The listings featured on this site are from companies from which this site receives compensation. This influences: Appearance, order, and manner in which these listings are presented.
Our videos have over 5 million views on Youtube! Visit our channel now »
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers. These take into consideration the reviewers’ independent and professional examination of the products/services.

Ownership

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Reviews Guidelines

The reviews published on vpnMentor are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

Exclusive: Encryption Mechanism Breach on DuckDuckGo

Exclusive: Encryption Mechanism Breach on DuckDuckGo

Author Image Kristina Perunicic
Kristina Perunicic Updated on 20th July 2023 Managing Editor
Table of Contents

A three days long hackathon on the subject of anonymity on the web at Bar Ilan University has exposed breaches in the encryption mechanism of the search engine that boast using the slogan “The search engine that doesn’t track you”. The vpnMentor team cover exclusively the hackathon and accompanied the teams from day one up until the astonishing exposure.

The first hackathon on the subject of anonymity on the Web in Israel, the country which boasts an advanced cyber industry.

Israel, renown as the Start Up Nation has sprouted up numerous cyber firms. For many credit has to be given to the veterans of the Israeli Intelligence Corps who accumulate during their military service a wealth of experience that they bring to the private sector. During the first hackathon to take place in Israel on the subject, a few dozens of people gathered to try and crack sites considered to be secured. The students’ teams were accompanied by experts from the academia and the industry including: Dr Moti Geva, Prof Benny Pinkas, Prof Yehuda Lindell, Dr Tal Steinherz, Inbar Raz, Mr Amit Ashkenazi, Mr Asi Barak, Mr Sudhanshu Chauhan and Mr Kumar Panda.

No one had expected the search engine which boasts non-tracking its users to be revealed as exposed to anybody who checks its outgoing traffic.

BIU team helping

Industry and academy mentors assisting students in the hackathon.

The Auto Suggest mechanism of the search engine enables the identification of whatever the user keyed in.

DuckDuckGo auto suggestion

DuckDuckGo Auto Suggest, as recorded today.

The problem facing the winning team was to determine whether an information leakage from encrypted channels of search engines. The team managed to identify searches which had leaked through the Auto Suggest mechanism of the (supposedly) encrypted DuckDuckGo. They also managed to demonstrate it. What is significant is that whoever is listening to the search traffic is able to see what the user is searching for. So, for instance, when I click on the letter A, the server of the search engine returns to me an AutoComplete, suggesting to me how to complete the word. If I continue and click on B, the search engine will suggest words starting with AB. This way, supposedly, it is possible to create a mechanism which understands what are the words that I have started keying in (and seemingly have finished).

The victorious team comprised participants from both Hebrew and Bar Ilan Universities, demonstrating collaboration across institutions. Notably, the group consisted of three female members, surpassing the event's overall female participation rate of 15%. This is particularly significant considering the traditionally lower representation of women in technological fields. We are delighted to witness how the diverse contributions, including those from the female participants, played a crucial role in achieving the winning position and enhancing the overall achievement.

Update: a few hours after publishing this story, we managed to get an official response from DDG (vpnMentor tried contacting DDG for a response last week already). See the communication we had with DDG.

Contact with DuckDuckGo about breach

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback