DuckDuckGo promises privacy to users of its Android, iOS, and macOS browsers, but allows certain data to flow from third-party websites to Microsoft-owned services.
Security researcher Zach Edwards recently audited DuckDuckGo’s mobile browsers and found that, contrary to expectations, they don’t block Meta’s Workplace domain, for example, from sending information to Microsoft’s Bing and LinkedIn domains.
Specifically, DuckDuckGo software did not prevent Microsoft crawlers on the Workplace page from providing user information to Bing and LinkedIn for custom advertising purposes. Other crawlers, such as Google, are blocked.
“I tried the so-called DuckDuckGo private browser for both iOS and Android, but neither version blocked data transfers to Microsoft’s Linkedin + Bing ads while watching Facebook’s workstation.[.]com, “Edwards explained in a Twitter thread.
The situation is the same for DuckDuckGo’s macOS browser, a company spokesman confirmed.
In response to Edwards, DuckDuckGo CEO Gabriel Weinberg stressed that his browsers do not allow ad tracking data to flow into DuckDuckGo’s Microsoft Bing search engine, which was criticized last year. separated to inherit Redmond censorship in the images of Tiananmen Square.
According to Weinberg, DuckDuckGo Search users who see ads running through Microsoft Advertising do not provide data when those ads are loaded on the page. If a user clicks on an ad, Microsoft Advertising obtains the user’s IP address and user agent string for ad assignment and billing, although there is apparently no link this click to a user profile, as DuckDuckGo explains on its website.
As for company browsers, he said that DuckDuckGo blocks Microsoft third-party cookies (used for ad tracking) on third-party websites, but acknowledged that there are some crawlers (scripts used for tracking ) that DuckDuckGo browsers do not block due to contractual commitments. with Microsoft.
“For blocking non-search crawlers (for example, in our browser), we block most third-party crawlers,” Weinberg said. “Unfortunately, our Microsoft search syndication agreement prevents us from doing more on Microsoft-owned properties. However, we’ve been pushing continuously and look forward to doing so soon.”
What we’re talking about here is superior protection and beyond what most browsers don’t even try to do
“What we’re talking about here is superior protection and beyond what most browsers even try to do, which is to block third-party tracking scripts before they load on third-party websites,” Weinberg added. an emailed statement to The Register.
“Because we do it where we can, users are still getting significantly greater privacy protection with DuckDuckGo than with Safari, Firefox and other browsers.”
In other words, DuckDuckGo offers better-than-average privacy protections in its browsers, but looks elsewhere for Microsoft-owned scripts, for Bing and LinkedIn, so they can continue to load on third-party websites like Workplace and collecting data.
DuckDuckGo, Weinberg said, does not promise anonymity when browsing “because, frankly, it is not possible given the speed with which trackers change their operation to evade the protections and tools we currently offer.”
Anonymity is also contractually prohibited, as DuckDuckGo had pointed out in recent revisions to its browser descriptions on Google Play, the iOS App Store, and the Mac App Store, presumably to avoid scrutiny by regulatory agencies. to promise privacy and not reveal exceptions.
Added text says: “Note about blocking our crawler: Although we block all cookies between (third-party) sites on other sites you visit, we can’t block all hidden tracking scripts on non-DuckDuckGo sites by multiple reasons such as new scripts appear all the time “.
In a post on Hacker News and in an even longer essay on Reddit, Weinberg tried to explain the limitations involved, as far as possible without violating its contractual commitment with Microsoft to keep the terms of the agreement private.
“These are only non-DuckDuckGo sites that are not from Microsoft in our browsers, where our search syndication agreement currently prevents us from stopping the upload of Microsoft-owned scripts, although we can still enforce our protections browser after loading (such as third parties) .blocking cookies and others mentioned above, and they do), “he wrote to HN.
Weinberg insists that DuckDuckGo is trying to change the terms of its search syndication agreement with Microsoft, but it can only say a lot.
“Our syndication agreement also has broad confidential provisions and the same requirements documents are explicitly marked as confidential,” he said. ®
Speaking of anonymity … Users of the Tails 5.0 operating system Tor browser have been told in favor of privacy to stop using the software until the release of 5.1, as an underlying Mozilla Firefox browser vulnerability may be exploited by “a malicious person.” to prevent some of the security built into the Tor browser and to access information from other websites “.
“Mozilla is already aware of websites that exploit this vulnerability,” the Tails team wrote.
“This vulnerability will be fixed in Tails 5.1 (May 31), but our team does not have the ability to release an emergency release before.”