Ethical hacker claims DuckDuckGo tracks user data history

DuckDuckGo is one of the best alternatives to Google. This American search engine claims to be safer than Google by not saving personal information or sharing it with third parties. They also don’t use tracking to display personalized ads. However, the search engine is now caught to track the visits made by the user.

Ethical hacker Cowreth revealed through GitHub how the DuckDuckGo browser could be accessing user history without their consent. According to @cowreth, the browser filtered users’ browsing information to their servers through the favicon. This failure occurs in the mobile version of DuckDuckGo for Android.

DuckDuckGo Android app privacy failure

The failure is that the DuckDuckGo application for Android collects all the domain information that the user visits. When we visit a website, the website calls its own server or checks the computer’s local user cache to download the favicon. Showing on the user’s screen either of the two, which is being more recent.

However, in the Android app, instead of requesting the favicon through the visited website or the local cache of the browser, it makes a call to its own server. With this, it transfers the user’s browsing history to their servers without having permission to do so. In July last year, the company said that this behavior was normal. “We should trust them because they do not collect or share personal information, as it is in their privacy policy.”

The problem is that none of this is a convincing reason to store the data of the websites that users visit in a service other than the local cache of the browser. With the data, the app can organize user profiles based on their preferences. Moreover, they can also find out the IP addresses from which those pages are visited.

After the rain of criticism, the founder and CEO of DuckDuckGo, Gabriel Weinberg, affirms that it is the first time he knew about this failure. And they will fix it immediately by going to store the favicons locally on the mobile.


Post a comment