DuckDuckGo: Erweiterung der Stellungnahme
DuckDuckGo hat mich nun direkt kontaktiert und die folgende Stellungnahme abgegeben (hier die Stellungnahme via Reddit):
Hi Mike – ok sounds good. Given the translation, we’re not exactly sure all the conclusions in your post, but wanted to send some more background on what `trackers-unprotected-temporary.txt` file is, and why it exists (it has nothing to do with companies paying to be on this list).
We employ a variety of techniques to protect our users‘ privacy, such as blocking requests to endpoints used for tracking, applying anti-fingerprinting techniques to prevent websites and third parties from creating a unique fingerprint of your device, limiting websites and third party’s ability to store persistent identifiers on your device, etc. The list goes on, and we’re constantly shipping new protections to counter new forms of tracking.
The unfortunate reality is that sometimes these protections can cause websites to break in unexpected ways. We know how frustrating it can be when some core functionality on a website doesn’t work, and our goal has always been to minimize this frustration. Identifying site breakage in an automated manner is still an unsolved problem, so we rely on our users to report websites that are breaking so that we can investigate and fix the underlying issues.
This is where the `trackers-unprotected-temporary.txt` list comes into play. It’s not always straightforward to determine the root cause of site breakage, and sometimes implementing a fix takes time. So when we receive enough reports for a website and investigation proves that we are breaking core functionality of the site, rather than leave the site broken indefinitely while we work on a fix, we add the site to `trackers-unprotected-temporary.txt` so that the site function properly. Then when we’ve implemented a proper fix, we remove the site from this list. Nothing is meant to be on this list indefinitely, as its name suggests.
If you look at the list, you’ll notice that the majority of entries are banking websites. The reason this is the case is twofold: 1. Banking websites tend to employ intense anti-fraud measures when logging in, and these often involve tracky behavior that is stymied by our privacy protections, and 2. In order for us to properly identify the root cause of the breakage, we need to be able to reproduce it. Unfortunately with banking websites, the breakage tends to occur during the login process, and we don’t always have the credentials to validate the breakage. This makes things difficult.
We’re undertaking a few projects now to improve this and make it more clear when a site is on the allow list, as well as provide users with the choice to use this list.
Ich reduziere die Aussage mal auf das Wesentliche:
We’re undertaking a few projects now to improve this and make it more clear when a site is on the allow list, as well as provide users with the choice to use this list.
Danke. Das halte ich für sehr vernünftig, dass der Nutzer in Zukunft darüber informiert wird, wenn eine Seite vom Tracking-Schutz ausgenommen ist. Offenbar wird man auch die Wahl haben, die temporäre Allow-Liste zu deaktivieren. DuckDuckGo bessert also nach. Prima!
Facebooks Daten-Blowouts: Eine Verständnisbrücke Teil1
Tracking-Wettrüsten: Das CNAME-Cloaking
Mozilla Firefox: Datensendeverhalten Desktop-Version – Browser-Check Teil20
DuckDuckGo bezieht Stellung zur Deaktivierung des Tracking-Schutzes
