Lissy93 / awesome-privacy

🦄 A curated list of privacy & security-focused software and services
https://awesome-privacy.xyz
Creative Commons Zero v1.0 Universal
6.96k stars 315 forks source link

[AMENDMENT] Caveat for Qwant #222

Open bbbhltz opened 8 months ago

bbbhltz commented 8 months ago

Title

Qwant

Amendments

Qwant has been under scrutiny for several years. It is claimed by a former employer that the results are 100% Bing, but a major issue is that of privacy:

The CNIL (National Commission on Informatics and Liberty, French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data) received a complaint from a former employee in 2019, the case is still open.

The privacy issue is related to "pseudo-anonymous" data (IPv4/24) being sent to third parties, like Bing, in order to balance the budget.

Users are/were not given full warning that their searches are/were sent to Bing Ads.

By sending IPv4/24 data to Bing, it is possible to determine the city and residential area of the user.

The current privacy policy (see here) alludes to this:

Can I learn more about major treatments?

Processing user requests and displaying ads

Qwant keeps for 1 month (from the 1st of the month) the keyword(s) entered associated with a pseudonymous identifier calculated from the User Agent of your browser and the hash salted with your IP address. After this period, keywords are no longer associated with an identifier and kept for 12 months for the purpose of aggregated statistical analysis (e.g. how many times a keyword is searched for over a given period). […] In order to provide you with relevant results from around the world when we do not have the answers to your queries ourselves, we partner with Microsoft Ireland Operations Limited to provide a portion of our search results and provide contextual advertising based on the keywords entered and your geographic region.

For this purpose, Qwant may transfer to this partner the following pseudonymous data related to your request:

  • Search keywords;
  • Information about the browser you are using (the User Agent);
  • The first three bytes of your IP address;
  • The approximate geographic area at the origin of the search, at the scale of a region or city;
  • The salty hash generated from your IP address, your User Agent and a salt changing no later than every 3 months;
  • A random token generated by Qwant (aiming to limit data cross-checking).

[…]

In addition, for security purposes and reliability of our partner’s services (detection of spam, automated activity, fraudulent clicks on advertisements …), Qwant may also collect and transfer to this partner your full IP address.

This processing is in the legitimate interest of Microsoft Ireland Operations Limited (Article 6.1.f) to secure and make its services more reliable.

This data is transmitted to this partner within the European Union, and may be retained in accordance with Bing’s Privacy Policy for a maximum period of 18 months.

Based on these accusations, I believe an asterisk should be added to make readers of this list aware of the ongoing investigation. If anything, it shows the company has not been transparent and truthful.

The company is now owned by Synfonium (Octave Klaba).

Sources

Sorry, these sources are in French.

Amendment Data

No response

Affiliation Disclosure

no association with any project

Would you like to submit a PR?

None

Please tick the boxes

liss-bot commented 8 months ago

If you're enjoying Awesome-Privacy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated