Today I was using DuckDuckGo website to look for some exhibitions. I typed "Ausstellung" (German word for exhibition) and accidentally pressed Enter. What happened next was interesting. The search result was full of pages related to my city!!!
I don't live in Berlin any other big city. I live in a small city, and the result was all about exhibitions in my city.
As far as I know Bing serves the DuckDuckGo results. And DuckDuckGo privacy policy says that it doesn't share our IPs with Microsoft. If it's true, how could it happen?
To me, it means only one thing: Bing knows my IP or at least my city and country.
Update: it seems that it only happened in desktop version of the website. `t` param should be `fpas` or `ffab`, it seems.
If you live in a German speaking country you can try this:
https://duckduckgo.com/?q=Ausstellung&t=fpas&ia=web
Update 2: I updated the title from "shares location" to "shares users IP" to make it more clear.
If I search for "exposiciones" (Spanish, most common word for exhibitions) it will show mainly -but not exclusively- stuff in my city. But if I search for "exhibiciones" (Spanish, equally valid but not the most common word) almost no results will relate to my city. And if I search for "eventos" (Spanish, literally "events", wider meaning than exhibitions but also a more widely used term, I'd guess) none of it will relate to my city.
If I do the same searches directly on Bing, they are always related to my city.
So, my guess is Bing doesn't know about my location through DuckDuckGo, but DDG themselves may be processing Bing's results further depending on my search, which seems likely anyway.
(Submitted title was "Tell HN: DuckDuckGo shares users IP with Microsoft")
The DuckDuckGo help pages address this specifically:
There may be cases when you want more accurate location-based results like local weather and restaurants. We can still serve results for searches like these (including instant answers and ads) while keeping you anonymous.
To do this, DuckDuckGo Search simply guesses your location using a GEO::IP lookup with the IP address that’s automatically sent to us via your device; then we throw away both the guessed location and the IP address, per our Privacy Policy, saving none of that info on our servers. Our default search experience was designed so that we don’t need to request any additional information than what you are already sending.
This process isn’t always accurate enough; for example, DuckDuckGo Search may end up assuming you’re hundreds of miles away from where you actually are, especially on mobile phone networks that route traffic through a central hub. That’s why we built an option that lets you improve the accuracy of your local search results.
<https://duckduckgo.com/duckduckgo-help-pages/privacy/anonymo...>
I keep my browser security settings pretty locked down, and explicitly reject sharing location data.[1] Yet if I do a generic search (say, "restaurant"), there are ... roughly localised results. Bouncing the modem (and obtaining a new IP) changes the location indicated. I've tested this with several queries that should provide pretty fine-grained localised results and ... as I reset my network connection these move around within the general local area.
NB, I'd written the following before checking DDG's help docs, and my assumptions appear accurate: Given the ways in which IP address location can be inferred, even with non-persistent IPs, I'd suspect that before accusing DDG of specific geolocation snooping.
(The fact that IPs can be and are used as proxies for location is itself problematic, but ... is far broader in scope than DDG's visible practice.)
Unless you've got something stronger to go on, or specific network traffic / cookie analysis, I'm going to call excess paranoia here. Not a bad sense to cultivate, but also one you don't want firing off half-cocked.
________________________________
Notes:
1. Firefox: Settings -> search "location", click "settings". I've just verified no sites permitted, new requests blocked.