Friday, May 27, 2022

DuckDuckGo Browser Allows Microsoft Trackers

thezedwards:

The new @DuckDuckGo browsers for iOS/Android don’t block Microsoft data flows, for LinkedIn or Bing.

Shivan Kaul Sahib (via Hacker News):

DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can’t talk about it!

This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn’t work.

Gabriel Weinberg (tweet, Reddit):

This is not about search. To be clear, when you load our search results, you are completely anonymous, including ads. For ads, we actually worked with Microsoft to make ad clicks privacy protected as well. From our public ads page, “Microsoft Advertising does not associate your ad-click behavior with a user profile.” This page is linked to next to every Microsoft ad that is served on our search engine (duckduckgo.com).

In all our browsing apps (iOS/Android/Mac) we also block third-party cookies, including those from Microsoft-owned properties like LinkedIn and Bing. That is, the privacy thing most people talk about on the web (blocking 3rd party cookies) applies here to MSFT. We also have a lot of other web protections that also apply to MSFT-owned properties as well, e.g., GPC, first-party cookie expiration, fingerprinting protection, referrer header trimming, cookie consent handling, fire button data clearing, etc.

This is just about non-DuckDuckGo and non-Microsoft sites in our browsers, where our search syndication agreement currently prevents us from stopping Microsoft-owned scripts from loading, though we can still apply our browser’s protections post-load (like 3rd party cookie blocking and others mentioned above, and do). We’ve also been tirelessly working behind the scenes to change this limited restriction. I also understand this is confusing because it is a search syndication contract that is preventing us from doing a non-search thing.

John Gruber:

Not a good look for a company that just launched a high-profile campaign, touting “the simple fact is tracking is tracking, no matter what you call it”.

To be clear, this is about DuckDuckGo’s web browser, not their search results. But still — it’s just so contrary to the core of DuckDuckGo’s brand.

Brendan Eich:

I helped restart the browser market with Firefox, which took off in 2004 and won a lucrative Google search deal that year (Sergey Brin’s emissary made contact with me in 1H2004), so I grok the economics driving DDG to allow 3rd party tracking as a Bing ads deal quid pro quo.

For the record, @Brave has passed up or failed to close such deals because we would not whitelist the tracking scripts across the Web that the search partner said they require to be unblocked. We chose not to violate our own principles and our users’ trust, at high cost to us.

Previously:

Update (2022-05-31): See also: Hacker News.

Update (2022-06-16): Brendan Eich:

When DuckDuckGo got caught making exceptions for Microsoft and Bing trackers, one defense they offered was that it wasn’t a big deal, because DDG browsers block third-party (3p) cookies. We beg to differ.

The thing is, DDG browsers also include exceptions for how MS trackers circumvent 3p cookie blocking. Trackers try to get around cookie blocking by appending identifiers to URL query parameters, to id you across sites.

1 Comment RSS · Twitter

Leave a Comment