The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.
DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user profiles to display interest-based advertisements, DuckDuckGo will use contextual advertisements from partners, like Ads by Microsoft.
While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for “accounting purposes” but it is not associated with a user advertising profile.
DuckDuckGo also offers a privacy-centric web browser for iOS and Android that promotes many privacy features, including HTTPS-always encryption, third-party cookie blocking, and tracker blocking.
“Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data,” explains the Apple App Store page for the DuckDuckGo Privacy Browser.
DuckDuckGo browser allows Microsoft trackers
However, while performing a security audit of the DuckDuckGo Privacy Browser, security researcher Zach Edwards discovered that while the browser blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running.
Further tests showed that DuckDuckGo allowed trackers related to the bing.com and linkedin.com domains while blocking all other trackers.
In response to Edwards’ long thread on the subject, DuckDuckGo CEO and Founder Gabriel Weinberg confirmed that their browser intentionally allows Microsoft trackers third-party sites due to a search syndication agreement with Redmond.
This has led to quite the uproar on Hacker News, where Weinberg has been defending the company’s transparency surrounding the agreements with Microsoft.
However, Weinberg has made it clear that this restriction is only in their browser and does not affect the DuckDuckGo search engine.
“Tracking is tracking”
While DuckDuckGo has been transparent regarding the advertisement partnership with Microsoft, it is not clear why they did not disclose the allowing of Microsoft trackers until a security researcher discovered it.
This revelation comes at the wrong time, as DuckDuckGo recently went after Google for their new ‘Topics’ and ‘FLEDGE’ tracking methods, saying, “Google says they’re better for privacy, but the simple fact is tracking is tracking, no matter what you call it.”
After publication of this story, DuckDuckGo’s Weinberg replied to our Tweet stating that they are working to remove this restriction from their agreement and to be more transparent in app store descriptions.
“In addition, we are working with Microsoft to remove this limited restriction the article refers to. We’re also working on updates to our app store descriptions to have more information. Hope this is helpful context,” tweeted Weinberg.
BleepingComputer was also sent the following statement from DuckDuckGo CEO Gabriel Weinberg, which is in its entirety below:
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft.
What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. This blog post we published gets into the real benefits users enjoy from this approach, like faster load times (46% average decrease) and less data transferred (34% average decrease). Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings.”
Microsoft declined our request for comment.
Update 5/24/22: Added Gabriel Weinberg’s statement.