Congratulations, YouTube... Now Show Your Work

Earlier this week, #YouTube finally acknowledged their #recommendation #engine suggests harmful content. It’s a small step in the right direction, but YouTube still has a long history of dismissing independent #researchers. We created a #timeline to prove it.

Over the past year and some, it’s been like clockwork.

First: a news story emerges about YouTube’s recommendation engine harming users. Take your pick: The #algorithm has radicalized young adults in the U.S., sowed division in #Brazil, spread state-sponsored #propaganda in #HongKong, and more.

Then: YouTube responds. But not by admitting fault or detailing a solution. Instead, the company issues a statement diffusing blame, criticising the research methodologies used to investigate their recommendations, and vaguely promising that they’re working on it.

In a blog post earlier this week, YouTube acknowledged that their recommendation engine has been suggesting borderline content to users and posted a timeline showing that they’ve dedicated significant resources towards fixing this problem for several years. What they fail to acknowledge is how they have been evading and dismissing journalists and academics who have been highlighting this problem for years. Further, there is still a glaring absence of publicly verifiable data that supports YouTube’s claims that they are fixing the problem.

That’s why today, #Mozilla is publishing an #inventory of YouTube’s responses to external #research into their recommendation engine. Our timeline chronicles 14 responses — all evasive or dismissive — issued over the span of 22 months. You can find them below, in reverse chronological order.

💡 We noticed a few trends across these statements:

‼️ YouTube often claims it’s addressing the issue by tweaking its algorithm, but provides almost no detail into what, exactly, those tweaks are

‼️ YouTube claims to have data that disproves independent research — but, refuses to share that data

‼️ YouTube dismisses independent research into this topic as misguided or anecdotal, but refuses to allow third-party access to its data in order to confirm this

👉🏼 Read more:
https://foundation.mozilla.org/en/blog/congratulations-youtube-now-show-your-work/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Whoogle Search - A self-hosted, ad-free/AMP-free/tracking-free, privacy respecting alternative to Google Search

Get Google search results, but without any ads, javascript, AMP links, cookies, or IP address tracking. Easily deployable in one click as a Docker app, and customizable with a single config file. Quick and simple to implement as a primary search engine replacement on both desktop and mobile.


Hi everyone. I've been working on a project lately that allows super easy set up of a self-hosted Google search proxy, but with built in privacy enhancements and protections against tracking and data collection.

The project is open source and available with a lot of different options for setting up your own instance (for free): https://github.com/benbusby/whoogle-search

Since the app is meant to only ever be self-hosted, I intentionally built the tool to be as easy to deploy as possible for individuals of any background. It has deployment options ranging from a single-click deploy, to pip/pipx installs or temporary sandboxed runs, to manual setup with Docker or whatever you want. It's primarily meant to be useful for anyone who is (rightfully) skeptical of Google's privacy practices, but wants to continue to have access to Google search results and/or result formatting.

Here's a quick TL;DR of some current features:

* No ads or sponsored content
* No javascript
* No cookies
* No tracking/linking of your personal IP address
* No AMP links
* No URL tracking tags (i.e. utm=%s)
* No referrer header
* POST request search queries (when possible)
* View images at full res without site redirect (currently mobile only)
* Dark mode
* Randomly generated User Agent
* Easy to install/deploy
* Optional location-based searching (i.e. results near <city>)
* Optional NoJS mode to disable all Javascript on result pages

Happy to answer any questions if anyone has any. Hope you all enjoy!

https://www.reddit.com/r/degoogle/comments/ggrocn/whoogle_search_a_selfhosted/


#whoogle #Google #search #engine #selfhost #degoogle

Apple may launch its own web-based search engine

A new report claims that factors are increasingly pointing to Apple expanding Siri search results and Spotlight Searches even farther, with the company potentially working on a universal search engine.

Apple already has a search engine it uses for Spotlight Searches and Siri. However, if a new report is accurate, Apple may be looking to ditch the financial arrangement it has for Google to be the default on the iPhone, and launch its own full search engine.

The main tentpole to the argument made on Thursday morning by Jon Henshaw at Coywolf says that it isn't clear if Siri Suggestions are using Google at all anymore. Instead, Apple is returning search results with Spotlight Search, and is bypassing other search engines.

https://appleinsider.com/articles/20/08/27/apple-may-launch-its-own-web-based-search-engine

#Apple #search #engine

Privacy-focused search engine DuckDuckGo is growing fast

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

While Google remains the most popular search engine, DuckDuckGo has gained a great deal of traction in recent months as more and more users have begun to value their privacy on the internet.

DuckDuckGo saw over 2 billion searches and 4 million app/extension installations, and the company also said that they have over 65 million active users. DuckDuckGo could shatter its old traffic record if the same growth trend continues.

https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-is-growing-fast/

#DuckDuckGo #search #engine

Apple develops alternative to Google search.

Apple may build its own search tools as ties to Google come under antitrust scrutiny.

Apple is stepping up efforts to develop its own search technology as US antitrust authorities threaten multibillion-dollar payments that Google makes to secure prime placement of its engine on the iPhone.

In a little-noticed change to the latest version of the iPhone operating system, iOS 14, Apple has begun to show its own search results and link directly to websites when users type queries from its home screen.

That web search capability marks an important advance in Apple’s in-house development and could form the foundation of a fuller attack on Google, according to several people in the industry.

https://arstechnica.com/gadgets/2020/10/apple-develops-alternative-to-google-search/

https://www.forbes.com/sites/barrycollins/2020/10/28/apple-building-search-engine-to


#apple #Google #search #engine
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit

Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.

Background

One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.

Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.

In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.

Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)

This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.

https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html

#google #app #engine #hacked #java #bytcode #exploit
📡 @nogoolag 📡 @blackbox_archiv

How to Build an Egalitarian, Decentralized Search Engine Part 1: The Principles

Search is dead. So how do we revive it, without billions of dollars in funding and massive computing resources? We leverage the crowd.

We need a functioning search engine if the open web is to prevail. Google and its competitors do not care to make a decent product. It counters their business goals. So we have to build it ourselves.

https://chapra.blog/how-to-build-a-search-engine-part-1-374/

#search #engine #build #howto #decentralized
📡 @nogoolag 📡 @blackbox_archiv

HakByte: How to find anything on the internet with Google Dorks

On this first episode of HakByte, we cover Google Dorking, which is an OSINT technique that takes advantage of the Google Search engine with advanced search strings. This video covers basic google dorks that will allow you to filter out irrelevant information for a google search, finding insecure websites, and even discovering exposed password databases. Finally, an open source tool called pagodo is covered, which automatically can pass thousands of google dorks while avoiding detection from google.

https://www.youtube.com/watch?v=lESeJ3EViCo

#hakbyte #osint #google #dorking #search #engine #educational #video
🎥 @nogoolag 🎥 @blackbox_archiv

Adding a new #search #engine to #bromite on #android:

Visit the search engine home page. Perform a search.
The search engine can now be selected as a default from settings.

#Searx instances -
https://searx.space
https://searx.unclejim.life
https://searx.pussthecat.org
https://searx.sethforprivacy.com
http://4nz3r6ka7v2tzn3t6bk4yxyaqgubymrluavdbbvn3ndj2iq7hkqw2oid.onion

Presearch Search Engine

Now that DuckDuckGo has officially DuckDuckGone in the direction of censorship, what's a free speech-loving, liberty-minded conspiracy realist to do? Never fear, #SolutionsWatch is here. In the first of a series of explorations of Alt Tech, James talks to Colin Pape of #Presearch, a decentralized #search #engine that is seeking to offer an alternative to the Big Tech monopolization of search.

Shownotes and links:
https://www.corbettreport.com/solutionswatch-presearch

https://lbry.tv/@corbettreport:0/solutionswatch-presearch:1