Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday January 10 2019, @04:12PM   Printer-friendly
from the time-to-switch-to-dodododogo dept.

Submitted via IRC for Bytram

Is this for real? DuckDuckGo has grown in popularity primarily on its claim: We don't track you. Is this no longer true?

DuckDuckGo now fingerprinting visitors

DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by edIII on Thursday January 10 2019, @11:52PM (1 child)

    by edIII (791) on Thursday January 10 2019, @11:52PM (#784734)

    Absolutely incorrect. The fingerprinting works by analyzing the rendering differences. That's data that is sent back anyways, AFAIK.

    So there is no way to tell from a valid use of the canvas, versus a tracking one, on your computer. You would need to be server side to see what they're doing with that information. If it were solely for the purposes of some display time use of the canvas, then that information wouldn't be stored after the fact. If they're storing that metadata and associating with sessions and other tracking data, then yes, they're tracking us.

    The problem is that so many valid uses of client-side tech exist beyond tracking. In this case, it's perfectly possible the DDG is using canvas for advanced rendering of images and videos.

    Like another poster stated, DDG works with Javascript disabled.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Friday January 11 2019, @05:34PM

    by Anonymous Coward on Friday January 11 2019, @05:34PM (#785139)

    Absolutely incorrect. The fingerprinting works by analyzing the rendering differences. That's data that is sent back anyways, AFAIK.
    So there is no way to tell from a valid use of the canvas, versus a tracking one, on your computer.

    Absolutely incorrect. The code which would send the canvas content back to the server runs, you guessed it, on your computer, and a "valid use" of the canvas won't be sending any canvas content back to the server at all.