DuckDuckGo: why our browsers don’t block Microsoft trackers

DuckDuckGo: why our browsers don't block Microsoft trackers
Written by admin_3fxxacau

DuckDuckGo promises privacy to users of its Android, iOS, and macOS browsers, but it does allow some data to pass from third-party websites to Microsoft-owned services.

Security researcher Zach Edwards recently conducted an audit of DuckDuckGo’s mobile browsers and found that, contrary to expectations, they do not prevent the Workplace domain of Meta, for example, from sending information to the Bing and LinkedIn domains of Microsoft.

Specifically, DuckDuckGo’s software did not prevent Microsoft trackers on the Workplace page from disclosing user information to Bing and LinkedIn for personalized advertising purposes. Other trackers, such as Google, are blocked.

“I tested the so-called DuckDuckGo private browser for iOS and Android, but no version blocked data transfers to Microsoft’s Linkedin + Bing ads when viewing Facebook’s workplace[.]com,” Edwards explained in a Twitter feed.

The situation is the same for DuckDuckGo’s macOS browser, a company spokesperson confirmed.

In response to Edwards, DuckDuckGo CEO Gabriel Weinberg pointed out that his browsers do not allow ad tracking data to flow to DuckDuckGo’s Microsoft Bing search engine, which has been the subject of separate criticism. last year for to inherit Redmond’s censorship of Tiananmen Square footage.

According to Weinberg, DuckDuckGo Search users who see ads served through Microsoft Advertising do not provide data when those ads are loaded on the page. If a user clicks on an ad, Microsoft Advertising obtains the user’s IP address and user agent string for ad attribution and billing, although there is apparently no connection between that click and a user profile, like DuckDuckGo Explain on its website.

Regarding the company’s browsers, he said that DuckDuckGo blocks third-party Microsoft cookies (used for ad tracking) on ​​third-party websites, but acknowledged that there are some trackers (scripts used for tracking ) that DuckDuckGo’s browsers do not block due to contractual commitments. with Microsoft.

“For blocking non-search related trackers (e.g. in our browser), we block most third-party trackers,” mentioned Weinberg. “Unfortunately, our Microsoft search syndication agreement prevents us from doing more for Microsoft-owned properties. However, we have been pushing hard and plan to do more soon.”

What we’re talking about here is superior, superior protection that most browsers don’t even try to do.

“What we’re talking about here is protection beyond expectation that most browsers don’t even try to do, i.e. block third-party tracking scripts before they load on sites third-party web,” Weinberg added in a statement emailed to The register.

“Because we do this where we can, users still experience significantly more privacy protection with DuckDuckGo than they would with Safari, Firefox and other browsers.”

In other words, DuckDuckGo offers above-average privacy protections in its browsers, but looks the other way for Microsoft-owned scripts – for Bing and LinkedIn – so they can continue to load on third-party websites like Workplace and to collect data.

DuckDuckGo, Weinberg said, doesn’t promise anonymity while browsing “because that’s frankly not possible given how quickly trackers are changing how they work to evade the protections and tools that we currently offer.” .

Anonymity is also contractually excluded, as DuckDuckGo had noted in recent revisions to its browser descriptions in Google Play, the iOS App Store, and the Mac App Store – presumably to avoid scrutiny from regulatory agencies. for promising confidentiality and not disclosing exceptions.

The added text reads: “Note about our tracker blocking: although we block all cross-site (third party) cookies on other sites you visit, we cannot block all hidden tracking scripts on other sites. that DuckDuckGo for a variety of reasons including: new scripts appear all the time making them hard to find, blocking some scripts creates breaks making parts or the whole page unusable, some we are prevented from blocking in due to contractual restrictions with Microsoft.”

In a publication at Hacker News, and a even longer essay on Reddit, Weinberg attempted to explain the constraints involved, to the extent possible without violating his contractual commitment to Microsoft to keep the terms of the agreement private.

“It’s pretty much non-DuckDuckGo and non-Microsoft sites in our browsers, where our search syndication agreement currently prevents us from preventing Microsoft-owned scripts from loading, although we can still apply protections of our browser after loading (as third parties block cookies and the like mentioned above, and do),” he wrote on HN.

Weinberg insists DuckDuckGo is trying to change the terms of its search syndication deal with Microsoft, but can’t say much.

“Our syndication agreement also contains broad confidentiality provisions and the requirement documents themselves are explicitly marked as confidential,” he said. ®

Speaking of anonymity… Tor Browser Users in Tails 5.0 Pro-Privacy OS has been said to stop using the software until version 5.1 is released, as vulnerability in the underlying Mozilla Firefox browser can be exploited by “a malicious website to bypass some of the Tor Browser’s built-in security and gain access to information from other websites”.

“Mozilla is already aware of websites exploiting this vulnerability,” the Tails team wrote.

“This vulnerability will be fixed in Tails 5.1 (May 31), but our team does not have the ability to release an emergency version sooner.”

#DuckDuckGo #browsers #dont #block #Microsoft #trackers

About the author


Leave a Comment