Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ DuckDuckGo Restored in India, Responds to Favicon Concerns

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š DuckDuckGo Restored in India, Responds to Favicon Concerns


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: yro.slashdot.org

DuckDuckGo made the news twice this week. First its service was reinstated across India last Saturday, after being unreachable for nearly three days, for reasons which remain unclear. "We have contacted the Indian government but have not yet received a response," a DuckDuckGo spokesperson told The Verge. "We are bewildered on why the Indian government would instruct Indian ISPs to block DuckDuckGo, but are optimistic that this will be resolved soon." But at roughly the same time the search engine faced another controversy about how DuckDuckGo fetches favicons, according to one cybersecurity blog: First submitted as an issue in July 2019, GitHub user Tritonio flagged the offending script, saying: "This seems to be leaking all(?) the domains that users visit to your servers." The script in the Android version of the DuckDuckGo application showed that favicon fetching was routed through DuckDuckGo systems, rather than made via direct website requests. Daniel "tagawa" Davis, communications manager at DuckDuckGo, said at the time that the "internal" favicon service was used to simplify the favicon location process, but as the service is rooted in DuckDuckGo's existing systems, the script adhered to the company's privacy policy which pledges not to collect or store any personal user information. The case was then closed. However, when the issue became public on the GitHub tracker this week, this assurance was not enough for everyone. Some users requested that the case be re-examined, citing potential information leaks caused by the script choice, considered by some as an inherent 'design' flaw or human error. In response to the discussion concerning the favicon telemetry, founder and CEO Gabriel Weinberg said he was "happy to commit us to move to doing this locally in the browser" and will address it as a matter of priority. He added that as DuckDuckGo's services are encrypted and "throw away PII [personally identifiable information] like IP addresses by design", no information was collected, stored, or leaked. The company's slogan is "Privacy Simplified". It is this concept, Weinberg told The Daily Swig, that led to the rapid decision in changing how favicons are managed. Weinberg acknowledged that there is an ongoing security debate concerning which option for fetching favicons is more secure, and arguments can be made for each choice โ€” but added they both offer "basically a similar amount" of privacy... You can ask a browser to connect to a website and fetch the favicon โ€” potentially making multiple requests in the process โ€” or you can use the firm's encrypted service... "It's a known anonymous service," Weinberg told us. "You're already connected to DuckDuckGo because you're using the app. It's not that it is leaking any more information, because you conduct a search with us which has the favicons anyway." DuckDuckGo's service is also faster and uses less bandwidth as the service is running server-side and favicons are cached, Weinberg says.

Read more of this story at Slashdot.

...



๐Ÿ“Œ DuckDuckGo Restored in India, Responds to Favicon Concerns


๐Ÿ“ˆ 96.77 Punkte

๐Ÿ“Œ phpScheduleIt Booked Scheduler 2.7.5 File Upload Web/custom-favicon.php Favicon privilege escalation


๐Ÿ“ˆ 41.24 Punkte

๐Ÿ“Œ DuckDuckGo: Partial bypass of #483774 with Blind XXE on https://duckduckgo.com


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ DuckDuckGo: XXE on https://duckduckgo.com


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ GitHub - dhelmr/ulauncher-duckduckgo-bangs: Search and use duckduckgo bangs from ulauncher


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ DuckDuckGo: Partial bypass of #483774 with Blind XXE on https://duckduckgo.com


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ DuckDuckGo: DOM XSS on duckduckgo.com search


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ DuckDuckGo: Reflected/Stored XSS on duckduckgo.com


๐Ÿ“ˆ 30.1 Punkte

๐Ÿ“Œ Microsoft responds to UK concerns over the Activision-Blizzard deal for Xbox


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ Eufy Security responds to camera security concerns


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ Eufy responds to camera security concerns


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ Temporarily blocking its employees from accessing ChatGPT over security and privacy concerns, Microsoft responds


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ The Pokรฉmon Company responds to Palworld plagiarism concerns: "We intend to investigate and take appropriate measures"


๐Ÿ“ˆ 29.38 Punkte

๐Ÿ“Œ Multiple Service Providers Are Blocking DuckDuckGo In India


๐Ÿ“ˆ 25.02 Punkte

๐Ÿ“Œ India Blocks High-Profile Chinese Apps on Political, Privacy Concerns


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ India Bans Another 43 Chinese Apps Over Cybersecurity Concerns


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ India Asks WhatsApp To Withdraw New Privacy Policy Over 'Grave Concerns'


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ Twitter compete Koo raises data privacy concerns in India


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ Air India data breach highlights concerns around third-party risk and supply-chain security


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ Indiaโ€™s new rule for VPNs raises data security, surveillance, and privacy concerns


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ Indiaโ€™s Abuses at Home Raise Concerns About Its Global Counterterrorism Role


๐Ÿ“ˆ 21.82 Punkte

๐Ÿ“Œ Garda IT Systems Now Restored Following Attack (August 7 and 8, 2016)


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Garda IT Systems Now Restored Following Attack (August 7 and 8, 2016)


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Rock Out in a Perfectly Restored Range Rover for Just $170K


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Anti-Israeli wiper malware locks data that canโ€™t be restored


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Solus overwrote Manjaro's EFI bootloader. Here's how I restored it with TimeShift


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Mozilla Restored Avast, AVG Browser Extensions To Add-Ons Store After Original Ban


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Seattle Restored ISP Privacy Rules in the First Local Blow To Trump's Rollback


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ How I Restored Picroma Plasma Without Patching, and Why I Needed to Make a New Assembly Language to Do It


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Internet Archive Says It Has Restored 9 Million Broken Wikipedia Links By Directing Them To Archived Versions in Wayback Machine


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ My epicgames account got hacked. I restored the account but have some questions


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ U.S. Congress Should Stop Security Assistance to Guatemala Until Rule of Law is Restored


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Microsoft Says Bing is Restored in China


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ HBO Max quietly restored service to Linux users


๐Ÿ“ˆ 21.75 Punkte

๐Ÿ“Œ Restored disk image, recover previous data?


๐Ÿ“ˆ 21.75 Punkte











matomo