DuckDuckGo Icon

DuckDuckGo

Tired of being tracked online? We can help. Join millions of people like you who believe getting privacy online should be simple.
4 Stories
All Topics

Kev Quirk kevq.uk

Is DuckDuckGo, DuckDuckDone?

Kev Quirk:

DuckDuckGo, the privacy centric search firm have been found to be allowing Microsoft trackers through their browser. It’s dishonest, and I’m really disappointed.

Noteworthy: this is the DDG browser, which I’ve never used. Not the search engine. But still, this is concerning like Kev says:

DuckDuckGo tout themselves as being highly transparent and privacy respecting in everything they do. So to discover that they have been keeping this tidbit of information from their users — one that goes against the very fibre of the company — is a little concerning for me.

DuckDuckGo github.com

DuckDuckGo's favicon (mis)management leaks user privacy for 2+ years

Turns out DDG has been using a favicon proxy since 2018 that effectively sends all websites users visit in the app to their servers. This was first reported a year ago and shrugged off (and closed) by them because they aren’t keeping any of those requests.

At DuckDuckGo, we do not collect or share personal information. That’s our privacy policy in a nutshell. – tagawa

The issue sat dormant until it resurfaced yesterday when many other users stated their concern with the naive server-side implementation:

Yes, we already trust DDG, but only because we have to trust someone and others have proved to be untrustworthy. The issue isn’t about whether the user trusts DDG, it’s about minimizing the need for trust and maximizing the ability to verify privacy. Please consider reopening this issue. – svenssonaxel

It was suggested that this feature could/should be handled on-device and this comment on Hacker News points to Mozilla’s open source implementation that does just that. Finally, DDG’s CEO Gabriel Weinberg woke up (literally) and committed to changing the implementation.

All’s well that ends well?

0:00 / 0:00