Founder/CEO of DuckDuckGo here. This title implies we are injecting third-party advertising into web forms, which is not the case. (Edit: that last sentence is now moot since the title has been updated. Thank you.)

This is part of the onboarding for our optional DuckDuckGo Email Protection feature that comes with the extension. (Note if you just use our private search engine, you do not need our extension at all.) The feature generates email aliases for you on sign up forms (so you don't give out your real email address), which then forwards to your regular inbox with email trackers removed in the process: https://spreadprivacy.com/protect-your-inbox-with-duckduckgo.... It is mentioned in the add-on description as one of the extension's primary features, e.g., at https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-fo....

(x-posting part of another comment here for context on this feature: Popping up a level, the goal of our product is to be the "easy button" for privacy, and email protection is a big part of it, since as we (and others) have gotten much better at web tracking protection (e.g., see https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we...), unscrupulous actors have done more and more email tracking, using your email address as a unique identifier to track you across sites and putting email trackers within emails to do similar.)

Update: I am listening to the feedback presented here, though please know there is a whole team of people working on this feature, trying to bring needed email protection to our mainstream user base. Email protection as a concept is hard for people to understand and the team felt that this in-context onboarding was the best way to explain it. However, we will now revisit this given the feedback.

So, it's an ad for a service where email goes through your servers before reaching mine, for the purpose of removing tracking and hiding my address. This isn't onboarding, this is cross-promotion of another service and it's really F'ing gross.

Messing with the integrity of a web page's content without your users' consent is a gross violation of trust. Doing it inside of a browser extension is adware. Doing it as a privacy-focused company is... a fast way to destroy your image as a privacy-focused company.

If you're manipulating the display of a page that I'm visiting, without an opt-in, and you're being shady about calling it advertising, why should I expect that you're going to treat email with the level of integrity required/expected?

This is a hard red line that you've crossed, especially as a privacy-focused company, and instead of backing down, you're blaming your UI design? Stop. There is no amount of UI work that makes it OK to silently insert your ad into someone else's content.

If you want to cross-promote (please don't, but if you must), you need to do it in a way that makes it clear it's coming from the extension, and not manipulating third-party content without user consent. The second you start inserting your message into a page that I'm reading, is the second that I uninstall your extension and never use it again.

Which is a shame. I like your search product, and I thought that I liked your company's philosophy and goals. Oh well.

It’s exactly the same behavior as password managers, adding an icon in the form field.

If the feature is the point of the extension you’re installing, maybe don’t install the extension.

I installed this extension a long time ago, as a browser tracking protection tool similar to PrivacyBadger. I think it is objectionable that the nature of the extension has been changed to one that injects notifications into the contents of the webpages I visit, with the only alert to me of that change being the injection of notifications into the contents of webpages I visit.

And for what it's worth, I use a password manager and have used a few over the years, and I've never encountered such an obnoxious UI from one.

The biggest point here is messing with web content… don’t change content without consent- ddg are doing this here!

>This title implies we are injecting third-party advertising into web forms, which is not the case.

Its okay everybody, the CEO came out and said its *not* actually advertising but just simply an unsolicited, intrusive pop-up that tries to get users to use more of their services so its all good!

Happy DDG user who also hates extra popups while browsing here:

I think this only happens if you install the DDG extension. So it's not exactly unsolicited.

I totally get DDG wanting people to be aware of their services. I use their email proxy service and it seems like a solid addition to their portfolio. For me, anything that requires additional action or distraction when I'm just trying to do this one quick thing gets disabled / removed.

How often are people actually signing up for things? Maybe this could be a separate extension or at least have an easier way to mute the injected ad?

> I think this only happens if you install the DDG extension. So it's not exactly unsolicited.

Has extension mentioned obnoxious inline ads as one of things it will be doing?

When people were installing it?

It's literally what the extension does and what it's for.

It's a bit weird to call intended functionality for sonething you install explicitly for that purpose an "ad". Let alone an "obnoxious" one.

I mean, how else would you expect "email protection in the browser" to work at an extension level, other than the extension trigerring a message with more information when you're about to type your email?

I think I should clarify that I installed this extension quite a long time ago ago, and it has never served an unsolicited inline notification to me of any kind. The stated purpose at the time was website tracking protection, similar to something like PrivacyBadger, and that's what I use it for. It added a small button to my extensions menu that I can click to see some information about the website's requests and turn tracking protection on or off. The behavior I am criticizing in this post is not what the extension was for when I installed it, and it's not something it's ever done before.

I think it would be reasonable to notify me about this new feature in a less disruptive way, like from the extension's existing information pane. Inserting that inline into the websites I use isn't the only way to notify me, but it does seem like the most obnoxious way to do that.

Thank you for the response. I have edited the title to clarify it is a first-party advertisement for a DuckDuckGo service being placed alongside web forms.

Seeing this notification appear once, in the extensions area as a popup from the DuckDuckGo extension, would feel much less outrageous. It does not feel like onboarding, it feels like an ad. It is an unexpected disruption of my browser's usual behavior.

Thank you, though I still don't think it is fully clarified, i.e., a "DDG ad" could still be a third-party one.

I understand your concern though and again will take it to the team. Popping up a level, though, the goal of our product is to be the "easy button" for privacy, and email protection is a big part of it, since as we (and others) have gotten much better at web tracking protection (e.g., see https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we...), unscrupulous actors have done more and more email tracking, using your email address as a unique identifier to track you across sites and putting email trackers within emails to do similar. So, when you sign up for forms online, to escape this tracking, you really should be using a per-site alias, as well as using a service that strips email trackers from emails so you aren't tracked on email open.

I use DDG search as my daily driver. I want to support you and your mission. A simple “buy us a beer” link would probably get me donating/paying. However, this report of your extension adding interruptions to forms has guaranteed I will nevwr install your extension and strongly puts me off even trying your browser. It’s an abuse of the privilege your users grant you and you should stop it. It makes you look like you’re watching your users.

This. It is hard red line for me. Instantly uninstalled.

Wait until you find out how Safari interrupts your forms by default as well!

^ this

I am almost at the HN character limit, so it's a challenge to accurately describe in the title that DDG inserts its logo with a pop-out notification, requiring two clicks of interaction to dismiss, asking me to utilize another duckduckduckgo service in my inbox. I've altered it to "an inline popup," which I think is at least a more accurate way to describe this than an onboarding message (which wouldn't fit anyway). But frankly, as a user, to me it's an ad for another DDG service.

I've got no qualms with the product mission for the email tracking protection, I think it's a great one and I already utilize other email tracking protection myself . I made this post because I really like DuckDuckGo and I was just so astounded at this behavior. I tell everyone to "just use the duck website" because I really do believe in your stated mission, and I hope this post doesn't set off too much bandwagoning. My concern is voiced from a standpoint of support, not negativity. I really appreciate the opportunity to exchange this feedback with you directly and especially to add to this post that I really do generally love what you're building. When it doesn't get in my face when I'm trying to work.

I hope this post winds up being useful feedback. The decision to ship this into the product is mystifying to me. I would agree with the other users saying this should be recalled immediately while any internal discussion about it is ongoing.

> The decision to ship this into the product is mystifying to me.

Yegg discussed it the last time email protection came up on the front page - rolling it out internally into their android browser was the main goal, and the extension for others. The motivations are in the old hn posts. They could have rolled out a new app and extension, and maintained those on top of the current ones, but those would be extra codebases to maintain.

To clarify, the decision I find mystifying is the one to promote this via a phishy-feeling inline pop-up. The choice to incorporate email tracking protection into the product makes sense to me.

Yeah, considering how it has caught people off guard, a toggle in the settings, maybe an overview of it in a splash screen on their site, something before the actual form fill shows up. I'm curious if they discussed that much. It definitely would have kept the feature more obscure, so you can guess at the push back.

> (...) this isn't even really an ad at all -- it is part of the onboarding for our completely optional (...)

Wow. So disappointing.

Right. It's an Ad.

But then when is any button in the UI not considered an Ad?

Chrome's new Side Panel button is an ad for the side panel feature.

Can't comment, as I don't use Chrome.

But to answer your question, a button in the UI is not considered an Ad when it's there to facilitate whatever the app is used for.

Long time DDG user here. I really like the search and the android privacy app. I just wanted to add my vote to what others have said.

You have a brand that requires trust. You've built up that trust slowly, and it could be destroyed so easily. To me this injection crosses a line of interfering with content that isn't yours. You are trusted to have access to this content, not to change/add to it. I get that it's not quite the same as 3rd party ads, etc. But it's an untrustworthy thing to have done.

As a happy long time user I'm currently still willing to give some benefit of the doubt about this being a misstep, and I'm hoping to see it corrected shortly.

But I think the value of the trust you've built up shouldn't be understated. It won't take many scandals like this and once the trust fades you'll never get it back. The bigger issue to address is not just how to fix this, but also how to fix the broken decision making process that allowed this to happen at all.

Someone else has said about having a core set of values against which everything is reviewed. How about an ethics committee of sorts to uphold those values. A group of beta tester users who don't just test things work, but also give feedback on whether new changes are aligned with your brand and core user base. (Email is in my profile if you want to discuss this idea, if be interested in helping)

> To me this injection crosses a line of interfering with content that isn't yours.

Sincere question from someone who doesn't understand why we're freaking out: Why is this different to you than a password manager doing the exact same thing with password fields?

Here's what I see: someone installed the DuckDuckGo extension, which now has a new feature. That feature is best implemented by having a little widget that allows creating a new alias. Users who haven't seen the widget before wouldn't know how to use it, so DuckDuckGo added an explanation for people who click on it without having set it up yet.

Where was the line crossed? Do you object to having a widget at all? Is the problem having an inline explanation introducing the feature? Is it the phrasing of the pop-up?

I see a lot of visceral reactions and condemnations, but I don't see anyone explaining what makes this an ad and not onboarding.

For me it's about purpose and expectations. If I installed a password manager who's purpose is to inject my passwords into password fields that's what I expect it to do. That's fine. I'm explicitly giving it permission to inject such content.

If I installed a browser extension to remove trackers from sites, I'd be surprised to find it adding in email onboarding buttons to every email entry form.

It may not be clear, but the email privacy thing is a new feature. I just checked back on the chrome store and it does now make it reasonably clear that it's part of the extension now. Fair enough. But for those who had installed before, this would have come as a surprise when it suddenly started happening. The change of purpose is surprising. This reduces trust for a brand who's entire reason to exist is built on trust from a user base who are more than the average amount of paranoid.

If I installed a speech synthesis extension who's purpose was to read out the content of a web page, I would be equally annoyed if it after an update it started verbalising extra words trying to encourage me to try out their braille books everytime I browsed Amazon. Braille books might be just what the average user of a speech extension might want. But it's still a breach of trust to start modifying other websites content for a reason you weren't explicitly given permission for.

If the password manager injected anything else than a "paste password" button, for example anything that is a different product by the password manager authors... yes, same thing.

DuckDuckGo has made it very clear over the last few years that they don't have multiple products—they have an all-in-one solution. You can dislike their bundling and wish you could pick and choose the component parts, but that isn't what they're offering and it's reasonable of them to view this as a tutorial instead of an ad.

I think that what’s more important than rethinking and ultimately reversing this decision is to explore the conditions that made this idea internally palatable in the first place. Perhaps features need to be tested against a concrete set of principles. Otherwise DDG may just slowly corrupt even if nobody actually meant for it to.

You're right. For an at least somewhat effortful, complicating feature like that to have made it out to release, it leaves the emergent sensibility of the organization in doubt.

> This post originally just said "injecting ads into web forms,"

> This title implies we are injecting third-party advertising into web forms

You're literally injecting ads for your own products into web forms.

You could argue that people might think that "injecting ads" means "injecting 3rd party ads", and that wouldn't (currently) be true. But if you're not allowed to say that you are injecting ads, when you are injecting ads, that's super gray zone: Don't say we're doing X (we're doing X) because it makes us sound like we're doing X+1!

I switched from DuckDuckGo to https://searx.be/ during the outbreak of the Ukrainian war because DuckDuckGo started censoring Russian sites [1].

Email proxies may be seen as a privacy protection, but it comes with a vendor lock-in: You cannot reset the password for that service without DuckDuckGo now. So those ads have commercial value to DuckDuckGo, you're no goodie two-shoes here.

[1]: https://www.vox.com/recode/22981115/duckduckgo-free-speech-p...

right its not an ad. It's just a way to force possible future customer to know about a product your selling.

DDG has always been a little sketchy, but now I know.

@Yegg: Just curious, but I suspect your users will not understand that this might impact login on accounts when registering using an email alias. What happens if your service goes down or is discontinued?

How do you differentiate which form fields you should offer your services on?

I don’t understand whose whole message is focused around privacy could possibly have thought this was a good idea.

Money is a helluva drug.

Duckduckgo has pretty much become one of the mainstream search engines. Normal, everyday users who find google's surveillance offputting because of its comprehensive nature probably think they are comparatively more private with something like duckduckgo. They will probably not react as strongly as power users or more privacy oriented folk. So, i doubt the points of view on hacker news is very damaging to duckduckgo.

DuckDuckGo has sub-1% market share. There’s no sense in which that can be considered “mainstream”.

I just wanted to chime in and say thank you for taking the time to come explain. The HN audience can be quite unforgiving, especially those who comment on things like this, but there are a lot of us who read what you say and understand where you're coming from. I personally very much appreciate your consistency in responding reasonably to complaints.

For myself, the pictures from OP looked much more like an onboarding tutorial for the extension's features than they did an ad, and I suspect that's how most people would react.

This is filthy. Stop being disingenuous.

> the UX of this feature can be improved, and will take this feedback back to the team working on it.

It's adware, and you need to recall it.

You are injecting an ad :)

Just use your extensions power to look at everything the browser does and if you see they go to hackernews hid your “onboarding tool”

As a user of said new features I love it! Keep on improving

After clicking "Maybe Later" I get a "Don't Ask Again" option after that, so it's possible, but harder than it should be. This is definitely bad practice.

I don't feel like this should be enabled by default. It would be fine for them to advertise it when you click on the extension asking you to turn it on, but not inline on every email form with a double opt-out.

Maybe the CEO can jump on here again and give us a bunch of back-peddling double talk about how they’re misunderstood, as when they were caught censoring news results.

I no longer trust DDG and switched to Kagi. Whether that’s better for privacy I’m not sure but at least their business is driven by user payments and not ads.

That my quoted search terms don’t get blatantly ignored was actually the impetus to move.

It is simply not true that we have censored anything. I realize I previously explained how our news rankings work very poorly on Twitter, but I subsequently put out a clarification tweet[1] and then we made this help page with a much clearer (and detailed) explanation of how our news rankings work: https://help.duckduckgo.com/duckduckgo-help-pages/results/ne.... This is not "back-peddling"; it is the ground truth of what is actually going on with our news results.

[1] "We are not ranking based on any political agenda or my (or anyone else's) personal political opinions. We are also not assessing any individual news stories." https://twitter.com/yegg/status/1515637392190935041

I can't speak to the rest of the parent post but regularly experience my quoted searches being ignored and similarly when I don't want something using the correct syntax to exclude it the exact term I want to exclude us top and f the list. Very annoying.

And there it is.

> Maybe the CEO can jump on here again and give us a bunch of back-peddling double talk about how they’re misunderstood, as when they were caught censoring news results.

I must have missed this, what's this about censoring news?

I believe they're referring to when DDG announced they'd be doing something along the lines of deranking results that are pro-Russian, in context of the Ukraine-Russian war.

I saw the headline on your post and felt horrified.

I then read the details and I'm no longer horrified.

There is a difference between advertising your own services vs injecting ads from other parties. Injecting ads from other parties could imply sharing of personal data which would be worrying.

There is no breach of the DDG implicit user contract here which is low tracking and privacy.

You likely saw it just before I edited the headline. I didn't realize at the time I posted it, but the original title definitely could give the impression they're injecting 3rd party ads. Personally, this feels 90% as annoying as a third party ad. But my intent was definitely not to mislead, I was hesitant to even make a post because I don't want to be a bad HN citizen by starting a thread that becomes an emotional bandwagon.

I don't think there is a breach of DDG's contract but it it is a disappointing contrast to my expectations from DDG's brand, which I would expect to be more respectful of the user. This is disruptive.

The description of this extension explicitly tells you it will do this (integrated email protection). Works as advertised?

Did the extension always say that? Including people who didn’t install it this week?

Is it at all possible that this is a feature they added and hasn’t been there (and advertised) from the very beginning?

At least since June, it seems: https://web.archive.org/web/20220703202920/https://addons.mo...

I noticed this about an hour ago as well. They're advertising their email alias feature and doing it (quite effectively) by injecting into email fields. I don't think the site matters, it's just on an email field.

I think it's a little distastefeul to inject stuff into the user's page, but it's not an outrage worthy of bailing from DDG. I do hope they reconsider their approach though.

It's so strange people are calling this advertising. It's functionality of a web browser plugin that you have to install. It literally one of the features on the extension's description page.

"Enable Built-in Email Protection — Over 85% of emails sent to Duck Addresses contained trackers that can detect when you’ve opened a message, where you were when you opened it, and what device you were using. Email Protection makes it easy to block most email trackers and hide your existing address when signing up for things online, all without switching email providers."

This is at least the third similar reply I've read in this thread, so I'll just reiterate that this extension is much older than this feature, and at the time I installed this extension nothing about its description indicated it would ever behave like this.

When I installed this, it was offered essentially as a PrivacyBadger alternative. The only notification to me that it was being changed to new kind of extension offering more services was the injection of an advertisement for those services into the form fields of webpages I visit.

The existing extension already has a UI panel - it lives in the top right of my browser, under an icon. Plenty of other extensions have utilized this panel or a new tab page to respectfully inform me of changes to the offering. DuckDuckGo is the only extension that has decided to materially alter the contents of the webpages I visit without my consent to make such a notification.

> It literally one of the features on the extension's description page.

Yes, but just one of the features, and not one I've been using because I wasn't interested in it at the time. This is a classic "advertising" opportunity that companies do all the time called "upselling," and it's absolutely an ad because the whole point is to get me to start using a feature that I'm not currently using.

I think many of the responses here have been overreactions, and "advertising" is definitely a dirty word on HN and gets some severe and undeserved knee-jerk reactions, but it is what it is.

Sometimes the cure is worse than the disease.

If you want privacy, it would be best practice to not install an extension that has complete read/write access to all of the pages that you browse.

I don't know about DDG's extension, but if you want privacy, you definitely need an extension with a complete read/write access to all of the pages that you browse though. uBlock Origin would not be able to do its magic without this access. It needs to inspect and filter any request from any website, and to apply filters on the page too.

This is what Chrome's Manifest v3 is killing by the way.

There's other ways to do content / ad blocking without full read/write access to every web page you visit and every network request that is made.

These other approaches do have limitations and may not be able to block everything but from a privacy perspective they are infinitely more secure than giving an extension full permissions.

> they are infinitely more secure than giving an extension full permissions

Not at all, if they can't block everything uBlock Origin can block. I trust this extension infinitely more than the websites I visit. You can even install it from the package provided by Debian in its repositories [1] if you want an extra layer of review.

[1] https://packages.debian.org/bookworm/webext-ublock-origin-fi...

They're telling you that they can provide you with an email alias so you don't have to enter your legit email address. Using your legit email address on every site you register to helps them to track you. And you can turn off an email alias and spam to that address will stop.

If you install the Firefox Relay extension it does exactly the same thing, which is what I want it to do.

Or use safari, they do the same thing for free and it works seamlessly with iPhone and mac

Meta: Often reminded how hard being a funded CEO must be.

On one hand, he (CEO who replied here) probably has investors pushing and prodding about getting a return on the $172,000,000 (+?) that has been invested into the company.

On the other hand, users are so easily spooked by moves like this (often rightly) and attack the company. This isn't even that bad of a case, though.

Ads aside, injecting your UI into random sites sounds like a good way to train your users to get phished.

It sure didn't take long for the Founder/CEO to show up to try to spin this. If they're lurking here it kind of makes me feel like they've been intentionally ignoring my constant complaining about their search not working correctly.

Come on DDG lurkers, fix "-" so that searching for things like "Office -microsoft" or "apple -id" works correctly instead of returning results with "microsoft office" or "apple id" in the title and body! This is basic functionality we've had for years without issue! I don't know what broke it, but it's forcing me to G! far more often than I'd care to.

I like the e-mail service, especially for newsletters, but the UX is also a little weird the other way around: I ended up disabling the feature by accident, because I didn't know it was tied to the privacy extension which I otherwise didn't feel I needed.

As a former Opera user, I'm all about feature bundling, but it's a little unintuitive what you get, especially when you're using a different search engine than DDG. :)

One issue I have with The Button is that tends to compete for space with other password manager buttons, but I don't know what the ideal solution is.

Yeah, despite the "explanation", that's still an ad being injected. No thanks.

I uninstalled the extension a long time ago, and I've been mulling over just going back to Google search, and this has made that decision for me. It's not only a bad idea, it's a bad idea that has full support from the top of the company.

Good bye, DDG.

If you use Alternate Player for Twitch DDG privacy extension was preventing it from connecting with twitch servers and lose quite a bit functionality as you would always stay logged out. Not sure why it was doing that, but just a PSA regarding same extension

There is a VPN style ad blocker in the browser app, that must be the extension implementation.

Be grateful there's not a big purple monkey jumping around your screen!

I worked for a company that made an ad with a 3d model of a 777 flying out of the browser it was so intrusive and bad it would nearly crash your machine.

How did they get away with this? A secret browser extension that was installed with AOL’s AIM. which even if you didn't install came with plenty of windows machines preinstalled. We had some 100k users because of this. Nearly everyone I knew had this junk installed.

Edit: this was in 2002 in the wake of the dotcom crash, I had been laid off from my previous job and couldn't find anything for 8 months. The company went bust a couple years later.

Good ol’ BonziBuddy

Besides this, I have given up using mail protection because I find it very unpleasant to be forced to use browser extensions and search engines when I only want to use DuckDuckGo's mail protection.

It looks so weird! Especially when you see it on an email search field of a private CRM system.

Seeing it come up next to the share field in a OneDrive repo containing some sensitive documentation really set off my alarm bells.

Of course I logically know that this is not an information security risk, but it feels sketchy. I am surprised it was shipped, and frankly also surprised it hasn't been rolled back. Someone else in the thread raised the point that this kind of UX can snowblind novice users against future phishing attempts.

I do appreciate that DDG is a company we can collectively engage with feedback like this in such a manner. I'm certainly not quitting them over this.

I think the DDG inline icon is handy and use it a lot to generate proxy emails.. That was why I installed the extension in the first place. Good stuff.

I stopped using DDG a while ago. Brave is a much better option. Has similar bangs (i.e !g) and doesn't come with this nonsense.

I love that most of the engines use bangs now. Brave has done some questionable things too though, from my point of view. The bat implementation has had some incidents significantly worse than this form fill, like when donations were rolled out and anyone could be donated to even if they didn't know brave existed or had a way to collect on those donations.

We have a strict privacy policy and don't have any user-level data (e.g., search or browsing histories) at all. Our extension is designed to be the "easy button" for privacy, and as such, needs to pack in it a wide variety of Web Tracking Protections as enumerated at https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we... that require such permissions. We do not ask for any permissions that we do not need to make the privacy features of our extension work as promised.

Given that you just claimed that blatant ad is not actually an ad, does not make your other claims seeming trustworthy.

At this point all users should assume that you are lying also about not storing search histories matched to users.

Having worked with products designed for mainstream users, the screenshots posted by OP looked really harmless to me. It looks like a really common way to introduce a new feature in the form of a quick inline tutorial. The only thing that I would change is making it easier to dismiss the pop-up permanently.

Part of a problem is that main claimed benefit of DDG is that it will not behave like typical products designed for mainstream users.

Not really. The main claimed benefit is that it won't spy on you, which is one facet of what typical products designed for mainstream users do, but they're not primarily targeting the niche technical crowd.

In my area there were DuckDuckGo billboards along the interstate all last year. You don't buy interstate billboards unless you're targeting the mainstream.

Part of this plugin is explicitly for doing this sort of thing. e.g. You install it and part of installing it, is for this email service.

It's not promoting a new service. It's highlighting a feature of the thing you installed.

Has extension mentioned obnoxious inline ads as one of things it will be doing?

I was curious what the answer to this was, so I went to their Chrome extension page[0] and the icon + UI is prominently displayed in the 5th image. They also mention email (albeit you may be able to argue it's too vague) in the very first image. They also mention the feature in the extension's description with a brief "what is it?" blurb. You do have to expand the overview section to see it, but I think that's on Google's UI and not on any individual extension/developer being shady (it's been so long since I've installed a new extension, but a quick glance around the store makes it seem like everybody with a "long" description has stuff hidden like they do).

[0] https://chrome.google.com/webstore/detail/duckduckgo-privacy...

The problem is that vast majority of users installed it before the ad was added.

I was just answering your question on if they advertised it, because I was also curious of the answer, haha.

edit: How do you like extensions to notify of new features? I've seen some do a new tab popup post-install, some just add them and you discover them like DDG, and I'm sure a few have added new features I'll never know about because they're disabled by default. I've always found the new tab way annoying, and I've been slightly less annoyed by just adding the feature with a way to disable.

> How do you like extensions to notify of new features?

No notifications at all.

Yes, I understand that it is a conflict of interest between me and whoever writes software.

Optionally, notification in some central standard system of notifications that people hating notifications can silence (not sure is such system existing - if it exists I silenced it long time ago). This would work fine as notifications-haters can disable them and vast majority of people will continue to get them.

Ahhh, gotcha!

So if I'm understanding correctly, you'd be fine with DDG's update if it was just the icon being added to the field (making an assumption here that the icon is how you activate the feature like a password manager), but by adding the ad/onboarding/whatever popup they went too far.

That's a fair criticism! At first, I was taking your stance as it was a terrible wrong that they added another privacy feature in general.

Is this a feeling of yours or are there documented issues you refer to. Looking at what DDGPE does, it seems reasonable to have those privileges.

I am using Startpage and its extension requires only one permission "Access your data for sites in the startpage.com domain". Works much better than DDG anyway. Qwant has two extra optional permissions, but they are turned off by default.

.. instantly uninstalled on all 125 of our lab workstations and to the CEO: in this current browsing environment, you are afforded ZERO chances to alter our trust and then out for good.