DuckDuckGo has been big about privacy, that’s exactly how it has pushed its browser’s agenda ahead in comparison to Google’s Chrome, Microsoft Edge, and others. And things were going pretty decent for the company till a recent revelation by security researcher Zack Edwards.
Edwards revealed earlier this week that DuckDuckGo’s mobile browser allows some Microsoft sites to bypass its tracker block. So, while the browser was blocking trackers from Facebook and Google, an exception was being made for Microsoft. Edwards also found that DuckDuckGo allows data to be sent to LinkedIn and Bing, both domains owned by Microsoft.
“You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s workplace.com and you’ll see that DDG does NOT stop data flows to Microsoft’s LinkedIn domains or their Bing advertising domains,” Edwards mentioned in his tweet.
To this, DuckDuckGo responded to say that the exemption is because it has a search agreement with Microsoft. CEO and founder of DuckDuckGo, Gabriel Weinberg responded to the “uproar” on Twitter and Reddit that followed this revelation.
“For non-search tracker blocking (example in our browser), we block most third-party trackers. Unfortunately, our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon,” Weinberg said.
DuckDuckGo has now added a note about tracker blocking on the App Store description - “While we block all cross-site (3rd party) cookies on other sites you visit, we cannot block all hidden tracking scripts on non-DuckDuckGo sites for a variety of reasons including: new scripts pop up all the time making them difficult to find, blocking some scripts creates breakage making parts or all of the page unusable, some we are prevented from blocking due to contractual restrictions with Microsoft.”
While some users have accepted the explanation, as it stands, others are still quite uncomfortable with it. Allowing tracking by one particular company, whether there is a deal or not, does not bode well for a privacy-focused browser.