Tell HN: DuckDuckGo now seems to have tracking links on its HTML search results

17 points by justaj ↗ HN
See screenshot: https://0x0.st/oTlH.png

Full URL is: https://html.duckduckgo.com/html/?t=lm&q=test

Its main search (which only works if JS is enabled) doesn't seem to have that.

This is similar to how Google tracks their search results.

Why such a privacy oriented search engine implemented this, is beyond me.

15 comments

[ 0.22 ms ] story [ 40.5 ms ] thread
Is there any evidence this search is tied to you / your browser / a cookie?

Tracking links is not necessarily tracking people, violating privacy, etc.

I'm not necessarily defending DDG. I just want to ensure that if we're going to feel that our privacy is being violated, it actually is.

I'm guessing that's because they want to remove the referrer header from the request to the site (such that the site wouldn't be able to see what you were searching for). The reason it's not on the JS version (and I'm guessing again) is that if you have JS enabled, you're probably using an up to date browser which supports the referrer meta tag (where you can specify how the referrer header should be stripped).
Yes that seems to be correct, it's explained here: https://help.duckduckgo.com/duckduckgo-help-pages/results/rd...

You can turn this off in your settings if you like, but it's actually there to protect your privacy.

Seems like pretty sketchy privacy algebra, the number of browsers that don't respect

Referrer-Policy: no-referrer

is very small, and at the same time this allows them to gather statistics on which links are clicked, the latter is a far bigger privacy concern.

This is not on in modern browsers. From the referenced help page (https://news.ycombinator.com/item?id=31170796):

**

On modern browsers we accomplish this by adding a small piece of code to our page called Meta referrer. Some browsers (especially older ones) do not support this standard, however. For those browsers, and also in situations where meta referrer doesn't work, we send the request back to our servers to remove search terms. This redirect goes through r.duckduckgo.com.

You can disable this privacy feature. To do that, go to the settings page, select Privacy, and change the option Redirect to Off.

**

Ah, my bad, I misunderstood then. That is perfectly reasonable.
Time to dump DuckDuckGo and switch to Brave Search
(comment deleted)
This is not correct, we do not track our users. This post refers to a privacy feature that actually prevents your searches from leaking to the sites you click on, generally in very old browsers that need to use our non-JavaScript site (http://duckduckgo.com/html). See https://help.duckduckgo.com/duckduckgo-help-pages/results/rd.... From the page:

**

When you click on a link in our results page, your search terms are not sent to the site that you click on, which can be the case on other search engines due to something called HTTP "referers".

On modern browsers we accomplish this by adding a small piece of code to our page called Meta referrer. Some browsers (especially older ones) do not support this standard, however. For those browsers, and also in situations where meta referrer doesn't work, we send the request back to our servers to remove search terms. This redirect goes through r.duckduckgo.com.

You can disable this privacy feature. To do that, go to the settings page, select Privacy, and change the option Redirect to Off.

**

Thanks for clarifying this.

Though what about the users that simply use the HTML only site without any cookies? What about Tor browser users?

I see that it's only possible to set the settings if you first go to the standard version of DDG, and afterwards it requires cookies in order to remember that choice.

If your browser supports meta referrer, like Tor does, then none of this applies to begin with. You can also set settings via URL parameters: https://duckduckgo.com/params
There seems to be a lot of unwarranted DDG FUD lately. Maybe it's a testament to DDG's growth?
I've flagged this post for obviously false information. This is just to obfuscate/hide the referrer which could contain the search query.

A simple search would have yielded this answer but yet you chose to make this damaging statement without any due diligence.