Hacker Read

tananaev | karma 838 | avg karma 4.19 · 2020-07-01 23:57:19+00:00

Very weak argument for why they do it. Using a service to retrieve a favicon? Surely there's a way to implement the same logic locally.

heavyset_go | karma 25689 | avg karma 3.63 · 2020-07-02 00:16:48+00:00

BitWarden does this, too.

slenk | karma 1054 | avg karma 1.44 · 2020-07-02 05:16:51+00:00

If you host your own Bitwarden server you don't have to worry about that.

Also different expectations

reply

yoavm | karma 2849 | avg karma 4.74 · 2020-07-02 09:00:53+00:00

Yeah, I would just have to worry about losing all my passwords ever.

slenk | karma 1054 | avg karma 1.44 · 2020-07-02 18:37:16

It's really easy to back up the server and never lose passwords.

heavyset_go | karma 25689 | avg karma 3.63 · 2020-07-02 23:03:27

I can attest to this.

heavyset_go | karma 25689 | avg karma 3.63 · 2020-07-02 18:24:18

I host my own BitWarden server and had to explicitly deny using BitWarden's favicon lookup feature.

toyg | karma 35240 | avg karma 2.97 · 2020-07-02 09:43:22+00:00

BW already has all the URLs of services you use: you saved them yourself for them to keep safe. It's obvious you already trust them enough to know that sort of data.

ghewgill | karma 971 | avg karma 11.42 · 2020-07-02 00:33:56+00:00

So if favicons were gathered locally, then you would prefer that your own browser would reach out and make multiple requests to every (potentially dodgy) site listed on the search result page?

Note also that these are favicons for results that DDG has already given you. This isn't tracking your clicks. The list of sites that appear on the search result page is not new information to the search engine that just gave them to you.

EDIT: Like other commenters, I was not previously aware that DDG had a browser, and my comments were about this behaviour for the search engine results page.

reply

tananaev | karma 838 | avg karma 4.19 · 2020-07-02 00:39:52+00:00

Are we talking about search results or sites you visit?

detaro | karma 40664 | avg karma 1.79 · 2020-07-02 00:41:16+00:00

What about the issue linked suggests to you that it is about search results in any way?

colecf | karma 1 | avg karma 1.0 · 2020-07-02 17:35:12+00:00

Can you explain your edit a little more? I still only understand your original viewpoint. Just because there's an app doesn't mean they don't have to contact DDG servers at all, right?

tagawa | karma 5284 | avg karma 7.34 · 2020-07-02 01:32:58

We had already had created this anonymous favicon service for our private search engine. In addition, doing it this way avoids another request (and potentially multiple) to the end site.

The service is private as we do not collect any personal information (e.g. IP addresses) on any requests for this or any service and the requests are all end-to-end encrypted.

reply

systemvoltage | karma 9933 | avg karma 2.22 · 2020-07-02 01:49:25

Why not do it locally? It is one extra request to the favicon link in the header and cache it. Or cache it when the user visits the website. Or explicit button in the settings UI to refresh favicons locally.

There are so many options.

reply

haggy | karma 383 | avg karma 2.36 · 2020-07-02 01:50:34+00:00

Your answer to all these criticisms is a lazy one. You are saying "this already exists for other things so we use it regardless of what the correct method is". Just because something exists in one form doesn't mean it's the correct choice.

oska | karma 7731 | avg karma 5.32 · 2020-07-02 03:06:36

Please don't downvote this reply from a DDG staff member (as I'm currently seeing).

Even if you don't like the reply it's good that we're getting replies.

reply

oefrha | karma 17698 | avg karma 5.08 · 2020-07-02 03:36:35+00:00

You can read essentially the same reply as the first comment on the linked issue, so not much value is lost even if gp is downvoted into oblivion.

jeltz | karma 6278 | avg karma 2.2 · 2020-07-02 09:58:52

But we are not. It is just the same reply parroted in multiple places without responding to the actual criticisms.

aronpye | karma 319 | avg karma 1.62 · 2020-07-02 07:08:12

Good privacy is not based on trust. Even so, this incident is even less reason to trust you.

jb775 | karma 1208 | avg karma 1.51 · 2020-07-02 07:12:16+00:00

I personally believe you, but this approach adds multiple unnecessary trust boundaries. Just thinking about how many separate logs are triggered outside of DDG is troublesome. And what happens when you guys think everything is secure, but one day find out it isn't?

I understand utilizing a single service/feature to accommodate multiple platforms is a big win from a programming standpoint. But if it carries the risk of losing the trust of your user-base while at the same time risks breaking the core mission statement of the business (privacy), it's probably not worth it.

reply

SahAssar | karma 5923 | avg karma 2.35 · 2020-07-02 10:54:14

What do you mean by "end-to-end encrypted"? Isn't this just a request to your service that will then go out and fetch the icon from the site, so it can't be e2e since you need to know which site to request the icon from.

Why use that term when it clearly can't be true or even seems applicable/relevant?

reply