DuckDuckGo is the privacy-focused search company that has gone beyond just a search engine to also develop a browser and extension.
The thing is, it didn't do what it is supposed to do. Back in May 2022, a security audit by researcher Zack Edwards, reported that certain scripts from Bing and LinkedIn were allowed to run on DuckDuckGo's browser and extension.
What this means, DuckDuckGo allowed the execution of Microsoft's trackers, and wasn't totally protecting user data like it promised.
After a backlash and criticisms that followed, DuckDuck said that it is blocking trackers from Microsoft in its desktop browser and extension.
In an announcement, DuckDuckGo founder Gabriel Weinberg said that he heard users' concerns since Edwards' revelation, saying that:
To do this, DuckDuck is expanding its third-party tracking scripts it blocks from loading on websites to also include scripts from Microsoft in its browsing apps on both iOS and Android, as well as its browser extension on Chrome, Firefox, Safari, Edge and Opera, "with beta apps to follow in the coming month."
In other words, DuckDuckGo is adding Microsoft to its '3rd-Party Tracker Loading Protection', which blocks identified tracking scripts from Facebook, Google, and other companies from loading on third-party websites.
While DuckDuckGo was found doing what it's not supposed to do, DuckDuckGo reassures that the Microsoft scripts were never embedded in its search engine or apps.
The issue here only stems from the fact that the Microsoft scripts were embedded by third-parties, and that DuckDuckGo allowed the scripts to run.
DuckDuckGo never embeds Microsoft's scripts in its own apps.
"Since we were already restricting Microsoft tracking through our other web tracking protections, like blocking Microsoft’s third-party cookies in our browsers, this update means we’re now doing much more to block trackers than most other browsers," the company said.
Weinberg also noted that Microsoft's trackers were still blocked in most ways, like utilizing third-party cookies for fingerprinting visitors.
Things are kind of difficult for DuckDuckGo, since it uses Microsoft's Bing as one of its sources for search results.
Because of its partnership with Microsoft, DuckDuckGo needed to allow at least some of Microsoft's trackers to load "due to a policy requirement." Things also go beyond that, since the policy also allows Microsoft to provide ads that run on DuckDuckGo, which again, uses trackers.
Regardless, Weinberg noted that users can always avoid any ad tracker by simply turning off ads in DuckDuckGo search entirely.
But doing so, forces the company to work on validating ads in other ways that can be non-tracking, Weinberg wrote, akin to similar efforts by Safari and Firefox.
And lastly, DuckDuckGo wants to be more open about its tracker blocking method and how the technology works.
For starters, the company has committed its tracker blocklist to a public GitHub repository, and has also published a new help documentation on its tracking protections.
All that for just two scripts from Microsoft.
But still, DuckDuckGo had to do some explanation since the company is a privacy-focused company, and promising privacy on the web by allowing third-party trackers to run is certainly a big no.