DuckDuckGo’s browser cannot block Microsoft tracking scripts
DuckDuckGo is best known as a private search engine, but the company also has a private web browser for mobile devices (with a desktop version on the way). However, the browser is currently in hot water, after a security researcher discovered an exception for Microsoft trackers.
The main feature of DuckDuckGo Browser is that it blocks tracking scripts and most online advertisements, with the aim of preventing as few servers as possible from collecting data about your behavior. Tracking protection is never 100% effective because it relies on people to keep adding sites and domains to blocklists (like NoTracking). However, DuckDuckGo Browser has a defined exception for Microsoft-owned ad networks and tracking scripts, allowing them to load even when known to compromise privacy.
As our sister site reported yesterday, Zach Edwards first pointed out the exception in a series of tweets, after noticing that DuckDuckGo on iPhone and Android was not blocking LinkedIn and Bing ads on Facebook’s Workplace site.
You can capture data in the so-called private browser DuckDuckGo on a website like Facebook’s https://t.co/u8W44qvsqF and you’ll see that DDG does NOT stop data streams to Microsoft’s Linkedin domains or their Bing advertising domains.
iOS + Android proof:
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
DuckDuckGo CEO and Founder Gabriel Weinberg responded with his own series of tweets. “Most of all of our other protections also apply to properties owned by MSFT,” he said. although we can always apply protections after loading (such as blocking third-party cookies). We are also working to change that. I understand this is confusing because a research syndication contract prevents us from doing anything non-research. This is because our product bundles many privacy protections, and this is a distribution requirement imposed on us as part of research (again, we are working on it though).
DuckDuckGo says it uses more than 400 sources for search engine results, including the company’s own web crawler, but typical link results “most often come from Bing.” According to Weinberg, DuckDuckGo’s ability to use Bing search results depends on a specific exception for Microsoft’s ads in the mobile browser.
Private search and browsing is DuckDuckGo’s main claim, so it’s understandable that the news didn’t sit well with some longtime fans. The company also didn’t tell its users about the limitation at all – although its CEO was limit the damage on Twitter and other platforms, DuckDuckGo’s official social media accounts and blog haven’t said anything about the discovery.