Hacker News new | ask | show | jobs
by jmccorm 2353 days ago
I read through the OneSearch Privacy Policy a few more times than I'd like to admit. Actually, I was inspired enough to take pencil to paper to illustrate the participants, what sensitive information flowed between them, when, and where. One potential exposure quickly jumped out at me as I ran through the flow of data surrounding an advertisement. Will OneSearch be able to deliver a winning advertiser's content (image, javascript, Wasm, iframe, whatever) without granting the advertiser any additional user information or session information (such as IP address, browser plugins, user agent, search terms, etc)? If so, how is this accomplished?

I believe that Verizon Media is being honest (at least from a literal perspective) in their OneSearch Privacy Policy, but I don't think that they're going out of their way to point out any known residual risks. It seems like the winning bidder (for advertisements placed on search result pages) ends up with a very healthy chunk of identifying information, and also what search terms you are currently using. Am I missing something with this one?

PS (and DDG too): The OneSearch Privacy Policy details some of the privacy implications in selecting an advertisement which matches your search results, but once an advertisement has been selected, it falls silent on any privacy concerns with actually delivering and displaying that advertisement to you. I think that's where they've got some exposure with browser-based access. Worth noting, this same issue might also be in play on DuckDuckGo. (I haven't looked into it.) If someone has publicly examined aspect of DDG in any depth, I'd appreciate a link to the article. If not, this seems like a very worthwhile security issue for someone to follow-up on.

Disclosure: These are my personal thoughts and they do not reflect an indirect commercial relationship that I have with OneSearch. I have no "insider" or unpublished information that is significant to this topic. Like most people, I too was unaware that OneSearch even existed before reading the article.