IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DuckDuckGo CEO defends platform after Microsoft online tracker agreement uncovered

Gabriel Weinberg's defence was greeted warmly by the community and said the issue ultimately comes down to the unavoidable way the modern internet is run by a select few companies

The CEO of web privacy company DuckDuckGo has spoken out to defend the platform after a researcher discovered that it kept its user-tracking agreement with Microsoft quiet.

Public criticism of DuckDuckGo started on Monday as privacy and data supply chain researcher Zach Edwards discovered that DuckDuckGo allowed user data to flow to Microsoft-owned products LinkedIn and Bing.

DuckDuckGo is a privacy-focused web browser that also has apps for iOS and Android - the two platforms which have been found to leak user data due to DuckDuckGo not blocking specific third-party trackers to Microsoft.

Both Apple App Store and Google Play Store pages for the DuckDuckGo apps claim to offer “seamless protections from third-party trackers while you search and browse”.

However, there is no mention of the agreement with Microsoft to stop loading Microsoft-owned tracking scripts on third-party websites. This means services like LinkedIn and Bing can still gather user browsing data when their trackers are loaded for DuckDuckGo users on other websites.

Gabriel Weinberg, CEO and co-founder of DuckDuckGo, addressed the situation in a lengthy Reddit post on Wednesday, admitting that its contract with Microsoft means the company’s “all-in-one privacy apps” cannot afford the same protections to users as they can from other companies like Google or Meta.

Weinberg said that DuckDuckGo imposes restrictions on all third-party tracking scripts, including Microsoft’s, relating to third-party cookie and fingerprint protection, and also adds an “above and beyond protection” that blocks third-party tracking scripts from loading on websites.

The CEO said this is something that most other browsers don’t attempt to do because blocking such scripts often leads to visited websites breaking. 

The reason why DuckDuckGo has to permit Microsoft’s third-party trackers for Microsoft only is due to distribution requirements associated with its agreement to display some Bing search results in its browser.

“While a lot of what you see on our results page privately incorporates content from other sources, including our own indexes (e.g., Wikipedia, Local listings, Sports, etc.), we source most of our traditional links and images privately from Bing (though because of other search technology our link and image results still may look different),” said Weinberg. 

“Really only two companies (Google and Microsoft) have a high-quality global web link index (because I believe it costs upwards of a billion dollars a year to do), and so literally every other global search engine needs to bootstrap with one or both of them to provide a mainstream search product.”

DuckDuckGo said it’s currently in ongoing talks with Microsoft to remove this limited restriction, but conceded that its “product is not perfect and never will be. Nothing can provide 100% protection”.

That said, it still believes it offers much greater privacy compared to other browsers and understands the confusion held by users given that it's ultimately a search syndication contract that is preventing DuckDuckGo from doing things unrelated to search.

Weinberg’s response was greeted warmly by users saying the comprehensive and technical explanation was “refreshing” and one user said it improved their perception of the company.

DuckDuckGo’s agreement with Microsoft has been disclosed before and in one article on the company’s help page, it informs users that Microsoft can see the full IP address of a user so it can properly charge advertisers when a user clicks on a Microsoft-provided advert.

“I hope this provides some helpful context,” said Weinberg. “Taking a step back, I know our product is not perfect and will never be. Nothing can provide 100% protection. And we face many constraints: platform constraints (we can't offer all protections on every platform due to limited APIs or other restrictions), limited contractual constraints (like in this case), breakage constraints (blocking some things totally breaks web experiences), and of course the evolving tracking arms race that we constantly work to keep ahead of.

“That's why we have always been extremely careful to never promise anonymity when browsing outside our search engine, because that frankly isn’t possible.”

As well as working with Microsoft to remove the restriction, DuckDuckGo is also working to update its app store pages to more accurately reflect the allowances it makes to Microsoft.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022