News
3/24/2014
11:38 AM
Connect Directly
RSS
E-Mail
50%
50%

Former NSA And Google Engineers Launch A New And More Secure Disconnect Search

Disconnect Search protects users’ privacy in four ways

Palo Alto, CA (March 24, 2014) -- Disconnect, a leading developer of popular consumer privacy and security software, today announced the launch of a new, faster and more secure Disconnect Search product that protects users' privacy by preventing web searches from being tracked. (https://www.disconnect.me/search)

Developed by an ex-NSA engineer and three ex-Google engineers, Disconnect Search allows people to search privately without having to change their behavior. Unlike other private search solutions, Disconnect Search was designed so users can search privately using the web's most popular search engines, including Google, Bing, and Yahoo.

Disconnect Search protects users' privacy in four ways:

1. Search queries are routed through Disconnect's servers, which makes the queries look like they're coming from Disconnect instead of a specific user's computer.

2. Search engines are prevented from passing keywords to the sites that are visited from search results pages.

3. All queries are encrypted, which prevents ISPs and eavesdroppers in your network from seeing them.

4. Disconnect doesn't log any keywords, personal information, or IP addresses.

Disconnect Search is now available via a webpage (https://search.disconnect.me/); as an Android app (https://play.google.com/store/apps/details?id=me.disconnect.search); and for Chrome, Firefox, Internet Explorer, and Safari desktop browsers. First launched in October of 2013, Disconnect Search is one of the fastest-growing search products of all time and now adds significant speed and security enhancements to improve users' privacy and search performance.

"Demand for online privacy has never been higher," says Disconnect co-founder Casey Oppenheim. "People don't want or expect search engines, Internet service providers, the government, and websites they visit to record and connect their searches with their real name. Unfortunately, this type of unwanted tracking of our search history and other personal information is all too prevalent."

The new Disconnect Search is optimized for speed, search results load more than twice as fast as the previous version. Disconnect Search also has enhanced security features, including support for the latest versions of Transport Layer Security (TLS) and Perfect Forward Secrecy (PFS) so that a user's search history stays as private as possible, even in the event that Disconnect's private encryption keys are compromised.

"We worked closely with leading security experts, cryptographers, and search engineers when designing Disconnect Search," says Disconnect CTO and former NSA engineer Patrick Jackson. "We're proud that we're able to offer both cutting edge privacy and security, and significantly faster load times to give privacy-conscious users a better all-around search experience."

The latest Disconnect Search technology was also recently selected as the default search provider for Blackphone (https://www.blackphone.ch), the world's first smartphone placing privacy and control directly in the hands of its users. Created by SGP Technologies, a joint venture of Silent Circle and Geeksphone, Blackphone launched during Mobile World Congress and offers a full suite of applications giving worldwide users unprecedented control over privacy and security.

"We knew very early on that we wanted to partner with Disconnect, because the team behind it is totally aligned with our objectives for privacy," said Toby Weir-Jones, CEO of SGP Technologies. "Enabling private search on Blackphone by default is central to our goal of leaving no digital footprints without the user's knowledge or permission. Disconnect Search harvests all the accumulated knowledge of the internet without forcing the user to give up their personal information." Disconnect Search will arrive pre-installed on Blackphone devices' Android&trade based PrivatOS operating system, ensuring users' mobile searches are private right out of the box.

Disconnect Search includes the following features:

● Native results -- Users can stay private and get results from their favorite search engine.

● Familiar experience -- Users can search directly through their existing browser's omnibox or address bar.

● Privacy everywhere -- Users can search privately all the time, from anywhere they'd typically search, including their search engine's homepage and results pages.

● Cookie blocking -- Users can remain logged into their accounts and still search anonymously.

A video about how Disconnect Search works can be viewed at http://youtu.be/yBxP-TEqJCg.

About Disconnect

Disconnect was founded on a basic principle: that people should have the freedom to move about the Internet -- and their lives -- without anyone else looking over their shoulder. The company was started in 2011 by a former Google engineer and a consumer-rights attorney.

Disconnect's top-rated apps stop tracking by third parties and search engines and are used by more than 1,500,000 people every week. Visit Disconnect on the web at https://www.disconnect.me/.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.