The threat to privacy here is very small, happening if, and only if, you attempt to browse to a site which has been reported as a threat to your computer or your personal information, and only disclosing the URL of a site already previously reported as dangerous, and the exposure is very minimal, and likely not even personally identifiable.

The threat to privacy with this feature off, however, is far greater - the sites listed in the "safe browsing" database are listed for either trying to put malware on user's computers, or for being phishing sites, and are therefore orders of magnitude greater threats to privacy than the network requests implementing the database. 

Specifically, according to the way the feature works is that a copy of the "bad sites" database is periodically downloaded by the browser and stored on disk (if I recall correctly, in the urlclassifer.sqlite3 file in the Firefox profile). Sites are checked locally against the database, if there's no match, the browser displays the page as normal, and nothing is sent to third party servers. If there is a match, indicating that the site is currently in the database, Firefox DOES contact a Google server, but only to avoid a false positive - if the site has been removed, the database is updated, and browsing continues normally, otherwse, if the site is still listed, a scary red warning screen tells you that the site is trying to break in to your computer and/or steal your information, and you shouldn't go there.

Given this information, the benefits to privacy and security outweigh the risk for the vast majority of users, and I strongly encourage you to rethink how you present your recommendations in light of the potential security and privacy trade offs which exist here. 

posted by [Old Forum sdaugherty] • 5 years and 11 months ago Link

Your opinion is exact, and honest for all browser users.
Why recommend disabling "Block reported attack sites" and "Block reported web forgeries"?
There is NO TRACKING FEATURE at least on firefox.
I think must not recommend users to disable these features.
posted by [Old Forum guest] • 5 years and 11 months ago Link
Those features function by poking Google with the websites you visit, and therefor compromise privacy. As for the "no tracking feature" -- if you mean the "Do Not Track" option, see here:
posted by crazedpsyc 5 years and 11 months ago Link
We're definitely interested in how we can improve on this. The issue we're facing right now is, it's unclear what's going on with the data behind closed doors. It's also not clear which part of their respective privacy policies this would fall under: 

Because there's no specific mention of how this data is handled, we thought it best to at least make people aware that it could be interfering with their privacy. Obviously, though, if there's a better way to phrase this (or format, in general), we're open to it :) 

Any suggestions? 


DuckDuckGo Community Manager
posted by zac Staff5 years and 11 months ago Link
I am not recognizing the threading/layout of this forum(s).  This comment seems midstream, but it is the only one mentioning "malware". suggests disabling Fraud and Malware protection in Opera.  ????  That is not intuitive to me.  Am I reading that wrong?  Is that a good trade off: Trade malware protection so someone can not target me with ads?  Does it have to be either/or?  Isn't Duck Go supposed to limit browser tracking?  

If Duck Go is set as the default search in Opera, what does the browser extension add?  

This question may be stupid:  Would subscribing to a thread in this forum(s) {again, can't make sense of threading and forum(s) layout here} be an inappropriate privacy leak?
posted by [Old Forum guest] • 5 years and 9 months ago Link