DuckDuckGo privacy? I think not! I always knew that "We don't care what you search for at 3 AM" is total BS! -"Quite Misleading": DuckDuckGo CEO Responds To Microsoft Tracker Controversy

1.5K

•

FYI -- this is a quite misleading headline since this isn't about our search engine and we actually restrict Microsoft scripts in our browsers, including blocking their 3rd party cookies.

— Gabriel Weinberg () May 29, 2022 Weinberg links to a Reddit thread he created on Wednesday when the tracking controversy broke. In it, he explains: "this article is not about our search engine, but about our browsers," adding that "When most other browsers on the market talk about tracking protection they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers impose these same restrictions on all third-party tracking scripts, including those from Microsoft."

And while Redditors appeared sympathetic in the replies, users in the more technically oriented YCombinator Hacker News forum weren't buying it.

The top response refutes Weinberg's claim that "this is not about search," explaining; "Your competitors in the privacy-centric browser space don’t have this restriction because they’re not search engines acquiring the majority of their data from an entity with a conflicting interest."

Another user replied: "The thread by the security engineer shows that the scripts are communicating back to the servers. That means your multi-pronged protection has failed, unless you've suddenly discovered a way for browsers to block IP addresses from being sent by scripts (and since they can be extracted from the request itself that doesn't seem likely)."

The criticism continued further into the thread.

""multi-pronged privacy", "easy button", "capabilities", and repeated use of the word "protection" are all signals that what is being said is an attempt to sell me something and that the salesman should be doubted," wrote user Colechristensen. "What's actually happening is you're forced to allow Microsoft scripts which do indeed do telemetry on users despite some restrictions you put on them, and they're still effective because fingerprinting works. That fact is embarrassing for a product you're trying to sell as promoting privacy so there's this mildly deceptive attempt to hide what's going on with lots of words and claims of protection instead of straightforward disclosure."

Another user slammed DuckDuckGo's relationship with Microsoft Advertising, in which DDG admits: "If you click on a Microsoft-provided ad, you will be redirected to the advertiser’s landing page through Microsoft Advertising’s platform. At that point, Microsoft Advertising will use your full IP address and user-agent string so that it can properly process the ad click and charge the advertiser."

Weinberg (username: Yegg) responded, arguing that they "got Microsoft to contractually agree and publicly commit (on this page) that "Microsoft Advertising does not associate your ad-click behavior with a user profile. It also does not store or share that information other than for accounting purposes." https://www.zerohedge.com/political/privacy-search-engine-duckduckgo-smoked-over-hidden-tracking-agreement-microsoft

Update: DuckDuckGo CEO Gabriel Weinberg took to Twitter on Saturday, calling our headline "quite misleading" since "this isn't about our search engine and we actually restrict Microsoft scripts in our browsers, including blocking their 3rd party cookies." FYI -- this is a quite misleading headline since this isn't about our search engine and we actually restrict Microsoft scripts in our browsers, including blocking their 3rd party cookies. — Gabriel Weinberg (@yegg) May 29, 2022 Weinberg links to a Reddit thread he created on Wednesday when the tracking controversy broke. In it, he explains: "this article is not about our search engine, but about our browsers," adding that "When most other browsers on the market talk about tracking protection they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers impose these same restrictions on all third-party tracking scripts, including those from Microsoft." And while Redditors appeared sympathetic in the replies, users in the more technically oriented YCombinator Hacker News forum weren't buying it. The top response refutes Weinberg's claim that "this is not about search," explaining; "Your competitors in the privacy-centric browser space don’t have this restriction because they’re not search engines acquiring the majority of their data from an entity with a conflicting interest." Another user replied: "The thread by the security engineer shows that the scripts are communicating back to the servers. That means your multi-pronged protection has failed, unless you've suddenly discovered a way for browsers to block IP addresses from being sent by scripts (and since they can be extracted from the request itself that doesn't seem likely)." The criticism continued further into the thread. ""multi-pronged privacy", "easy button", "capabilities", and repeated use of the word "protection" are all signals that what is being said is an attempt to sell me something and that the salesman should be doubted," wrote user Colechristensen. "What's actually happening is you're forced to allow Microsoft scripts which do indeed do telemetry on users despite some restrictions you put on them, and they're still effective because fingerprinting works. That fact is embarrassing for a product you're trying to sell as promoting privacy so there's this mildly deceptive attempt to hide what's going on with lots of words and claims of protection instead of straightforward disclosure." Another user slammed DuckDuckGo's relationship with Microsoft Advertising, in which DDG admits: "If you click on a Microsoft-provided ad, you will be redirected to the advertiser’s landing page through Microsoft Advertising’s platform. At that point, Microsoft Advertising will use your full IP address and user-agent string so that it can properly process the ad click and charge the advertiser." Weinberg (username: Yegg) responded, arguing that they "got Microsoft to contractually agree and publicly commit (on this page) that "Microsoft Advertising does not associate your ad-click behavior with a user profile. It also does not store or share that information other than for accounting purposes." https://www.zerohedge.com/political/privacy-search-engine-duckduckgo-smoked-over-hidden-tracking-agreement-microsoft

[–] • 1 pt

(edited )

DDG seemed pretty good at first --back in the early days they seemed to be mostly using Yandex results. But Yandex is Russian-owned, so over time this became a verboten activity if they wanted to continue to exist in the mainstream. That leaves Google, Microsoft and Yahoo, --since DDG didn't have the wherewithal nor the gumption to start creating their own indexing and advertising engines. The Big Tech Giants of course won't allow DDG to partner their results without contracts demanding some level of control.

(post is archived)