So a bit ago I got an add for “canned rambutan”. I had looked up Rambutan a few days prior after hearing it mentioned 10 hours into the video game Baby Steps. I wasn’t using a VPN at the time and I didn’t have fingerprinting protections active but I only mentioned it to a few sources (according to my browser history) all of which generally are implied to be private.
Which of these do you think is the reason the ad networks know?
- Wikipedia
- Startpage Search
- Duckduckgo Search
- My ISP
- Firefox
- My Firefox Extensions
- Kubuntu
- CachyOS
- The omnipotent algorithm connecting my mentions of Baby Steps with my progress through the game.
- Does this only make sense if my browser history is incomplete?
- Maybe I was using DNS over HTTPS via Cloudflare at the time of my search.
Any guesses as to where the weak link is?
It’s duckduckgo. Search duckduckgo.com with the term “restaurants near me.” You’ll often get responses that are close to your IP location.
That couldn’t happen unless DDG passes your IP address on to Bing. It’s possible they censor part of the IP and only pass part of it to Bing, but probably not.
(Go ahead! Try it!)
Since Bing sells to data brokers, data brokers know your IP is linked to a search for rambutan, even without fingerprinting your browser.
I’m not calling duckduckgo.com a honeypot… I’m also not calling it not a honeypot. But it knows too much for something supposedly private.
Any closed source firefox extension that has access to the browser display could be parsing the texts and selling it and your IP and other identifiers to data brokers. It’s part of how these extensions are profitable.
Cloudflare also does highly advanced fingerprinting and has a script called cloudflare insights, so it seems likely that any cloudflare activity is generating marketing data.