DuckDuckGo Restored in India, Responds to Favicon Concerns

DuckDuckGo made the news twice this week.

First its service was reinstated across India last Saturday, after being unreachable for nearly three days, for reasons which remain unclear. “We have contacted the Indian government but have not yet received a response,” a DuckDuckGo spokesperson told The Verge. “We are bewildered on why the Indian government would instruct Indian ISPs to block DuckDuckGo, but are optimistic that this will be resolved soon.”

But at roughly the same time the search engine faced another controversy about how DuckDuckGo fetches favicons, according to one cybersecurity blog: First submitted as an issue in July 2019, GitHub user Tritonio flagged the offending script, saying: “This seems to be leaking all(?) the domains that users visit to your servers.” The script in the Android version of the DuckDuckGo application showed that favicon fetching was routed through DuckDuckGo systems, rather than made via direct website requests. Daniel “tagawa” Davis, communications manager at DuckDuckGo, said at the time that the “internal” favicon service was used to simplify the favicon location process, but as the service is rooted in DuckDuckGo’s existing systems, the script adhered to the company’s privacy policy which pledges not to collect or store any personal user information.

The case was then closed. However, when the issue became public on the GitHub tracker this week, this assurance was not enough for everyone. Some users requested that the case be re-examined, citing potential information leaks caused by the script choice, considered by some as an inherent ‘design’ flaw or human error. In response to the discussion concerning the favicon telemetry, founder and CEO Gabriel Weinberg said he was “happy to commit us to move to doing this locally in the browser” and will address it as a matter of priority.

He added that as DuckDuckGo’s services are encrypted and “throw away PII [personally identifiable information] like IP addresses by design”, no information was collected, stored, or leaked. The company’s slogan is “Privacy Simplified”. It is this concept, Weinberg told The Daily Swig, that led to the rapid decision in changing how favicons are managed. Weinberg acknowledged that there is an ongoing security debate concerning which option for fetching favicons is more secure, and arguments can be made for each choice — but added they both offer “basically a similar amount” of privacy… You can ask a browser to connect to a website and fetch the favicon — potentially making multiple requests in the process — or you can use the firm’s encrypted service… “It’s a known anonymous service,” Weinberg told us. “You’re already connected to DuckDuckGo because you’re using the app. It’s not that it is leaking any more information, because you conduct a search with us which has the favicons anyway.”

DuckDuckGo’s service is also faster and uses less bandwidth as the service is running server-side and favicons are cached, Weinberg says.

2 Likes