Security researcher Zack Edwards this week revealed that DuckDuckGo’s mobile browsers allow some Microsoft sites to bypass its block on trackers. While the browser blocks Facebook and Google trackers, DuckDuckGo makes an exception for some of Microsoft’s. Edwards found that the browsers allow allows data to be sent to Microsoft’s LinkedIn and Bing domains “You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s workplace.com and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains,” Edwards tweeted.
iOS + Android proof:👀🫥😮💨🤡⛈️⚖️💸💸💸 pic.twitter.com/u3Q30KIs7e — ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022 DuckDuckGo said the exemption was due to a search agreement with Microsoft. Gabriel Weinberg, the CEO and founder of DuckDuckGo, provided detailed responses to the uproar on Twitter and Reddit. “For non-search tracker blocking (eg in our browser), we block most third-party trackers,” he said. “Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.”
— Gabriel Weinberg (@yegg) May 23, 2022 The company has also now added a note about its tracker blocking to its App Store description: The swift response has allayed some users’ concerns, but others remain alarmed about the deal. DuckDuckGo still offers more privacy protection than most popular browsers, but not as some users had hoped. Update (2:30PM CET, May 27, 2022): Added clarification that the DuckDuckGo only allows some Microsoft trackers.
