DuckDuckGo made a deal with the devil. Due to a confidential search agreement, the DuckDuckGo browser does not block all Microsoft trackers. What’s worse, DuckDuckGo only acknowledged this “privacy hole” after it was discovered by a security researcher.
As you may know, DuckDuckGo pulls its search results from other services, primarily Bing. You may also know that clicking a Microsoft-provided ad in DuckDuckGo will reveal your IP address to the Microsoft Advertising service—this is explicitly stated on DuckDuckGo’s website and in the company’s search engine.
But this partnership goes a bit deeper than we thought. Security researcher @thezedwards found that the mobile DuckDuckGo browser does not block Microsoft trackers on third-party websites, such as the Facebook-owned Workplace.com.
This is shocking. DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can't talk about it!
This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn't work. pic.twitter.com/bzxw8vaxsy
— Shivan Kaul Sahib (@shivan_kaul) May 23, 2022
Gabriel Weinberg, the CEO of DuckDuckGo, is now running damage control on Twitter. He explains that Microsoft cannot see what you search in DuckDuckGo, and the DuckDuckGo browser blocks all Microsoft cookies. But if you visit a website that contains Microsoft’s trackers, then your data is exposed to services like Bing and LinkedIn.
This is the result of DuckDuckGo’s “search syndication agreement” with Microsoft. In order to pull search information from Bing, the privacy experts at DuckDuckGo have to poke holes in their browser’s security system.
Yes. While our search syndication agreement allows us to block MSFT 3rd party cookies (e.g., from LI) on non-MSFT owned domains (e.g., on Workplace), it does not currently allow us to do more than that, which we have been actively working to change.
— Gabriel Weinberg (@yegg) May 23, 2022
Gabriel Weinberg says that DuckDuckGo is “working tirelessly behind the scenes” to improve its deal with Microsoft. Additionally, he expects DuckDuckGo to “include more third-party Microsoft protection” in a future update.
Yeah, that’s great. But why are we only hearing about this now? We’ve all seen the ads and billboards—privacy and transparency are the biggest features in DuckDuckGo’s browser. Oh, but Microsoft gets an exception, and users aren’t allowed to know about it?
It’s clear that DuckDuckGo doesn’t offer the level of privacy that it promises to users. And unfortunately, I’m not sure that any company or software can protect your browsing data. The internet doesn’t run on privacy or anonymity; it runs on money, and your data is worth a lot of money.