DuckDuckGo has risen in the public eye as a private search engine offering searches without tracking. A less known fact about DuckDuckGo is that they have their own browser, well they have it for the Android platform and it was stated that it is coming for desktops soon.
People were excited for this new browser for a few reasons, one of them being privacy and another that it is built from scratch, not using existing chromium runtime that assured users that privacy is the main focus. Still, lately, things got a little out of control. Duckduckgo is under fire from users since a security researcher has discovered that there is an exception for Microsoft trackers inside Browser.
The main feature of their browser is that it blocks tracking scripts and most online advertising with the goal of preventing servers from collecting data about your online behavior. Of course, tracking protection is never 100% effective since it requires a lot of manual labor from people to add sites and links to blocklists but it was discovered that DuckDuckGo has a defined exception in the browser for Microsoft owned ad networks and tracking scripts giving them free pass even when they are related to privacy compromisation.
Zach Edwards first pointed out the exception in a series of tweets, after noticing DuckDuckGo on iPhone and Android wasn’t blocking LinkedIn and Bing advertisements on Facebook’s Workplace site.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook's https://t.co/u8W44qvsqF and you'll see that DDG does NOT stop data flows to Microsoft's Linkedin domains or their Bing advertising domains.
iOS + Android proof:
👀🫥😮💨🤡⛈️⚖️💸💸💸 pic.twitter.com/u3Q30KIs7e— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
DuckDuckGo’s CEO and founder, Gabriel Weinberg, replied with his own series of tweets.
Most of our other protections also apply to MSFT-owned properties as well. This is just about non-DuckDuckGo and non-Microsoft sites, where our search syndication agreement prevents us from stopping Microsoft-owned scripts from loading, though we can still apply protections post-load (like 3rd party cookie blocking). We are also working to change that.
DuckDuckGo says it uses over 400 sources for search engine results, including the company’s own web crawler, but typical link results are sourced most commonly from Bing. According to Weinberg, DuckDuckGo’s ability to use Bing search results depends on a carved-out exception for Microsoft’s ads in the mobile browser. A representative from DuckDuckGo told that third-party cookies from Microsoft services are still blocked.
Of course, the main aim and campaign of DUckDuckGo's rise was private search and private browsing so this kind of news did not go well among long supporters. The latest statement from them is as follows:
We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft.
What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites. Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using Safari, Firefox and other browsers. This blog post we published gets into the real benefits users enjoy from this approach, like faster load times (46% average decrease) and less data transferred (34% average decrease). Our goal has always been to provide the most privacy we can in one download, by default without any complicated settings.