces that make the most sense for us to go into based on our capabilities,
whether or not there's an actual market for it and demand out there,
and what the competition looked like and that sort of thing.
We obviously don't want to go – if there's great providers offering a solution in a certain space,
we don't want to go in there unnecessarily and try to compete
unless there's a reason that it needs more privacy in that space.
So there's a lot of the different verticals here that have some concerning elements to them.
But I would say the ones we've picked, which is search, browser, AI, are for us the most compelling for a few reasons, including that it has the widest ability for us to influence the standard of trust online, which is sort of the overall vision for DuckDuckGo.
Because this is how people are getting online.
This is where they're spending their time via browser, via search, via more recently AI.
That doesn't mean we won't look at some of the other ones in the future.
But to your earlier question, there's a chat space in terms of instant messaging.
But of course, there's products like Signal that exist there.
We've looked at some of these spaces.
ISPs tend to collect a good amount of information from people.
Credit card services and credit cards overall tend to data mine quite a bit.
We have looked at these and there are concerning trends in a lot of these spaces.
But, yeah, we either feel that there are decent solutions or it would be too difficult of a problem for us to solve in a tractable way in a meaningful time frame in some of these spaces.
And so the ones we've picked are hopefully the best mix of those that give people the most benefit.
Nice. And is there anything that we're able to share publicly about things that people can expect in the future?
Yeah. So, I mean, I think I mentioned a couple of things earlier, but like from our browser standpoint, you'll see our browsers gain capabilities and be capable of being your everyday browser for most people overall.
And we keep iterating on those. So that's something to look forward to.
On the DuckAI side, everyone's sort of figuring out these use cases and what the utility is and what's emerging.
But certainly you'll see us start to introduce things between image generation and other things like that as part of the DuckAI that we offer.
You'll see in our browsers the ability to introduce much more context, not just like the tab you're on and ask questions to AI about that,
but introduce multi-tab sort of context,
be able to ask things across those tabs.
And we're trying to be very thoughtful on how we do this
to not just needlessly introduce security or privacy issues.
So we're being quite cautious about it.
But yeah, you'll see all kinds of capabilities expand there
over the coming months for people, which is great.
Nice. Well, I want to thank you for your time, Peter.
And if people enjoy this interview, they want to learn more
or they want to get involved with you or DuckDuckGo,
where would you kind of send them to connect?
Yeah, it's been great sharing with you as well, Henry.
First of all, I really appreciate it.
If they want to connect with me,
you can probably do so in a couple of ways.
Like, you know, I'm available on LinkedIn.
You can find me on, I don't really use x.com that much,
but I'm there if you want to message me.
You know, I still use it to follow some professional threads
and interesting stuff in the privacy space once in a while.
There, you can find me there.
Yeah, otherwise, you can give me an email if you want, peter at duck.com.
Makes it easy for you.
Very nice.
Well, thank you, Peter.
And I hope that people learned something cool today.
Thank you, Henry.
Appreciate it.
There you have it.
I hope that you learned something new or many things new about DuckDuckGo.
I know I did.
And it was wonderful to talk to a team member behind the company.
Duck.ai is definitely a big talking point and something that I want to do more follow
up on in the future.
So if you have any more questions or requests, please let us know in the comments or using our feedback link on our website.
Otherwise, I just want to thank you all for being here and learning something new about how to keep yourself safe and the people around you safe along the way.
Finally, if you like this kind of content and you want to contribute to it, you can become a Techlorian down in the show notes.
You get access to our private signal group.
You get to support what we're doing.
You get credits in our videos and on our website, depending on which tier that you're on.
And we have many other perks lined up for you to try to at least do something as a thank you for you supporting us.
Thank you all for listening, and I'll see you next time on Techlore Talks.