DuckDuckGo might be the first browser you think of when someone mentions privacy, but it has been allowing third-party tracking from Microsoft. DuckDuckGo says that’s due to the “syndicated search” agreement between the two companies.
That’s not a good look for the privacy-focused browser. Security researcher Zack Edwards noticed that something weird was happening in an audit of both the iOS and Android versions of the DuckDuckGo browser.
He noticed that, while the browser was stopping data tracking out to Facebook or Google, that wasn’t happening for Microsoft-owned sites like Bing and LinkedIn. That’s against the whole spirit of the DuckDuckGo Privacy Browser, and requires some explanation from the company.
The company was quick to respond to the claim, saying that yes, Microsoft does have some sort of special treatment.
That’s because DuckDuckGo uses Bing as a fallback for search in case its own crawler doesn’t find enough relevant results. The resulting agreement with Microsoft means that it can’t block every Microsoft tracker.
DuckDuckGo’s CEO Gabriel Weinberg says that they’ve been trying to change these requirements.
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer. When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft,” says Weinberg in a statement to BleepingComputer.
If you use the DuckDuckGo search engine on desktop, you’re not subject to the same issues. Only the DuckDuckGo Privacy Browser has hardcoded exemptions to Microsoft tracking.
UPDATE 5/26/2022 12:33 PM: DuckDuckGo’s Gabriel Weinberg responded to our tweet for this post. You can find it below.