DuckDuckGo browser, which is claimed to be a privacy-first offering, is found to be using a partial treatment on its tracking protection and not restricting Microsoft trackers from loading on third-party websites. The issue has been spotted by a researcher on the DuckDuckGo browser available for both Android and iOS devices. However, the privacy loophole is claimed to be not in place for the DuckDuckGo search engine, which is competing against Google and Microsoft’s Bing by offering an all-private option.
Researcher Zach Edwards shared his findings on Twitter through which it has been revealed that the DuckDuckGo browser for mobile devices is not blocking scripts owned by Microsoft on non-Microsoft sites. The researcher demonstrated the issue by visiting Facebook’s Workplace.com site on the browser. While it notified about blocking Google and Facebook trackers, the browser did not mention any details about blocking trackers from Microsoft.
The researcher showed that both Android and iOS versions of the DuckDuckGo browser did not restrict data transfers to Microsoft’s LinkedIn and Bing ads.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s https://t.co/u8W44qvsqF and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains.
iOS + Android proof:
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
Interestingly, DuckDuckGo says on app store listings that its mobile browser offers “seamless protections from third-party trackers while you search and browse.” This is, however, apparently not the case.
DuckDuckGo Founder and CEO Gabe Weinberg responded to Edwards’ thread on Twitter to acknowledge that the browser does allow Microsoft trackers to load on third-party websites. He said that it happens due to the “search syndication agreement” between Microsoft and DuckDuckGo that prevents the latter from restricting Microsoft scripts on non-Microsoft sites.
However, the executive added that the company had been “continually pushing and expects to be able to do more soon” on the matter.
Giving further clarity on the issue that has resulted in a strong criticism among DuckDuckGo users and privacy advocates, Weinberg said on Reddit that the company was working with Microsoft to reduce or remove the limitation.
“I understand this is all rather confusing because it is a search syndication contract that is preventing us from doing a non-search thing. That’s because our product is a bundle of multiple privacy protections, and this is a distribution requirement imposed on us as part of the search syndication agreement that helps us privately use some Bing results to provide you with better private search results overall,” he explained.
Primarily, the major concern with not restricting Microsoft from loading its trackers on third-party websites is due to DuckDuckGo’s claims of being a privacy-focussed browser. Weinberg said that the company was working on updates to its app store descriptions to make things clear to users.
It is important to note that while the DuckDuckGo browser has been allowing Microsoft trackers on third-party websites, Weinberg claimed that this is not the case with its search engine.
“To be clear, when you load our search results, you are completely anonymous, including ads. We also block third-party cookies in our browsers, including those from Microsoft-owned properties,” he said on Twitter.
Weinberg acknowledged this limitation and pointed out that there are many constraints that are limiting DuckDuckGo from offering full-fledged protection to users.
But nonetheless, the way the browser did not provide any clarity to users until the privacy concern brought into limelight by the researcher questions the fairness of DuckDuckGo for its users. Microsoft also — as one can expect — has maintained its silence on the matter.