We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Exclusive: Encryption Mechanism Breach on DuckDuckGo

Kristina Perunicic Managing Editor

A three days long hackathon on the subject of anonymity on the web at Bar Ilan University has exposed breaches in the encryption mechanism of the search engine that boast using the slogan “The search engine that doesn’t track you”. The vpnMentor team cover exclusively the hackathon and accompanied the teams from day one up until the astonishing exposure.

The first hackathon on the subject of anonymity on the Web in Israel, the country which boasts an advanced cyber industry.

Israel, renown as the Start Up Nation has sprouted up numerous cyber firms. For many credit has to be given to the veterans of the Israeli Intelligence Corps who accumulate during their military service a wealth of experience that they bring to the private sector. During the first hackathon to take place in Israel on the subject, a few dozens of people gathered to try and crack sites considered to be secured. The students’ teams were accompanied by experts from the academia and the industry including: Dr Moti Geva, Prof Benny Pinkas, Prof Yehuda Lindell, Dr Tal Steinherz, Inbar Raz, Mr Amit Ashkenazi, Mr Asi Barak, Mr Sudhanshu Chauhan and Mr Kumar Panda.

No one had expected the search engine which boasts non-tracking its users to be revealed as exposed to anybody who checks its outgoing traffic.

BIU team helping

Industry and academy mentors assisting students in the hackathon.

The Auto Suggest mechanism of the search engine enables the identification of whatever the user keyed in.

DuckDuckGo auto suggestion

DuckDuckGo Auto Suggest, as recorded today.

The problem facing the winning team was to determine whether an information leakage from encrypted channels of search engines. The team managed to identify searches which had leaked through the Auto Suggest mechanism of the (supposedly) encrypted DuckDuckGo. They also managed to demonstrate it. What is significant is that whoever is listening to the search traffic is able to see what the user is searching for. So, for instance, when I click on the letter A, the server of the search engine returns to me an AutoComplete, suggesting to me how to complete the word. If I continue and click on B, the search engine will suggest words starting with AB. This way, supposedly, it is possible to create a mechanism which understands what are the words that I have started keying in (and seemingly have finished).

The victorious team comprised participants from both Hebrew and Bar Ilan Universities, demonstrating collaboration across institutions. Notably, the group consisted of three female members, surpassing the event's overall female participation rate of 15%. This is particularly significant considering the traditionally lower representation of women in technological fields. We are delighted to witness how the diverse contributions, including those from the female participants, played a crucial role in achieving the winning position and enhancing the overall achievement.

Update: a few hours after publishing this story, we managed to get an official response from DDG (vpnMentor tried contacting DDG for a response last week already). See the communication we had with DDG.

Contact with DuckDuckGo about breach

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address

Thanks for submitting a comment, %%name%%!

We check all comments within 48 hours to ensure they're real and not offensive. Feel free to share this article in the meantime.