After a revelation in May that DuckDuckGo’s (DDG) privacy-focused web browser allows Microsoft tracking scripts on third-party websites, the company now says it will start blocking those too. DuckDuckGo’s browser had third-party tracker loading protection by default that already blocked scripts embedded on websites from Facebook, Google, and others, but until now Microsoft’s scripts from the Bing and LinkedIn domains (but not its third-party cookies) had a pass.
A security researcher named Zach Edwards pointed out the exclusion that he apparently uncovered while auditing the browser’s privacy claims, and noted it is especially curious because Microsoft is the partner that delivers ads in DDG’s search engine (while promising not to use that data to create a monitored profile of users to target ads, instead relying on context to decide which ones it should show).
DuckDuckGo CEO Gabe Weinberg said at the time that the reason for it was a search syndication agreement with Microsoft, and that more updates on third-party tracker preventions were coming. A backlash ensued, with some seizing on DuckDuckGo’s own words that “tracking is tracking,” a phrase the company used against Google’s cookie-replacing “privacy sandbox” ad technology.
Now Weinberg writes in a blog post, “I’ve heard from a number of users and understand that we didn’t meet their expectations around one of our browser’s web tracking protections.” DuckDuckGo is vowing to be more transparent about what trackers its browser and extensions are protecting users from, making its tracker blocklists available and offering users more information on how its tracking protections with a new help page.
In an email to The Verge, the company’s VP of communications Kamyl Bazbaz said most Microsoft scripts were already being blocked the browser’s other protections, claiming “we ran a test to see how much more blocking is happening as result of this new update and based on the top 1,000 websites, we found the increase was only 0.25%.”
One thing it won’t block by default after the changes roll out this week, is scripts for bat.bing.com that load directly after a user clicks on one of DDG’s search ads, which it says are used on advertisers’ sites to measure ad effectiveness. But the blog post says DuckDuckGo third-party tracker loading protection will block Microsoft’s scripts “in all other contexts.” According to Weinberg, users have the option to avoid this by disabling ads in the DuckDuckGo search settings. DuckDuckGo says that, like some other companies, it’s working on non-profiling tech to replace the scripts, but that isn’t ready to go yet.
DuckDuckGo’s criticism continues to focus on Google’s advertising profiles and all the data they tend to scoop up from its various products, and justifiably so — looking at Google parent company Alphabet’s $257 billion revenue haul in 2021, most of it came from advertising.
But there’s also more than enough reason to keep an eye on Microsoft’s advertising efforts as well. Beyond its deal to back Netflix’s ad-supported streaming service, it also makes billions of dollars from internet advertising. and has built a cross-platform capable ad-tech giant of its own that can reach over 1 billion people. If DuckDuckGo promises its users get more overall protection than in other browsers, it will have to keep proving it, and additional transparency can only help.
Update 8:25AM ET: Updated to note bat.bing.com scripts are allowed to load directly after clicking an ad, but not in other cases.