DuckDuckGo isn’t Private as you think, facing criticism over its tracking agreement with Microsoft.
DuckDuckGo’s reputation for privacy protection has suffered as a result of revelations about a tracking agreement with Microsoft. DuckDuckGo mobile browsers allow some Microsoft sites to circumvent its tracker ban. While the browser blocks Facebook and Google trackers, DuckDuckGo allows some Microsoft trackers. Scientists discovered that the browsers permit data to be sent to Microsoft’s LinkedIn and Bing domains.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s workplace.com and see that DDG does NOT stop data flow to Microsoft’s Linkedin domains or their Bing advertising domains. DuckDuckGo, the exemption is due to a search agreement with Microsoft. DuckDuckGo CEO and founder, Gabriel Weinberg, responded in detail to the uproar on Twitter and Reddit.
They block most third-party trackers for non-search tracker blocking (for example, in our browser). Unfortunately, our Microsoft search syndication agreement limits our ability to do more with Microsoft-owned properties. However, we have been consistently pushing and expect to do so shortly. The company has also updated its App Store description to include a note about tracker blocking.
While we block all cross-site (3rd party) cookies on other sites you visit, we are unable to block all hidden tracking scripts on non-DuckDuckGo sites for a variety of reasons, including new scripts appear all the time, making them difficult to find, blocking some scripts causes breakage, rendering parts or all of the page unusable, and some we are unable to block due to contractual restrictions with Microsoft.
Some users’ concerns have been alleviated by the quick response, but others are still concerned about the deal. DuckDuckGo still provides more privacy protection than the majority of popular browsers, but not as much as some users had hoped.
DuckDuckGo, the self-styled “internet privacy company” which, for years, has built a brand around a claim of non-tracking web search and, more recently, launched its own ‘private’ browser with built-in tracker blocking has found itself in hot water after a researcher found hidden limits on its tracking protection that create a carve-out for certain advertising data requests by its search syndication partner, Microsoft.
Late yesterday, the researcher in question, Zach Edwards, tweeted the findings of his audit saying he had found DDG’s mobile browsers do not block advertising requests made by Microsoft scripts on non-Microsoft web properties. Edwards tested browser data flows on a Facebook-owned site, Workplace.com, and found that while DDG informed users it had blocked Google and Facebook trackers, it did not prevent Microsoft from receiving data flows linked to their browsing on the non-Microsoft website.
DuckDuckGo comes amid growing awareness of how the stakes of online surveillance are rising as signs mount that the US Supreme Court will overturn Roe v. Wade’s abortion rights protections. If Roe is overturned, law enforcement and private litigants will be able to use technology to monitor those seeking abortions. In addition, more than 40 members of Congress have asked Google to stop tracking location data in Android in advance of a potential Roe v. Wade decision.
In other privacy news, we looked at how the European Union’s General Data Protection Regulation has failed to meaningfully curb Big Tech’s privacy abuses four years after its passage. Australia’s digital driver’s licenses turn out to be far too easy to forget. China has been saber-rattling with accusations about American cyber espionage.