As a governmental spy organization, why wouldn't you just put surveillance on the search engine that is used by people that have "something to hide" (in their mind) and also put a gag order on the operators of that service?
I started out thinking "theory and reality", but, even in theory, adding a ton of very slow, latent, and unreliable data sources to your query doesn't produce a fast result.
No. I don't believe Yacy will reach exceptable performance as it scales.
I encourage people interested to look at "Peer-to-Peer Information Retrieval: An Overview" in order to get a better understanding on what technical challenges distributed search engines like Yacy have yet to overcome and the paths researchers are taking to overcome them.
I care deeply about privacy and security (in two months I am starting a series of classes at my local library on these topics) but in all honesty the only way we are going to have privacy from government agencies is through a political solution. Using encryption certainly helps but not enough people use it, and I am not hopeful that they will.
On the other hand, there is a lot we can do to protect our privacy from corporations. I do simple things like using duckduckgo, using a private email service that I trust, only using chrome for social media access, and setting Firefox to be as secure as possible and drop all cookies every time I close it.
> I do simple things like using duckduckgo, using a private email service that I trust, only using chrome for social media access, and setting Firefox to be as secure as possible and drop all cookies every time I close it.
I read the comment prior to the username and thought your description of browser use sounded familiar, then checked the name and wasn't surprised that it was your blog where I saw this recommendation.
Do you still use Ghostery with Firefox and Fastmail for email?
How many of those 'privacy' VPNs ever conduct proper security analysis of their servers for modern malware, for ex. conducting memory forensics?
Most have servers in data centers in 10+ different countries, so I doubt they are all closely monitored nor capable of keeping their keys closely guarded.
Most VPNs like to advertise the 'military grade encryption' or 'no logs' nonsense, I'd rather see them post results of security audits, ideally conducted by outside firms.
VPN are a scam business run by offshore companies in budget datacenters with the cheapest possible employees.
It probably doesn't matter because 99.999% only want to access Netflix in another country. Out of the remaining 0.001%, most are just people from repressive countries dodging their country's porn filters.
You can still be fingerprinted by HTTP request headers alone. You can test the number of identifying bits your browser generates at EFF's Panopticlick[1]. It's scary.
All in all it's pretty scary though. My browser is unique among 5.3 million or something. And then there's the algorithm they mention that can detect fingerprint changes with 99.1% accuracy, and be used to do things like recreate cookies that you deleted.
That's pretty cool (from a technical point of view, not cool from a privacy point of view). It says my particular configuration of browser plugins is unique among 1,827,392 browsers tested. Taken together with all the other unique things means I'm unique among 5,482,178 browsers tested. Shouldn't there be a way to hide most of that so you would be far less unique?
You could manually set your user-agent string to a more polular one (IE on Windows 7?). There are several browser extensions that allow you to set UA string manually for Chrome and Firefox.
However, an adversary can also fingerprint your OS/patch level based on packet structure[1][2] - which can't be easily changed. This will add more identifying bits.
Why is it hard to track users when DuckDuckGo has access logs (tuples of date/times, ip addresses and queries) and ISPs have a pair of a date/time and an ip address -> a real identity mappings?
