Posted on 05/28/2022 6:16:29 PM PDT by blam
DuckDuckGo, the search engine which claims to offer ‘real privacy’ because it doesn’t track searches or store users’ history, has come under fire after a security researcher discovered that the mobile DuckDuckGo browser app contains a third-party tracker from Microsoft.
Researcher Zach Edwards found that while Google and Facebook’s trackers are blocked, trackers related to bing.com and linkedin.com were also being allowed through.
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s https://t.co/u8W44qvsqF and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains.
iOS + Android proof: 👀🫥😮💨🤡⛈️⚖️💸💸💸 pic.twitter.com/u3Q30KIs7e
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
In response to the revelation, CEO Gabriel Weinberg essentially shrugged – telling BleepingComputer that the company offers “above-and-beyond protection” that other browsers don’t, but that he ‘never promised’ anonymity when browsing.
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible given how quickly trackers change how they work to evade protections and the tools we currently offer,” he said.
DuckDuckGo CEO Gabriel Weinberg
“When most other browsers on the market talk about tracking protection, they are usually referring to 3rd-party cookie protection and fingerprinting protection, and our browsers for iOS, Android, and our new Mac beta, impose these restrictions on third-party tracking scripts, including those from Microsoft. What we’re talking about here is an above-and-beyond protection that most browsers don’t even attempt to do — that is, blocking third-party tracking scripts before they load on 3rd party websites,” he continued.
“Because we’re doing this where we can, users are still getting significantly more privacy protection with DuckDuckGo than they would using other browsers.”
In short, DuckDuckGo doesn’t provide the type of privacy they’ve earned a reputation for – they simply betray users the least.
As TechRadar notes, this didn’t go over well.
The news quickly drew in crowds of dissatisfied users, with DuckDuckGo founder and CEO Gabriel Weinberg, soon chiming in to confirm the authenticity of the findings.
Apparently, DuckDuckGo has a search syndication agreement with the software giant from Redmond, with Weinberg adding that the restrictions are only found in the browser, and are not related to the search engine.
What remains unknown is why the company who is known for its transparency decided to keep this agreement a secret for as long as it could. -TechRadar
See Edwards’ entire May 23 Twitter thread below:
DuckDuckGo has browser extensions & their own browsers for iOS / Android @ https://t.co/2Il4VrBVqc
iOS @ https://t.co/srtR22gtfS
Android @ https://t.co/STtTve3vS7
Both versions of the DDG browser claims to use tools which “automatically blocks hidden third-party trackers” 👀 pic.twitter.com/amhdT0w3Ru
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
I don’t have the full list of advertising domains that the DuckDuckGo browser is allowing to collect data within their new “private” browser ((anyone have that or parsed it somewhere??) but any list that doesn’t include “linkedin[.]com” + “bing[.]com” is *purposefully* broken. pic.twitter.com/xjkcWafZqD
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
But you won’t find any public articles from DuckDuckGo explaining *why* they are not blocking Microsoft-owned 3rd party data flows on websites *not* owned by Microsoft, like on Facebook’s Workplace[.]com domain sending data to Bing & Linkedin in the DDG “private” browser. 👀🤡⛈️ pic.twitter.com/ATS4J7aBhE
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
You can capture data within the DuckDuckGo so-called private browser on a website like Facebook’s https://t.co/u8W44qvsqF and you’ll see that DDG does NOT stop data flows to Microsoft’s Linkedin domains or their Bing advertising domains.
iOS + Android proof: 👀🫥😮💨🤡⛈️⚖️💸💸💸 pic.twitter.com/u3Q30KIs7e
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
So another question to ask: if you were a DDG privacy researcher who knew that Microsoft has a variety of domains they use for cross-site tracking to optimize their ads systems, and you already knew that DDG was giving IP address & UA string data to MSFT, did you know this too?👀 pic.twitter.com/08ryUFY6rH
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
Personally, I think that both Google & Apple have an obligation to users within their app marketplaces to remove apps which claim to do X, Y, Z, but do the opposite, merely because it makes the parent company more money.
If you say you block 3rd party data flows, *do that* …
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
I don’t think there is a public list of *all* the domains that the DuckDuckGo browser is *not* blocking, but they seem to be doing this w/ hardcoded rules. The DDG browser stops data flows from tons of domains…. except DDG’s #1 ad tech partner.
Mysterious! 🤡⛈️⚖️📴📴 pic.twitter.com/mdC78ihRfr
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
I won’t hold my breath that DuckDuckGo will update their own so-called private browser to actually stop data flows to their own ad tech partners, but this is one of those things that makes a privacy auditor … annoyed? bitter? confrontational?
Does Google / Apple care? pic.twitter.com/SB0jrizrVi
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) May 23, 2022
String the little bastard up.
I dumped ddg because of this.
>> I feel betrayed, for sure.
You should have known better. The DDG delusions have been going on for years.
wait til the truth about Brave comes out
We must assume that everything we do online is being tracked, monitored, etc. Gotta be our default mode.
The article mentions the mobile browser. I wonder if it’s the same for PCs.
I’ve been using the Brave browser and Brave search engine for most things ever since DDG decided to filter out “misinformation” on the Russia-Ukraine conflict.
For now the Brave search engine has less of leftist bias..for now.
I had switched to Brave’s search engine a couple of months ago when I had heard something similar about DDG.
I have also built up a list of sites I don’t want my PC to have access to by using their IP addresses in the host file.
“I would go as far to say I don’t trust my anonymity on this site or any other.”
I’ve started getting emails from Dinesh D’Souza and they are addressed to my screen name here!!!
I don't know why?
Shirley you knew, deep in your heart and soul, that there was no way to use the "free net" without leaving foot prints, and that some one, some where would follow and track them.
How does anyone think that you can bounce all over the net, willy nilly and do it without someone viewing, tracking and monetizing your movements?
Every thing you post here on FR can be read on google and many other trackers.
What do you think happens with the multi billions of dollars worth of computers that NSA, ciafbi and all the rest of the feds have?
I've got news for you, you are news, so don't feel betrayed, just know you are, and always will be, exposed.
I feel like I’ve just been scolded.
That's better than betrayed.
And the word is "schooled".
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.