DuckDuckGo Web Browser

Continued from Mastodon: Ever tried. Ever failed. and Pablo suggested DuckDuckGo’s mobile and desktop browsers.

The mobile browser is available on Android (from Google Play and GitHub) and on iOS from the App Store.

The desktop browser recently entered open beta for the macOS version and the Windows version is in early closed beta^1.

Regarding the Android/iOS version of the browser, there was a discussion on it on GitHub:

Regarding the desktop browser, seeing as we do not generally recommend beta software, I don’t think it’s something that we can consider at this point.

Additionally, I’m not sure exactly what it brings to the table. They seem to tout the fact that they’re not a Chromium fork, but all they do is use the built-in engine in macOS instead (following the approach that they’ve taken with Android, where DuckDuckGo browser is just a WebView browser, as well as on iOS, however they don’t really have a say on that in iOS).

Are there some standout features that would make this something that we should recommend over Brave, for example?

Personally beyond the cute mascot :joy: i cant find/think of a single reason to include it when there are more mature and better privacy/security featured browsers on other platforms.

I very much agree: it’s definitely an interesting project to track (especially if they add a new desktop browser engine to the competition with the non-macOS versions), but I don’t think the desktop browser is mature enough to provide a thorough evaluation yet, regardless.

I think that as the project evolves, there could be a good case to be made for things like the non-macOS desktop browsers.

It seems like the look and feel is designed to support a UX focus on “this is the privacy-invasive stuff that was happening and here’s what this browser has done to stop it”. It doesn’t really impact anything in terms of how what the browser is actually doing, though.

The announcement article I linked mentions features like the “fire button”, which seems to clear your session data in one click. I can see the accessibility being beneficial to a majority of users, but I don’t know the specifics of how this works and it likewise only offers convenience.

Otherwise, I haven’t had the chance to take a good look under the hood, but it does a few interesting things:

  • It prefers HTTPS by default, although I’d like to investigate how it handles unencrypted connections.
  • I haven’t looked at the source code or documentation yet, but they use Tracker Radar. From what I understand, it’s a domain-based fingerprinting solution which uses a list of known trackers. The list is automatically updated by their own crawler to rank based on things like prevelance, cookies, and calls for browser-based PII. I assume that this functionality will be built-in to the desktop browser.
    • Aside from the inherent limitations to a list-based resistance approach, I’d also like to find out more about their approach to first-party tracking.
  • They have an email protection solution which seems to offer aliasing, mitigations for tracking elements (e.g. images), and link referrals. This is built-in to the macOS desktop browser. I assume it’ll also be built-in to the non-macOS versions.

Currently, I don’t think there’s a good reason to recommend the desktop or mobile clients. I think that the engine limitations for the mobile clients and macOS version are such that it’s hard to see a use-case which is preferable to our current recommendations.

I do think that the desktop version for Windows will be worth looking at. Hopefully, there will also be a Linux version, but we’ll have to wait and see.

I think we should reconsider this when it’s out of beta. The zero config can be an advantage, likewise the bitwarden integration which would eliminate the need for any add-ons. That could be good FP wise.

When logging in to an appleid using their browser also Apple judges the browser to be default safari, so this could be an advantage.

1 Like

Reminder that they pulled this nonsense: Domains visited get leaked to DDG servers · Issue #527 · duckduckgo/Android · GitHub

2 Likes

I’ve been testing it, and I do think their Duck Player. Per Gizmodo:

Duck Player harnesses Google own tools for embedding video on another page using the strictest privacy settings available. According to DuckDuckGo, that means you’ll be better protected from tracking, and the ads you see won’t be personalized. In fact, the company says it prevented most ads from playing altogether during their tests, a perk YouTube otherwise makes users pay for.

Aside from that, email aliasing is useful and pretty painless, and from what I can tell is totally free. Not that I’m switching from SL right now, though.

The browser, feature-wise, is pretty basic. I could see setting my mom up with it, though. Settings are almost nonexistent, which may not be a bad thing. But I do wonder about fingerprinting, and if their tracking protection is enough of a content blocker to sub for Shields/uBO.

I do like Duck player…

1 Like

They also whitelist Microsoft trackers in their browser’s 3rd party tracking protection:

They do claim that they don’t want to, but the fact that they made no mention of this limitation until they were caught broke my trust in them.

1 Like

@dumpster
fwiw it appears Firefox does the same, but there was no such uproar about it:
See the “Tracker content blocking” section on PrivacyTests
for Firefox: PrivacyTests.org: open-source tests of web browser privacy
along with Focus and my Mull: PrivacyTests.org: open-source tests of web browser privacy

Bing Ads, Google, and Yandex don’t report as blocked there.

Focus for iOS even seems to allow Twitter? PrivacyTests.org: open-source tests of web browser privacy

1 Like