SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Is this for real? DuckDuckGo has grown in popularity primarily on its claim: We don't track you. Is this no longer true?
DuckDuckGo now fingerprinting visitors
DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.
(Score: 5, Interesting) by bzipitidoo on Thursday January 10 2019, @05:20PM (7 children)
One thing I recall DuckDuckGo doing a while back was the same trick Google does. The links in the search results do not go directly to the sites. A link to example.com actually goes to https://www.google.com/url=http://example.com. [google.com] (Actually, the link is more complicated, but I'm simplifying here.) DDG used to do something similar, but it seems they've stopped that.
Google meanwhile has gotten more insidious about it. In Firefox, it used to be that the user could see the actual destination by hovering over the link, no matter what the link text said. Now, even when hovering, the link looks like an innocent link directly to the site Google found. But it isn't. I did not know that was possible, and I find it disturbing that one of the chief quick and easy ways I use to check whether a link really goes where it says it goes can be beaten. Though I'm not terribly surprised. Think I may make a Firefox bug report about that, if someone else hasn't already. Now a way to see where the link really goes is right click on it and choose "copy link location". Can paste it, but don't have to. After selecting "copy link location", hover over the link again, and you will see that it really goes to google.com.
(Score: 0) by Anonymous Coward on Thursday January 10 2019, @05:53PM (2 children)
Just checked and hovered the mouse cursor over some links on a random search on google. It's still showing the links are to google though. Maybe it's a recent firefox bug (or "feature") that's doing that as I'm on firefox 63 currently.
(Score: 3, Interesting) by bzipitidoo on Thursday January 10 2019, @07:29PM
I'm using Firefox 64. I wonder if it's the JavaScript. I am not using NoScript, and I can certainly believe Google serving up a heavily JavaScripted page if it detects that you allow it, and a plain HTML page if you block scripts. And if it is JavaScript, probably it can set the hover text to anything it wants. One other clue I noticed is that there is no "https://" at the start of the hover text that a Google search presents to the user.
Now, how much time do I want to spend on further investigation? Lot of other things to do....
(Score: 0) by Anonymous Coward on Thursday January 10 2019, @09:50PM
I thought it was well-known that Google includes javascript that will activate on mousedown on the link, which will then change it to the tracking url.
(Score: 3, Informative) by isj on Thursday January 10 2019, @06:08PM (1 child)
The redirected links can be used for tracking. Google probably does that. Don't know about DDG.
But redirected links can also be used to protect your privacy because the redirection removes/changes the Referrer: header which could include your search terms.
So link redirection isn't necessarily evil.
(Score: 1, Informative) by Anonymous Coward on Thursday January 10 2019, @06:44PM
Yes, DuckDuckGo supports using POST requests (to hide query terms from referrer URIs) and link redirectors (for the same purpose). You can enable or disable either or both of these privacy options as desired [duck.co]. Apparently the redirectors are not required in modern browsers to avoid referrer leakage [duck.co].
The "html" version of the search appears to always use POST requests and never uses link redirectors, regardless of the settings.
Personally I use a browser which never sends Referer headers across domains to avoid this kind of leakage.
(Score: 0) by Anonymous Coward on Thursday January 10 2019, @06:38PM
Using Palemoon, an initial hover over a google link will show the actual destination sans tracking. However, if I first copy the link to the clipboard subsequent hovers over that link will show the google tracking. Either pretty sneaky by google or an odd Palemoon bug.
Firefox (63.0.3) has the same behavior.
(Score: 0) by Anonymous Coward on Thursday January 10 2019, @08:11PM
Yup, that's sleazy. Totally sleazy on google's part.