duckduckgo · laghee · Nov 22, 2024
diff --git a/_docs/privacy/web-tracking-protections.md b/_docs/privacy/web-tracking-protections.md
@@ -168,7 +168,7 @@ Please note that even in the absence of this feature, your DuckDuckGo search ter
 | iPhone & iPad app | Referrer headers trimmed to the hostname for all requests originating from a different domain than the visited site through WebKit’s [built-in referrer tracking protection][webkit-referrer-tracking-protection]. |
 | Android app       | Unsupported due to [Android WebView][android-webview-api] limitations.                                                                                                                                             |
 | Mac app           | Referrer headers trimmed to the hostname for all requests originating from a different domain than the visited site through WebKit’s [built-in referrer tracking protection][webkit-referrer-tracking-protection]. |
-| Windows app       | Unsupported, but on our product roadmap.                                                                                                                                                                           |
+| Windows app       | Referrer headers trimmed to the hostname for all requests originating from a different domain.                                                                                                                                                                           |
 
 ## Embedded Social Media Protection
 
@@ -290,7 +290,7 @@ We consider some domains on our list to be “Infrastructure Domains,” for exa
 
 Because blocking Infrastructure Domains from loading any resources creates significant site breakage and prevents sites from loading resources they rely on, we take the approach of evaluating individual resources loaded from Infrastructure Domains, and apply [3rd-Party Tracker Loading Protection][3rd-party-tracker-loading-protection] to those specific resources that we observe participating in tracking, taking into account the potential for site breakage. In addition, we apply our other overlapping protections (like [3rd-Party Cookie Protection][3rd-party-cookie-protection]) to Infrastructure Domains directly.
 
-For example, a domain that hosts open-source JavaScript libraries would be considered a CDN and thus not blocked by 3rd-Party Tracker Loading Protection, but any instance of the FingerprintJS fingerprinting library hosted on that domain would be blocked because it’s used to fingerprint you and track you around the web. Likewise, 3rd-Party Tracker Loading Protection doesn’t apply to Google Tag Manager, as we have not detected the tag manager itself participating in tracking, we’ve observed it associated with breakage on many sites, and it occasionally loads necessary features like site widgets and privacy-friendly analytics libraries. However, we continue to block tracking resources Google Tag Manager may load, such as Google Analytics, and we also block Google Tag Manager itself on sites where we’ve detected embedded fingerprinting code within it. Other Infrastructure Domains are treated similarly.
+For example, a domain that hosts open source JavaScript libraries would be considered a CDN and thus not blocked by 3rd-Party Tracker Loading Protection, but any instance of the FingerprintJS fingerprinting library hosted on that domain would be blocked because it’s used to fingerprint you and track you around the web. Likewise, 3rd-Party Tracker Loading Protection doesn’t apply to Google Tag Manager, as we have not detected the tag manager itself participating in tracking, we’ve observed it associated with breakage on many sites, and it occasionally loads necessary features like site widgets and privacy-friendly analytics libraries. However, we continue to block tracking resources Google Tag Manager may load, such as Google Analytics, and we also block Google Tag Manager itself on sites where we’ve detected embedded fingerprinting code within it. Other Infrastructure Domains are treated similarly.
 
 | Platform      | Support                                                                                                         |
 | ------------- | --------------------------------------------------------------------------------------------------------------- |
@@ -332,7 +332,7 @@ From DuckDuckGo app Settings, you can manage your Fireproof Sites and choose whe
 
 ### Cookie Pop-up Protection
 
-Cookie consent pop-ups often use dark design patterns to get you to accept the least private option. When DuckDuckGo detects a cookie pop-up on sites you visit, we can try to automatically set your cookie preferences to instead maximize privacy and minimize cookies, then close the pop-up. For sites that don't provide an option to manage cookie preferences, we simply try to hide the pop-up. In these cases, automatically hiding the pop-up is often still more private than selecting one of the limited options made available (e.g., “Accept All Cookies”). We currently offer coverage for most of the top 10,000 websites in the US, UK and EU and plan to expand coverage to additional websites over time.
+Cookie consent pop-ups often use dark design patterns to get you to accept the least private option. When DuckDuckGo detects a cookie pop-up on sites you visit, we can try to automatically set your cookie preferences to maximize privacy and minimize cookies, then close the pop-up. For sites that don't provide an option to manage cookie preferences on these pop-ups, we try to hide the pop-up instead using a combination of filter rules from open source lists like [EasyList Cookie List][easylist-cookie] and our own cosmetic rules. In these cases, automatically hiding the pop-up is often still more private than selecting one of the limited options made available (e.g., “Accept All Cookies”). We currently offer coverage for most of the top 10,000 websites in the US, UK and EU and plan to expand coverage to additional websites over time.
 
 This feature is enabled by default on supported platforms below, but you can choose to disable it in Settings. You can also review [our open source code][github-autoconsent] for this feature. This type of protection is not offered in most popular browsers [by default][compare-privacy].
 
@@ -460,3 +460,4 @@ For questions, comments, or concerns, please feel free to <a href="{{ site.baseu
 [chromium-mv3-background-requests]: https://github.com/w3c/webextensions/issues/369
 [webview2-data-clearing-bug]: https://github.com/MicrosoftEdge/WebView2Feedback/issues/4561
 [microsoft-edge-webview2]: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
+[easylist-cookie]: https://github.com/easylist/easylist/tree/master/easylist_cookie