DuckDuckGo has responded to accusations that it uses browser fingerprinting to identify its users.
These claims were made on the message board of security software company Whonix.
“DuckDuckGo is using the Canvas DOMRect API on their search engine. Canvas is used to make unique geometry measurements on target browsers, and DOMRect API uses rectangles. This can be verified with the CanvasBlocker Firefox add-on by Korbinian Kapsner.”
As a search engine that sells itself on privacy, fingerprinting users would go against everything DuckDuckGo stands for.
However, there is no truth to these claims, the company says.
Brian Stoner, DuckDuckGo’s VP of Search, responded to the message board thread:
“Hi, I work for DuckDuckGo and wanted to clarify that We absolutely do NOT doing any fingerprinting whatsoever. Our privacy policy is very clear on this: “We don’t collect or share personal information.” https://duckduckgo.com/privacy
We use a variety of browser API’s to deliver a search experience that is competitive with Google’s. Many “fingerprint” protection extensions take a scorched earth approach, blocking any browser API that could be exploited by a bad actor.”
A moderator of the Whonix forum added a comment reminding people that it would be an FTC violation if DuckDuckGo were to promise privacy while also fingerprinting users.
“Also a note to readers: If a company does contrary to its claims, the FTC would step in and penalize them for fraudulent claims. It would be easy to discover if fingerprinting was going on.”
With that said, all signs indicate that DuckDuckGo is truly respecting the privacy of its users.
Subscribe to SEJ
Get our daily newsletter from SEJ’s Founder Loren Baker about the latest news in the industry!