this post was submitted on 23 May 2024
224 points (97.9% liked)
Asklemmy
43899 readers
1188 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you're using DDG for privacy, then indeed you are wrong.
It may be "less invasive" than google, but it's neither anonymous, nor private.
Direct privacy abuse:
DDG was caught violating its own privacy policy by issuing tracker cookies.
DDG’s app sends every URL you visit to DDG servers. (reaction).
DDG is currently collecting users’ operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the “network” tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
DDG is accused of fingerprinting users’ browsers.
When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium."
CloudFlare:
DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity.
Full article: http://techrights.org/2020/07/02/ddg-privacy-abuser-in-disguise/
ETA: The bulk of the text in my reply was lifted from a reddit comment. I tried to format my comment to reflect that it's a "quote", alas I've failed. Hence this.
Also, I don't have a card in this game. I understand anonymity and privacy - I dislike intentional deception.
Do they "give high rankings" to CloudFlare sites because they just boost up whoever is behind CloudFlare, or because the sites happen to be good search hits, maybe that load quickly, and they don't go in and penalize them for... telling CloudFlare that you would like them to send you the page when you go to the site?
Counting the number of times results for different links are clicked is expected search engine behavior. Recording what search strings are sent from results pages for what other search strings is also probably fine, and because of the way forms and referrers work (the URL of the page you searched from has the old query in it) the page's query will be sent in the referrer by all browsers by default even if the site neither wanted it nor intends to record it. Recording what text is highlighted is weird, but probably not a genuine threat.
The remote favicon fetch design in their browser app was fixed like 4 years ago.
The "accusation" of "fingerprinting" was along the lines of "their site called a canvas function oh no". It's not "fingerprinting" every time someone tries to use a canvas tag.
What exactly is "all data available in my session" when I click on an ad? Is it basically the stuff a site I go to can see anyway? Sounds like it's nothing exciting or some exciting pieces of data would be listed.
This analysis misses the important point that none of this stuff is getting cross-linked to user identities or profiles. The problem with Google isn't that they examine how their search results pages are interacted with in general or that they count Linux users, it's that they keep a log of what everyone individually is searching, specifically. Not doing that sounds "anonymous" to me, even if it isn't Tor-strength anonymity that's resistant to wiretaps.
There's an important difference between "we're trying to not do surveillance capitalism but as a centralized service data still comes to our servers to actually do the service, and we don't boycott all of CloudFlare, AWS, Microsoft, Verizon, and Yahoo", as opposed to "we're building shadow profiles of everyone for us and our 1,437 partners". And I feel like you shouldn't take privacy advice from someone who hosts it unencrypted.