Privacy-focused DuckDuckGo browser has been found to allow Microsoft trackers by an independent security researcher named Zach Edwards. DuckDuckGo has defended itself, saying that it only allows Microsoft’s trackers because of a search syndication agreement with the company.
Edwards came across the loophole when performing a security audit of the browser. He discovered that while the browser blocks Google and Facebook trackers, Microsoft trackers continued running, with further tests revealing that trackers related to Bing and LinkedIn were also allowed.
DuckDuckGo founder and CEO Gabriel Weinberg confirmed this on Edward’s Twitter thread, stating that they’re bound by their contract with Microsoft to allow the company’s trackers. He added that this restriction only applies to the browser and not the DuckDuckGo search engine.
The timing for this is terrible for DuckDuckGo, having gone after Google for their new ‘Topics’ and ‘FLEDGE’ tracking methods recently. The discovery has caused quite an uproar on Hacker News as well.
The whole premise of the browser when it was announced was to protect users’ entire web experience and keep them from being tracked. The browser itself was expected to be a no-nonsense, easy to use software where users didn’t have to fiddle around with complicated security settings to keep themselves safe.
While the company has been transparent about its advertisement partnership with Microsoft, allowing the latter to track IP addresses and other information when clicking on an ad link, it’s unclear why they chose to keep this restriction behind closed doors. The restriction wasn’t stated in their app store descriptions for the Android and iOS apps.
In a statement to BleepingComputer, CEO Weinberg has stated that they’re working with Microsoft to remove the restriction from their agreement.
In the News: Microsoft Build 2022: 3rd-party widgets, Power Platform and more