Episode Details
Back to Episodes
Duck Tales: How DuckDuckGo protects users from different types of scams (Episode 7)
Description
In this episode, Gabriel (Founder) and Thom (Security Team) discuss Scam Blocker. How it works, the types of scams it protects against, and why our ‘bad pages’ list is updated so often.
Disclaimers: (1) The audio, video (above), and transcript (below) are unedited and may contain minor inaccuracies or transcription errors. (2) This website is operated by Substack. This is their privacy policy.
Show notes: See the full blog post on Scam Blocker.
Gabriel: Hello, welcome to DuckTales. I’m Gabriel, CEO and founder of DuckDuckGo. DuckTales is everything kind of inside DuckDuckGo. Today we have a new topic. I don’t think we have discussed much about security in our browser. I got Thom here. Thom, you want to introduce yourself?
Thom: Yeah, sure. Hi, I’m Thom. I’m one of the security engineers here at DuckDuckGo. I spend most of my time kind of in and out of browser security, product security, that kind of stuff. Yeah, that’s the kind of stuff I love.
Gabriel: Sweet. And I think we’re here today to talk about our Scam Blocker. If you follow our blog, we actually had a pretty big article about this when it launched a few months ago. And so you can always check that out too, but we’re going to tell you all about it here and some of the inside info on how it came together. Yeah, Thom, you want to just explain generally what it is? What is Scam Blocker exactly?
Thom: Yeah, sure. So I guess Scam Blocker is what we call our in-browser phishing and scam protection. It kind of runs in the background and checks websites as you visit them all locally in the browser. And we kind of have a pretty big data set here that we get from Netcraft. So we can protect against all sorts of scams — this isn’t your standard phishing protection. We try and protect against cloned e-commerce sites, fake crypto exchanges, scareware like fake virus pages, and advertising of fake products and stuff. So we have quite a lot that we’re trying to protect against, but this feature as a whole is that warning page that you get when you’re about to visit something that could be scammy or phishing related.
Gabriel: So let’s talk about that distinction a little bit. I guess backing up a little, how did this come together? How did we end up building this and then building it kind of differently than other companies?
Thom: Yeah, so it came from a long way back. Originally, we had this idea that we wanted to improve our tracking protection and all of this stuff — trying to make our browsers as safe as possible for our users. We knew that we wanted to do something in this space, but the challenge was that it’s quite easy to build a feature like this where it ends up looking like you need to check people’s browsing activity — and we can’t do that from a privacy perspective. So we knew that we had to do this in a privacy-preserving way, and we didn’t like the idea of sending any data to Google or Microsoft because they pretty much own this space in terms of browser protections. We weren’t comfortable with that, so that kind of led us down the path of building it ourselves.
Gabriel: Interesting. So like at a high level, our browser has a privacy protection list instead of blocking that we built ourselves because we didn’t believe anyo