After a revelation in May that DuckDuckGo’s (DDG) privacy-focused web browser allow Microsoft tracking scripts on third-party sites, the company say now it will start blocking them too. DuckDuckGo’s browser had Default 3rd party tracker loading protection which already blocked embedded scripts on Facebook, Google and other websites, but until now Microsoft’s Bing and LinkedIn domains’ scripts (but not its third-party cookies) had a pass.
A security researcher named Zach Edwards pointed out the exclusion which he apparently discovered while auditing the browser’s privacy claims, and noted that it was particularly puzzling because Microsoft is the partner running ads in DDG’s search engine (while promising not to not use this data to create a monitored profile of users to target ads, instead relying on context to decide which ones to show).
DuckDuckGo CEO Gabe Weinberg said at the time that the reason was a search syndication deal with Microsoft, and that more updates on third party tracker preventions were coming. A backlash ensued, with some seizing on DuckDuckGo’s own words that “tracking is tracking,” a phrase the company has used against Google’s “privacy sandbox” advertising technology that replaces cookies.
Now Weinberg written in a blog post, “I have heard from a number of users and understand that we have failed to meet their expectations regarding one of our browser’s web tracking protections.” DuckDuckGo is committed to being more transparent about the trackers its browser and extensions protect users from, make available its tracker blocking lists and offering users more information on how its tracking protections with a new help page.
In an email to The edgethe company’s vice president of communications, Kamyl Bazbaz, said most Microsoft scripts were already blocked by other browser protections, saying “we ran a test to see how many additional blocks occur as a result of this new update and based on the top 1000 websites, we found that the increase was only 0.25%.
One thing it won’t block by default after the changes roll out this week is scripts for bat.bing.com which load directly after a user clicks on one of DDG’s search ads, which it claims are used on advertisers’ sites to measure ad effectiveness. But the blog post says that third-party tracker DuckDuckGo’s upload protection will block Microsoft’s scripts “in all other contexts.” According to Weinberg, users have the option of avoiding this by disabling ads in DuckDuckGo’s search settings. DuckDuckGo says that, like some other companies, it’s working on non-profiling technology to replace scripts, but it’s not ready yet.
DuckDuckGo reviews continue to focus on Google’s advertising profiles and all the data they tend to harvest from its various products, and rightly so – looking at Google’s parent company. Alphabet’s $257 billion revenue in 2021most came from advertising.
But there are also more than enough reasons to keep an eye on Microsoft’s advertising efforts. Beyond his deal to support Netflix’s ad-supported streaming servicethis too earn billions of dollars Internet advertising. and built a cross-platform capable ad tech giant who can reach more than a billion people. If DuckDuckGo promises its users more comprehensive protection than in other browsers, it will have to continue to prove it, and additional transparency can only help.
Update at 8:25 a.m. ET: Updated to note that bat.bing.com scripts are allowed to load directly after clicking an ad, but not otherwise.