Update (05/08/2022) – HA
After the controversy of tracking the IP addresses of users accessing Microsoft domains, the DuckDuckGo browser recently announced that it will guarantee privacy even against big tech scripts. The browser already had tracker loading protection and blocked scripts from Facebook and Google, but now the measure extends to the domain of Bing and LinkedIn.
Security researcher named Zach Edwards pointed out the deletion after auditing the browser’s privacy claims. At the time, DuckDuckGo CEO Gabe Weinberg said there was a search distribution agreement with Microsoft, which contradicted the company’s “tracking is tracking” slogan — which even criticized the “privacy sandbox” ad technology. Of google.
“I have heard from several users and understand that we did not meet your expectations regarding one of our browser’s web tracking protections.
Gabe Weinberg, CEO of DuckDuckGo
Since then, DuckDuckGo has ensured that it would be more transparent about trackers and browser extensions, providing information about users’ tracking protections and making tracker block lists available. The company’s vice president of communications, Kamyl Bazbaz, told The Verge that Microsoft’s scripts were already being blocked in the browser’s other protections.
He claimed that since the new update, the company has conducted a test to know how many blocks are being performed, based on 1,000 sites, and found it was only 0.25%. The only restriction the browser is unable to block is for the bat.bing.com address where scripts are loaded directly after a user clicks on one of DDG’s search ads.
The DuckDuckGo platform directs its main efforts to combat Google and Netflix advertising profiles, which collect a lot of user data with their products.
DuckDuckGo contradicts privacy promise and gives browser user data to Microsoft
DuckDuckGo, one of the search engines that promises more privacy to users, was discovered collecting data and tracking IP addresses of people who access Microsoft domains — such as Bing and LinkedIn — due to an agreement signed with the company.
The information was discovered on Monday (23) by Zack Edwards, a privacy researcher. According to him, the browser even blocks trackers from sites like Google and Facebook, but there is a kind of “exclusive agreement” with Microsoft, allowing big tech to track users and send personalized ads.
This means that Microsoft may still have access to browsing data deemed “private” by DuckDuckGo users. Edwards released a proof of concept on his Twitter profile. When visiting a Facebook site — Workplace, for example — the only trackers allowed are related to LinkedIn and Bing domains.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s https://t.co/u8W44qvsqF and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains.
iOS + Android proof:
👀🫥😮💨🤡⛈️⚖️💸💸💸 pic.twitter.com/u3Q30KIs7eAdvertisement. Scroll to continue reading.— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
By exposing the case on his social network, the expert received advice from Gabriel Weinberg, CEO of DuckDuckGo. The executive claims that he does not associate the data collected to identify users, but he cannot prevent the company from having access to the behavior of individuals on the web due to his agreement.
The CEO further reiterates that the policy is only valid in the browser and not in the search engine. “Unfortunately, our research syndication agreement with Microsoft prevents us from doing more [contra] Microsoft properties”, he comments.
DuckDuckGo is transparent about its contract with Microsoft, but obviously these details didn’t have a positive reception among users when they were exposed. Some were unimpressed, as the DuckDuckGo’s search engine uses results found through Bing.
We partner with different information sources to deliver DuckDuckGo Search (Microsoft ads and Apple maps, for example). […] Microsoft and DuckDuckGo have agreed to deliver a search solution that delivers relevant ads while protecting your privacy. If you click on an ad provided by Microsoft, you will be redirected. At this point, Microsoft Advertising will use your IP address and user agent string to process the click and charge the advertiser fee.
DuckDuckGo
The company says it will step in to provide a clearer description of its policy, but the case raises questions about the privacy promise of other browsers. By the way, DuckDuckGo is developing a version of the browser for Windows, aiming to rival Brave, which also promises transparency and security in browsing.
“We’ve always been extremely careful never to promise anonymity when browsing, because that’s frankly not possible given how quickly trackers change the way they work to evade the protections and tools we offer,” comments DuckDuckGo.
