Submitted via IRC for Bytram
Is this for real? DuckDuckGo has grown in popularity primarily on its claim: We don't track you. Is this no longer true?
DuckDuckGo now fingerprinting visitors
DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner. DDG has recently been redirecting some website navigations to cute pictures with remarks about their privacy promises. The organization is now seeking to expand their Internet presence. DDG are without question data brokers, and commercial websites that make promises like DDG does will not survive for long if they actually keep them.
(Score: 0) by Anonymous Coward on Friday January 11 2019, @12:49PM
Ok, this makes no sense. There is no need to use a huge heavyweight system like DOM Canvas to "determine size of browser and how to layout the page" when CSS percentages and media queries have existed since the CSS 2.1 era.
So if this is correct, the DDG devs used a heavyweight library, one that can be used for fingerprinting and tracking purposes, to perform the function of a few CSS 2.1 declarations. That seems either incompetent, or else they do eventually plan to quietly begin fingerprinting, and this is just the first tentative step towards that goal (but with no fingerprinting yet, to get people to stop noticing they are using DOM canvas first by 'not fingerprinting'). Then, later, slowly, bits of JS code appear that start fingerprinting when no one is looking.