DDG "Privacy Essentials" is a highly privileged extension that can do absolutely anything with all of your private data. Installing it is among the worst ideas I can think of. This weird quirk is the least of its problems.
We have a strict privacy policy and don't have any user-level data (e.g., search or browsing histories) at all. Our extension is designed to be the "easy button" for privacy, and as such, needs to pack in it a wide variety of Web Tracking Protections as enumerated at https://help.duckduckgo.com/duckduckgo-help-pages/privacy/we... that require such permissions. We do not ask for any permissions that we do not need to make the privacy features of our extension work as promised.
Having worked with products designed for mainstream users, the screenshots posted by OP looked really harmless to me. It looks like a really common way to introduce a new feature in the form of a quick inline tutorial. The only thing that I would change is making it easier to dismiss the pop-up permanently.
Not really. The main claimed benefit is that it won't spy on you, which is one facet of what typical products designed for mainstream users do, but they're not primarily targeting the niche technical crowd.
In my area there were DuckDuckGo billboards along the interstate all last year. You don't buy interstate billboards unless you're targeting the mainstream.
I was curious what the answer to this was, so I went to their Chrome extension page[0] and the icon + UI is prominently displayed in the 5th image. They also mention email (albeit you may be able to argue it's too vague) in the very first image. They also mention the feature in the extension's description with a brief "what is it?" blurb. You do have to expand the overview section to see it, but I think that's on Google's UI and not on any individual extension/developer being shady (it's been so long since I've installed a new extension, but a quick glance around the store makes it seem like everybody with a "long" description has stuff hidden like they do).
I was just answering your question on if they advertised it, because I was also curious of the answer, haha.
edit: How do you like extensions to notify of new features? I've seen some do a new tab popup post-install, some just add them and you discover them like DDG, and I'm sure a few have added new features I'll never know about because they're disabled by default. I've always found the new tab way annoying, and I've been slightly less annoyed by just adding the feature with a way to disable.
> How do you like extensions to notify of new features?
No notifications at all.
Yes, I understand that it is a conflict of interest between me and whoever writes software.
Optionally, notification in some central standard system of notifications that people hating notifications can silence (not sure is such system existing - if it exists I silenced it long time ago). This would work fine as notifications-haters can disable them and vast majority of people will continue to get them.
So if I'm understanding correctly, you'd be fine with DDG's update if it was just the icon being added to the field (making an assumption here that the icon is how you activate the feature like a password manager), but by adding the ad/onboarding/whatever popup they went too far.
That's a fair criticism! At first, I was taking your stance as it was a terrible wrong that they added another privacy feature in general.
I don't think your extension in necessarily doing anything underhanded today, but I do think the privacy threat model marketed by your company is idiotic. You sell people fear, the idea that some corporation has binders full of GUIDs, and they know you bought socks! They are tracking you! Fear!
Then you sell them the idea that by installing your highly privileged software, that can read and transmit literally any data available to the user, they are enhancing their privacy. This is a stupid trade that nobody would take if they stopped and thought about it. The nebulous tracking thing is clearly lower risk than your browser extension, and there are other, better, less risky ways to subvert web tracking.
I am using Startpage and its extension requires only one permission "Access your data for sites in the startpage.com domain". Works much better than DDG anyway. Qwant has two extra optional permissions, but they are turned off by default.
