Browser Add-on DuckDuckGo Privacy Essentials

Tutman

Level 10
Verified
Apr 17, 2020
469
What are you thoughts on this? It "grades" the page you are on for privacy. With tracker blocking.

 

Tiamati

Level 11
Verified
Nov 8, 2016
513
I may add this to the discussion

– In researching the background DuckDuckGo, I uncovered some interesting history. The founder of DDG, Gabriel Weinberg, was also behind a social network called Names Database, which collected the real names and addresses of its users. He then sold Names Database (and all the user data) to Classmates.com for “approximately $10 million in cash” in March 2006.

DuckDuckGo was launched a few years later, in 2008 and was branded as a privacy search engine. It rose to popularity in 2013 following the Snowden revelations. DuckDuckGo remains one of the most popular private search engines to date and is well-regarded in the privacy community.

Jurisdiction: United States (and runs on Amazon servers in the US!)

Source
 

Tiamati

Level 11
Verified
Nov 8, 2016
513
Some more info. I tested the exntesion and it seems good. Their PP says:


When you search at DuckDuckGo, we don't know who you are and there is no way to tie your searches together.

When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address.

Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy.

It is unusual for a few reasons. First, most server software auto-stores this information, so you have to go out of your way not to store it. Second, most businesses want to keep as much information as possible because they don't know when it will be useful. Third, many search engines actively use this information, for example to show you more targeted advertising.

Another way that your searches are often tied together at other search engines are through browser cookies, which are pieces of information that sit on your computer and get sent to the search engine on each request. What search engines often do is store a unique identifier in your browser and then associate that identifier with your searches. At DuckDuckGo, no cookies are used by default.


In response to efforts by the EFF and others, the major search engines have begun "anonymizing" their search log data after periods of time. Sure, this is better than not doing so, but you should note that this does not make your search history anonymous in the same way that it is at DuckDuckGo.


What search engines generally do when they anonymize data is get rid of part of your IP address or turn it into something that doesn't look exactly like an IP address. And they do the same thing for uniquely identifying cookies.


However, in many cases, this so-called anonymous data can still tie your searches together, which can be used to reconstruct who you are and what you searched for. Additionally, search engines usually are silent on what they do with the User agent, which has been shown to also have enough information to often be personally identifiable, especially if isolated to a particular search session (day).


Information Collected

At DuckDuckGo, no cookies are used by default. If you have changed any settings, then cookies are used to store those changes. However, in that case, they are not stored in a personally identifiable way. For example, the large size setting is stored as 's=l'; no unique identifier is in there. Furthermore, if you prefer not to use cookies to store settings, you can use URL parameters instead.

Additionally, if you use our !bang syntax/dropdown, which bangs you use are stored in a cookie so that we can list your most frequently used ones on top of the !bang dropdown box. Just like the other settings, this information is not saved on our servers at all, but resides solely on your computer. There is also a setting to turn this off, which you can also set via a URL parameter. Particular searches are of course not stored. An example cookie might look like: php=2&yelp=19&java=4.


We also save searches, but again, not in a personally identifiable way, as we do not store IP addresses or unique User agent strings. We use aggregate, non-personal search data to improve things like misspellings.

Similarly, we may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites. We do not use any third parties to do the code insertion, and we do not work with any sites that share personally identifiable information (e.g. name, address, etc.) via their affiliate programs. This means that no information is shared from DuckDuckGo to the sites, and the only information that is collected from this process is product information, which is not tied to any particular user and which we do not save or store on our end. It is completely analogous to the search result case from the previous paragraph--we can see anonymous product info such that we cannot tie them to any particular person (or even tie multiple purchases together). This whole affiliate process is an attempt to keep advertising to a minimal level on DuckDuckGo.


Finally, if you give us feedback, it may be stored in our email. However, you can give anonymous feedback (by not entering your email or other personal info on the feedback form).

Information Shared

If you turn redirects off in the settings and you don't either turn POST on or use our encrypted site, then your search could leak to sites you click on. Yet as explained above, this does not happen by default.


Also, like anyone else, we will comply with court ordered legal requests. However, in our case, we don't expect any because there is nothing useful to give them since we don't collect any personal information.
source

It's not a bad PP. However, it does save your sites and can share that with some companies, including any products you buy. They say it's annonymized. It's your choice to believe in them. I never heard about any audit in duckduckgo before. On the goode side: they are one of the biggest private serach engines on the web (if not the biggest). They are also active since 2008. However, having servers on US is never a good thing. Personally, i would not use an extension to enhance privacy from a company with their owners background, and based in US.

Furthermore:
a) you can block trackers with Firefox/Edge/Brave antitracker builtin options, and/or use ublock origin or adguard and privacy badger (from eff).

b) https everywhere already forces encryptions and it's from EFF. A nonprofit organization that fights for privacy online.

c) there are some extension that already classify sites. I would recommend Terms Of Service; didn't read. It's open source and funded by non profit organizations.
 

Tutman

Level 10
Verified
Apr 17, 2020
469
Some more info. I tested the exntesion and it seems good. Their PP says:



Information Collected


Similarly, we may add an affiliate code to some eCommerce sites (e.g. Amazon & eBay) that results in small commissions being paid back to DuckDuckGo when you make purchases at those sites. We do not use any third parties to do the code insertion, and we do not work with any sites that share personally identifiable information (e.g. name, address, etc.) via their affiliate programs. This means that no information is shared from DuckDuckGo to the sites, and the only information that is collected from this process is product information, which is not tied to any particular user and which we do not save or store on our end. It is completely analogous to the search result case from the previous paragraph--we can see anonymous product info such that we cannot tie them to any particular person (or even tie multiple purchases together). This whole affiliate process is an attempt to keep advertising to a minimal level on DuckDuckGo.
So they piggyback off you to make money on Amazon and Ebay?! I don't like that part! (Will just stick with Adguard.) Thanks much for the research!
 

Arequire

Level 27
Verified
Content Creator
Feb 10, 2017
1,609
I'd replace AdGuard and HTTPS Everywhere with Privacy Essentials if it offered a way to block EU cookie warnings.

b) https everywhere already forces encryptions and it's from EFF. A nonprofit organization that fights for privacy online.
Privacy Essentials offers a far more comprehensive form of forced encryption than HTTPS Everywhere, as seen here:

https-list-comparison.png
c) there are some extension that already classify sites. I would recommend Terms Of Service; didn't read. It's open source and funded by non profit organizations.
ToS;DR powers Privacy Essentials grading system:
We’ve partnered with Terms of Service Didn't Read (TOSDR) to include their scores of website terms of service and privacy policies, where available. However, because most privacy policies still remain unstudied, we’re working with TOSDR to help them to rate and label as many websites as possible.
 

Tiamati

Level 11
Verified
Nov 8, 2016
513
Privacy Essentials offers a far more comprehensive form of forced encryption than HTTPS Everywhere, as seen here:

https-list-comparison.png

Interesting, but it seems a little exaggerated... Https everywhere is a very solid extension with years of development. It's hard to believe that the difference would be so big. The comparison you posted was made by duckduckgo? If so, i would not rely on that so much.

ToS;DR powers Privacy Essentials grading system:

I didn't realize that. Good to know! It's a good step from both groups
 

Arequire

Level 27
Verified
Content Creator
Feb 10, 2017
1,609
Interesting, but it seems a little exaggerated... Https everywhere is a very solid extension with years of development. It's hard to believe that the difference would be so big. The comparison you posted was made by duckduckgo? If so, i would not rely on that so much.
The difference is due to DDG using a web crawler (possibly the same one used to index web pages for their search engine) to automatically generate their Smarter Encryption list, while HTTPS Everywhere relies on a mix of crowd-sourcing and EFF hand-maintaining it.
 

SecurityNightmares

Level 37
Verified
Jan 9, 2020
2,667
I'd replace AdGuard and HTTPS Everywhere with Privacy Essentials if it offered a way to block EU cookie warnings.
No need to break websites. Just config cookie setting for sites once and you're done.
But if you reply want, just use a anti-cookie filterlist in AdGuard.

Also for HTTPS: all important sites use https nowadays. And mainstream browser display warning for http sites
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,141
This extension is only useful for existing DDG search engine users.

If you change the search engine while this extension is installed, DDG Essentials will be disabled.

I much prefer their mobile app.
 

Arequire

Level 27
Verified
Content Creator
Feb 10, 2017
1,609
Just config cookie setting for sites once and you're done.
I have my browser set to clear cookies on exit, so the warnings return every new browsing session.
But if you reply want, just use a anti-cookie filterlist in AdGuard.
I already do. I just wish Privacy Essentials gave a way to do so so I could replace my current extensions with it.
Also for HTTPS: all important sites use https nowadays.
Yeah, but a lot use HSTS to force encryption which is just gross.
 

Arequire

Level 27
Verified
Content Creator
Feb 10, 2017
1,609
@Arequire , are you using the browser options to delete cookies on exit? If so, how do you add exceptions?
I am. How you add exclusions varies depending on the browser, but for most Chromium-based browsers you can do so by opening Settings ➜ Site settings ➜ Cookies and site data, then add the domain(s) under the Allow section like so:
Annotation 2020-05-24 001804.png

To do so on Firefox, you go Options ➜ Privacy & Security ➜ Cookies and Site Data ➜ Manage Permissions, then add the domain(s) to the list and click Allow for each. (Can't provide a screenshot for this as I have Firefox set to not allow cookies to be saved.)
 
Last edited:

Opc9

Level 6
Aug 2, 2020
267
DuckDuckGo Extension blocks Google FLoC in latest update

DuckDuckGo released a new version of its browser extension, called DuckDuckGo Privacy Essentials, for all supported web browsers this week. The new version blocks FLoC interactions on websites to protect the privacy of users.

If you have not heard about FLoC yet, it is Google's attempt to shift advertising from a cookie-based system to one that does not require cookies anymore. Basically, what it does is assign a user to a cohort -- FLoC stands for Federated Learning of Cohorts. A cohort is made up of thousands of users who share similar interests.

While that sounds like a nice thing to do on first glance, it is not. You can check out the EFF's Google's FLoC is a Terrible Idea to better understand why FLoC is not necessarily better for Internet users in terms of privacy and tracking.

 
Top