Re: [Bug-gnuzilla] DuckDuckGo's JavaScript

[Jonas Wielicki]

On 10.03.2015 10:16, Narcis Garcia wrote:
> I've not analyzed deeply DDG but, when I perform a search, In don't see
> shown URLs in HTML code. It can mean that is when user clicks on each
> link that this URL is built (It can have some sense to track what users
> do and where they go).

I do not understand what you mean here. I find the URLs in both the
plain-HTML and the JS version of DDG. Note that in the JS version, the
results are loaded kind of on-demand, so they probably won’t appear when
wgetting.

Also, in the JS version, links are redirected just before they are
followed by the browser to a de-referrer service of DDG, which hides
your search query from the site you are going to.

> Additionally, DDG results include (and put on top) other things not
> asked or priorized by user, 

That is, in my opinion, a feature. Many of my DDG requests are
successful due to that priorization. And they claim that it works
without filter bubbling, so they’re doing quite a great job at that.

> and tracked with add.ddg.gg

ddg claims that they are not tracking. Now it is possible that IceCat
and/or you and/or ddg have different notions of what "tracking" means.
Reading through their statement on what information they collect [1], it
seems pretty reasonable though.


Also, you can turn both, the "quick result bar" at the top and the
redirection of requests, off in the settings when using the JS version
(in the non-JS version, they both are not used). Which are probably
stored in a cookie, which would, in theory, again allow certain
tracking. The question is, whether DDG does that. We can’t really know.
But that is an issue of *any* web service; tracking is not limited to
JavaScript and Cookies.

I think that DDG is, if at all, the lesser of the evils around here. A
service under the AGPL would probably be preferable, but then again, is
there a way to actually verify that the service runs the code it claims
to run, and not a version with patched-in analytics?

With the JS issue, has anyone asked DDG to make their JS libre?

regards,
jwi

   [1]: https://duckduckgo.com/privacy#s4

> 
> It's still very strange to see DDG as a default tool in a project like
> GnuZilla.
> 
> 
> 
> 
> El 10/03/15 a les 09:28, Svetlana A. Tkachenko ha escrit:
>>> It seems the same matter as using Google or any other abusive service.
>>
>> There are two types of abuse from Google, tracking its users and non-free 
>> js. From DDG there is only one, and the HTML version technically has 
>> neither, unless the user is clever enough to click or type through to its 
>> homepage.
>>
>> Svetlana
>>
>> --
>> http://gnuzilla.gnu.org
>>
> 
> --
> http://gnuzilla.gnu.org
>

signature.asc
Description: OpenPGP digital signature