Comment by no_time
4 years ago
You aren't supposed to. Even if you assume they lie in every sentence about their data collection, with their current setup it would be much harder for them to build a valuable shadow profile about you.
They haven't been caught running fingerprinting scripts yet and they dont have an account system to tie to your searches. At best they could use your ip to build a shadow profile and thats wildly inaccurate in our mostly ipv4 world.
How do you know what server-side profiling occurs or does not occur? There is no way to know that. DDG gives people a completely misplaced and false sense of security, when they are just as easily comprimisable/corruptable/subpoenable/susceptible to NSLs, EDRs and secret court orders as any other company.
And I disagree with your premise that it's particularly difficult to link a persons IP to their real world identity. There are organized fraud gangs who have it down to a science. know exactly what dept. of the ISP to call, what to say, etc. Basically if someone knows your IP and your ISP account is registered in your name it's game over.
I am aware that they are susepctible to nation state level data collection, just like every site on the internet. I conduct all my non e2e encrypted communications/interactions with this in mind.
I just want to avoid my data being monetized.
I'm more worried about teenage crooks equipped with Emergency Data Request PDF templates than any nation state. We know Google, Facebook, Snapchat etc were all giving up information on users without a court order to these crooks. All it took(probably still) was a EDR notice alleging an imminent threat to human life is about to occur -sent from a real or fake police dept email- and companies will hand over your data without second thought.
Even if they do server-side profiling, they can only track you on duckduckgo.com. Last I checked, DDG did not also own an analytics service that has infested half the world's websites.
> Last I checked, DDG did not also own an analytics service that has infested half the world's websites.
uMatrix shows a 3rd party request to improving.duckduckgo.com every time I visit a page from DDG search results, ostensibly to measure click-through rate. This is claimed to be anonymous, but in principle it gives DDG the opportunity to log much about their users' browsing habits.
3 replies →
DDG offers a JavaScript-less page. don't trust them use that. don't trust them at all? don't use them?
As a regular user of the Javascript-less page, several months ago it started returning wildly different results than the “fully featured” version for the same queries. My uneducated guess is that it’s using a different index. There also appears to be some sort of rate-limiting wherein the results will frequently just be empty (using the JS version and same query resolves the issue).
I’m guessing they’re intentionally degrading the non-Javascript page as an anti-bot measure, but it’s so bad that I find it disingenuous to suggest that the non-Javascript page even a valid alternative at this point.