Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday January 10 2019, @04:12PM   Printer-friendly
from the time-to-switch-to-dodododogo dept.

Submitted via IRC for Bytram

Is this for real? DuckDuckGo has grown in popularity primarily on its claim: We don't track you. Is this no longer true?

DuckDuckGo now fingerprinting visitors

DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday January 10 2019, @06:47PM (4 children)

    by Anonymous Coward on Thursday January 10 2019, @06:47PM (#784609)

    We're never going to get "evidence" that they're tracking us, and if they tracking us are they won't tell. But, since duckduckgo claims to not be tracking users and claims it is their reason for existing, they should avoid using technologies that are commonly used for tracking and invading privacy.

    If they want to show graphics, they should use <img src=...

  • (Score: 0) by Anonymous Coward on Thursday January 10 2019, @07:10PM

    by Anonymous Coward on Thursday January 10 2019, @07:10PM (#784618)

    We're never going to get "evidence" that they're tracking us, and if they tracking us are they won't tell.

    I'm never going to get "evidence" that you brutally murdered your first girlfriend, and if you did murder her you won't tell.

    Come on. If you want to assume everyone and their dog is tracking their users regardless of what they say then by all means, take steps to avoid browser fingerprinting. At minimum this means using Tor and never executing scripts on websites. Just don't go pointing fingers at everyone without any evidence saying "that person runs a website and says they don't track users, therefore he's a bad person and tracks users" because that just makes you an asshole.

    But, since duckduckgo claims to not be tracking users and claims it is their reason for existing, they should avoid using technologies that are commonly used for tracking and invading privacy.

    Unfortunately, this is simply impossible for any web site, because essentially every technology related to the world wide web is a technology that is commonly used for tracking and invading privacy.

  • (Score: 1, Insightful) by Anonymous Coward on Thursday January 10 2019, @07:29PM (2 children)

    by Anonymous Coward on Thursday January 10 2019, @07:29PM (#784625)

    We're never going to get "evidence" that they're tracking us

    If they were tracking you using this method, then the required JavaScript would be executed on your computer. You could see everything they're doing on your computer if you so desired, and could validate for yourself whether or not their usage of canvas is for tracking purposes.

    • (Score: 3, Informative) by edIII on Thursday January 10 2019, @11:52PM (1 child)

      by edIII (791) on Thursday January 10 2019, @11:52PM (#784734)

      Absolutely incorrect. The fingerprinting works by analyzing the rendering differences. That's data that is sent back anyways, AFAIK.

      So there is no way to tell from a valid use of the canvas, versus a tracking one, on your computer. You would need to be server side to see what they're doing with that information. If it were solely for the purposes of some display time use of the canvas, then that information wouldn't be stored after the fact. If they're storing that metadata and associating with sessions and other tracking data, then yes, they're tracking us.

      The problem is that so many valid uses of client-side tech exist beyond tracking. In this case, it's perfectly possible the DDG is using canvas for advanced rendering of images and videos.

      Like another poster stated, DDG works with Javascript disabled.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 0) by Anonymous Coward on Friday January 11 2019, @05:34PM

        by Anonymous Coward on Friday January 11 2019, @05:34PM (#785139)

        Absolutely incorrect. The fingerprinting works by analyzing the rendering differences. That's data that is sent back anyways, AFAIK.
        So there is no way to tell from a valid use of the canvas, versus a tracking one, on your computer.

        Absolutely incorrect. The code which would send the canvas content back to the server runs, you guessed it, on your computer, and a "valid use" of the canvas won't be sending any canvas content back to the server at all.