DuckDuckGo Privacy Essentials rates synoforum.com B+

[Telos]

Two reports noted (similar to the "Community"...

 

[jeyare]

there isn’t problem of the synoforum.com site

based on ToS;DR:

Regarding the DuckDuckGo extension, when a site review hasn’t been uploaded to our database, the extension sets its rating to B+ by default, but shouldn’t necessarily represent our official rating.

whether it seems to me that the number of nonsensical steps leading to the feeling of virtual privacy is becoming so complicated that the system is damaging itself.

 

[fredbert]

From Safari's built-in privacy report.

 

[Telos]

Granted, the single tracker reported by DDG is downstream of Edge browser filtering and AdGuardHome. So there could be others, that fell before DDG saw the page load.

 

[SynoMan]

We are not using any privacy concerned trackers. Only Matomo for analytics.

 

[one-eyed-king]

To sooth your mind, you can always run a check on Qualys SSL Labs It Ranked the page with an A

A+ could be achived by settings the server configuration to:
- remove weaker TLSv1.2 ciphers (at the cost of loosing old clients)
- enforce OCSP Stapling (not sure if this realy adds to the calculated score)

Those TLSv1.2 ciphers can be removed savely:
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Though removing the TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher, would cause problems with severall older Safari versions:
- Safari 6 on iOS 6.0.1
- Safari 7 on iOS 7.1 and OS X 10.9
- Safari 8 on iOS 8.4 and OS X 10.10

 

[Acetone]

Can somebody point me to a site other than the DDG home page that isn't B+ or lower.
I don't think I've ever seen an A site in all those I browse

 

[tekguru]

I've just run the Qualsys tests on my forum portal and ended up in a fit of the giggles. Okay I got an A+ rating, but.....

BEAST attack Mitigated server-side (more info)
POODLE (SSLv3) No, SSL 3 not supported (more info)
POODLE (TLS) No (more info)
Zombie POODLE No (more info)
GOLDENDOODLE No (more info)
Sleeping POODLE No (more info)

Still chuckling.....

 

[one-eyed-king]

I am not sure if we interpret the results as the same:
my understanding is that you setup does not "support" (as in is not affected by) those attack vectors. I guess one would need to run very old versions of nginx or apache to be affected by those attacks.

True, the names are kind of odd...

 

[fredbert]

What about COCKERPOO I hear that’s popular now

 

[tekguru]

It was the names that had me chuckling not any security concerns