What specific fingerprinting techniques (canvas, WebGL, audio, fonts, IP) does DuckDuckGo blocklist target?

1. How DuckDuckGo describes what it looks for

DuckDuckGo’s Tracker Radar and associated blocklists flag trackers by crawling the web and cataloguing third‑party resources that set cookies, use browser APIs, or exhibit “fingerprinting behavior,” and that dataset feeds the blocklists used in DuckDuckGo apps and extensions ^{[1] [3]}. The README for the web blocklist explains that trackers are identified by “setting cookies or using browser APIs in a way that suggests fingerprinting,” which is a behavioral, detection‑driven approach rather than a static whitelist of specific APIs ^[3].

2. What protections DuckDuckGo says it applies

On its help pages, DuckDuckGo states two principal defenses: preemptively blocking many third‑party fingerprinting scripts before they load (Third‑Party Tracker Loading Protection) and “overriding many of the browser APIs used for fingerprinting” so they return no or less useful information ^[2]. Those are implementation strategies — blocking at load time and API‑level mitigation — rather than a public list that maps each API (e.g., Canvas or WebGL) to a specific blocklist rule ^[2].

3. Which specific techniques are explicitly named in the sources (and which aren’t)

The provided DuckDuckGo materials repeatedly use the umbrella terms “fingerprinting” and “browser APIs” and document that Tracker Radar records “fingerprinting behavior,” but they do not, in the supplied documentation, itemize a list that says “we block canvas fingerprinting” or “we block WebGL” by name ^{[1] [3] [4]}. Consequently, from these sources it is clear DuckDuckGo targets fingerprinting activity generally, but the documents do not explicitly enumerate canvas, WebGL, audio, fonts, or IP as individually called‑out blocklist categories ^{[1] [2] [3]}.

4. What can be reasonably inferred, and what remains unproven

Given industry practice and the wording DuckDuckGo uses — looking for third‑party use of browser APIs and overriding APIs — it is reasonable to infer the protections are intended to address common fingerprinting vectors such as canvas and WebGL rendering, font enumeration, and audio APIs, because those are standard “browser APIs” used for fingerprinting and Tracker Radar’s fingerprinting field is designed to capture such behavior ^{[1] [3] [2]}. That inference is plausible but not directly validated by the provided repo/help pages; the sources stop short of publishing a labelled mapping from technique (canvas, WebGL, audio, fonts, IP) to a blocklist item ^{[3] [2]}.

5. Motives, transparency limits, and alternative views

DuckDuckGo has an incentive to frame protections broadly — selling privacy products and open‑sourcing Tracker Radar helps its product narrative — and the public materials emphasize behavioral detection and API overrides while keeping rule details at the tracker‑entity level rather than as an explicit checklist of fingerprinting techniques ^{[1] [3]}. Independent researchers or competitors might call for more granular public lists showing exactly which APIs are stubbed or which script signatures are blocked; the available documentation instead prioritizes explainers about approach and dataset scope over exhaustive, technique‑by‑technique disclosure ^{[2] [4]}. The reporting supplied does not include a DuckDuckGo‑published catalogue that definitively confirms or denies each of the five named techniques are individually blocklisted, so that exact, technique‑by‑technique confirmation cannot be asserted from these sources ^{[2] [3]}.