The standalone smartphone browser apps from DuckDuckGo – a company claiming to be privacy-focused – includes minor exemptions for specific trackers from Microsoft products thanks to a commercial agreement.
Privacy researcher Zach Edwards discovered the DuckDuckGo browser fails to stop trackers from Microsoft-owned social site LinkedIn and search engine Bing when accessing third party sites.
“I tested the DuckDuckGo so-called private browser for both iOS and Android, yet neither version blocked data transfers to Microsoft’s LinkedIn + Bing ads while viewing Facebook’s workplace[.]com homepage,” Edwards wrote in a Twitter thread on Tuesday.
He backed up his claims with screenshots showing the DuckDuckGo browser’s failure to block requests from Microsoft’s products along with links proving DuckDuckGo’s developers know full-well the requests come from Microsoft’s cross-site trackers.
DuckDuckGo is open about its relationship with different search providers such like Microsoft which it uses to deliver non-personalised ads.
Like Google, ads on DuckDuckGo appear at the top of a search but they are designed to be delivered based entirely on a search’s context.
DuckDuckGo’s point of difference is that doesn’t profile users to deliver tailored search results or advertisements.
That said, its ads are entirely managed through Microsoft’s advertising service and some of its results are delivered via Microsoft Bing.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook's https://t.co/u8W44qvsqF and you'll see that DDG does NOT stop data flows to Microsoft's Linkedin domains or their Bing advertising domains.— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
iOS + Android proof:
DuckDuckGo claims its working relationship with Microsoft doesn’t break its promise to provide a tracking-free search engine because it guarantees that “Microsoft Advertising does not associate your ad-click behaviour with a user profile”.
What Edwards suspected he uncovered was evidence that DuckDuckGo’s ability to deliver a tracking-free, privacy-focused browser has been compromised through its relationship with Microsoft.
“The DDG [DuckDuckGo] browser stops data flows from tons of domains,” he wrote. “Except DDG’s #1 ad tech partner.”
Gabriel Weinberg, CEO and Founder of DuckDuckGo, jumped into the thread to defend his company and in doing so confirmed that, yes, arrangements with Microsoft did mean some trackers get a free pass.
“For non-search tracker blocking (eg in our browser), we block most third-party trackers,” Weinberg wrote.
“Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties.”
For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.— Gabriel Weinberg (@yegg) May 23, 2022
Weinberg further admitted being hamstrung by confidentiality clauses within those agreements that make it contractually problematic for his company to disclose what exactly DuckDuckGo was letting Microsoft get away with.
“We’ve been working tirelessly behind the scenes to change these requirements,” he said.
“Though our syndication agreement also has a confidentiality provision that prevents disclosing details.”
The revelation that DuckDuckGo was contractually obliged to let Microsoft trackers slip past its filters drew ire from privacy advocates and saw Weinberg busily issuing lengthy replies in a critical Hacker News thread about the story.
In that thread he eloquently explained to curious users the importance of privacy and why it is the point of differentiation between DuckDuckGo and other tech companies.
“I view privacy as protecting you from coercion,” he wrote.
“Yes, it protects personal information, but that’s not the real point. The real point is autonomy – the freedom to make decisions without coercion.
“From this perspective in addition to helping reduce identity theft, commercial exploitation, ideological manipulation, discrimination, polarization, etc., it also helps reduce self-surveillance, and just general loss of freedom.”
Weinberg’s description of the need to offer an alternative to ad-tech’s data surveillance model also goes some way to explaining the disappointed outcry when it was found to have somewhat compromised its goals by getting in bed with Microsoft.