DuckDuckGo devs warn that refuse from third-party cookies does not prevent browser tracking

This week in a post that appeared on the DuckDuckGo developer blog, the devs of the browser warn that refuse from third-party cookies will not prevent tracking.

The creators of the privacy-focused search engine warn that Google’s widely discussed plan to phase out third-party cookies in Chrome by the end of 2022-2023, as well as related restrictions already implemented in browsers such as Brave, Firefox and Safari, will not prevent manufacturers from monitoring users.

“To really stop Google and Facebook from tracking you on other sites, you must block their trackers from loading in your browser when you visit other sites. It is not enough to simply restrict them after downloading (for example, by disallowing the use of third-party cookies)”, – the head of DuckDuckGo Gabriel Weinberg says.

Two of the most common trackers, Google Analytics tags and the Facebook pixel, can be implemented with first-party cookies, so they are not blocked even after third-party cookies are limited. Weinberg argues that simply loading a tracker (script, image, or cookie) is already the beginning of tracking:

“The tracker can collect a lot in advance, including information about your device (IP address, user agent, HTTP headers, and so on), as well as your information that the site decides to send along with them (for example, from basic cookies).”

DuckDuckGo writes that, in essence, there are many ways to track users without third-party cookies, for example, IP addresses, in combination with other network data, can be used for fingerprinting and creating a browser ID.

Weinberg is confident that Google’s technologies designed to replace third-party cookies, such as Federated Learning of Cohorts (FLoC), and related ad delivery methods allegedly designed with an emphasis on privacy, can still be useful for tracking people. In particular, FLoC aims to assign interest group identifiers to users and it can be combined with an IP address, eventually becoming a unique identifier for a specific person.

“So any tracker that receives both [FLoC ID and IP address] can be used to track and navigate user behaviour exceptionally well without third-party cookies or anything else”, — Weinberg concludes.

To protect against such surveillance, the developers suggest using the DuckDuckGo browser extension available for Chrome, Firefox, Edge and Safari, as well as the company’s mobile browser for iOS and Android.

According to a page load time benchmark from WebMD.com, the DuckDuckGo extension reduced page load times for Chrome, Firefox and Safari (with default settings) from 20.2, 15.3 and 13.1 seconds to 9.9, 9.1 and 7.5 seconds, respectively, that is, an average of 46%.

The extension also reduced the amount of data transferred by an average of 34% and the number of requests for file downloads in Chrome, Firefox and Safari by 66% on average.

Let me remind you that we also said that In Android version of DuckDuckGo browser found vulnerability that helps faking URL.