The site is giving me a 429, but discussion Reddit seems to indicate this is misleading. DuckDuckGo has code that includes calls to `getBoundingClientRect()` which can be used, most likely with other metrics since it just tells you the size of the window, to fingerprint visitors. However, inspection of the source reveals it's just part of normal layout code.
Had a feeling that this entire post was just privacy “purists” taking something a bit too far. I’m not confident that knowing the size of your browser window is enough to definitively ruin your life.
This is frequently some of the most identifying bits of information about you. Have you try the eff's panopticlic? It'll tell you how much the combination of things like your resolution, available fonts and available extension can identify you 1 in a few hundred thousand or million of visitors. This is a legitimate concern for a privacy oriented search engine that claims not to track you.
1) Just because it's possible to use this in an aggregate fingerprint doesn't mean the collection of this one datum in isolation is actually for fingerprinting
2) Given the context of the actual API call, this is probably for benign purposes and not for fingerprinting
Without commenting on its veracity, here is the essential claim quoted from the post:
> DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.
We been there before! Google’s “Don’t be Evil” made everyone trust google until it came up they are working for all sorts of LE. Now its Duck supposed to be secure.
Let me say again what I said multiple times: unless they are incorporated in some offshore or Switzerland, and none of their servers are on US soil (they are), then they either must work with the US government or US government using NSA already sees and read all your searches and can pinpoint them directly to you. They may even be forced by government to lie to their clients/users telling them we don’t spy or log your searches. Any other idea that in modern world american company working on american soil can build a web search engine that doesn’t give out / leak / cooperate with US government is very naive.
It's impossible to use a platform without revealing some details about yourself. Either physical or organic, they will get some data out of you.
What's important to me, personally, is that platform doesn't share or sell what it has learned about you, and doesn't use potentially sensitive information in its advertising.
It would be unrealistic to expect a platform to not collect any data and still function. Analytics is the foundation for the feedback loop that it takes to effectively develop something like DDG.
If I go to an adult toy store I expect the person at the counter to know, but I don't want him telling everyone else.
Not all data collections are created equal. Canvas fingerprinting really only has one use, and that is to try to circumvent a user's decision to delete site cookies (or not accept them in the first place). That, combined with the fact that DDG's entire marketing campaign is that they respect your privacy, is a bad sign. They may not be using this information for anything nefarious now, but it does seem plausible that this is a canary in a coal mine.
Are they using canvas fingerprinting though (or are they fingerprinting screen resolution)? I downloaded Canvas Defender to check and it doesn't go off, though it does on tons of other sites. Which seems like it'd be a big story as well, that they were working with a company to hide it. But that sounds unlikely. I think they are fingerprinting screen resolution. Which isn't that unique.
Hmm. Benefit of the doubt, they might have just included this library for something else and might not be fingerprinting/logging individual browsers. I'm sure we'll see a response from DDG on this.
uMatrix+disabling Javascript explicitly will help prevent tracking for those who know how.
The privacy aspect of DDG was always their marketing point, and I think we all knew it couldn't be totally true. Surely they must be harvesting data of some type, or else how would they expect to earn revenue? Others' have shown that at least some of their services run on AWS, so if Amazon really wanted your data (like if they were served a National Security Letter), I'm sure they could get it without DDG even knowing.
> The privacy aspect of DDG was always their marketing point, and I think we all knew it couldn't be totally true. Surely they must be harvesting data of some type, or else how would they expect to earn revenue?
Simple. They can run display ads instead of targeted ads.
Since they have the search term you just typed, they know exactly what you’re looking for at this moment, and can target with that.
> uMatrix+disabling Javascript explicitly will help prevent tracking for those who know how.
For added privacy, combine DDG with Tor Browser Bundle, because remember that although DDG is 'privacy first'; it doesn't stop some intel agency attributing search queries to specific users inside the Internet (which happen to have unique useragent strings and surf with unique IP addresses)
If you really want to avoid internet privacy concerns, stay off of the internet. If you are so paranoid that you trust no one on the internet, stay off of the internet. If you want to be part of the internet, you have to make a reasonable guess as to what to trust, and ignore the paranoia where you find bad things everywhere. Even being off the internet, someone somewhere is still tracking you in ways you don't even realize. Living as a hermit in a cave on an island with no people is not a lifestyle most people want. DDG is still way better than any other option.
> DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.
I'm not convinced that this is a law of nature, but it does seem to have some truth in it. I pay ~$5/month for services like Feedly and Evernote. I'd be willing to do the same for a high quality search engine that does not make me the product.
Search is probably the most likely counterexample of your rule. They can sell ads based on search terms instead of user profiles. This might be leaving some profit on the table, but might not.
They can generate artificial scarcity by preventing the search query stream from being joined to user profiles by third parties.
If they end up with a well-educated, affluent userbase (likely, given their selling point), they can charge a huge premium for that scarcity.
This trick is much older than the internet itself.
I'm not convinced anymore that paying for a service doesn't make you the product. Look at Windows 10, Android devices, heck almost anything. Collecting and selling user data seems almost inevitable if law makers don't drop Thors hammer.
Unfortunately paying doesn't alone incentivize data privacy, when those same companies you're paying realize they can also increase profits my monetizing your data or everyone's data in aggregate.
I only ever use DDG with Tor Browser Bundle, because even though they are a 'privacy first' search engine, it doesn't stop some intel agency sitting in their data center and being able to attribute certain search queries to specific users.
As a bonus: Last time I checked The Tor Browser Bundle displays a prompt anytime the canvas API is used in some javascript, and you can opt out of canvas fingerprinting this way.
I know DDG doesn't always have the results you are looking for, but for more long-tail queries and advanced searches I can use Startpage[0] which basically proxies the results from Google (using vanilla Google with Tor is a pain because of captchas).
I’m not familiar with the mentioned API in the article, is it possible they are using it for just statistics on what type of browsers visit their website?
I know as a software developer I’d design tests to ensure the wa testing is done in the order of the most users impacted.
DuckDuckGo is a company, so it's aim is not develop something to solve a problem they have but making money. That's why it can't be trusted as any other proprietary service.
Only FOSS so projects developed by someone, companies included, with the aim of solving some authors problem or desire can be trusted to a certain extent.
The rest it doesn't count much you may have "ugly dictators" or "less oppressive dictators" but they are still dictators. It's their nature, no matter how good intentions they have at start or they try to keep.
Companies aren't required to make money, this is a popular misconception. The company can have any purpose or set of purposes unless it's illegal, and most often even if "make money" is on the list it isn't the sole purpose.
I appreciate that HN might be more likely than most places to be inhabited by people who can't imagine any other motivation except money, but for most of us there are other priorities.
An ancient proverb say "power corrupt, money corrupt": if you start a company with good intention when (if) money and power arrive you start to head naturally toward "dangerous" directions...
Of course exception may exists and actually I'm sure exists, but they are exceptions, not "the rule"...
Yeah, while it's possible DuckDuckGo is secretly evil, the API call in question seems to be perfectly innocuous. While the size of the screen is certainly one part of a fingerprint, there are far more benign uses for it, and trying to frame DDG as evil over such a benign use is misleading at best (and maliciously dishonest at worst).
I'm sticking this in my "guilty until proven innocent" file.
Are they just fingerprinting screen geometry or doing canvas fingerprinting?
Because I can't find where they are doing canvas fingerprinting, that or canvas defender doesn't say anything on only DDG. If they are just getting screen geometry, which I suspect, that's not enough to de-anonymize you. As far as I know anyway.
On panopticlick, screen resolution is consistently top 2 most uniquely identifying things they fingerprint (edit: for me), hence the concern I suppose.
That's odd. Because this is my result (in order of "x browsers have this value):
Canvas Fingerprinting: 1 in 3e6
User Agent: 1 in 2e3 (not many using FF on Linux I guess)
System Fonts: 1 in 3e2
Timezone: 1 in 5e1
A few other things < 1 in 10
Screen Size and Color Depth: 1 in 6
Screen Size is nowhere near identifying to me. There are just huge drops in the order of magnitude in this stuff. I can't imagine standard fingerprinting is that reliable. Though I wouldn't be surprised to learn if there were certain trends about things. Like if you identify I'm using FF on Linux it tells you I'm nerdy. That'd be good for targeting ads, but not good for unique identification. I thought that's why cookies are used.
I use ddg for their uncensored search, I have no reason to trust them with my privacy. But when I search for sci-hub or libgen then the first result is always the relevant webpage.
https://www.reddit.com/r/privacy/comments/ad4h0u/duckduckgo_...