For those of you who have no idea what I’m talking about: when you click on a link on the Internet, where you clicked from gets automatically sent to the site you clicked on (most of the time).
For example, if you’re on yahoo.com and you click to a story at the New York Times, your browser will send to newyorktimes.com some information that you came from yahoo.com — namely, the Web address of the page you were just on. This info is called the Referrer.
At issue here is that sometimes the Referrer contains personal information. In particular, when you use most search engines, your search terms are included in the Referrer. That is, when you search on Google/Bing/etc., and you click on a link, your search terms are sent to the site you clicked on. This search leakage doesn’t happen at DuckDuckGo.
I don’t see why this should not be called FUD. This post does not actually explain how any personally identifiable information (PII) leaks to third parties when you search for something using a search engine. Search terms don’t constitute PII. Duck Duck Go uses a clever trick to get the browser send a
Referer header with no search terms, but there are other tricks possible.
At the core, the problem is not with the
Referer header. By choice or by poor design, some sites include PII in URIs of pages that link to third-parties. That is the real problem. This is not a problem for Google or Bing to fix. Every site that cares about privacy of its users should just ensure not to leak PII in URIs.