Private DuckDuckGo browser still allows some Microsoft trackers

Daniel Sims

Posts: 458   +18
Staff
In brief: DuckDuckGo portrays itself as a defender of user privacy through its search engine and browser. However, a security researcher has found the company has an agreement with Microsoft that attaches asterisks to that promise. DuckDuckGo has since defended its relationship with Microsoft, which it is trying to amend.

Update: DuckDuckGo reached out to us for some clarification although our original story was accurate. Then again, we understand there might be some confusion between DuckDuckGo, the search engine, and DuckDuckGo's browser apps. CEO Gabriel Weinberg published a long post on Reddit which explains in better detail what's going on if you're interested.

The DuckDuckGo browser is supposed to block trackers from advertisers that sell and trade user data. However, earlier this week, security researcher Zack Edwards discovered that it allows Microsoft to track data through LinkedIn and Bing ad domains.

DuckDuckGo's site has a page admitting that it has an agreement allowing Microsoft to provide ads next to search results. It says Microsoft doesn't store ad-click behavior data or use it to profile users but doesn't mention the trackers sending data through LinkedIn and Bing.

In response to those claims, DuckDuckGo founder and CEO Gabriel Weinberg admitted its agreement with Microsoft forces it to allow that company's trackers. Weinberg predictably asserts that his company is still more private than other browsers because it blocks most non-Microsoft third-party trackers. DuckDuckGo is negotiating with Microsoft to remove that clause and will change the mobile browser's app store page descriptions to inform users better.

This issue relates solely to DuckDuckGo's browser. The search engine, on the contrary, doesn't give Microsoft special treatment. It just goes to show that it's probably impossible to remain completely anonymous online, though some protection might be better than none.

Permalink to story.

 

texasrattler

Posts: 1,288   +614
You can always be tracked. People in general have been being tracked since like the '70s, maybe even before that. Way before the online internet was a thing.
No such thing as privacy. Don't want to be tracked, don't use any device. While not impossible, it's just highly unlikely scenario.
 

Tom Yum

Posts: 166   +395
You can always be tracked. People in general have been being tracked since like the '70s, maybe even before that. Way before the online internet was a thing.
No such thing as privacy. Don't want to be tracked, don't use any device. While not impossible, it's just highly unlikely scenario.

I don't disagree, but it still erodes trust in DDG that they would 1) even consider signing such an agreement, and 2) keep quiet about it until they were found out.

Goes to show that the lure of money can overcome all principles, especially for projects where the product is free yet the costs aren't. Tor is probably the closest someone can get to tracking free browsing.
 
D

Dd663

I don't disagree, but it still erodes trust in DDG that they would 1) even consider signing such an agreement, and 2) keep quiet about it until they were found out.

Goes to show that the lure of money can overcome all principles, especially for projects where the product is free yet the costs aren't.
DuckDuckGo has to use Microsoft as a partner to provide search results. It's impossible to remain competitive in the search industry without the resources to throw around that Microsoft and Google have. Thus, they're not really in a position to do differently other than asking Microsoft nicely to please change the terms of their agreement.
 

Tom Yum

Posts: 166   +395
DuckDuckGo has to use Microsoft as a partner to provide search results. It's impossible to remain competitive in the search industry without the resources to throw around that Microsoft and Google have. Thus, they're not really in a position to do differently other than asking Microsoft nicely to please change the terms of their agreement.
Except this isn't an issue with the search engine but rather their browser, so to me it sounds like it was born out of a need for money, rather than a need for access to technology. With that said though, it does make me trust their search engine less, because they've shown that their commitment to privacy is subject to negotiation.
 
D

Dd663

Except this isn't an issue with the search engine but rather their browser, so to me it sounds like it was born out of a need for money, rather than a need for access to technology. With that said though, it does make me trust their search engine less, because they've shown that their commitment to privacy is subject to negotiation.
But this is what the CEO of DuckDuckGo said (emphasis added):
For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.
So it seems like their agreement to be able to use Bing as a search engine is why it's like this, hence what I said.
 

Dimitriid

Posts: 2,210   +4,248
Rule of thumb is that if any company is trying to sell you privacy, it really is attempting to gain your trust to have you willingly submit all your data to be used or sold even more efficiently by whomever needs it in the future: usually not as blatant as another private entity and it involves court orders that we might (or might not) know about.
 

human7

Posts: 43   +30
It's worth pointing out that DDG wasn't a privacy focused search engine at the beginning, and it fundamentally remains a for-profit company. That for-profit status is a good thing in this case: privacy is it's brand now, and it knows that it has to be committed to privacy in order to retain users, which means having their user's trust.

They may have made a misstep, but all companies do that sooner or later, and it is positive that they admitted as much and are working on correcting the issue. That's worlds apart from what Google and other tracking conglomerates have done.

It still remains up to us to be vigilant when we use privacy focused applications that they remain true to their word, but this is true across the board, not just with DuckDuckGo. Sometimes these things happen with "malicious" intent, sometimes they just fly under the radar without the people implementing it realizing it's a problem until someone points it out to them, and sometimes it's somewhere in between the two. I don't know which is the case here, but that's what security research is all about: to find these things and fix them.
 

Eldritch

Posts: 428   +685
It keeps happening with DuckDuckGo.
They enter some behind the scene agreement or arrangement.
People find out about it.
They deny or give some lame duck excuse about it.
Just months ago, they have been found to be tempering with News results and promoting certain mainstream media companies while removing other sources. Also known as pay me if you want to appear in search result.
They have also been alleged to be removing various sort of piracy related sites or streaming sites or even YouTube downloaders.
And now they are found to be having actual trackers in their browser. Bravo.
In my personal opinion, they don't deserve any trust as their behaviour seems to be dishonesty based which is anathema to privacy.
 

psycros

Posts: 4,155   +5,798
Brave (+ optional tracking blockers) + high-end security suite + VPN and/or TOR. Wipe cookies at end of session - particularly supercookies - and you're virtually invincible.
 

hahahanoobs

Posts: 4,454   +2,419
This is why chasing the most privacy focused browser is useless. You have NO idea what is going on behind the scenes. NONE.
 

BuckarooBonzai

Posts: 101   +67
You can always be tracked. People in general have been being tracked since like the '70s, maybe even before that. Way before the online internet was a thing.
No such thing as privacy. Don't want to be tracked, don't use any device. While not impossible, it's just highly unlikely scenario.
I agree with you. My neighbor's friend worked for a Telco to sell long distance carrier service back in the 70s. My neighbor said the longer they keep you on the phone the more data shows up about you on their screen such as where you went to vacation, hotels, car rental, etc., and much more and use this data to pitch their sale to you. So yea, privacy is never private and data mining was well alive before the internet.
 

moon982

Posts: 100   +26
[
[/QUOTE]
Brave (+ optional tracking blockers) + high-end security suite + VPN and/or TOR. Wipe cookies at end of session - particularly supercookies - and you're virtually invincible.

I believe VPN in other country may help little bit but still not 100% there will be no tracking.

You could install more than one browser and use one browser for social media and one for online buying and selling. Other way is to install Firefox or Brave and don’t use tab feature and clear out your cookies and data after every website.

Well on the iPhone and iPad I use Firefox focus browser for selected websites and it does not support tabs and I clear out cookies after every website. The Firefox focus browser is a strip down Firefox browser with no tabs and not even history menu to bring up. Well most 90% of people would find the browser not useable as it is going back to 90s way of surfing the internet in worse way.

The browser is not made for surfing the internet but bring up one website than purge the data. Any buying and selling or online shopping I’m using the Firefox focus browser or email.

Well VPN are only good to keep out the ISP and government to know what websites you go to and what you do on the internet. One problem is VPN in the US is it subject to the US and may be well be own by the NSA.

So if you use a VPN it has to be in a country that does not play nice to the US and not own by westerners.

But when a VPN provider says we do no tracking and logging you only have their word to go by.

And if you use a VPN in say Africa or Asia you don’t know if they are tracking and logging you. Well probably the US government and NSA will not be able to get the data but the company only has their word to go by if they say we do no tracking.
 
Last edited:

moon982

Posts: 100   +26
Alternatively, Brave search has built their own Internet index, so you can rely on them for true search privacy. They also have their own mobile app and their CEO’s confirmed that this issue is not present in their software:


Yes that is one problems with Duckduckgo they pull web searches from Bing and startpage pulls web searches from Google.

What I really like about Brave is they are claiming they are indexing the Internet and building their own search index. Well it is going take long time to be able to do that.

I don’t know why Duckduckgo and startpage unless there some businesses deal going on why they had no plans for that. And what is so shady about startpage is they banned the use of VPN.

If search engine wants to be 100% private it needs to build its own search index out side of Google and Bing.
 

moon982

Posts: 100   +26
DuckDuckGo is better than Google but not perfect.

Google has lot of nice free things like google maps, google earth, gmail, google docs, google cloud storage, youtube, state of art search engine so on. But all this comes with cost just like facebook snd Twitter is free but come with cost. So nothing is really free. It has to log you and track and sell data to third party businesses. It makes it money by ads buy giving free stuff.

Microsoft and Apple makes it money buy making hardware and software and selling it to you.

So Google does a lot more monitoring and tracking than Microsoft because it giving you free stuff.

But there is now information that Microsoft is getting into the ads businesses now.
 

captaincranky

Posts: 18,744   +7,680
I believe VPN in other country may help little bit but still not 100% there will be no tracking.
TPM 2.0 and Windows 11 should dispense with any fantasies or illusions of privacy you may still cling to.

Suppose you're using a VPN. Have you ever noticed that your A/V program still manages to get you your updates, no matter where in the world you're pretending to be? ;)
 
Last edited:

eforce

Posts: 957   +1,373
A VPN allows you to share files in peace and make realtime tracking of you by rogue governments more difficult.
 

etempest

Posts: 61   +36
I think the biggest issue is there marketing vs how they operate.
They could of tweaked there marketing while being up front about the situation.

They opted for deceptive marketing to imply complete privacy vs privacy just against Google & Facebook. Example - The "every breath you take" ad in particular.
 

amghwk

Posts: 1,187   +1,111
If no one found out about this deal, DDG would still have been quiet about this and go on with their defenders of privacy mask.