"It's more than a little naive to think that the NSA won't be able to pull data without needing the cooperation of DDG"
How would they do this?
It's possible there are SSL flaws the NSA knows about that the public does not, but I can't think of many other ways the NSA could achieve this through technological means.
There could be a secret court order forcing DDG to place monitoring hardware on their internal network, but given that they're basing a business on privacy, this would be corporate suicide. DDG aren't behaving in a manner that suggests they believe they're living on borrowed time.
"Backdoors in SSL certificates"? Are you talking about flaws inserted in SSL software, such as OpenSSL? Or do you mean that they likely have root certificates they can use to perform MITM attacks?
The problem with a MITM attack is that it involves changing the message stream. It's not a passive attack. A MITM attack is unsuitable for wide-scale surveillance, as it would almost certainly be noticed.
MITM attacks aren't suitable for mass surveillance. All it would take is for a DDG employee to check the certificate from outside their network and the game would be up. Not only would you know the NSA was using a MITM attack on a global scale, you'd have absolute proof of it.
The NSA might be using a zero-day flaw to passively listen in on connections, but the possibility of this will diminish once the OCAP gets around to finishing its audit of OpenSSL.
How would they do this?
It's possible there are SSL flaws the NSA knows about that the public does not, but I can't think of many other ways the NSA could achieve this through technological means.
There could be a secret court order forcing DDG to place monitoring hardware on their internal network, but given that they're basing a business on privacy, this would be corporate suicide. DDG aren't behaving in a manner that suggests they believe they're living on borrowed time.