Latest News 

DuckDuckGo Caught Giving Microsoft Trackers a Free Pass

All is not what it seems with the company that labels itself a champion of privacy, with a security researcher finding that DuckDuckGo (DDG) whitelists Microsoft’s trackers.

DDG has made a name for itself as a privacy-first company, building a search engine, browser extensions, and web browsers around the premise of protecting user privacy. Unfortunately, the company hasn’t exactly been forthcoming about the terms of its deal with Microsoft.

Unlike Google, Bing, or Brave, DDG gets its search results from other engines, with the bulk of them coming from Bing. The company has long claimed to strip out any trackers from the search results it provides, although clicking an ad from Microsoft in the search results is an exception to that policy. DDG has never made a secret of the fact that clicking on those ads sends a user’s IP address to Microsoft. Unfortunately, DDG hasn’t fully disclosed the terms of its deal, or just how much information it shares with Microsoft.

Security researcher Zach Edwards first made the discovery and tweeted about it:

Sometimes you find something so disturbing during an audit, you’ve gotta check/recheck because you assume that *something* must be broken in the test. But I’m confident now. The new @DuckDuckGo browsers for iOS/Android don’t block Microsoft data flows, for LinkedIn or Bing.

— Zach Edwards (@thezedwards), May 23, 2022

Ironically, DDG doesn’t even block Microsoft’s data trackers on Workplace.com, a Facebook-owned domain that it brags about blocking Facebook’s trackers on.

Needless to say, DDG CEO Gabriel Weinberg is doing his best to put out the fire:

We’ve been working tirelessly behind the scenes to change these requirements, though our syndication agreement also has a confidentially provision that prevents disclosing details. Again, we expect to have an update soon that will include more third-party Microsoft protection.

— Gabriel Weinberg (@yegg), May 23, 2022

Of course, Weinberg might not have to put out so big a fire if his company had disclosed this issue first, rather than waiting until it was uncovered by a security researcher.

In the meantime, Shivan Kaul Sahib, Privacy Engineer for Brave, highlighted the inherent conflict of interest for a company that relies on the good graces of another company making money off of ad trackers.

This is shocking. DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can’t talk about it! This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn’t work.

— Shivan Kaul Sahib (@shivan_kaul), May 23, 2022

Speaking of Brave, the company is one of the only ones on the market that provides a truly independent alternative to Google and Bing. The company bought Tailcat, allowing it to build its own search engine that relies on a completely independent web index. This keeps Brave from being beholden to Microsoft, Google, or any other company.

With a privacy-focused browser and a truly independent search engine, Brave is quickly establishing itself as a much better privacy solution than DDG.

Related posts