DuckDuckGo, a browser that has built its brand on privacy, has been caught allowing ad trackers from Microsoft. This was discovered by security researcher Zach Edwards while doing a security audit, where he found that while the browser was blocking trackers from Google and Facebook, it seemingly let Microsoft trackers pass through and continue running.
Edwards tested both the iOS and Android apps, which revealed that Microsoft-owned sites such as LinkedIn and Bing were able to capture data while browsing using DuckDuckGo, despite the browser’s privacy-focused mission. He then went on to accuse the company of doing this knowingly.
When you load our search results, you are completely anonymous, including ads. For ads, we worked with Microsoft to make ad clicks protected. From our public ads page https://t.co/KHpWJ8LIV5, "Microsoft Advertising does not associate your ad-click behavior with a user profile."
— Gabriel Weinberg (@yegg) May 23, 2022
In response to the accusations, DuckDuckGo CEO Gabriel Weinberg swiftly admitted that the browser intentionally whitelists Microsoft trackers due to a search syndication agreement between the two companies. According to DuckDuckGo’s help page, Microsoft can track your IP address and user-agent string when you click on an ad in the browser for “accounting purposes”.
Weinberg clarified that this is only applicable to their browser but does not extend to their search engine. He also said that the company has been “continually pushing and expect to be doing more soon,” but did not clarify what changes users can expect.
The discovery comes at an especially bad time as the browser’s recently Google Chrome’s “better for privacy” claims due to its Topics and FLEDGE tracking methods. DuckDuckGo encouraged netizens to install their Chrome extension that blocks these trackers, saying that “tracking, targeting, and profiling, still is tracking, targeting, and profiling, no matter what you want to call it.”
Weinberg also put out a statement clarifying that the company never promised anonymity as that isn’t possible given how trackers work. The CEO insisted that their iOS and Android apps, as well as their beta Mac browser, still provides protection from third-party cookies and fingerprinting, even from Microsoft scrips.