Posts: 458 +18
In brief: DuckDuckGo portrays itself as a defender of user privacy through its search engine and browser. However, a security researcher has found the company has an agreement with Microsoft that attaches asterisks to that promise. DuckDuckGo has since defended its relationship with Microsoft, which it is trying to amend.
Update: DuckDuckGo reached out to us for some clarification although our original story was accurate. Then again, we understand there might be some confusion between DuckDuckGo, the search engine, and DuckDuckGo's browser apps. CEO Gabriel Weinberg published a long post on Reddit which explains in better detail what's going on if you're interested.
The DuckDuckGo browser is supposed to block trackers from advertisers that sell and trade user data. However, earlier this week, security researcher Zack Edwards discovered that it allows Microsoft to track data through LinkedIn and Bing ad domains.
DuckDuckGo's site has a page admitting that it has an agreement allowing Microsoft to provide ads next to search results. It says Microsoft doesn't store ad-click behavior data or use it to profile users but doesn't mention the trackers sending data through LinkedIn and Bing.
For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.— Gabriel Weinberg (@yegg) May 23, 2022
In response to those claims, DuckDuckGo founder and CEO Gabriel Weinberg admitted its agreement with Microsoft forces it to allow that company's trackers. Weinberg predictably asserts that his company is still more private than other browsers because it blocks most non-Microsoft third-party trackers. DuckDuckGo is negotiating with Microsoft to remove that clause and will change the mobile browser's app store page descriptions to inform users better.
This issue relates solely to DuckDuckGo's browser. The search engine, on the contrary, doesn't give Microsoft special treatment. It just goes to show that it's probably impossible to remain completely anonymous online, though some protection might be better than none.