At other search engines, when you do a search and then click on a link, your search terms are sent to that site you clicked on (in the HTTP referrer header).
We call this sharing of personal information "search leakage."
For example, when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search).
In addition, when you visit any site, your computer automatically sends information about it to that site (including your User agent and IP address).
This information can often be used to identify you directly.
So when you do that private search, not only can those other sites know your search terms, but they can also know that you searched it.
It is this combination of available information about you that raises privacy concerns.
DuckDuckGo prevents search leakage by default.
Instead, when you click on a link on our site, we route (redirect) that request in such a way so that it does not send your search terms to other sites.
The other sites will still know that you visited them, but they will not know what search you entered beforehand.
At some other search engines (including us), you can also use an encrypted version (HTTPS), which as a byproduct doesn't usually send your search terms to sites.
However, it is slower to connect to these versions and if you click on a site that also uses HTTPS then your search is sent.
Nevertheless, the encrypted version does protect your search from being leaked onto the computers it travels on between you and us.
At DuckDuckGo, our encrypted version goes even further and automatically changes links from a number of major Web sites to point to the encrypted versions of those sites.
It is modeled after (and uses code from) the HTTPS Everywhere FireFox add-on.
These sites include Wikipedia, Facebook, Twitter, and Amazon to name a few.
Another way to prevent search leakage is by using something called a POST request, which has the effect of not showing your search in your browser, and, as a consequence, does not send it to other sites.
You can turn on POST requests on our settings page, but it has its own issues.
POST requests usually break browser back buttons, and they make it impossible for you to easily share your search by copying and pasting it out of your Web browser's address bar.
Finally, if you want to prevent sites from knowing you visited them at all, you can use a proxy like Tor.
DuckDuckGo actually operates a Tor exit enclave, which means you can get end to end anonymous and encrypted searching using Tor & DDG together.
You can enter !proxy domain into DuckDuckGo as well, and we will route you through a proxy, e.g. !proxy breadpig.com.
This feature is part of our !bang syntax.
Unfortunately, proxies can also be slow, and free proxies (like the one we use) are funded by arguably excessive advertising.
Because of these drawbacks in HTTPS, POST and proxies we decided to take the redirect approach to combat search leakage.
However, we leave the choice up to you.
You can deviate from the default on our settings page by toggling the redirect or address bar settings.
You can also use our encrypted version
Other search engines save your search history. Usually your searches are saved along with the date and time of the search, some information about your computer (e.g. your IP address, User agent and often a unique identifier stored in a browser cookie), and if you are logged in, your account information (e.g. name and email address).
With only the timestamp and computer information, your searches can often be traced directly to you. With the additional account information, they are associated directly with you.
Also, note that with this information your searches can be tied together. This means someone can see everything you've been searching, not just one isolated search. You can usually find out a lot about a person from their search history.
It's sort of creepy that people at search engines can see all this info about you, but that is not the main concern. The main concern is when they either a) release it to the public or b) give it to law enforcement.
Why would they release it to the public? AOL famously released supposedly anonymous search terms for research purposes, except they didn't do a good job of making them completely anonymous, and they were ultimately sued over it. In fact, almost every attempt to anonymize data has similarly been later found out to be much less anonymous than initially thought.
The other way to release it to the public is by accident. Search engines could lose data, or get hacked, or accidentally expose data due to security holes or incompetence, all of which has happened with personal information on the Internet.
Why would search engines give your search history to law enforcement? Simply because law enforcement asked for it, usually as part of a legal investigation. If you read privacy policies and terms of service carefully you will notice that they say they can give your information on court order.
This makes sense because they may be legally obligated to do so. However, search engines are not legally obligated to collect personal information in the first place. They do it on their own volition.
The bottom line is if search engines have your information, it could get out, even if they have the best intentions. And this information (your search history) can be pretty personal.
For these reasons, DuckDuckGo takes the approach to not collect any personal information. The decisions of whether and how to comply with law enforcement requests, whether and how to anonymize data, and how to best protect your information from hackers are out of our hands. Your search history is safe with us because it cannot be tied to you in any way.