[kwlug-disc] DDG in the news again

Chris Irwin chris at chrisirwin.ca
Fri May 27 17:13:55 EDT 2022 

On Fri, May 27, 2022 at 12:04:18AM -0400, Paul Nijjar via kwlug-disc wrote:
>
>Data point: I search for KWLUG on DDG. The link to kwlug.org comes up
>as the first search result. Great! But the link I click is to
>"https://duckduckgo.com/l/?uddg=http%3A%2F%2Fkwlug.org%2F&rut=cabb8327a6e42ae258b2db8cddd62e769e7f11e8165b56a492ca6205af89b2bd",
>not "https://kwlug.org" . Somebody is tracking my click. Why is this
>okay in a search engine that pretends to care about my privacy?

Counter-point: I'm totally okay with this.

I don't care that they're tracking how many people click on kwlug.org.  
I don't care if they sell data based on clicked results. 

Why am I okay with this? Because nothing is free. There are services I 
pay for because I don't want them to be monetized through other means 
(email, for example). There are services I self host for the same reason 
(file storage).

However, I don't pay for a search engine. I'm not going to self-host a 
search engine. I use a free one (ddg, personally). Their infrastructure 
cost money to run, and they need to make that money from somewhere. They 
do this with non-targetted advertising and referral links to amazon.

So does that mean I don't care about privacy? Far from, actually.

I *do* care if they were tracking that *I* clicked on kwlug.org. I do 
care if they track what websites *I* go to, or what *I* search for. So I 
checked their privacy policy:

> We also save searches, but again, not in a personally identifiable 
> way, as we do not store IP addresses or unique User agent strings. We 
> use aggregate, non-personal search data to improve things like 
> misspellings.

Also from their "Information Not Collected" section of same policy:

> When you access DuckDuckGo (or any Web site), your Web browser 
> automatically sends information about your computer, e.g. your User 
> agent and IP address.

> Because this information could be used to link you to your searches, 
> we do not log (store) it at all. This is a very unusual practice, but 
> we feel it is an important step to protect your privacy.

FWIW, I don't appear to have any click tracking on a ddg 'kwlug' search 
with Firefox 100 on Fedora. Ddg does support server redirects to ensure 
browsers don't pass search information in the referer headers, and I 
think there is a heuristic to determine if this is required or not. It 
is possible some setting in your browser has made ddg think it needs to 
perform a 'safe' redirect to hide your search terms from your browser 
(i.e. using an old user agent, etc).


-- 
Chris Irwin

email:   chris at chrisirwin.ca
  xmpp:   chris at chrisirwin.ca
   web: https://chrisirwin.ca

More information about the kwlug-disc mailing list