DuckDuckGo, the search engine which claims to offer ‘real privacy’ because it doesn’t track searches or store users’ history, has come under fire after a security researcher discovered that the mobile DuckDuckGo browser app contains a third-party tracker from Microsoft.
Researcher Zach Edwards found that while Google and Facebook’s trackers are blocked, trackers related to bing.com and linkedin.com were also being allowed through.
I tested the DuckDuckGo so-called private browser for both iOS and Android, yet *neither version* blocked data transfers to Microsoft’s Linkedin + Bing ads while viewing Facebook’s workplace[.]com homepage.
Look at DDG bragging about stopping Facebook on Workplace, no MSFT..: pic.twitter.com/xfqhUOZMmf
— ℨ??? ??????? (@thezedwards) May 23, 2022
In short, DuckDuckGo doesn’t provide the type of privacy they’ve earned a reputation for – they simply betray users the least.
As TechRadar notes, this didn’t go over well.
The news quickly drew in crowds of dissatisfied users, with DuckDuckGo founder and CEO Gabriel Weinberg, soon chiming in to confirm the authenticity of the findings.
Apparently, DuckDuckGo has a search syndication agreement with the software giant from Redmond, with Weinberg adding that the restrictions are only found in the browser, and are not related to the search engine.
What remains unknown is why the company who is known for its transparency decided to keep this agreement a secret for as long as it could. -TechRadar
See Edwards’ entire May 23 Twitter thread below:
Sometimes you find something so disturbing during an audit, you’ve gotta check/recheck because you assume that *something* must be broken in the test.
But I’m confident now.
The new @DuckDuckGo browsers for iOS/Android don’t block Microsoft data flows, for LinkedIn or Bing.? pic.twitter.com/ol7Ydfo3BJ
— ℨ??? ??????? (@thezedwards) May 23, 2022
DuckDuckGo has browser extensions & their own browsers for iOS / Android @ https://t.co/2Il4VrBVqc
iOS @ https://t.co/srtR22gtfS
Android @ https://t.co/STtTve3vS7
Both versions of the DDG browser claims to use tools which
“automatically blocks hidden third-party trackers” ? pic.twitter.com/amhdT0w3Ru— ℨ??? ??????? (@thezedwards) May 23, 2022
I don’t have the full list of advertising domains that the DuckDuckGo browser is allowing to collect data within their new “private” browser ((anyone have that or parsed it somewhere??) but any list that doesn’t include “linkedin[.]com” + “bing[.]com” is *purposefully* broken. pic.twitter.com/xjkcWafZqD
— ℨ??? ??????? (@thezedwards) May 23, 2022
I don’t think there is a public list of *all* the domains that the DuckDuckGo browser is *not* blocking, but they seem to be doing this w/ hardcoded rules. The DDG browser stops data flows from tons of domains…. except DDG’s #1 ad tech partner.
Mysterious! ?⛈️⚖️?? pic.twitter.com/mdC78ihRfr
— ℨ??? ??????? (@thezedwards) May 23, 2022