Page MenuHomePureOS Tracker

firefox-esr: default search engine tracks users
Open, NormalPublic

Description

Firefox ESR (formerly rebranded as PureBrowser) should not by default offer a search engine that tracks users.

Historically (before 2019) PureBrowser used Google known to track its users.

in June 2019 PureBrowser used DuckDuckGo which is believed to not track its users.

When rebranded PureBrowser was abandoned and Debian Firefox ESR reintroduced, the default search engine switched back to being Google.

NB! This issue is not about server-executed code being non-free (see T110) nor about it serving non-free JavaScript (see T609).

Event Timeline

james.rufer created this task.Aug 2 2017, 10:59
jonas.smedegaard reopened this task as Open.Dec 20 2017, 05:53
jonas.smedegaard added a subscriber: jonas.smedegaard.

Consider this issue to be about privacy (T110 is about nonfree services which duckduckgo is as well)

jonas.smedegaard renamed this task from Yahoo should not be default search provider in PureBrowser to purebrowser - default search engine tracks users.Dec 20 2017, 05:56
jonas.smedegaard claimed this task.
jonas.smedegaard raised the priority of this task from Low to Normal.
jonas.smedegaard updated the task description. (Show Details)
jonas.smedegaard added a project: Restricted Project.
jonas.smedegaard edited subscribers, added: zlatan.todoric; removed: jonas.smedegaard.
d3vid added a subscriber: d3vid.Dec 20 2017, 23:31

If we're using DuckDuckGo and want a stripped back user experience, I'd suggest the base URL of https://start.duckduckgo.com rather than https://duckduckgo.com

The "start" URL never shows you tips and intro cartoons, just a search box.

On the other hand, tips and cartoons might be friendlier for users who haven't seen DDG before?

This issue is about the choice of search _engine_ - i.e. where requests typed into the search field end when hitting return.

Is that what you are talking about too, @d3vid ? It seems to me that your comment is related but really about which search _page_ to promote (in bookmarks, or somewhere else...).

Please either clarify how your remark is directly tied to the choice of _engine_ - or file as a separate issue (to help me in not loosing track of all the moving parts!)

jonas.smedegaard added a project: Restricted Project.Dec 24 2017, 08:59
d3vid added a comment.Jan 16 2018, 05:44

My suggestion is that the search engine string is https://start.duckduckgo.com/?q=%s rather than https://duckduckgo.com/?q=%s. This means your search results and the DDG start page (if you click on the duck logo in your search results) don't have tips and cartoons. Although looking at the search engine options I'm not sure why I thought PureBrowser/Firefox could trivially be configured this way. I may have been confusing it with GNOME Web where it's a string not an add-on.

Fresh install of PureBrowser today and the default search engine is Google.

I recommend https://www.findx.com/ and https://gigablast.com/, they are 100% free software.

Thanks for pointing to FindX and GigaBlast.

While their code is Free software, at least FindX is driven by advertisements. Seems more interesting to me that we instead use SearX which is AGPL licensed and packaged for Debian - and that we also consider running an instance at Purism that we can fully control is ethical.

@EchedeyLR Please see above (sorry, forgot to mention your nick before).

Also, do you have any experience with the qualities of these search engines?

Gigablast seem to be hosted in the US which makes me uncomfortable.

EchedeyLR added a comment.EditedAug 7 2018, 10:54

Mmm, Gigablast should run without js, it has another options to show banned results, you can add your own domains to the crawl queue but, his code is a bit outdated.

About FindX with ads... --> https://get.findx.com/privacy-/
Personally, i have not found ads on FindX search, it could be because i am using adblock plus... then, the adverts should be easily lockable.

PS: Both are not meta-search engine, they are using their own index infrastructure. I only said it because when i have recommended them on others sites, people think it.
I think we should take advantage of free search engines with this feature, i remember that a meta-search engine really is using others search engines that are mainly privative software (especially searx engine by default). Other solution could be that your self-hosted searx instance only uses free search engines like gigablast (just allowed) and findx (not allowed yet).

FindX is not _personalised_ ads but search-term-based ads - for now only shopping-related: https://www.activateprivacy.com/how-private-search-engines-make-money/

FindX is a privately owned business that need money *somehow*.

EchedeyLR added a comment.EditedAug 7 2018, 11:12

I have not denied it, i just said "Personally, i have not found ads on FindX search, it could be because i am using adblock plus... then, the adverts should be easily lockable."

...and also i referenced where they said that use adverts.

Anyway, read all my message.

Look, I'm sorry I wasted your time, but arguing is not mine, in fact, I do not like it. I will limit myself to report the technical problems that I find in PureOS and I will also report the solutions that I find if I find them, and if not, avoid using it.

EchedeyLR removed a subscriber: EchedeyLR.Aug 7 2018, 11:48

@EchedeyLR seems there is some miscommunication here: I really appreciate your input and simply added some additional data points.

I am sorry if my way of responding and/or ask you followup questions discouraged you.

I sincerely hope that you will continue to share your knowledge and opinions here!

I proposed this for your idea: "Other solution could be that your self-hosted searx instance only uses free search engines like gigablast (just allowed) and findx (not allowed yet)."

@EchedeyLR thanks - that is indeed an idea worth considering (and testing if results are decent or inadequate).

jonas.smedegaard added a comment.EditedAug 8 2018, 03:46

This issue is solved since release 52.9.0esr-1pureos3, uploaded to landing today August 8th.

(keeping this issue open until release has entered green and this issue is confirmed fixed)

For the record: This issue was fixed by favoring DuckDuckGo over other search engines for all locale regions.

jonas.smedegaard closed this task as Resolved.Aug 14 2018, 10:58
jonas.smedegaard updated the task description. (Show Details)
Wayne added a subscriber: Wayne.Jan 6 2019, 06:13

Here is another data point on fingerprinting in DuckDuckGo.

I use both StartPage and DDG, depending on my searches. I am running Firefox Quantum--previously PureBrowser--and using URLs for searches, rather than add-ons. What is interesting is that I can reproduce the result of the post in your link using duckduckgo.com, but NOT start.duckduckgo.com. Presumably, the search bar will result in DOMRect calls too.

Way back when, I noticed that when using the search bar, it added an indicator that I was using Firefox (PureBrowser). I used start.duckduckgo.com because I did not like the nags to add DDG to my browser, etc. and I could use URL paramaters, e.g. to use dark mode without using cookies.

I wonder if DDG is really tracking via fingerprinting or if it is trying to figure out what browser is being used for displaying the results. I am not sure I would conclude tracking, though it would pay to be cautious. They are making money. Nevertheless, the Purism Forum apparently also calls DOMRect and indicates fingerprinting, but I really do not think Purism is tracking me, other than when I login. I hope not. :-)

Thanks for those details, @Wayne!

So to properly understand this, we need to distinguish between...

Possibly above variability is really the same (i.e. search bar uses the shorter URL) but possibly not: Search bar includes additional vendor hint which may trigger different behavior. Currently PureOS reuses the Debian vendor hint.

NB! Please file as a separate issue that our forum software uses fingerprinting techniques!

DuckDuckGo is using jQuery functions that check canvas size. Are they actually tracking users? I would prefer not to jump to conclusions here. This makes me skeptical: https://www.reddit.com/r/privacy/comments/ad4h0u/duckduckgo_now_fingerprinting_visitors/

Without a 100% FOSS solution (complete source published for backend and frontend implementation), we have to put trust in some entity/company as search default. Even if that happens, we still are putting trust in another entity unless we run a search engine of our own... in my opinion Searx is great and we may explore that at some point, but it's not quite robust enough yet for users jumping ship from Google.

I would like to suggest:

  1. That we have DuckDuckGo as default (in PureBrowser settings, address bar and search bar), unless we definitively know they are tracking users.
  1. That we remove all Big Tech options and have these choices in PureBrowser settings under Preferences > Search: DDG, Qwant, Startpage/Ixquick, Disconnect, Searx. Optionally, I've also heard Metager suggested but can't vouch for it.
  1. That we provide specific browser / JavaScript / DOM information (perhaps from the browser console) when discussing issues with suspected tracking and browser fingerprinting. Otherwise the discussion can go off the rails rather quickly.

Thanks all for your contributions and keeping privacy strongly in mind. We are all in agreement, I'm sure, that PureBrowser needs to offer strong privacy and security for users.

Wayne added a comment.Jan 7 2019, 04:37

@jonas.smedegaard, if you meant for me to do so, I do not mind opening a new task for the Purism Forums. I think, however, others are better equipped to do so and would have more detailed debug information to write in the comments. But is it necessary? Part of my point was that indications from CanvasBlocker and others are not necessarily showing that anything nefarious is happening, though it may be worth noting.

@sean.obrien, thank you for that link. Like some of the others, I personally did not plan on stopping my use of DDG until I saw much more.

@Wayne yes I meant to suggest that you file an issue (here on tracker.debian.net, not in the forum) about our forum triggering warnings about fingerprinting.

I don't want you to do it if you don't feel comfortable doing it. I just know that I feel uncormfortable doing so myself, because really I would be only proxying info I got from you.

Also, I don't want you to report that it is a privacy issue - unless you feel that it is. It might be a far less severe issue, but sounds like an issue - why else would you mention it?

Wayne added a comment.Jan 8 2019, 04:07

I do not think there is a problem with either DuckDuckGo, without a more information, or the Purism Forums.

The (fallacious) logic in the post of the provided link is: 1) Some have used some JS APIs to fingerprint and track users; 2) CanvasBlock indicates DuckDuckGo is using a such an API (DOMRect). Therefore, DuckDuckGo is tracking users.

I mentioned the Purism Forum as a counterexample. The software Purism is using yields the same, high-level indications from CanvasBlocker. I know mistakes are made, but I generally trust Purism's software.

As a developer, I wanted all the information I could get before making a design decision or fixing a bug, even if others thought it trivial. I guess I was clumsy in trying to provide more information and observations. Sorry to be confusing in doing so.

reporting bugs is not an accurate science - it is highly appreciated that you filed a report when only suspecting a potential issue here, @Wayne !

@jeremiah.foster Please (not only update description but also) make a comment elaborating why you consider DuckDuckGo is really tracking users.

@jeremiah.foster you extended the description field of this issue to specifically list DuckDuckGo as bad.

Please elaborate on why you think that is the case. I see no substantial evidence presented in comments.

I don't think I did do that @jonas.smedegaard - the details of the task description show something more nuanced than "bad". If you feel that there is no evidence for DDG tracking and fingerprinting users, and personally I deem the DDG statement as acceptable, then I think we can move forward. In other words, that caveat I added shouldn't be a blocker but rather something to keep in mind and as evidence that we've thought about the problem.

jonas.smedegaard closed this task as Resolved.Jun 3 2019, 07:09
jonas.smedegaard updated the task description. (Show Details)
jonas.smedegaard renamed this task from purebrowser - default search engine tracks users to firefox-esr: default search engine tracks users.Jun 12 2021, 03:55
jonas.smedegaard reopened this task as Open.
jonas.smedegaard updated the task description. (Show Details)
jonas.smedegaard merged a task: Restricted Maniphest Task.
jonas.smedegaard added a subscriber: el.