DuckDuckGo es una de las mejores alternativas a Google. Este buscador estadounidense afirma ser más seguro que Google al no guardar información personal, ni tampoco compartirla con terceros. Tampoco utilizan tracking para mostrar anuncios personalizados ni rastrean la información navegando en incógnito. However, they have just discovered that the search engine is tracking the visits made by the user.
The ethical hacker Cowreth, has reanalyzed a flaw reported on GitHub a year ago and which was disregarded, which claimed that the websites visited by the user were being sent to DuckDuckGo's servers.
When a website is visited, the website calls its own server or checks the user's local computer cache to download the favicon, showing on the user's screen whichever of the two is more recent.
However, in the Android app, instead of requesting the favicon through the visited website or from the browser's local cache, it makes a call to its own server. Con ello, transfers the user's browsing history to their servers without their permission. In July of last year they said that this behavior was normal and that “we should trust them” because they do not collect or share personal information.
After the flood of criticism, the founder and CEO of DuckDuckGo, Gabriel Weinberg, states that this is the first time he is aware of this flaw, and that they will fix it immediately by storing favicons locally on the phone. The change, he says, will be applied as soon as possible. The bug has already been fixed.
In addition, he wanted to make it clear that they have not collected any personal information in the process, that their services are encrypted, and that any personal information, such as the IP address, is automatically discarded always. Nevertheless, acknowledges that the most logical thing is for this information to be stored locally and never reach their servers, reason for which they are going to make the change as soon as possible.