The EFF has put together a handy website for anyone looking to replace some of their current proprietary/cloud controlled systems with their own components.
You can check our their guide at: http://prism-break.org/
Generally it’s pretty good, although I have concerns around a couple of their recommendations:
- DuckDuckGo is a hosted proprietary service, so whilst they claim to not track or record searches, it’s entirely possible that they could be legally forced to do so for a particular user/IP address and have a gag order on that. Having said this, it sounds like they’re the type of company that would push back against such requests as much as possible.
- Moving from Gmail to something like Riseup is just replacing one centralised provider with another, it doesn’t add any additional protection against PRISIM.
As always, the only truly secure (excluding security bugs etc) is one you control entirely. If a leak of your data must be avoided at all costs, you need to be running a server.
Do duckduckgo have a nsl/fish canary? Rsync has one?
Not sure, although I wouldn’t trust a canary 100%… it may be possible to mandate that any measures such as canaries get updated as per normal.
Generally duckduckgo sound pretty good and probably a lot better than Google right away, my concerns are more around people considering duckduckgo as totally safe/private – there are still risks at the end of the day.