DuckDuckGo Search switches mapping to Apple Maps
Privacy-focused search engine DuckDuckGo announced yesterday that the search engine's map and address related searches and functions are now powered by Apple's MapKit JS framework.
The new functionality is live already for desktop and mobile devices that use DuckDuckgo for searches.
DuckDuckGo highlights two main benefits that come out of the move: improved privacy and better mapping functionality.
Users may see maps and related data when they run searches for places or addresses. A search for the best Thai, Vietnamese or Italian restaurant displays a map and related information in the sidebar or at the top on search results pages.
Searches for addresses, geographical places, local businesses, a type of business, or nearby places return embedded maps usually.
The listing highlights places on a map and a top list of places depending on the query. If you search for a restaurant, you get three restaurant listings from Yelp along with user reviews, types, and other information such as opening hours if available.
A click on the map expands it to cover the entire screen. A sidebar lists places and you can click on numbers to highlight a certain place right away.
The map supports core map functionality such as zooming, moving around, or switching to a different view mode.
DuckDuckGo is a privacy-focused search engine and privacy played a big role in the decision to switch mapping functionality to Apple's MapKit JS framework.
The company notes in the announcement that user IP addresses or any other personally identifiable information is not shared with Apple or any other third-party that is involved.
A user's approximate location is used to power local searches, but the information is discarded "immediately after use" according to the company. Users remain anonymous according to DuckDuckGo as the company does not store personal information in its server logs.
Additional information about anonymous localized results is available on DuckDuckGo's Help site.
DuckDuckGo did not reveal how privacy has improved over how things were in regards to privacy with the company's previous map provider Mapbox (which used OpenStreetMap).
Now You: Do you use DuckDuckGo? What's your take on the change?
DuckDuckGo is one of my four search engines and one of the two for which I authorize trans-session cookies (Exceptions : Allow) but I have disabled its ‘Map Rendering’ because I’m not fond of a search engine calling 3rd-party servers (except when it comes to SearX which is by nature a meta-search engine). So I won’t be concerned by Apple-maps being DDG’s new mapping provider.
If, when I need a map I’ll search with ‘OpenStreetmap, or ‘Mappy Maps’ (which is quite nice), or ‘Google Maps’.
I’m a heavy DDG user. I am also a little confused about the claim that this increases privacy — is there a privacy issue with OSM?
Privacy questions aside, I am neutral about this change.
DDG starts selling out. Everyone needs monies y’know
@Anonymous: no problem, they just need to be clear about it.
@Anonymous:
I’m not seeing the sell-out here…
If there’s something they should switch up it’s their use Amazon AWS.
It was quite disappointing to find this out after a good year of using and really liking DDG.
But I’m not leaving Google for a “lesser” devil. It’s Qwant and Startpage for now
“DuckDuckGo did not reveal how privacy has improved over how things were in regards to privacy with the company’s previous map provider OpenStreetMap”
What, the previous provider was OSM and that was less private than Apple ? I’m skeptical, too bad we don’t have the details.
Independently of this case I have noticed a tendency of Apple to market itself as a privacy loving alternative to the other giants of data theft, trend sometimes going as far as infiltrating privacy rights communities. This is very wrong. People should immediately feel suspicious when they hear Apple is in charge of their data.
https://www.qwant.com
Tried Qwant many times and its results are consistently rubbish for anything beyond the simplest searches. DDG beats its hands-down, not to mention Google or even Bing. Also, a persona peeve is how they removed the favicons from their search results a while ago, which I found incredibly useful.
My experience is the opposite. Qwant lite is very good, Duckduckgo is bad. Maybe because I live in Europe and Qwant is a French search engine.
Are you searching in English or in French? I’ve used it in English only (for the UK) and it’s been pretty poor.
I am searching in Dutch.
At the moment the quality of Qwant’s results seem to vary from region to region. Apparently, they only use their own engine in Germany and France at this point in time and Bing for the rest. That might explain it.
In my case, I get almost identical results to DDG, quality-wise. So Qwant works for me. Especially with https://lite.qwant.com/ which gives off a more minimalistic “old-times Google vibe”.
A featured article about Qwant here on Ghacks is kind of overdue, if you’d ask me.
@Sebas:
“Qwant is a French search engine.”
Qwa ? ;-)
Quoi?
> DuckDuckGo did not reveal how privacy has improved over how things were in regards to privacy with the company’s previous map provider OpenStreetMap
Apple execs told DDG they respect privacy. Have you not seen our ads? This while on a flight back from China’s datacenters and finalizing Face ID 2.0. They joked they were coming from the land where the DragonFlies….
I’m amazed of how so many people blame China when US companies like Google and Apple misbehave.
Everybody spies, everybody steals, and everybody kills. Some nations are just better at hiding/spinning it than others. Thinking yours is on a moral high ground is just delusional.
I don’t recall Google or Apple launching an offensive against citizens.
I like DDG because of the customization that can be done. It’s my home page and new tab page in FF and chromium. Never thought about maps much, I use google maps for that, works fine on my laptop with location turned off (but not on a phone!) If something’s mapped in a DDG search and it renders acceptably, I might use it though.
I switched to DDG long ago because google seemed to be watching all the time, redirecting and sending me where it wanted me to go. DDG’s mostly a nag and tracker hinder; much better but still there. If I want good privacy, I use a VPN.
An analogy would be if you walk carefully on ice, you probably won’t fall if you pay attention to it all the time. If you wear crampons, nothing to think about.
Given DDG uses advertising as its business model, has partnered with Amazon and now Apple (presumably with some monetary compensation or quid pro quo arrangement), and is partly owned by a $1B+ Wall Street investment firm (Union Square Ventures; one cofounder has ties to AT&T ventures), which has an excellent track record of rapidly growing and selling technology companies (Twitter, Etsy, Twilio, Indeed, Foursquare, etc.), then it would be reasonable to suggest that “privacy†is probably now more of a marketing gimmick/mirage for the gullible masses. Insinuating that OpenStreetMap is less private than Apple without any objective evidence is jumping the shark (or whatever that expression is). Personally, I use SearX, Startpage, and Qwant (although I question the latter’s use of ads that appear at the top of search results in some browsers).
The founder of DDG has an interesting past with regard to privacy. His previous business was called Names Database. If that doesn’t ring alarm bells then I’m not sure what does.
https://en.wikipedia.org/wiki/Names_Database#History
I did not trust him anymore when I found he uses Amazon’s AWS. And why did Duckduckgo get such an enormous press coverage and user base? I followed him in the beginning, but I do not use it anymore. Searx.me is way better in privacy.
Qwant, Startpage or searcx great choose!
I stop using DDG a while ago because its base in USA.
Glad that you left.
It’s really funny (but actually, pathetic) that a so-called “privacy-focused search engine†like DuckDuckGo clearly shows the user’s search terms in the URL for all to see. In the screenshots above, the search terms “thai restaurant†are right there in the URL to be read by one’s ISP or VPN and any other add-ons and apps one has installed which can read URLs. I almost never deviate from StartPage to use DDG except on rare occasions as a “second-opinion†engine, and it took nearly forever to find a customized DDG on Mycroft which didn’t show search terms in the URL. It’s ridiculous that it should be that way, though–DDG should always use POST instead of GET and protect users’ privacy by not showing their search terms in the URL.
@Hy: ” In the screenshots above, the search terms “thai restaurant†are right there in the URL to be read by one’s ISP or VPN and any other add-ons and apps one has installed which can read URLs.”
You can also see right there in the screenshot that it’s an HTTPS connection. Your ISP or VPN provider can’t see those URL components (they can only see the domain name). As to add-ons or apps, whether or not those terms are part of the URL doesn’t impact their ability to snoop.
Dear Mr. Fenderson,
Thanks very much for the information! I am quite confused now. :) I recall discussions here on ghacks and elsewhere about the POST method being more private and secure than GET, but I can’t recall the details. It might have had something to do with the GET method being susceptible to cross-site scripting attacks and/or cross-site request forgery attacks. But this not my field of expertise and could be faulty recollection on my part. I can’t recall now why some search engines such as StartPage use the POST method and don’t have search terms appear in the URL. Perhaps others who know more about this can chime in.
“As to add-ons or apps, whether or not those terms are part of the URL doesn’t impact their ability to snoop.†I don’t think I follow here. If a user has browser add-ons or other apps installed which can read URLs visited, say for safebrowsing, etc., then those apps and add-ons would presumably see search terms if they are part of URLs. If the user is using StartPage the URLs would always conclude with the same thing regardless of what was searched for, namely: “/do/search.†If the user is using DuckDuckGo or Bing or other engines which use GET, then the URLs would always show the specific search terms within the URLs, which would then presumably be visible to any add-ons and apps which had access to URLs visited.
I’ve read that URLs may or may not be encrypted properly with HTTPS and that there are different strengths of HTTPS depending on what version of SSL/TLS is used and the particular ciphers used. Apparently some of them are quite weak and even considered broken, such as RC4 e.g.. Also apparently HTTPS strength is reduced if the website visited is not using HSTS.
I don’t have time right now unfortunately to immerse myself in this although I’d like to know more about it, but I did a brief search and put together some of the comments I found. What quickly became apparent was how complicated all this is once one starts digging into it and I am certainly no expert in this area. I have no idea of course if these comments are right or wrong but I’ll put here what I came across in case others want to follow up or have time to go deeper:
Does SSL/TLS (https) hide the urls being accessed?
Yes and no.
The url is encrypted properly, so query parameters should never be revealed directly.
However, traffic analysis can get the length of the URL often – and knowing the server and the length of the url is often enough to eavesdrop what pages are being accessed, especially if assuming that links on a page are clicked. Google for “traffic analysis ssl browsing” or something similar if the topic interests you.
For those who think once you are HTTPS no one knows where you’re going, read this first: The hostname of the server (e.g. example.com) will still be leaked due to SNI. This has absolutely nothing to do with DNS and the leak will occur even if you don’t use DNS or use encrypted DNS.
Even with HTTPS you can however of course see the TCP headers and TLS headers.
TLS works on a different layer, making all of this encrypted. This includes the page you are accessing with the GET method. Note that, although the Host header is also in the header body and thus encrypted, the host can still be obtained through rDNS lookup on the IP address, or by checking SNI, which transmits the domain in plaintext.
However, don’t forget that many web servers log GET requests and parameters, and any credentials or other sensitive information you send via GET could be written to a log somewhere. For that reason, you should use POST (which will also be encrypted under SSL) when submitting sensitive data.
You should assume that the URL is not protected, i.e., that a passive eavesdropper may be able to learn what URL you are visiting.
I realize this contradicts what some other folks are claiming, so I’d better explain.
It is true that everything after the domain name is sent encrypted. For instance, if the url is https://www.example.com/foo/bar.html, then http://www.example.com is visible to the attacker, while the HTTP request (GET /foo/bar.html HTTP/1.0) is encrypted. This does prevent an eavesdropper from directly seeing the path part of the URL. However, the length of the path part of the URL may be visible to the eavesdropper. In addition, other information — such as the length of the page you visited — may also be visible to the eavesdropper. This is a foot in the door for the attacker. There has been some research which uses this foot in the door to learn what URLs you are visiting, if the attacker can eavesdrop on your https traffic.
While there is no guarantee that these attacks will succeed, I suggest that it would be prudent to assume the worst: to assume that an eavesdropper may be able to learn what URLs you are visiting. Therefore, you should not assume that SSL/TLS hides from an eavesdropper which pages you are visiting.
Yes, https does provide integrity for the URL you visited.
P.S. One other caution: in practice, sslstrip and other man-in-the-middle attacks may be successful against many or most users, if the web site is not using HSTS. Those attacks can violate both confidentiality and integrity of the URL. Therefore, if users are visiting web sites that are not using HSTS over an insecure network (e.g., open Wifi), you should be wary that an attacker might be able to learn what pages the users are visiting.
@Hy
Perhaps I was too brief. Here’s what I meant:
If you are browsing to an HTTPS site, the your ISP cannot see anything aside from the domain you are browsing to. Yes, of course your ISP knows the site you’re hitting (even if you go to the effort to stop them from seeing the domain name, they will still know the IP address), but they don’t know the rest of the URL you are using.
Therefore, if you’re going to an HTTPS protected site, it doesn’t matter if a search engine leaves the search terms in the URL insofar as the privacy impact with your ISP.
That’s all I was saying.
Of course, the site you’re going to can see those terms. If that’s a concern, then don’t just click the link — copy the URL and edit those terms out, or use a browser extension that will do this automatically.
@Hy
I probably don’t know as much as you do, but I think the real reason why to search by POST method is much simpler than you thought:
https://support.startpage.com/index.php?/Knowledgebase/Article/View/747/34/post-versus-get
You can just strip the referer part from request header to reach the same goal. As for traffic analysis, it is deeply and massively used by Chinese government to intercept and block the illegal attempts of unauthorized access to overseas websites by Chinese people who use some kind of anti-censorship technology like Tor to bypass the Great Firewall. But that’s another difficult problem and you are too far from frustrating it just by changing your GET queries to POST ones.
Here are two DDG search plugins using POST method, you can save them as .xml files respectively, then import them to your FF with xseei.import.js:
https://gist.github.com/nohamelin/8e2e1b50dc7d97044992ae981487c6ec
Just suit yourself.
DuckDuckGo HTML
Search DuckDuckGo (HTML)
UTF-8
DuckDuckGo Search (HTML, non-JS)
data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAB8lBMVEUAAADkRQzjPwPjQQXkRQ3iPwTiQQXgPQPeQgrcOwPVNgDVNQDWOgbTMwDRMgDQMwDSMwDRNwTQLgDRJgDSJwDSLgDSNwTjOgDiOADjOQDkPADhQAXzs5v+/fv////0vKbiRQvgPQHpdUr85NzuknPdKgDcIwDnZzj2w7HqeU/gPQLsimb/+PftjWn97Obpb0LdJQDeLQDtjmvsi2jgSBDnbULgOQD/39HgLQDeMgDpeFLgSBH0v670uqbaJQD2qImWvP/G1Ob5+/3u//+fvvXyp47dMwDaLwD0u6v0v6/aNQDiXi/aKQD3qozU7/8gSY2vvtg0ZK/OqLDaKQHYKgLgWTfaNADZMgDZMADZLADzqpD7//+xwdz//9H/5Bn/7Bn//ADofADYMADYMQDZOgPXLgDiZDj//97/0AD3tQDvlgHZOgbXLATXMADWMgDfXjLVLQD///z+0AD/3Rn/yRnwnQDcVjbVMQDyv67wuKTSJwDRHQD+8O/tg3/iQQDwhAHnawHWMADvtKfyva7XQxHga0bQGQD2vbH/u8LXIQCmPQzja07XQxLliGn99fPkcVHvhnGZ5VguvUU5wktBwCcAgxzydVv/8/XmiGngdlL+ysi3+I8LtCE80V6P3YmX4sDleljSNQLzr6D7sKPXNQTSIwAEAbMrAAAAF3RSTlMARqSkRvPz80PTpKRG3fPe3hio9/eoGP50jNsAAAABYktHRB5yCiArAAAAyElEQVQYGQXBvUqCYRiA4fu2V9Tn+UQddI3aCpxaOoU6iU4gcqqpoYbALXBuCuoYmttamqJDiEoh4YP+MOi6BNCh+uYKEGiOVNCXXxA2XDVV/UyfKbRCXTLQWAxbP2vt8Ue/uYDvfim91615sb2um6rqtrr/NFb1cUf1Ybd06areU6lSlYpK79jzK1SyJOkfhOl8JGEcqV5zoKrTRqO6yUzIzNu46ijdM1VV9bhuUJ/nZURExLRzUiPQm3kKXHi4BAEGOmOi78A/L1QoU/VHoTsAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTQtMDEtMTlUMjA6MDE6MTEtMDU6MDAuET6cAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE0LTAxLTE5VDIwOjAxOjExLTA1OjAwX0yGIAAAAABJRU5ErkJggg==
https://duckduckgo.com/html/
DuckDuckGo
Duck Duck Go
UTF-8
data:image/png;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAANcNAADXDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJmlk8pf6+v3s/v7+++zr/fcnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnIOwBJyDscCcg7PZttJ7/7Pfs//////++xO7/S5GA/ycg7P8nIOz2JyDscCcg7AEAAAAAAAAAAAAAAAAnIOwBJyDstScg7P8nIOz/Y8p5/2fHZf9Yv0z/YcF2/1rBUv8nIOz/JyDs/ycg7P8nIOy1JyDsAQAAAAAAAAAAJyDscCcg7P8nIOz/JyDs/4jQoP/p9+n//////05X3v9LkYD/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAJyDsJicg7PYnIOz/JyDs/zUu7f/+/v////////////89N+7/JyDs/yUo7f8nIOz/JyDs/ycg7P8nIOz2JyDsJicg7IAnIOz/JyDs/ycg7P9hXPH////////////t/P//GIr2/wfD+/8Gyfz/DKv5/yM57/8nIOz/JyDs/ycg7H8nIOyzJyDs/ycg7P8nIOz/jov1////////////Otz9/w3G/P8cWfH/JSvt/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDs5icg7P8nIOz/JyDs/7u5+f///////////27l/v8E0v3/BNL9/wTQ/f8Oofn/IT7v/ycg7P8nIOz/JyDs5icg7OYnIOz/JyDs/ycg7P/p6P3/uWsC////////////5fr//6Po/f8Thfb/DKv5/w6f+f8nIOz/JyDs/ycg7OYnIOyzJyDs/ycg7P8nIOz/9/b+/////////////////7lrAv/V1Pv/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOyzJyDsgCcg7P8nIOz/JyDs/8/N+///////////////////////iIX1/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDsfycg7CYnIOz2JyDs/ycg7P9FP+7/q6n4/+7u/f/n5v3/fXn0/yoj7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7CYAAAAAJyDscCcg7P8nIOz/wsD6/+no/f/Y1/z/eHTz/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7HAAAAAAAAAAACcg7AEnIOy1JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs/ycg7LUnIOwBAAAAAAAAAAAAAAAAJyDsAScg7HAnIOz2JyDs/ycg7P8nIOz/JyDs/ycg7P8nIOz/JyDs9icg7HAnIOwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJyDsJicg7IAnIOyzJyDs5icg7OYnIOyzJyDsgCcg7CYAAAAAAAAAAAAAAAAAAAAA+B8AAPAPAADAAwAAwAMAAIABAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABAACAAQAAwAMAAMADAADwDwAA+B8AAA==
https://duckduckgo.com
@John Fenderson, @gwacks: Thanks very much! I’ve learned some things from this exchange, and I hope to have the time later to dig a little deeper into some of this.
@gwacks: Thanks for the Startpage link–that was almost certainly one of the things I was thinking of that I had seen before discussing why POST was preferable to GET. Thanks also for the DDG POST plugins. Your knowledge about this is far advanced from mine–I’ve never heard of xseei.import.js before, and I never feel confident navigating github. :) I didn’t know about importing search plugins into FF in the way you mention. For me it’s easier to use the DDG POST I finally found on Mycroft, “DuckDuckGo HTML (POST),†the first one on this page: https://mycroftproject.com/search-engines.html?name=duckduckgo+HTML+%28POST%29
@Hy
You’re welcome. That search engines exporting/importing JS code was all developed by Carlos Mella (aka nohamelin), all the honor belongs to him/her. Since the ghacks’ comment system filtered out the special characters in the two plugins codes I gave above, it must not work. But I’m glad to see that you solve this question your own way :-)
Yeah, this is a welcome change and makes perfect sense.
If you’ve been following Apple Maps since 2012 (or any of Apple’s services for iOS/macOS) you know that Apple is always big on privacy, even to a fault. It’s one of the reasons they couldn’t do some things with some of their services like Siri because they were respecting the users privacy too much to the point where they had no data to work with, until they introduced differential privacy, I think it was called.
So it’s no surprise DDG would adopt Apple maps over OSM – or even worse – Google maps!
“you know that Apple is always big on privacy, even to a fault”
One of those many Apple guys trying to rewrite reality these times. Below is a random list of privacy problems with Apple, it’s far from a systematic research so there’s probably much more to find. As for “differential privacy” it’s a scam that hides behind mathematics to “relax” the definition of privacy, it is worse for privacy than not collecting data but gives them an excuse to do it.
Apple spies on its users, and helps others spy on them.
https://stallman.org/apple.html#spying
iPhone keeps record of everywhere you go
https://www.theguardian.com/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears
Your address book is mine: Many iPhone apps take your data
https://venturebeat.com/2012/02/14/iphone-address-book/
In 2014, a security researcher documented Apple’s operating system uploading his private files to the Apple online backup service without his consent, exposing them to government surveillance.
https://www.defectivebydesign.org/apple
Is Apple’s New OS X Yosemite Spying on You?
https://trendblog.net/apples-new-os-x-yosemite-spying/
I been trying to use the new map but it changes the adress a numerical value I suppose coordinates and givee me ridicoulous results, not the route between the 2 addresses I enter
I been trying to use the new map but it changes the adress a numerical value I suppose coordinates and givee me ridicoulous results, not the route between the 2 addresses I enter. It is using openmap
I seem to pick up openstreetmap in duck duck go. It changes my oting adress to a numerical value, coordinates I suppose. I the try get direction from that point to other points, in the area, but it give me elections to destinations miles away 1500 miles at the other side of the country. I don’t want to change my search engine but I need to get better results .. I hope I can get input on how to solve this
Greenshot is an astonishing screen capture program. Amazing for its effortlessness, accommodation and free.
It is this screen catch apparatus that will suit most clients . The program can make screen captures of the whole screen, a different window or a client characterized region.
Here are the steps to download Greenshot https://getgreenshot.org/.
NoteLedge is the ideal application for any individual who needs to catch and arrange their thoughts. Whether you’re a creator, a finance manager or an understudy, NoteLedge assists you with getting more out of your viewpoints. It’s not difficult to utilize and coordinates with other applications to make you considerably more useful.
Notwithstanding Midjourney, there are likewise numerous different projects that clients can use to make a computerized work rapidly. To do this, they typically just need to give a text format, and the calculation wraps up.
https://midjourney-ai.com/
“My overall experience with Clover is positive and it encourages me to shop more because the rewards are worth it.”
https://clover-app.com/alternatives-to-clover-app/