The duck is in hot water! DuckDuckGo is the go-to search service for folks concerned with online privacy, but sadly, things are not as private as these users would have hoped.
Before we get down to the juicy details, an introduction to the company.
DuckDuckGo is founded on the promise of a more private web, with a search engine that does not heavily track every movement you make on the web. The firm also offers dedicated apps for the iOS and Android platforms and a slew of accompanying services.
So, naturally, a revelation like this is damaging, and the controversy is likely to impact the number of users it manages to attack.
That’s because a discovery by a security researcher reveals that the company is allowing data to be transmitted via Microsoft trackers to LinkedIn and Bing ad domains. What’s more, the company also admits that an agreement exists between itself and the Windows maker.
Zach Edwards, the security researcher, has a gargantuanly lengthy thread about his findings:
Sometimes you find something so disturbing during an audit, you've gotta check/recheck because you assume that *something* must be broken in the test.
But I'm confident now.
The new @DuckDuckGo browsers for iOS/Android don't block Microsoft data flows, for LinkedIn or Bing.🧵 pic.twitter.com/ol7Ydfo3BJ
— Zach Edwards (@thezedwards) May 23, 2022
He goes on to explain that if you download the current version of the DuckDuckGo browser on iOS and Android, you will find that the browser has a secret allow data flow list that is used to enable data transfer to super common advertising subsidiaries owned by Microsoft.
It stops all other trackers—including those from Facebook and Google—but not the ones owned by Redmond.
Apparently, this stems from a search syndication agreement between DuckDuckGo and Microsoft. To make matters worse, the company has kept this hidden, with no mention of this leeway afforded to the software titan in official communication or app descriptions.
The company is in damage control mode now that the cat is out of the bag.
In a statement, DuckDuckGo CEO Gabriel Weinberg clarified the stance. The app store descriptions have also been amended to let folks know that the company is not able to block all hidden tracking scripts on other websites for various reasons.
