How about a Big Tech “privacy-friendly alternative” that’s, in reality, teaming up and working closely with Microsoft – and appears to put faith in the ethics of a notoriously and historically unethical corporate giant? And what if this “alternative” has a tracking deal with Microsoft?
A pretty bleak prospect, considering that these massive corporations are about as bad as each other where monopolistic behavior, user tracking, and data harvesting is concerned.
But that is precisely what DuckDuckGo (DGG) – a “Google Search alternative” search engine and browser that has lately been stumbling from one credibility-undermining controversy to another – is now being accused of. And once again, its CEO Gabriel Weinberg is in full damage control mode on social networks, denying that anything’s wrong – but not so much by clearly explaining the situation, as by talking in circles to justify it.
What DuckDuckGo says on the tin, that is, when you visit the search page, is that it provides seamless privacy protection on the browser, asking users if they’re “tired of being tracked online” and then promising that the company “can help” if the answer is affirmative. Another promise is that of “privacy protection for any device.”
Users are being led to believe that, unlike DDG’s huge competitors, the search operation doesn’t track them or retain search history. And the browser app is telling users that it automatically blocks hidden third-party trackers.
But what it is accused of actually doing is allowing Microsoft to run its scripts, collect data points on users and monitor them via third-party trackers from the Redmond behemoth – not on the DuckDuckGo site itself, but on some third-party websites.
In addition to running the search site and providing browser extensions, DuckDuckGo also has its own browser, for Android and iOS. It is there that, as security engineer Zach Edwards discovered and shared in a Twitter thread, DDG blocks trackers from Google and Facebook – but not from Microsoft, and that this behavior relates to bing.com and linkedin.com.
The revelation quickly got many users very upset and looking for answers.
Instead of clearly denying – or confirming – that this is happening and is troublesome, not least because it could prove to be misleading to those thinking they were enjoying strict privacy protection, Weinberg said that DDG “never promised true anonymity” in the first place (what about “privacy protection” for those “tired of being tracked online,” though?)
Next, in comments cited by BleepingComputer, the DDG CEO spoke in nebulous terms like claiming that DDG offers “above and beyond” protection, as opposed to other browsers who are not trying as hard as his company.
“Users are still getting significantly more privacy protection with DuckDuckGo than they would using other browsers,” he said, downgrading the claim of “seamless privacy protection” to, “we’re doing this where we can.”
There’s more deflecting – Weinberg claims that the tracking is happening only in the browser app, that Microsoft’s tracker is restricted in some ways, and that the whole process is unrelated to search itself. However, critics reject this, saying that despite those restrictions, the tech still makes use of fingerprinting to collect users’ telemetry.
Now, instead of recognizing that many privacy-minded and technically savvy people who understand what’s going on under the hood will suspect all this to mean the company has been at best misleading users and at worst engaging in false advertising, Weinberg has slammed some reports as “quite misleading.”
But that’s not all. Over on Twitter, Weinberg informed the world that as part of his company’s agreement with Microsoft, which helps it deliver the search functionality, DuckDuckGo cannot block all Microsoft trackers.
“Unfortunately, our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon,” he tweeted.
In a Reddit post, Weinberg wrote:
“The issue at hand is, while most of our protections like 3rd-party cookie blocking apply to Microsoft scripts on 3rd-party sites (again, this is off of DuckDuckGo,com, i.e., not related to search), we are currently contractually restricted by Microsoft from completely stopping them from loading (the one above-and-beyond protection explained in the last paragraph) on 3rd party sites. We still restrict them though (e.g., no 3rd party cookies allowed). The original example was Workplace.com loading a LinkedIn.com script. Nevertheless, we have been and are working with Microsoft as we speak to reduce or remove this limited restriction.”
Very unfortunate indeed, particularly for a company whose entire identity and the differentiating factor revolves around promising privacy and transparency. How is it possible that such a company decided to keep this deal with its ad partner, Microsoft, secret “for as long as it could,” is one of the questions raised around the whole debacle by TechRadar.
The behavior seems all the more disingenuous since the discovery comes at a time when web users are more aware than ever of the danger of tracking, data collection, and sharing, and are putting their faith in what appear to be real alternatives.
Previously this year, DuckDuckGo was accused of removing “pirate” sites and links to tools such as youtube-dl from its search results. Weinberg at that time once again denied any malice, saying there was “a problem” only for those using the site operator, adding that “it’s rare for people to use it.”