Press "Enter" to skip to content

Month: October 2016

Things I Use: DuckDuckGo

“Did you Google it?” That’s a question that pretty much everyone would be able to understand and answer. To most people, that question means, “Did you search for the answer to your question online using Google search?”

Google offers a great search engine, and maybe even something akin to a general knowledge engine that can answer questions like, “how tall is Obama”, or “what time is the ballgame tonight?”

Trading your privacy for search answers

But the trade-off for users of Google is that Google takes all that data you feed into it and creates a profile of you that it then uses to push ads at you. It’s not just the Google search engine that feeds that data-eating monster either. Your email (if you use Gmail), your web browsing history (if you use Chrome) and a whole host of other things contribute to the creation of that profile.

Google knows where you are if you use an Android phone, or navigate with Waze or Google Maps. They know what music you like and what movies you watch. They know if you are sick because you search for information on symptoms. They know if you are in a relationship or have a family because they see different users from the same IP using different accounts.

That’s just the tip of the iceberg. Suffice to say, they know a ton about you. And maybe you are fine with that…or maybe not.

I’m not fine with that, and I try to avoid using Google services whenever possible to prevent Google from assembling that profile of me.

Google alternatives

There are a bunch of different services you can use that aren’t Google. Apple’s iCloud email is great and ad-free and Apple doesn’t scan your email to know how to advertise to you. Or you can get your own ad-free, private email at your own domain name through services like (where I work).

But search is a tough one. Google search is fantastic and over the years, there haven’t been many search providers than can match Google’s search.

DuckDuckGo search

ddg_full_horizontal-2xDuckDuckGo is now at a point where it’s right there with Google for 99% of the searches I do, including images and even news. When DuckDuckGo comes up short, it’s easy to re-do the search using Google Search, right from DuckDuckGo.

Additionally, most of the major browsers will now allow you to choose DuckDuckGo as the default search, including using it for the instant search dropdowns from the URL bar. Safari even automatically switches to DuckDuckGo when you enter private browsing mode.

DuckDuckGo has a few advanced features that Google doesn’t have, including what DuckDuckGo calls “bangs”. These are special searches that you can start by using a “!” and a keyword.

For example, you can search on Google from DuckDuckGo by starting your search with !g and then the search terms and it’ll open up Google and do your search there.

A full list of “bangs” is here. I often use !g for a fallback to Google Search, !maps for location searches and even !hover to do a domain search at

DuckDuckGo also provides “instant answers” for common searches like “15 inches in cm” or “24.99USD in CAD“. These give you the answer right up front without requiring you to click through to a website. In my experience, DuckDuckGo does a great job with these “instant answers”, often providing them in situations where I wouldn’t expect them to exist (like PayPal error codes).

We don’t track you

Or course, the most important part of DuckDuckGo is that they don’t track you. In other words, your searches aren’t tracked, and stored to build up a profile of you. Their policy in a nutshell is simple and succinct: “DuckDuckGo does not collect or share personal information.”

You can read the full text here and get a better understanding of why not tracking you is important and why you should care.

Once you’ve done that, switch over to DuckDuckGo as your default search engine for a week or two. I bet that you won’t notice much of a difference compared to Google.

Comments closed

Why I’m Telling Anyone and Everyone to Try

Encryption is something we should all be using, but it’s still too hard for the average person to understand.

Apps like Signal from Open Whisper Systems are great for basic chat where you can be sure nobody will be able to intercept and read your messages. Even iMessages are pretty well protected from prying eyes. But encrypting email and sharing files between two or more people in a secure and private manner is still really tricky to setup and use and because of that, it’s not all that common.

How many people do you know that you can send a PGP encrypted email to? How many people do you know who have even heard of PGP encrypted email?

Why does this matter?

Maybe you are in the “I’ve got nothing to hide” camp. Sure…you might think that is the case, but I’m willing to bet that you actually have plenty to hide. Criminals aren’t the only people who might want to keep things private or secret. Does your company have secrets that you wouldn’t want competitors or even your own customers knowing about? website feels approachable and friendly, even to non-techie people. website feels approachable and friendly, even to non-techie people.
Perhaps you want to be able to send your credit card or banking details to your spouse in a secure way. Or maybe your doctor will want to send your latest test results to you (and only you). With encryption, you can be sure that the contents of the email can only be read by you, even if someone else accesses your data.

Look at the recent hacks of the Democratic National Committee and John Podesta that ended up on Wikileaks. Had the DNC and Clinton used PGP encryption, whoever got their hands on those emails wouldn’t have been able to read them. No embarrassing opinions about other people in the open and no media to deal with.

You’d think someone like a US Secretary of State who was using a private email server would have been smart enough to require anyone who communicated with her to do so with PGP encryption…she could have saved herself a lot of trouble!

Be smarter than she was.


Keybase is a relatively new website and service that aims to put PGP encryption into the hands of more people. It combines easier ways to encrypt, decrypt and digitally sign messages with a really interesting idea around identity validation. As they say, “Keybase maps your identity to your public keys, and vice versa”.

I have a lot of identities online. I have a Twitter account, a website or two, a Hacker News and Reddit profile, and even a Bitcoin address.

Previous to Keybase coming along, it was the case that someone could look at this website and say that it was “probably” the same person as @jameskoole on Twitter.

With Keybase, the idea of “probably” the same person becomes “provably” the same person. How does it work? Like this:

If I can post a tweet to my Twitter account, then that’s me. So Keybase gave me a very specific text to tweet and they they checked for it. Similarly, if I control the DNS entries on my domain name, then it stands to reason I could put a very specific TXT record in place that they can check for. If you dig the DNS on, you’ll see a TXT record that serves as my Keybase verification.

Here’s my Twitter “proof”, for example:

You can look at my Keybase profile to see the various identities that are “provably” me.

Encryption tools

The next big piece of the puzzle is for Keybase to provide ways to sign, encrypt and decrypt messages sent to me by others who wish to contact me securely and privately.

PGP is the key here (pun intended). OpenPGP is an open source, well-known encryption protocol that works by way of a public/private key pair. A message to me can be encrypted with my public PGP key. Once encrypted, the only thing that can decrypt that message is my private PGP key.

keybase-websiteOn Keybase, anyone can get and use my public key to create an encrypted message that only someone with my private key (in other words, only me) will be able to view. And I can do the same with anyone else on Keybase.

The idea of a PGP public key server isn’t new. But what is new is that Keybase allows users to link their online identities to those keys. So I can look someone up on Keybase by their Twitter handle and send them an encrypted message, knowing that I am sending it to the right person.

Keybase Filesystem

Encrypted Messages are great, but what if you want to send data like a text file, or a picture or a Word document. Keybase Filesystem (KBFS) extends Keybase and creates something like a secure, PGP-signed or PGP-encrypted Dropbox sharing service. You can see my public Keybase folder here which contains files that are automatically signed by me so you know that they come from me.

With KBFS, I can share things like passwords with others on my team at work as easily as dropping a text file into a folder. I can share files with anyone on Keybase, and those files are automatically signed (so people know they are from me), and encrypted (so only they can open and read/view them).

A lot more work to do

Is Keybase easy enough for anyone to understand and use? No. Not yet. But with a little effort and learning, I think anyone can get set up on Keybase and start messaging and sharing securely. If you don’t have a PGP key yet, Keybase will help you create one. If you already have a PGP key, then you can use that with Keybase.

Even if you don’t know how any of this works, you can send me an encrypted message. Give it a try! Go here, and enter my username (jameskoole) in the recipient box. Type your message in the Message to encrypt box and click encrypt!

You’ll see something like the text below, which is a secret message that only I can read because it’s encrypted with my public key and can only be decrypted with my private key which only I have. And because it’s just text, you can email it to me like any other email, except nobody else will be able to read it, even if they hack into my email or tap into the network along the way.

Version: Keybase OpenPGP v2.0.58


Check it out, sign up and learn!

I’d really encourage everyone to check out and sign up for Keybase. Maybe you know a bit about encryption, or maybe not. Use this as an excuse to get educated. This stuff really matters and as time goes by, it’s going to matter more and more.

Keybase is a service that deserves to exist and that makes acquiring using encryption technology much simpler.

For a deeper explanation of the KBFS, there’s a good explanation here that spells it how it works better than I can.

Keybase is currently available via invites only, but I’ve got a bunch. Drop me a line in the comments, or hit me up on Twitter and I will get one out to you.

Comments closed