I have never tried DDG, but this thread made me start thinking again. I did a quick google for DDG and found this linkhttp://www.alexanderhanff.com/duckduckgone
I found it interesting (including all the comments at the end), but a small excerpt seems to indicate that ANY US-based (or owned/controlled ??) company is suspect.
Second, DuckDuckGo insist that they cannot be compelled by the courts to provide access to user data which crosses their networks or touches their servers - they even claim they are exempt from Communications Assistance for Law Enforcement Act (CALEA) - this is misleading. They may be exempt from having to pre-install technologies providing the ability to "wiretap" (intercept) data on their networks but they can still be compelled to do so:
Notably, a U.S. court can compel any provider to provision a wiretap, even if the provider is exempt from CALEA. But exempt providers need not necessarily adopt tools in advance to meet CALEA's specifications for immediate and unobtrusive interception, with high-quality data streams and without infringing on others' privacy.
Furthermore, they can be compelled to decrypt the encrypted data (HTTPS) since they are the origin of the encryption and have the capability to decrypt it:
"Covered providers are not required to decrypt communications unless they initially provide the encryption service, and, moreover, have the means to decrypt."
I have better (other?) things to do with my life than succumb to paranoia, but it does start to niggle at me a bit these days...