I read about a Github issue [1] where someone reports that all websites a user clicks on to DDG servers. Reading the employee's response was eye opening.
They literally do not care if it has a bad look, they just say "we don't collect your personal information."
What??? They are literally admitting to collecting domains in the feed of the Github issue but then just copy and paste their manifesto and expect us to think it's fine. I seriously do not understand this.
Seems understandable to me. The explanation isn’t just “copy pasting” their privacy policy, either. You are misrepresenting that thread and discussion.
They’re not a perfectly secure E2E encrypted zero-trust system. They do require some measure of trust to use. This has always been true. Don’t use them if you don’t trust that they won’t misuse your data.
The explanation seems superficially plausible, until you realize many (all?) other browser seem to work fine without a remote server to fetch favicons.
They're probably not collecting IP addresses or user cookies, but they will undoubtedly have a log of what their users search for, what results were turned, and possibly what clickthroughs happened from their search page. You can do all of that without retaining identifying information for the person who clicked through.
Worst case, if you go back and forth between google search and DDG, a comparative analysis might be able to identify you or people like you from those logs, but it would require some work.
I think most DDG fans would be thoroughly surprised DDG ever popped the hood or tried to verify their privacy claims, which is why I don't think DDG ever will.
Better to elude to a nebulous definition of privacy rather than give specifics. Even as a privately traded, for-profit company based in the U.S. with zero accountability for its claims, DDG doesn't even have that much IP to lose (as a Bing reskin) should it ever fold under a class action lawsuit.
Did you keep reading? This issue was subsequently fixed.
> Hi all, CTO of DuckDuckGo here.
[... mucho explanation...]
> So, we went ahead today and implemented the change for both Android (#878) and iOS (duckduckgo/iOS#667) that will move this logic onto the client, and we will no longer be using the favicon service in our apps. These changes are currently in the release phase and are rolling out live now.
They literally do not care if it has a bad look, they just say "we don't collect your personal information." What??? They are literally admitting to collecting domains in the feed of the Github issue but then just copy and paste their manifesto and expect us to think it's fine. I seriously do not understand this.
[1] https://github.com/duckduckgo/Android/issues/527