DuckDuckGo’s reputation for protecting privacy has taken a hit after revelations emerged of a tracking deal with Microsoft.
Security researcher Zack Edwards this week revealed that DuckDuckGo’s mobile browsers allow some Microsoft sites to bypass its block on trackers.
While the browser blocks Facebook and Google trackers, DuckDuckGo makes an exception for some of Microsoft’s. Edwards found that the browsers allow allows data to be sent to Microsoft’s LinkedIn and Bing domains
“You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s workplace.com and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains,” Edwards tweeted.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook's https://t.co/u8W44qvsqF and you'll see that DDG does NOT stop data flows to Microsoft's Linkedin domains or their Bing advertising domains.
iOS + Android proof:
?????⛈️⚖️??? pic.twitter.com/u3Q30KIs7e— ℨ??? ??????? (@thezedwards) May 23, 2022
DuckDuckGo said the exemption was due to a search agreement with Microsoft.
Gabriel Weinberg, the CEO and founder of DuckDuckGo, provided detailed responses to the uproar on Twitter and Reddit.
“For non-search tracker blocking (eg in our browser), we block most third-party trackers,” he said. “Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”
For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.
— Gabriel Weinberg (@yegg) May 23, 2022
The company has also now added a note about its tracker blocking to its App Store description:
While we block all cross-site (3rd party) cookies on other sites you visit, we cannot block all hidden tracking scripts on non-DuckDuckGo sites for a variety of reasons including: new scripts pop up all the time making them difficult to find, blocking some scripts creates breakage making parts or all of the page unusable, some we are prevented from blocking due to contractual restrictions with Microsoft.
The swift response has allayed some users’ concerns, but others remain alarmed about the deal.
DuckDuckGo still offers more privacy protection than most popular browsers, but not as some users had hoped.
Update (2:30PM CET, May 27, 2022): Added clarification that the DuckDuckGo only allows some Microsoft trackers.
Get the TNW newsletter
Get the most important tech news in your inbox each week.