Stop Using DuckDuckGo

I was told recently that someone had their VanillaGift.com VISA gift card number stolen online when trying to use it. This is a typical one you find in a Walgreens or other drug store that comes preloaded and if you remember how much is on it, you can use it like a normal credit card.

Tracing back their steps, they were trying to buy some furniture online. They were ready to use it but wanted to check the balance to make sure it was activated. They opened Chrome on their laptop, typed VanillaGift.com and hit enter. A list of results popped up, clicked it and entered the details to get an error. When they tried the process an hour later, they found their whole balance was gone.

It took about a whole 3 minutes to figure out what happened and this serves as a word of warning why Search Engines are not something to easily replace.

Marketing does a good job at pitching “privacy” when pitching new products as a differentiator to the competition. They focus on how their product doesn’t track, doesn’t sell data, doesn’t personalize, yada yada yada.. to keep your information safe and provide a more default experience to everyone.

Normally, yes. This is a feature you should look at when buying something maybe like a video camera from your house or a voice assistant. This is NOT something you should use to make your decision for a central point of your life like the default search engine in your browser.

This is NOT something you should use to make your decision for a central point of your life like the default search engine in your browser.

What happened was this marketing game that wannabe Google type search engines play. They want your browser so they make it easy to see a commercial, go into your settings and boom, your home page is now the new search engine.

The problem is not all search engines act the same. The results are differnet, but how they interact with the browser is different. When you enable something like DuckDuckGo, you are not just changing your search results that most people think happens. You are changing the default behavior that a lot of people are used to where they use the default behavior of where you enter a search term or URL. When this changes without you knowing, you are at risk in a big way.

Standard Google Homepage in Chrome

You can see above, Google allows you to type in terms or URL. If you enter VanillaGift.com as a lot of people are used to, it would bring you to VanillaGift.com, the legit website for the VISA gift card.

If you follow the “protect your privacy” marketing and move to DuckDuckGo using the standard Google search engine settings, the same home page format looks very similar (see below). The problem here is that the DuckDuckGo search box no longer routes you to the URL you enter.

Standard DuckDuckGo Search

In the same example, if you enter VanillaGift.com, you are not brought to the website you entered. You are brought to their search page for “VanillaGift.com”. DuckDuck go isn’t incentivized to route you right to the URL and would rather show you ads for revenue since they are not making money off data.

The problem is showing you ads on their website or ranking a website up from a bad actor is pretty common. There is plenty of URLs of websites that are not legit and because they don’t tailor search results, malicious websites can easily make it to the front page and even easier: place ads and capture enough victims to make it worth while.

All in all, the focus on privacy and being more aware is something we all need to do more of but if you are like most people who use Gmail, iPhones, Facebook, and every other website that tracks you, stick to Google and let them provide the level of protection and filtering that most people need since the majority of websites you visit are perfectly fine in their search results and can avoid a similar hearbreaking experience.

At the time of writing, the ad for the impostor site is no longer in the list of ads and seems like there is no ads being displayed. Simply entering VanillaGift.com into DDG does return the main links with no ads however, there are multiple URLs on the home page that imitate the original website looking to capture the victims gift card information.