<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>DuckDuckGo are a US owned and based company, that means they can be compelled under US law to monitor their users. Even though DuckDuckGo state they do not log any information and they also use HTTPS by default, it does not protect them from being compelled to monitor their users under FISAAA, PATRIOT and CALEA – such an order would also include a Gag Order to prevent them from disclosing that they are under the order.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Furthermore, DuckDuckGo have not been audited or certified by any external body.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>In my personal and professional opinion, DuckDuckGo cannot offer the same level of protection as Startpage whilst they are incorporated and hosted in the US - even if they were audited and certified, it would still not remove their vulnerability to US surveillance laws.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sincerely,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Alexander Hanff<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Alexandre Strube [mailto:surak@surak.eti.br] <br><b>Sent:</b> 24 June 2013 20:04<br><b>To:</b> Alexander Hanff<br><b>Cc:</b> Ubuntu Devel Discuss<br><b>Subject:</b> Re: Proposal to change default search engine<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p>What is the difference between this company and duck duck go, or what would be the benefit of this over, say, have such measures implemented client-side?<o:p></o:p></p><p>[]s<br>Alexandre Strube<br>Sent from my touchpad<o:p></o:p></p><div><p class=MsoNormal>Em 24/06/2013 19:56, "Alexander Hanff" <<a href="mailto:a.hanff@think-privacy.com">a.hanff@think-privacy.com</a>> escreveu:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi list,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Introduction<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>---------------<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In light of the recent scandal regarding the NSA’s surveillance programme PRISM and the fact that all US Corporations or Non-US Corporations with facilities within the US are vulnerable to Foreign Intelligence Surveillance Court (FISC) orders under the Foreign Intelligence Surveillance Act, USA PATRIOT Act and also under Communications Assistance for Law Enforcement Act (CALEA) and other orders (such as National Security Letters) – I would like to begin a discussion on changing the default search engine in Ubuntu’s web browsers from Google to a more privacy enhancing service.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Disclosure<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>------------<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My name is Alexander Hanff, I am a privacy advocate who has for the past 5+ years been campaigning for human rights across the globe. I worked in the technology sector for over 17 years before returning to university to study the impact of technology on society as a sociologist. Prior to completing my degree, I spearheaded a campaign against a company called Phorm who were seeking to intercept all communications at the ISP level by installing Deep Packet Inspection (DPI) technology across most of the UK’s public communications networks.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>After launching NoDPI.org and successfully chasing Phorm out of the UK and EU, I took up a position at Privacy International, where I headed up their Digital Privacy portfolio for 3 years.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I have given speeches at conferences all over the world, including Brazil, Beijing, Washington DC and most European countries as well as having been involved at the regional (EU Commission) and national level on consultations regarding several laws, including Regulation of Investigatory Powers Act 2000 (in the UK) and Europe’s ePrivacy Directive.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>In January last year, I left Privacy International and became an independent campaigner and consultant.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I am currently not an employee at Startpage or Ixquick and I am posting this email as an advocate of civil liberties and fundamental rights.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Proposal<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-----------<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I would like to see Ubuntu change the default search provider to Startpage.com<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My reason for this is that Startpage.com return search results from Google, but they do so in a privacy enhancing manner – that being they do not send any information about the person making the query to Google. Furthermore, they provide the option of accessing returned results via their proxy, which protects their users from passing on personal information when they click on a result. They also provide cookieless preferences, they don’t log any information at all and they encrypt all connections by default via HTTPS.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Now I won’t lie to you all, I am a big fan of the company – I know them very well and have provided a lot of advice to them over the past 5 years in order for them to improve their services. But that doesn’t form the basis of my motive for this email. I have been a Linux user since 1997 and I am a big supporter of FOSS software and the FOSS community – first and foremost, I want to help protect people’s privacy.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Startpage is based in the Netherlands and are a Dutch company, which means they are not vulnerable to US surveillance laws. Furthermore, they are certified by Europrise, the leading privacy auditing body in the EU, funded by the European Commission. I know the team personally and have visited their office on a number of occasions, they have always taken my advice to heart and implemented every change I have suggested to them. I have absolutely every confidence that they are a privacy enhancing technology and a benefit to the world & I would stake my reputation on that in a heartbeat.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Can we please begin the discussion on making this change for the benefit of all Ubuntu users and show the world that FOSS embraces and enhances fundamental rights?<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Regards,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Alexander Hanff<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Privacy Consultant<o:p></o:p></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>--<br>Ubuntu-devel-discuss mailing list<br><a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com">Ubuntu-devel-discuss@lists.ubuntu.com</a><br>Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><o:p></o:p></p></div></div></body></html>