Submitted via IRC for Bytram
Is this for real? DuckDuckGo has grown in popularity primarily on its claim: We don't track you. Is this no longer true?
DuckDuckGo now fingerprinting visitors
DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.
(Score: 3, Informative) by edIII on Thursday January 10 2019, @11:52PM (1 child)
Absolutely incorrect. The fingerprinting works by analyzing the rendering differences. That's data that is sent back anyways, AFAIK.
So there is no way to tell from a valid use of the canvas, versus a tracking one, on your computer. You would need to be server side to see what they're doing with that information. If it were solely for the purposes of some display time use of the canvas, then that information wouldn't be stored after the fact. If they're storing that metadata and associating with sessions and other tracking data, then yes, they're tracking us.
The problem is that so many valid uses of client-side tech exist beyond tracking. In this case, it's perfectly possible the DDG is using canvas for advanced rendering of images and videos.
Like another poster stated, DDG works with Javascript disabled.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Friday January 11 2019, @05:34PM
Absolutely incorrect. The code which would send the canvas content back to the server runs, you guessed it, on your computer, and a "valid use" of the canvas won't be sending any canvas content back to the server at all.