Tell HN: DuckDuckGo's privacy extension is adding an inline popup to web forms
But it appears every form accepting an email on any website I visit now gets a small duck icon next to it that pops up a big bold-print message box to "Protect your inbox " complete with a cheeky prompt to either "get email protection" or "maybe later." Refusal is not even an option. This is definitely new for me as of today.[0]
I found DuckDuckGo via Hackernews and have generally been a happy user of both the search engine and the privacy extension. Why could they possibly be doing this? It seems like a self-destructive act from a branding standpoint, I can't imagine their target customer demographic is amicable to this kind of thing.
[0]https://i.redd.it/p1tcoikka0ka1.png
Edit: It's even on Hackernews! I genuinely can't recall a browser extension acting like this since the mid-00s adware toolbar days. https://i.imgur.com/vYjZAUK.png
Edit again: This post originally just said "injecting ads into web forms," I edited the title to clarify - apologies if that was misleading.
106 comments
[ 3.0 ms ] story [ 192 ms ] threadI don't feel like this should be enabled by default. It would be fine for them to advertise it when you click on the extension asking you to turn it on, but not inline on every email form with a double opt-out.
At this point all users should assume that you are lying also about not storing search histories matched to users.
It's not promoting a new service. It's highlighting a feature of the thing you installed.
[0] https://chrome.google.com/webstore/detail/duckduckgo-privacy...
edit: How do you like extensions to notify of new features? I've seen some do a new tab popup post-install, some just add them and you discover them like DDG, and I'm sure a few have added new features I'll never know about because they're disabled by default. I've always found the new tab way annoying, and I've been slightly less annoyed by just adding the feature with a way to disable.
No notifications at all.
Yes, I understand that it is a conflict of interest between me and whoever writes software.
Optionally, notification in some central standard system of notifications that people hating notifications can silence (not sure is such system existing - if it exists I silenced it long time ago). This would work fine as notifications-haters can disable them and vast majority of people will continue to get them.
So if I'm understanding correctly, you'd be fine with DDG's update if it was just the icon being added to the field (making an assumption here that the icon is how you activate the feature like a password manager), but by adding the ad/onboarding/whatever popup they went too far.
That's a fair criticism! At first, I was taking your stance as it was a terrible wrong that they added another privacy feature in general.
In my area there were DuckDuckGo billboards along the interstate all last year. You don't buy interstate billboards unless you're targeting the mainstream.
Then you sell them the idea that by installing your highly privileged software, that can read and transmit literally any data available to the user, they are enhancing their privacy. This is a stupid trade that nobody would take if they stopped and thought about it. The nebulous tracking thing is clearly lower risk than your browser extension, and there are other, better, less risky ways to subvert web tracking.
How did they get away with this? A secret browser extension that was installed with AOL’s AIM. which even if you didn't install came with plenty of windows machines preinstalled. We had some 100k users because of this. Nearly everyone I knew had this junk installed.
Edit: this was in 2002 in the wake of the dotcom crash, I had been laid off from my previous job and couldn't find anything for 8 months. The company went bust a couple years later.
Is it at all possible that this is a feature they added and hasn’t been there (and advertised) from the very beginning?
I no longer trust DDG and switched to Kagi. Whether that’s better for privacy I’m not sure but at least their business is driven by user payments and not ads.
That my quoted search terms don’t get blatantly ignored was actually the impetus to move.
I must have missed this, what's this about censoring news?
[1] "We are not ranking based on any political agenda or my (or anyone else's) personal political opinions. We are also not assessing any individual news stories." https://twitter.com/yegg/status/1515637392190935041
This is part of the onboarding for our optional DuckDuckGo Email Protection feature that comes with the extension. (Note if you just use our private search engine, you do not need our extension at all.) The feature generates email aliases for you on sign up forms (so you don't give out your real email address), which then forwards to your regular inbox with email trackers removed in the process: https://spreadprivacy.com/protect-your-inbox-with-duckduckgo.... It is mentioned in the add-on description as one of the extension's primary features, e.g., at https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-fo....
(x-posting part of another comment here for context on this feature: Popping up a level, the goal of our product is to be the "easy button" for privacy, and email protection is a big part of it, since as we (and others) have gotten much better at web tracking protection (e.g., see https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we...), unscrupulous actors have done more and more email tracking, using your email address as a unique identifier to track you across sites and putting email trackers within emails to do similar.)
Update: I am listening to the feedback presented here, though please know there is a whole team of people working on this feature, trying to bring needed email protection to our mainstream user base. Email protection as a concept is hard for people to understand and the team felt that this in-context onboarding was the best way to explain it. However, we will now revisit this given the feedback.
Seeing this notification appear once, in the extensions area as a popup from the DuckDuckGo extension, would feel much less outrageous. It does not feel like onboarding, it feels like an ad. It is an unexpected disruption of my browser's usual behavior.
I understand your concern though and again will take it to the team. Popping up a level, though, the goal of our product is to be the "easy button" for privacy, and email protection is a big part of it, since as we (and others) have gotten much better at web tracking protection (e.g., see https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we...), unscrupulous actors have done more and more email tracking, using your email address as a unique identifier to track you across sites and putting email trackers within emails to do similar. So, when you sign up for forms online, to escape this tracking, you really should be using a per-site alias, as well as using a service that strips email trackers from emails so you aren't tracked on email open.
I've got no qualms with the product mission for the email tracking protection, I think it's a great one and I already utilize other email tracking protection myself . I made this post because I really like DuckDuckGo and I was just so astounded at this behavior. I tell everyone to "just use the duck website" because I really do believe in your stated mission, and I hope this post doesn't set off too much bandwagoning. My concern is voiced from a standpoint of support, not negativity. I really appreciate the opportunity to exchange this feedback with you directly and especially to add to this post that I really do generally love what you're building. When it doesn't get in my face when I'm trying to work.
I hope this post winds up being useful feedback. The decision to ship this into the product is mystifying to me. I would agree with the other users saying this should be recalled immediately while any internal discussion about it is ongoing.
Yegg discussed it the last time email protection came up on the front page - rolling it out internally into their android browser was the main goal, and the extension for others. The motivations are in the old hn posts. They could have rolled out a new app and extension, and maintained those on top of the current ones, but those would be extra codebases to maintain.
> the UX of this feature can be improved, and will take this feedback back to the team working on it.
It's adware, and you need to recall it.
Wow. So disappointing.
Chrome's new Side Panel button is an ad for the side panel feature.
But to answer your question, a button in the UI is not considered an Ad when it's there to facilitate whatever the app is used for.
Its okay everybody, the CEO came out and said its *not* actually advertising but just simply an unsolicited, intrusive pop-up that tries to get users to use more of their services so its all good!
I think this only happens if you install the DDG extension. So it's not exactly unsolicited.
I totally get DDG wanting people to be aware of their services. I use their email proxy service and it seems like a solid addition to their portfolio. For me, anything that requires additional action or distraction when I'm just trying to do this one quick thing gets disabled / removed.
How often are people actually signing up for things? Maybe this could be a separate extension or at least have an easier way to mute the injected ad?
Has extension mentioned obnoxious inline ads as one of things it will be doing?
When people were installing it?
It's a bit weird to call intended functionality for sonething you install explicitly for that purpose an "ad". Let alone an "obnoxious" one.
I mean, how else would you expect "email protection in the browser" to work at an extension level, other than the extension trigerring a message with more information when you're about to type your email?
I think it would be reasonable to notify me about this new feature in a less disruptive way, like from the extension's existing information pane. Inserting that inline into the websites I use isn't the only way to notify me, but it does seem like the most obnoxious way to do that.
DDG has always been a little sketchy, but now I know.
Messing with the integrity of a web page's content without your users' consent is a gross violation of trust. Doing it inside of a browser extension is adware. Doing it as a privacy-focused company is... a fast way to destroy your image as a privacy-focused company.
If you're manipulating the display of a page that I'm visiting, without an opt-in, and you're being shady about calling it advertising, why should I expect that you're going to treat email with the level of integrity required/expected?
This is a hard red line that you've crossed, especially as a privacy-focused company, and instead of backing down, you're blaming your UI design? Stop. There is no amount of UI work that makes it OK to silently insert your ad into someone else's content.
If you want to cross-promote (please don't, but if you must), you need to do it in a way that makes it clear it's coming from the extension, and not manipulating third-party content without user consent. The second you start inserting your message into a page that I'm reading, is the second that I uninstall your extension and never use it again.
Which is a shame. I like your search product, and I thought that I liked your company's philosophy and goals. Oh well.
If the feature is the point of the extension you’re installing, maybe don’t install the extension.
And for what it's worth, I use a password manager and have used a few over the years, and I've never encountered such an obnoxious UI from one.
For myself, the pictures from OP looked much more like an onboarding tutorial for the extension's features than they did an ad, and I suspect that's how most people would react.
You have a brand that requires trust. You've built up that trust slowly, and it could be destroyed so easily. To me this injection crosses a line of interfering with content that isn't yours. You are trusted to have access to this content, not to change/add to it. I get that it's not quite the same as 3rd party ads, etc. But it's an untrustworthy thing to have done.
As a happy long time user I'm currently still willing to give some benefit of the doubt about this being a misstep, and I'm hoping to see it corrected shortly.
But I think the value of the trust you've built up shouldn't be understated. It won't take many scandals like this and once the trust fades you'll never get it back. The bigger issue to address is not just how to fix this, but also how to fix the broken decision making process that allowed this to happen at all.
Someone else has said about having a core set of values against which everything is reviewed. How about an ethics committee of sorts to uphold those values. A group of beta tester users who don't just test things work, but also give feedback on whether new changes are aligned with your brand and core user base. (Email is in my profile if you want to discuss this idea, if be interested in helping)
Sincere question from someone who doesn't understand why we're freaking out: Why is this different to you than a password manager doing the exact same thing with password fields?
Here's what I see: someone installed the DuckDuckGo extension, which now has a new feature. That feature is best implemented by having a little widget that allows creating a new alias. Users who haven't seen the widget before wouldn't know how to use it, so DuckDuckGo added an explanation for people who click on it without having set it up yet.
Where was the line crossed? Do you object to having a widget at all? Is the problem having an inline explanation introducing the feature? Is it the phrasing of the pop-up?
I see a lot of visceral reactions and condemnations, but I don't see anyone explaining what makes this an ad and not onboarding.
If I installed a browser extension to remove trackers from sites, I'd be surprised to find it adding in email onboarding buttons to every email entry form.
It may not be clear, but the email privacy thing is a new feature. I just checked back on the chrome store and it does now make it reasonably clear that it's part of the extension now. Fair enough. But for those who had installed before, this would have come as a surprise when it suddenly started happening. The change of purpose is surprising. This reduces trust for a brand who's entire reason to exist is built on trust from a user base who are more than the average amount of paranoid.
If I installed a speech synthesis extension who's purpose was to read out the content of a web page, I would be equally annoyed if it after an update it started verbalising extra words trying to encourage me to try out their braille books everytime I browsed Amazon. Braille books might be just what the average user of a speech extension might want. But it's still a breach of trust to start modifying other websites content for a reason you weren't explicitly given permission for.
Money is a helluva drug.
How do you differentiate which form fields you should offer your services on?
> This title implies we are injecting third-party advertising into web forms
You're literally injecting ads for your own products into web forms.
You could argue that people might think that "injecting ads" means "injecting 3rd party ads", and that wouldn't (currently) be true. But if you're not allowed to say that you are injecting ads, when you are injecting ads, that's super gray zone: Don't say we're doing X (we're doing X) because it makes us sound like we're doing X+1!
I switched from DuckDuckGo to https://searx.be/ during the outbreak of the Ukrainian war because DuckDuckGo started censoring Russian sites [1].
Email proxies may be seen as a privacy protection, but it comes with a vendor lock-in: You cannot reset the password for that service without DuckDuckGo now. So those ads have commercial value to DuckDuckGo, you're no goodie two-shoes here.
[1]: https://www.vox.com/recode/22981115/duckduckgo-free-speech-p...
I then read the details and I'm no longer horrified.
There is a difference between advertising your own services vs injecting ads from other parties. Injecting ads from other parties could imply sharing of personal data which would be worrying.
There is no breach of the DDG implicit user contract here which is low tracking and privacy.
I don't think there is a breach of DDG's contract but it it is a disappointing contrast to my expectations from DDG's brand, which I would expect to be more respectful of the user. This is disruptive.
I think it's a little distastefeul to inject stuff into the user's page, but it's not an outrage worthy of bailing from DDG. I do hope they reconsider their approach though.
"Enable Built-in Email Protection — Over 85% of emails sent to Duck Addresses contained trackers that can detect when you’ve opened a message, where you were when you opened it, and what device you were using. Email Protection makes it easy to block most email trackers and hide your existing address when signing up for things online, all without switching email providers."
Yes, but just one of the features, and not one I've been using because I wasn't interested in it at the time. This is a classic "advertising" opportunity that companies do all the time called "upselling," and it's absolutely an ad because the whole point is to get me to start using a feature that I'm not currently using.
I think many of the responses here have been overreactions, and "advertising" is definitely a dirty word on HN and gets some severe and undeserved knee-jerk reactions, but it is what it is.
When I installed this, it was offered essentially as a PrivacyBadger alternative. The only notification to me that it was being changed to new kind of extension offering more services was the injection of an advertisement for those services into the form fields of webpages I visit.
The existing extension already has a UI panel - it lives in the top right of my browser, under an icon. Plenty of other extensions have utilized this panel or a new tab page to respectfully inform me of changes to the offering. DuckDuckGo is the only extension that has decided to materially alter the contents of the webpages I visit without my consent to make such a notification.
Come on DDG lurkers, fix "-" so that searching for things like "Office -microsoft" or "apple -id" works correctly instead of returning results with "microsoft office" or "apple id" in the title and body! This is basic functionality we've had for years without issue! I don't know what broke it, but it's forcing me to G! far more often than I'd care to.
If you want privacy, it would be best practice to not install an extension that has complete read/write access to all of the pages that you browse.
This is what Chrome's Manifest v3 is killing by the way.
These other approaches do have limitations and may not be able to block everything but from a privacy perspective they are infinitely more secure than giving an extension full permissions.
Not at all, if they can't block everything uBlock Origin can block. I trust this extension infinitely more than the websites I visit. You can even install it from the package provided by Debian in its repositories [1] if you want an extra layer of review.
[1] https://packages.debian.org/bookworm/webext-ublock-origin-fi...
As a former Opera user, I'm all about feature bundling, but it's a little unintuitive what you get, especially when you're using a different search engine than DDG. :)
One issue I have with The Button is that tends to compete for space with other password manager buttons, but I don't know what the ideal solution is.
Of course I logically know that this is not an information security risk, but it feels sketchy. I am surprised it was shipped, and frankly also surprised it hasn't been rolled back. Someone else in the thread raised the point that this kind of UX can snowblind novice users against future phishing attempts.
I do appreciate that DDG is a company we can collectively engage with feedback like this in such a manner. I'm certainly not quitting them over this.
On one hand, he (CEO who replied here) probably has investors pushing and prodding about getting a return on the $172,000,000 (+?) that has been invested into the company.
On the other hand, users are so easily spooked by moves like this (often rightly) and attack the company. This isn't even that bad of a case, though.
I uninstalled the extension a long time ago, and I've been mulling over just going back to Google search, and this has made that decision for me. It's not only a bad idea, it's a bad idea that has full support from the top of the company.
Good bye, DDG.