search

duckduckgo / Android

DuckDuckGo Android App
https://play.google.com/store/apps/details?id=com.duckduckgo.mobile.android
Apache License 2.0
3.85k stars 908 forks source link

Privacy concern #482

Closed ghost closed 5 years ago

ghost commented 5 years ago

Privacy should be #1 thing for duckduckgo browser, but currently I have mixed feelings about certain possibly missing features, that should be there! I can list some.

1 Do Not Track (DNT header)

I'm not really sure do you have already this included, really hard to say as there is no way to say if it's there or not.

duckduckgo is already blocking some trackers, which is a good start, but DNT header is upgrade to that, if DNT header is send to webpages, it does not allow trackers follow users by default. Very important upgrade to trackers blocking feature.

2 WebRTC IP leaking

Certain pages like "ip.voidsec" can see if your browser is leaking through WebRTC, and yes duckduckgo browser is indeed leaking IP information through WebRTC, even it's "Privacy" browser, one big risk for user privacy.

https://ip.voidsec.com/

3 Able to block 3rd party cookies

Currently settings page is very simple, and features like this one, blocking 3rd party cookies is missing, which should not, as it's also part of user privacy!

4 Adblocking + NoCoin (against cryptomining)

Yes, duckduckgo does block some trackers, but not only trackers are risk to user privacy, certain malicious ads can lead to phishing / malware websites, which might steal user information in worst case, blocking only trackers doesn't help, ads in overall should be blocked too.

Cryptomining as other thing, not bigger deal as in privacy thing, but as for resources usage.

5 Possibly, hidden settings which are not shown to users of duckduckgo browser

This is just a guess, but does duckduckgo send anonymous reports or such to duckduckgo or other organization by default (not able to turn off, as settings are missing for them?), if so then you should offer settings to disable them, as if you are collecting information any way from users, that is also small privacy issue to us users!

Also, is GDPR in fully operated on duckduckgo services and applications, for european users?

Thanks for reading, I hope you can improve your duckduckgo browser privacy in future! :)

subsymbolic commented 5 years ago

Thanks for all the feedback @runboy93. My thoughts below:

  1. DNT is almost never honoured by websites. That said, this will hopefully change in the future and ensuring we have the DNT header would be a nice addition to our product. Do you mind creating a specific issue for this suggestion?
  2. Duplicate of https://github.com/duckduckgo/Android/issues/429
  3. We block third party cookies by default. This fits with our product being a privacy browser and we see no reason to make the option configurable.
  4. We want to provide privacy to users rather than blanket ad blocking. We will however consider adding an ad blocking feature if enough users request it. Regarding phishing, we take that very seriously, if you have any specific examples that we are vulnerable to, please submit details to our hacker one program https://hackerone.com/duckduckgo.
  5. I'm not really sure what you mean by hidden settings. We also don't collect user information, see https://help.duckduckgo.com/privacy/atb/ for more information.

If you have more feedback please log it as individual issues rather than together in one task. Individual items are easier to track, mark as duplicates and garner more likes/community support/discussion from other users with the same suggestion. Thanks again for sharing your feedback!