Facebook could be profitable without tracking you as intently as it does, but the social media network doesn’t want you to realize that. Gabriel Weinberg does.
Weinberg is the creator of the search engine DuckDuckGo, an internet privacy company that lets people search the internet without their queries and clicks being tracked. The search engine provides similar search results to Google, though Weinberg says it is still working out some kinks to provide more accurate local results for things like weather and restaurants, as well as breaking news. He started DuckDuckGo almost a decade ago after realizing users had no options to opt out of websites that were tracking their every move on the internet. He self-funded the project for four years before securing a $3 million round of funding led by Union Square Ventures in 2011, the same year TIME named DuckDuckGo one of its 50 Best Websites.
“I saw the trend of advertising and data tracking that was happening at the end of the last decade, and it was getting more pervasive and users didn’t really have the option to opt out,” he told MONEY. “We thought an alternative option should be available for people.”
While DuckDuckGo hasn’t permeated our everyday lives like Facebook or Google has, Weinberg says the 45-person company’s user base is loyal and has been steadily growing. Since its inception, there have been almost 20 billion searches on DuckDuckGo, which is about as many search hits as Google has in four days. But DuckDuckGo has seen its biggest spikes in searches as data tracking continues to be a hot-button issue. The search engine saw daily searches double after Edward Snowden’s NSA leaks in 2013. and its traffic jumped 55% in 2017 with daily private queries on its search engine surpassing the 20-million mark.
And the desire for Weinberg’s product has only grown in the wake of the Facebook’s Cambridge Analytica data privacy scandal, in which almost 90 million users’ personal information was improperly collected without their direct consent, forcing CEO Mark Zuckerberg to testify before Congress and leading to a slew of changes to Facebook’s privacy settings. In February, before Facebook’s data scandal became public, DuckDuckGo saw around 605 million total searches for the month. Once the Facebook revelations came to light, that number spiked to 695 million searches in March and grew to 712 million searches in April.
DuckDuckGo has actively focused on ensuring tracking users’ search histories and personal data is not part of their business model. It makes money by showing ads based on search terms for an individual query and affiliate revenue. Many other major companies have done just the opposite. Executives at Facebook, for example, have insisted on numerous occasions that in order to keep the social network free, the way to optimize the company’s profitability is by tracking and collecting information about user behavior to serve its data-based advertising model.
But Weinberg says the reality is these companies could still be wildly profitable collecting only a fraction of your information — and cybersecurity experts agree.
“That’s an important myth to dispel,” he said. “On web search, you really don’t need to track anyone to make money because the money is made off of the keyword that you type in.” In other words, Google makes money based off of what you type in and search for on Google.com, so its profit comes directly from what word you type in, like “car” or “mortgage,” not by keeping track of what other websites you visit and what you click on when you go to those websites.
“Google and Facebook have taken it to a level I don’t think people realize,” Weinberg said. “They’re collecting basically everything about you online because they have hidden trackers on almost every website that’s out there.” Google deploys hidden trackers on 76% of websites across the web to monitor your behavior in order to make money and Facebook has hidden trackers on about 25% of websites, according to the Princeton Web Transparency & Accountability Project, which monitors and studies how websites collect and use people’s data.
Google did not respond to a request for comment for this article, or about its use of hidden trackers. Facebook directed MONEY towards COO Sheryl Sandberg’s comments during the company’s 2018 Q1 earnings call in which Sandberg reiterated Facebook does not sell user information to advertisers and said users “can opt out of being targeted based on certain information, like the websites you visit or your relationship status.”
Those hidden trackers, which follow what you do online even when you’re not logged into Facebook or actually Googling something, should be what concerns people most about their online privacy, Weinberg says. But instead, most of the response to Facebook’s data privacy scandal involving Cambridge Analytica has focused on changing Facebook privacy settings and what specific personal data was collected.
Weinberg wants to fight back against the proliferation of hidden trackers, which is why DuckDuckGo recently rolled out a web extension with a built-in tracker blocker. When you’re surfing the web, even if you aren’t using DuckDuckGo’s browser, its web extension automatically blocks hidden trackers on third-party sites, which means companies like Facebook and Google are prevented from tracking you without your knowledge or consent while you’re using the internet.
The U.S. is a long way away from enacting any kind of legislation that could help mitigate some of these privacy concerns and help people feel more protected online. But there are some signs of change across the pond. In Europe, privacy protection is top of mind as the General Data Protection Regulation goes into effect at the end of the month. The sweeping data privacy legislation — which is the reason your inbox has been filling up with emails from companies updating their terms of service agreements — is being enacted to limit the power companies have to collect and use consumer’s personal data without their consent or knowledge. And Facebook did recently roll out its “Clear History” option, a step in the right direction towards giving consumers greater control over their information, but it still puts the onus on users to protect themselves.
But until there is any substantial law passed in the U.S. akin to the GDPR, protecting your online privacy is going to be tough. Americans will keep finding themselves in the same situation they’ve experienced over the last few years — waking up to a new story every day about how a company they regularly interact with has had its data compromised or has shared their personal data without their direct knowledge thanks to mandated disclosure, which are the complex agreements written in fine print you have to sign before using the product. Checking the required “I agree to the terms and conditions” boxes is when most people sign away their rights to their personal information without realizing it.
Many people have become more cynical about their ability to protect their privacy online — and experts say they have good reason to be wary. Multiple cybersecurity experts told MONEY that consumers have very few options when it comes to protecting themselves, and that it is up to companies like Facebook and Google to change their business models so that users themselves are not the product being sold.
“[People are] waking up to the fact that their personal information is out there and they want to protect it, but they don’t know what to do about it,” Weinberg said. “We are trying to set a new standard of trust online. Our mission is to make getting privacy as easy as closing the blinds.”