After months of backlash, DuckDuckGo’s browser will finally block Microsoft trackers. The company will also provide more transparency to its users by publishing a full list of blocked domains, updating its Privacy Dashboard to show when scripts are blocked or loaded, and building a custom ad conversion system for its search engine.
We learned on May 24th that DuckDuckGo intentionally left a Microsoft-sized “privacy hole” in its browser. Here’s the gist; if you visit a site with embedded Microsoft trackers, the DuckDuckGo browser will not block those trackers. At least, not for another few weeks.
After the problem was discovered by security researcher @thezedwards, DuckDuckGo CEO Gabriel Weinberg explained that the company has a complicated deal with Microsoft. In exchange for Bing search results, DuckDuckGo uses privacy-protected Microsoft advertising in its search engine (something that the company has always made clear), and more importantly, it isn’t allowed to block certain third-party Microsoft trackers in its browser.
Evidently, DuckDuckGo and Microsoft figured something out. In a new blog post, Gabriel Weinberg says that DuckDuckGo will “expand the third-party tracking scripts we block from loading on websites to include scripts from Microsoft.” This change will occur in DuckDuckGo browsing apps and browser extensions “over the next week.” (Beta versions of DuckDuckGo software will get the same treatment in September.)
For extra clarification, I asked a DuckDuckGo spokesperson which Microsoft domains the browser will block. They explained that all known Microsoft trackers will be blocked, so long as they fit DuckDuckGo’s criteria (some trackers are necessary for websites to work properly).
Additionally, DuckDuckGo gave me a full list of blocked Microsoft domains:
Bear in mind that for some of these domains, like Bing or Linkedin, the DuckDuckGo browser will only block a subset of requests that are related to tracking. (Although I’m sure that some people would love to never visit Bing or Linkedin.)
There’s just one notable exception here; when you click an ad in DuckDuckGo’s search engine, it will not block the bat.bing.com domain. This enables ad conversion metrics, which allow advertisers to know if their ads are actually getting clicked.
The good news is that DuckDuckGo plans to develop a privacy-focused ad conversion architecture. Other companies, including Apple and Mozilla, are taking on the same challenge. (Just don’t hold your breath. I imagine that this will take a while.)
Blocking Microsoft trackers is obviously the highlight of this announcement. But because DuckDuckGo made such a big oopsie-poopsie, it’s changing the way that it communicates with users.
First of all, DuckDuckGo now maintains a public list of all the trackers it blocks. This is an incredibly valuable hunk of information—people can now compare DuckDuckGo’s block list to that of its competitors, or even track domains that are added or removed from this list.
DuckDuckGo is also updating its help page, which is more exciting than it sounds. The help page will show all of DuckDuckGo’s privacy protections (per app) in one place. More importantly, the help page will explain which privacy protections are possible on each platform and detail any new features that are in development.
And finally, the DuckDuckGo Privacy Dashboard will now show every third-party request that is blocked or loaded on a webpage. In some cases, it will also explain why these requests were blocked or allowed to roam free.
It’s nice to see DuckDuckGo approach its problems head-on. Not only will the company block Microsoft trackers, but it will provide more transparency to its users. The full list of blocked domains is especially useful—not only can people see which domains DuckDuckGo blocks, but they can compare the browser’s blocklist to other tools, such as uBlock Origin.
But DuckDuckGo was caught in a big lie. Privacy-minded people won’t forget that lie, and in fact, they may not trust DuckDuckGo’s new push toward transparency.
Instead of sharing my thoughts on the situation, I’ll say this; you’ll never enjoy complete privacy or anonymity on the internet. Even if a company has your best interests at heart, which is never the case, it cannot offer full protection from corporate greed, advertisers, hackers, or governments.
You should continue to research, criticize, and use privacy tools. They absolutely make a difference, even if they aren’t perfect. But don’t put all your trust into some software.