DuckDuckGo caught giving Microsoft permission to track users despite its strong privacy protection claim
For many of you who have been following us over the years, you’re well aware of the fact that we’ve been promoting DuckDuckGo as an alternative to Google’s search engine due to its strong reputation for privacy. DuckDuckGo is well-known for its privacy-first commitment to users who’re tired of being tracked online.
However, that changed this week after Bleeping Computer reported that the DuckDuckGo browser purposely allows Microsoft trackers to track users on third-party sites due to its agreement in its syndicated search content contract between the two companies.
According to Bleeping Computer, security researcher Zach Edwards posted on Twitter that “while DuckDuckGo blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running.” The company explains that “this issue is occurring on browsers and only pertains to non-DuckDuckGo websites.”
That wasn’t all. Edwards also provided proof in a post on Twitter. In a tweet, he said:
“I tested the DuckDuckGo so-called private browser for both iOS and Android, yet *neither version* blocked data transfers to Microsoft’s Linkedin + Bing ads while viewing Facebook’s workplace[.]com homepage. Look at DDG bragging about stopping Facebook on Workplace, no MSFT..:”
In another tweet, Edwards also added: “You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s http://workplace.com and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains. iOS + Android proof:”
https://twitter.com/thezedwards/status/1528808795983319041
The news quickly made its round on social media and was reported on several media outlets. Over the weekend, the news got the attention of DuckDuckGo CEO Gabriel Weinberg later took to Twitter on Saturday to refute the claim.
In a statement sent to multiple media outlets and also shared on Reddit, DuckDuckGo CEO Weinberg said:
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft.
What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. This blog post we published gets into the real benefits users enjoy from this approach, like faster load times (46% average decrease) and less data transferred (34% average decrease). Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings.”
Linking to a Reddit thread, Weinberg said in a tweet: “FYI — this is a quite misleading headline since this isn’t about our search engine and we actually restrict Microsoft scripts in our browsers, including blocking their 3rd party cookies. For full context, I left detailed explanation on reddit:
https://twitter.com/yegg/status/1530710225937911808
Unfortunately, while users on Reddit appeared to be more sympathetic to Weinberg’s, users YCombinator Hacker News forum weren’t buying any of it.
On YCombinator said this about Weinberg’s claim that “this is not about search,” saying:
“Your competitors in the privacy-centric browser space don’t have this restriction because they’re not search engines acquiring the majority of their data from an entity with a conflicting interest.”
Another YCombinator user replied:
“The thread by the security engineer shows that the scripts are communicating back to the servers. That means your multi-pronged protection has failed, unless you’ve suddenly discovered a way for browsers to block IP addresses from being sent by scripts (and since they can be extracted from the request itself that doesn’t seem likely).”
DuckDuckGo came into prominence in early 2020 after the privacy-focused search engine expanded beyond its own site and started to offer mobile apps for Android and iOS. The search engine also has a dedicated Chrome extension. In a September 2020 tweet, DDG said more than 4 million users installed these apps and extensions.
On January 18, 2021, we wrote about DuckDuckGo after it announced that it recorded its first-ever day with more than 100 million user search queries, a major milestone since its inception 12 years ago. The historic came in the same week WhatsApp competitors Signal and Telegram also reported a massive increase in downloads after WhatsApp says it will share data with Facebook.
Below is Weinberg’s full text on Reddit.
DuckDuckGo
Hi, I’m the CEO & Founder of DuckDuckGo. To be clear (since I already see confusion in the comments), when you load our search results, you are anonymous, including ads. Also on 3rd-party websites we actually do block Microsoft 3rd-party cookies in our browsers plus more protections including fingerprinting protection. That is, this article is not about our search engine, but about our browsers — we have browsers (really all-in-one privacy apps) for iOS, Android, and now Mac (in beta).
When most other browsers on the market talk about tracking protection they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers impose these same restrictions on all third-party tracking scripts, including those from Microsoft. We also have a lot of other above-and-beyond web protections that also apply to Microsoft scripts (and everyone else), e.g., Global Privacy Control, first-party cookie expiration, referrer header trimming, new cookie consent handling (in our Mac beta), fire button (one-click) data clearing, and more.
What this article is talking about specifically is another above-and-beyond protection that most browsers don’t even attempt to do for web protection— stopping third-party tracking scripts from even loading on third-party websites — because this can easily cause websites to break. But we’ve taken on that challenge because it makes for better privacy, and faster downloads — we wrote a blog post about it here. Because we’re doing this above-and-beyond protection where we can, and offer many other unique protections (e.g., Google AMP/FLEDGE/Topics protection, automatic HTTPS upgrading, tracking protection for *other* apps in Android, email protection to block trackers for emails sent to your regular inbox, etc.), users get way more privacy protection with our app than they would using other browsers. Our goal has always been to provide the most privacy we can in one download.
The issue at hand is, while most of our protections like 3rd-party cookie blocking apply to Microsoft scripts on 3rd-party sites (again, this is off of DuckDuckGo,com, i.e., not related to search), we are currently contractually restricted by Microsoft from completely stopping them from loading (the one above-and-beyond protection explained in the last paragraph) on 3rd party sites. We still restrict them though (e.g., no 3rd party cookies allowed). The original example was Workplace.com loading a LinkedIn.com script. Nevertheless, we have been and are working with Microsoft as we speak to reduce or remove this limited restriction.
I understand this is all rather confusing because it is a search syndication contract that is preventing us from doing a non-search thing. That’s because our product is a bundle of multiple privacy protections, and this is a distribution requirement imposed on us as part of the search syndication agreement that helps us privately use some Bing results to provide you with better private search results overall. While a lot of what you see on our results page privately incorporates content from other sources, including our own indexes (e.g., Wikipedia, Local listings, Sports, etc.), we source most of our traditional links and images privately from Bing (though because of other search technology our link and image results still may look different). Really only two companies (Google and Microsoft) have a high-quality global web link index (because I believe it costs upwards of a billion dollars a year to do), and so literally every other global search engine needs to bootstrap with one or both of them to provide a mainstream search product. The same is true for maps btw — only the biggest companies can similarly afford to put satellites up and send ground cars to take streetview pictures of every neighborhood.
Anyway, I hope this provides some helpful context. Taking a step back, I know our product is not perfect and will never be. Nothing can provide 100% protection. And we face many constraints: platform constraints (we can’t offer all protections on every platform do to limited APIs or other restrictions), limited contractual constraints (like in this case), breakage constraints (blocking some things totally breaks web experiences), and of course the evolving tracking arms race that we constantly work to keep ahead of. That’s why we have always been extremely careful to never promise anonymity when browsing outside our search engine, because that frankly isn’t possible. We’re also working on updates to our app store descriptions to make this more clear. Holistically though I believe what we offer is the best thing out there for mainstream users who want simple privacy protection without breaking things, and that is our product vision.