Browser tracking protections won't stop tracking, warns DuckDuckGo

Privacy don't like it, block the tracker, block the tracker


Eliminating third-party cookies will not stop companies from tracking web users, says DuckDuckGo, which claims it can help with its desktop browser extensions and mobile apps.

In a blog post on Tuesday, the privacy-focused search biz explains that the much discussed plan by Google to eliminate third-party cookies in Chrome by the end of 2022, and related restrictions already implemented in browsers like Brave, Firefox, and Safari, will have a limited effect on marketers' online tracking efforts.

You have to actually block their trackers from loading in your browser when visiting other sites

"To really stop Google and Facebook from tracking you on other websites, you have to actually block their trackers from loading in your browser when visiting other sites," said Gabriel Weinberg, CEO of DuckDuckGo, via Twitter. "Just restricting them after they load (like preventing them from using third-party cookies) isn’t enough."

Two of the most widely distributed trackers, Google Analytics tags and the Facebook pixel, for example, can be implemented using first-party cookies, so they're not blocked by third-party cookie limitations.

Weinberg argues that merely the act of loading a tracker – a webpage script, an asset like an image, or a cookie file – is itself a major tracking event. "The tracker can get a lot up front including your device info (IP address, user agent, HTTP headers, etc.) as well as your info the site chooses to send with it (e.g., from first-party cookies)."

Essentially, there are a lot of ways to track web users that don't rely on third-party cookies, like IP addresses in combination with other network data that can be used to calculate a browser fingerprint or identifier.

As we recently reported, third-party marketing firms have increased in the use of CNAME DNS records to borrow subdomains from publishers so their cookies appear to originate from a first-party domain and don't get blocked.

And app developers in China have been testing an identifier called the China Anonymization ID, or CAID, as a way to recover the tracking capabilities that will be lost once Apple finally implements the App Tracking Transparency framework that has so alarmed Facebook, Google, and other marketers.

Weinberg notes that the technology Google has in mind to replace the third-party cookie, like its Federated Learning of Cohorts (FLoC) scheme and related supposedly privacy-preserving ad delivery techniques, may still be useful for tracking. He argues that FLoC – which aims to assign interest group identifiers to users – can be combined with an IP address to become a unique identifier.

DuckDuckGo app on a smartphone screen next to Google search app and a finger touching it. Selective focus.

Apple's app transparency rules: Google's privacy labels for Chrome and Search on iOS highlighted by DuckDuckGo

READ MORE

"So any tracker that gets both [a FLoC cohort identifier and an IP address] can easily uniquely track and behaviorally target exceptionally well without third-party cookies or anything else," he said.

The DuckDuckGo tracker blocking app for mobile devices and desktop browser extensions can prevent trackers from loading, which not only serves to improve privacy but also speeds up page load times considerably.

In a page load time test of WebMD.com, the DuckDuckGo extension cut page load times for Chrome, Firefox, and Safari (with default settings) from 20.2, 15.3, and 13.1 seconds to 9.9, 9.1, and 7.5 respectively, or 46 per cent on average.

The extension reduced browsing data transferred by an average of 34 per cent and cut the number of browser requests for files per page load in Chrome, Firefox, and Safari respectively from 567, 602, and 411 to 164, 198, and 181, an average file count reduction of 66 per cent.

Enhanced web performance has long been a selling point for content blocking, ad blocking, and privacy extensions, many of which like uBlock Origin also prevent trackers from loading. But Weinberg points out that DuckDuckGo's software only blocks trackers and doesn't interfere with "non-creepy ads."

"DuckDuckGo is highly profitable based just on serving non-creepy contextual ads," he said. "We believe in a future where these types of ads are normal again, and think this future can be similarly profitable for publishers." ®

Broader topics


Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022