by Tyler Durden
May 29, 2022
Gabriel Weinberg took to Twitter on Saturday, calling our
headline "quite misleading"
isn't about our search engine and we actually restrict Microsoft
scripts in our browsers, including blocking their 3rd
Weinberg links to a
Reddit thread he created on
Wednesday when the tracking controversy broke. In it, he explains:
article is not about our search engine, but about our browsers."
other browsers on the market talk about tracking protection they
are usually referring to 3rd-party cookie protection and
fingerprinting protection, and
our browsers impose these same restrictions on all third-party
tracking scripts, including those from Microsoft."
And while Redditors
appeared sympathetic in the replies, users in the more technically
YCombinator Hacker News forum
weren't buying it.
The top response
refutes Weinberg's claim that,
"this is not
about search," explaining "your competitors in the
privacy-centric browser space don't have this restriction
because they're not search engines acquiring the majority of
their data from an entity with a conflicting interest."
thread by the security engineer shows that the scripts are
communicating back to the servers.
That means your multi-pronged protection has failed,
unless you've suddenly discovered a way for browsers to block IP
addresses from being sent by scripts (and since they can be
extracted from the request itself that doesn't seem likely)."
continued further into the thread.
privacy', 'easy button', 'capabilities', and repeated use of the
word 'protection' are all signals that what is being said is an
attempt to sell me something and that the salesman should be
doubted," wrote user
"What's actually happening is
you're forced to allow Microsoft scripts which do indeed do
telemetry on users despite some restrictions you put on them,
and they're still effective because fingerprinting works.
That fact is embarrassing for a
product you're trying to sell as promoting privacy so there's
this mildly deceptive attempt to hide what's going on with lots
of words and claims of protection instead of straightforward
slammed DuckDuckGo's relationship with
Microsoft Advertising, in which DDG
"If you click
on a Microsoft-provided ad, you will be redirected to the
advertiser's landing page through Microsoft Advertising's
At that point,
Microsoft Advertising will use your full IP address and
user-agent string so that it can properly process the ad click
and charge the advertiser."
responded, arguing that they,
contractually agree and publicly
commit (on this page) that, 'Microsoft Advertising does not
associate your ad-click behavior with a user profile.
It also does not store or share
that information other than for accounting purposes'."
To which user
So instead of an actual set of
real protections, like offered by things such as UBlock, you
want us to rely on Microsoft being ethical.
also ignores that governments like the NSA have tapped these
very networks for data (this is what prompted Google's internal
Even if we trust the legal entity, the fact is that the
information itself is a target and so are those entities. It is
always safer not to send the data, but in this case you're
explicitly sacrificing that safety to benefit your ad partners.
When asked what an
appropriate headline should be for the controversy, "Yegg"
contractually prevents DuckDuckGo's browser from stopping
Microsoft scripts from loading on 3rd party sites (FYI: not
It seems like
DuckDuckGo may have some more convincing to do.
koan put it:
search engine which claims to offer "real privacy" because it
doesn't track searches or store users' history, has come under fire
after a security researcher discovered that
the mobile DuckDuckGo browser app
contains a third-party tracker from Microsoft.
Edwards found that while Google and Facebook's
trackers are blocked,
trackers related to bing.com and
linkedin.com were also being allowed through.
In response to the
essentially shrugged - telling
BleepingComputer that the
"above-and-beyond protection" that other browsers don't...
he said "never promised" anonymity when browsing.
"We have always
been extremely careful to never promise anonymity when browsing,
because that frankly isn't possible given how quickly trackers
change how they work to evade protections and the tools we
currently offer," he said.
other browsers on the market talk about tracking protection,
they are usually referring to 3rd-party cookie protection and
fingerprinting protection, and our browsers for iOS, Android,
and our new Mac beta, impose these restrictions on third-party
tracking scripts, including those from Microsoft.
talking about here is an above-and-beyond protection that most
browsers don't even attempt to do — that is, blocking
third-party tracking scripts before they load on 3rd party
websites," he continued.
doing this where we can, users
are still getting significantly more privacy protection with
DuckDuckGo than they would using other browsers."
DuckDuckGo doesn't provide the type of privacy they've
earned a reputation for - they
simply betray users
TechRadar notes, this didn't
go over well.
The news quickly drew in crowds of dissatisfied users,
with DuckDuckGo founder and CEO Gabriel Weinberg, soon chiming
in to confirm the authenticity of the findings.
Apparently, DuckDuckGo has a
search syndication agreement with the software giant from
Redmond, with Weinberg adding that the restrictions are only
found in the browser, and are not related to the search engine.
What remains unknown is why the
company who is known for its transparency decided to keep this
agreement a secret for as long as it could. -TechRadar
See Edwards' entire
May 23 Twitter thread below: