Recent findings show that the typically privacy-focused DuckDuckGo browser is reportedly allowing Microsoft trackers on third-party sites. This is due to an agreement within their syndicated search contract between the two companies.
Update: As of May 25, A representative for DuckDuckGo has reached out to Mac Observer. Weinberg has issued responses on both Twitter and Reddit. The representative has also provided the following clarification:
As you’ll see in Gabriel’s responses, we actually do have a lot of existing protections for Microsoft scripts. That is, when most browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these same restrictions on third-party tracking scripts, including those from Microsoft.
DuckDuckGo is a search engine that focuses on privacy. The search engine does not track your searchers nor your behavior as users perform searchers. DuckDuckGo also doesn’t build user profiles to display advertisements based off interests. Instead, the company uses contextual advertisements from partners, such as Ads by Microsoft.
DuckDuckGo Browser Allows Microsoft Trackers
While DuckDuckGo does not store a user’s personal identifiers with search queries, Microsoft advertising may track your IP address and additional information when clicking on an ad link. This tracking is for “accounting purposes”. Though it is is not associated with a user advertising profile.
Security researcher Zach Edwards first made the discovery, as reported by BleepingComputer. The researcher made the discover during a security audit, where Edwards discovered that while DuckDuckGo’s browser does indeed block Google and Facebook trackers, Microsoft’s tracker continued to run.
Further tests revealed that DuckDuckGo also allowed trackers related to bing.com and linkedin.com domains while also blocking all other trackers.
While Edwards posted a long Twitter thread about the ordeal, CEO of DuckDuckGo and Founder Gabriel Weinberg did confirm that the browser intentionally allows Microsoft trackers. Weinberg argued that this is due to a search syndication agreement with Redmond.
The CEO Makes a Statement
Weinberg made it clear that the restriction is only in the DuckDuckGo browser, and has no affect on the DuckDuckGo search engine. This information has started an uproar on Hacker News, where the CEO has defended the company’s transparency concerning the issue.
Though DuckDuckGo is usually transparent regarding its advertisement partnership with Microsoft, what is not clear is why the company did not disclose the acceptance of Microsoft trackers until it was discovered.
To conflate matters, DuckDuckGo recently fired shots at Google for the company’s new ‘Topics’ and ‘FLEDGE’ tracking methods. DuckDuckGo stated in a Tweet, “Google says they’re better for privacy, but the simple fact is tracking is tracking, no matter what you call it”.
After BleepingComputer published the story, DuckDuckGo’s Weinberg sent a response to their Tweet. The CEO stated that they are working to remove this restriction from their agreement. The company also wants to be more transparent in descriptions on the App Store.
CEO Gabriel Weinberg provided the following response:
We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft.
What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. This blog post we published gets into the real benefits users enjoy from this approach, like faster load times (46% average decrease) and less data transferred (34% average decrease). Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings.
Hmmm, this morning I noticed the Duck Duck app on my iPad was updating.