DuckDuckGo's BLATANT lie regarding user privacy

Discussion in 'privacy problems' started by inka, Nov 28, 2011.

Thread Status:
Not open for further replies.
  1. inka
    Offline

    inka Registered Member

    DuckDuckGo respects user privacy?

    === EDIT ===
    Whoa! Sorry -- mea culpa!

    The favicons are in fact served from host I2.duck.co, NOT from each remote site.

    FunkyDude, thanks for setting me straight.

    ================

    The DuckDuckGo domain wound up in my proxied blocklist quite a while ago, but after seeing it mentioned (touted as a "partner", and hyped) in a recent Mint Linux blog post, I decided to unblock it and have a fresh look.

    DuckDuckGo purports:
    "There is no search history, personal profile or any other information about you gathered, stored, sold, used or leaked."

    reality check:
    Perform any search at the DuckDuckGo site and note the http request headers issued by your browser.
    You will discover that their search results page, by design, LEAKS (telegraphs) your activity !

    For each site it lists in the search results, DuckPoo embeds a link to each site's "favicon" image,
    causing your browser to connect with each of the listed sites in order to retrieve the remotely-hosted favicon asset.

    The mechanism is GREAT for DuckPoo; regardless whether you clickthrough,
    webmasters see the hits, along with the DuckDuckGo brand reflected in referer logs.

    Did you read the DuckDuckGo "example" (presented on the bubble.us page) ? about Susie... searching for Herpes

    Well, without even clicking through to visit any of the DuckDuckGo -listed sites, you get the "privilege" of telegraphing your herpes outbreak to the raft of sites listed in your search results. Egad!

    "hi, please send your favicon. Oh, and by the way, i was referred to you by DuckPoo.
    What? Yah, the person at this IP address is using that search engine to search for \'Herpes\' and stuff."



    sad footnote:
    I posted a comment similar to the above, to the Mint Linux blog article... and it wound up moderated (deleted).
    I've reposted, removing the arguably "offensive" DuckPoo moniker.
    Hopefully the revised version won't be similarly squelched.

    Attached Files:

    • ddg2.jpg
      ddg2.jpg
      File size:
      102 KB
      Views:
      1,422
    Last edited: Nov 28, 2011
  2. Daveski17
    Offline

    Daveski17 Registered Member

    Oh dear, that's food (crispy duck?) for thought. I have DDG as my default search engine in *SRWare Iron. Well, a bird in the hand ...

    *Apparently, according to some; also a blatant lie/scam. :eek:

    Does this mean my goose is cooked?
  3. vasa1
    Offline

    vasa1 Registered Member

    Since you asked for it. Chromium is made by Google, the most untrustworthy organization possible. SRWare Iron is based on Chromium.
  4. vasa1
    Offline

    vasa1 Registered Member

    1. So favicons should be present in the browser cache? That should be a simple way for DDG users to verify the quote.
    2. Link?
  5. Daveski17
    Offline

    Daveski17 Registered Member

    I knew that. That's why I'm using SeaMonkey at the moment. ;)

    Chromium is also based on WebKit, or at least uses it as its rendering engine.

    "WebKit was originally derived by Apple Inc. from the Konqueror browser's KHTML software library for use as the engine of Safari web browser, and has now been further developed by individuals from KDE, Apple Inc., Nokia, Google, Bitstream, Torch Mobile, Samsung, Igalia, and others.[2] Mac OS X, Windows, GNU/Linux, and some other Unix-like operating systems are supported by the project." ~ Wikipedia

    I admit Google are Dr Evil evil untrustworthy, but there must be a good side to them.

    *Waits for flying porcines & for Hades to develop permafrost ... *
  6. inka
    Offline

    inka Registered Member

    1) I suggested watching outbound requests because you cannot simply "View Source",
    because the page is dynamically built (its code is INconveniently "obfuscated", eh)

    2) the blog article is here:
    Linux Mint signs a partnership with DuckDuckGo
    http://blog.linuxmint.com/?p=1884
  7. funkydude
    Offline

    funkydude Registered Member

    I'm willing to bet it was moderated because you're talking complete and utter garbage and until you can bring forth some evidence of your sensationalist claim in this thread, this one should be moderated too. :D

    Notice how every single favicon retrieved is hosted by DDG?

    DDG.png
  8. inka
    Offline

    inka Registered Member

    I reported my personal observations regarding Chrome vs Iron here:

    blocking google.com domain CRIPPLES Chrome browser?
    http://www.wilderssecurity.com/showthread.php?t=306620

    There's an overlapping issue at work here (Chrome vs Iron) and (Mint Linux vs Ubuntu)
    SRWare was (is) criticized for "taking the free codebase and doing little other than post-pending their "brand" to the user-agent string... as means to an end ~~ monetizing user searches".
    -=-
    Mint Linux was similarly criticized for "basically usurping the Ubuntu brand" (considering their recent releases though, I think they are now beyond such harsh criticism) but now, via "partnering" they apparently intend to monetize user searches.

    Sigh. All things considered, dems small puhtatoes.
    On the horizon, we have NaCl (native client) coming soon, to a browser near you...
  9. inka
    Offline

    inka Registered Member

    FunkyDude, thanks for checking.
    I'll revisit, and recheck. None of your results show 302 redirection, so now I'm wondering whether "what I observed" was due to proxo or adblock rewriting the page.
  10. Daveski17
    Offline

    Daveski17 Registered Member

    Well, I didn't expect SRWare to work for free LOL! ;) At least you can actually uninstall it completely from your computer. I just can't justify it being a scam, it's freeware. Either way, it's nice to have a virtually de-Googleised alternative to Chrome.


    Mint looks quite good to me. I have a feeling Ubuntu has changed too much recently for many of its devotees.

    "Some groups of browser developers support the Native Client technology, but others do not. This technology is controversial with x86 browser developers.

    Supporters: Chad Austin (of IMVU) are praising the way Native Client can bring high-performance applications to the web (with about 5% penalty compared to native code) in a secure way, while also accelerating the evolution of client-side applications by giving a choice of the programming language used (beside JavaScript).[16]

    Detractors: Other IT professionals are more critical of this sandboxing technology as it has substantial or substantive interoperability issues.

    Mozilla's vice president of products, Jay Sullivan said it has no intention to run native code inside the browser, as

    "These native apps are just little black boxes in a webpage. [...] We really believe in HTML, and this is where we want to focus."[17]

    Håkon Wium Lie, Opera's CTO believes that

    "NaCl seems to be 'yearning for the bad old days, before the web'", and that "Native Client is about building a new platform – or porting an old platform into the web [...] it will bring in complexity and security issues, and it will take away focus from the web platform."[3]

    Christopher Blizzard, Mozilla's Open Source evangelist fears that without the source code, the pace of innovation will slow, and compares NaCl to Microsoft's ActiveX technology, plagued with DLL hell. In his views, even if it's secure, Native Client isn't a good thing.[3]" ~ Wikipedia

    ... Oh my ...
  11. vasa1
    Offline

    vasa1 Registered Member

    I will repeat: Chromium is a Google-funded project. SRwhatever is based on Chromium. Chromium is a Google-funded project. Why do people who renounce Google and all its works and empty promises (as some of us were taught to say), use browsers based on Chromium and ingenuously (not!) point out that Chromium uses WebKit.

    And if one already "knows that", then using SRwhatever and ranting against Google at every opportunity is "interesting" for want of an appropriate stronger term.
  12. Daveski17
    Offline

    Daveski17 Registered Member

    Dude, you really need to drink less caffeine.

    Now you really are repeating yourself. Is this a short term memory thing? ;)

    Who says anything about renouncing all of Google's works? Where have I ever stated this? (refer back to drinking less caffeine)

    Where are the rules written stating that anybody can't criticise an organisation whilst using its products?

    Criticism can be good.

    Yes, but at the end of the day, it does use WebKit, which originally had nothing to do with Google.

    If it makes me a hypocrite, fair-do's. It doesn't matter to me as I am essentially a nihilist.

    To use an analogy: I can criticise democracy, yet partake in a constitutional monarchy. I don't see that as hypocrisy.

    If I contradict myself, very well; I am large & contain multitudes. :cool:
  13. Hungry Man
    Offline

    Hungry Man Registered Member

    I would suggest that the question of whether Iron is a scam be moved to another topic but it just seems so obvious I don't even think it needs one.
  14. Daveski17
    Offline

    Daveski17 Registered Member

    It seems obvious that you have caught a dose of Googlefanboyitis LOL! ;)

    I don't know what to prescribe as a cure. :D
  15. Hungry Man
    Offline

    Hungry Man Registered Member

    Yep that must be it.

    http://neugierig.org/software/chromium/notes/2009/12/iron.html

    All the proof I need really.

    Blatantly playing on users fears that he helps to spread with his silly page about how Google is calling home and how ironware disables it when it's all able to be disabled in Chrome.

    It's just so silly.
  16. inka
    Offline

    inka Registered Member

    {blush} Okay, I revised the initial post.
    The favicon images are, in fact, being served from duck.co server, NOT from remote sites.
    So, there's no boogeyman lurking in THAT corner...
  17. Daveski17
    Offline

    Daveski17 Registered Member

    It's not the only thing that's silly on this site mate! ;)
  18. vasa1
    Offline

    vasa1 Registered Member

    But try to make it informative or at least entertaining ;)

    It's the repetitive and highly unoriginal and often motivated criticism that drives me to caffeine. If this goes on I'll move on to plonk and even you wouldn't wish that on me!
  19. vasa1
    Offline

    vasa1 Registered Member

    Oh! And if we are sooooo keen on WebKit, there's Midori and Epiphany that aren't, to my limited knowledge, tainted by supping with Google even with a long spoon (to continue the metaphor).
  20. Daveski17
    Offline

    Daveski17 Registered Member

    I'm an alternative comedian; I'm not funny.

    The pot calling the kettle ... ?

    I recommend Butty Bach.
  21. Daveski17
    Offline

    Daveski17 Registered Member

    Extended metaphors aside, I still prefer Gecko.
  22. vasa1
    Offline

    vasa1 Registered Member

    Is it a knock-off of something else?
  23. Daveski17
    Offline

    Daveski17 Registered Member

    I dunno, but after six pints you won't care. ;)
Thread Status:
Not open for further replies.