The reason why services like DuckDuckGo thrive lies in their focus on users’ privacy. Nonetheless, a researcher found how this service behaved somewhat similar to Google. As observed, the DuckDuckGo Android browser collected users’ browsing data without consent. Nonetheless, they have now fixed the bug.
DuckDuckGo Collected Browsing Data
Reportedly, a researcher with Twitter handle Cowreth has caught how DuckDuckGo collected users’ browsing data. In his tweet, he mentioned that DuckDuckGo stealthily tracked what websites users visited.
Briefly, the issue existed in how the DuckDuckGo browser dealt with the websites’ favicons. The service did not fetch the favicons from the websites directly. Rather, whenever a user requested a website, the DuckDuckGo Android browser would send the request to its server icons.duckduckgo.com to fetch the favicon.
That’s where the issue resides. This behavior seemingly allowed the service to track whatever websites the users would visit.
These favicons are requested from our servers rather than from websites directly, because it can be surprisingly complicated to locate a favicon for a website — they can be stored in a variety of locations and in a variety of formats. We’ve developed our behind-the-scenes service to understand these edge cases and simplify retrieval within our app and search engine.
Search Engine Fixed The Bug
Though, this matter surfaced on GitHub around a year ago. However, DuckDuckGo paid no heed at that time. Hence, recently, Cowreth highlighted the matter again.
However, this time, DuckDuckGo paid attention and reopened the matter on GitHub. Clarifying their stance on users’ privacy, the DuckDuckGo CEO commented,
I want to be clear that we did not and have not collected any personal information here. As other staff have referenced, our services are encrypted and throw away PII like IP addresses by design. However, I take the point that it is nevertheless safer to do it locally and so we will do that.
Consequently, they developed and released a fix by removing the code responsible for browser behavior. So now, the browser will fetch the favicons directly from the websites, as explained on GitHub.
Hence, it seems the glitch is over, and thus, the users may continue to use the service. Likewise, we expect DuckDuckGo to continue respecting the users’ privacy at all costs – the thing they advocate for.