DuckDuckGo browser allows Microsoft trackers due to search agreement:
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.
DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user profiles to display interest-based advertisements, DuckDuckGo will use contextual advertisements from partners, like Ads by Microsoft.
While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for "accounting purposes."
DuckDuckGo also offers a privacy-centric web browser for iOS and Android that promotes many privacy features, including HTTPS-always encryption, third-party cookie blocking, and tracker blocking.
[...] However, while performing a security audit of the DuckDuckGo Privacy Browser, security researcher Zach Edwards discovered that while the browser blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running.
[...] Further tests showed that DuckDuckGo allowed trackers related to the bing.com and linkedin.com domains while blocking all other trackers.
In response to Edwards' long thread on the subject, DuckDuckGo CEO and Founder Gabriel Weinberg confirmed that their browser intentionally allows Microsoft trackers third-party sites due to a search syndication agreement with Redmond.
[...] This has led to quite the uproar on Hacker News, where Weinberg has been defending the company's transparency surrounding the agreements with Microsoft.
Related Stories
DuckDuckGo browser now blocks all third-party Microsoft trackers:
DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past.
This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agreement between the two companies.
[...] The fact that some Microsoft trackers were allowed was discovered by security researcher Zach Edwards, who found that the DuckDuckGo browser blocked Google and Facebook trackers but allowed some of Microsoft's trackers on Linkedin and Bing domains.
[...] "Recently, I've heard from a number of users and understand that we didn't meet their expectations around one of our browser's web tracking protections. So today we are announcing more privacy and transparency around DuckDuckGo's web tracking protections," reads an announcement by DuckDuckGo CEO Gabriel Weinberg.
[...] However, as DuckDuckGo relies on Microsoft Advertising for ads shown in the search engine, there will be some limited allowance of Microsoft trackers when using the privacy browser.
(Score: 2, Informative) by Anonymous Coward on Thursday May 26 2022, @06:35AM (13 children)
I saw these mentioned yesterday on a local tech site about the same news post:
https://searx.github.io/searx/ [github.io]
https://yacy.net/ [yacy.net]
Are there more, that people know about?
(Score: 4, Informative) by quietus on Thursday May 26 2022, @11:00AM (3 children)
(Score: 2) by Freeman on Thursday May 26 2022, @01:56PM (2 children)
I thought that's what Chromium was supposed to be?
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Informative) by quietus on Thursday May 26 2022, @03:55PM (1 child)
Chrome does not have any Google account requirement, but still potentially uses a number of Google's services under the hood. You might want, or not want, to trust Google [pcworld.com] that these are only enabled through settings(*). Here's a quick comparison [slant.co] between both browsers.
(*) What does the setting "Use a web service to help resolve navigation errors" actually do? And what does an Ad company mean with Promotion Fetching?
(Score: 4, Informative) by Anonymous Coward on Thursday May 26 2022, @04:32PM
Nothing "potentially" about it. It has all of the tracking Chrome has (1) and a few unautiditable binary blobs* (2) to boot. When they were called out on it Google's response was to blame Debian for 'breaking' things and then lock the thread (3).
TL;DR Chromium is Chrome without Google's proprietary branding and logo.
*Pre-compiled Javascript in Google's proprietary 'minified' format.
(1) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792580 [debian.org] "chromium: Chromium calls home even in incognito mode with safe browsing turned off"
(2) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922431 [debian.org] "chromium: URL chrome://tracing does not work any more" (root cause was removing Google's binary blobs)
(3) https://github.com/GoogleChrome/lighthouse/issues/7246#issuecomment-548015096 [github.com] "Lighthouse does not work on Debian (Tracing.start wasn't found)"
(Score: 5, Informative) by unauthorized on Thursday May 26 2022, @02:28PM (4 children)
privacytools.io [privacytools.io] and prism-break.org [prism-break.org] have a bunch of useful suggestions.
Most of my suggestions are already on those websites, but here are few you won't find there:
LibreWolf [librewolf.net] is a similar concept to Iridium but with Firefox. It's a fork that keeps up with upstream but it makes significant improvements on the privacy front.
This beautiful thing [eu.org] is a method to break half the web. Not very self-explanatory, but it's a collection of anti-cloudflare tools and documents, notably browser addons for Chrome and Firefox. It looks like it's made by a 4channer and it probably is, but it works. If you don't know why Cloudflare is bad, here is a breakdown for you [framagit.org]. Beware, many websites will not work if you foil Cloudflare, giving Alphabet agencies your unencrypted network traffic is part of the deal.
OpenNIC [opennic.org] is not really FLOSS, but it deserves a honorary mention. It's a collection of voulenteer-run free DNS servers meant to bypass DNS hijacking by your ISP. Not all servers enable DNScrypt but the ones that do are marked in the master list.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @03:41PM (1 child)
Is there any downside to using those DNS servers? That sounds like a pretty simple change to make.
(Score: 3, Informative) by unauthorized on Thursday May 26 2022, @06:39PM
Sometimes people take down their servers (it's a volunteer service after all) so you might have to update your DNS settings every few years. Other than that the latency will be higher so you'd be losing a fraction of a second per domain name per day, but that's more of a theoretical downside thanks to DNS caching. You wouldn't notice any difference unless you're specifically looking for it.
You're also obviously giving them the list of domains you're visiting, but otherwise you'd be giving the same information to your ISP.
(Score: 2) by corey on Thursday May 26 2022, @10:49PM (1 child)
Thanks. Very good info I’ll look into.
> DNS hijacking by your ISP
I run my own DNS server, unbound, on my FreeBSD server. With TLS (plus DNSSEC), so the connection between my server and the root servers is encrypted.
(Score: 0) by Anonymous Coward on Friday May 27 2022, @12:08AM
I like unbound, but Android is a right pain to get working with it. You can't just direct it to use the IP, or at least I haven't been able to get it to work without enabling a specific DNS server in pihole, which defeats the purpose of using pihole in the first place.
(Score: 2) by mcgrew on Thursday May 26 2022, @04:08PM (2 children)
Mozilla just pushed out a beta of an anti-tracking feature in Firefox, but it's not a duckgo, it just keeps cross site scripts from using cookies to follow you.
If you're that paranoid, get a VPN and a psychiatrist (unless you live in Russia or China, where you only need the VPN).
Carbon, The only element in the known universe to ever gain sentience
(Score: 2) by PinkyGigglebrain on Thursday May 26 2022, @06:36PM (1 child)
You have actually been paying attention.
It is only paranoia if someone ISN'T actually out to get you.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 1) by thewalkindude on Friday May 27 2022, @09:53PM
And, just because you're paranoid doe NOT mean they're are not out to get you.
(Score: 3, Informative) by quietus on Thursday May 26 2022, @04:24PM
I only now note that you put a search engine in there. Here's another -- qwant.com [qwant.com] -- French, privacy focused, they claim.
However, if you dig deeper, it turns out that they're at least partially a meta engine, using results from Microsoft -- and exchange the first 3 octets (e.g. 125.37.25.118 --> 125.37.25) of your IP address and search terms with them (Bing), as well as the page you previously came from, browser version, OS version.
They're also very happy with being installed on Huawei smart phones, which turns out to be one of their major investors, along with Axel Springer, the largest media publishing group in Europe.
So, err.. in short: be cautious in handling them too.
(Score: 4, Insightful) by Anonymous Coward on Thursday May 26 2022, @06:49AM (2 children)
Reminds me of the scene in the "Braveheart" movie, where Longshanks is discussing how much it cost him to get the Scottish Lords to turn against their own. "Some turned from much, much, less." Have they not learned? I have never touched, or recommended, or even acknowledged SUSE since they signed an agreement with Mordor, and I continue to recommend that no one else do so, either. And now? DuckDuckGo sold themselves on being the search engine for privacy, and now they are nothing but Bing's whore. Oh, how the Minty have fallen.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @04:34PM (1 child)
What is the alternative, or is there one?
(Score: 0) by Anonymous Coward on Friday May 27 2022, @07:24PM
Mojeek and GigaBlast maintain their own search indexes. Presumably all of the Bing-powered alternatives have similar problems (Qwant, Ecosia, SwissCows, MetaGer, etc.). Exalead seems like an interesting platform, but I have not had much luck finding useful results. Honestly, big search engines from countries may be a useful tool (Yandex, Baidu, Naver, Seznam, YahooJP) depending on your Government's political relationships.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @11:10AM (5 children)
see subject
(Score: 1, Redundant) by Gaaark on Thursday May 26 2022, @11:33AM
s
eesubject--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Runaway1956 on Thursday May 26 2022, @11:34AM (3 children)
Yeah, something like that. I'll tone it down just a wee bit. DDG knows how important privacy is, and this is as disappointing as all hell. It doesn't surprise anyone that the 'other guys' whore themselves to Microsoft, or anyone else for that matter. But DDG is supposed to be different.
Of course, Microsoft servers can be blocked at the router. All you need is a list of routers that should be blocked.
Abortion is the number one killed of children in the United States.
(Score: 2) by quietus on Thursday May 26 2022, @04:06PM
I think you mean 'servers' to be blocked. Ofcourse, if them architects had any sense, they'd disperse some of those servers across the Internet, separate from the Microsoft cloud, making this solution a bit inconvenient.
(Score: 2) by mcgrew on Thursday May 26 2022, @04:11PM
DDG knows how important privacy is, and this is as disappointing as all hell.
"Our motto: Don't be evil." -- Google, 1998
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Friday May 27 2022, @12:12AM
I've been using them because they don't bubble users, but the censorship and allowing some trackers isn't cool.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @12:13PM (2 children)
First they start "censoring" and "adding context around" your search results. Now, they also "track" you.
(Score: 4, Interesting) by stormreaver on Thursday May 26 2022, @01:09PM (1 child)
I stopped using Duck Duck Go when they started censoring, but I wasn't terribly vigilant about changing all my search settings on all my computers. If I forgot one, and it used DDG for a search, I didn't bother changing it. Now I am taking the time to change from DDG to Brave Search. DDG had a good run and high potential, but it has proven beyond any doubt that it has jumped the shark.
Once again: get into bed with Microsoft, wake up with Gonorrhea. It's stunning how DDG failed to learn this crucial historical lesson.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @03:43PM
It wouldn't surprise me if the more they grew, the larger their server and network expenses, so they'd need to bring in a lot more money. It would be interesting to know what their cashflow was and what it was expected to be in the future when making those deals.
(Score: 4, Insightful) by bradley13 on Thursday May 26 2022, @03:32PM (1 child)
Why is this an issue? *Any* link you click takes you away from DDG. Who knows what trackers may come into play? Why is this DDG's problem?
Everyone is somebody else's weirdo.
(Score: 4, Informative) by quietus on Thursday May 26 2022, @04:01PM
It's about DDG's own browser, grandly named DuckDuckGo Privacy Browser, not the search page.
(Score: 0) by Anonymous Coward on Thursday May 26 2022, @04:00PM
Got it!
Thanks for the heads up.
Just a matter of time before our next news is, DDG acquired by Microsoft for undisclosed billions.
Everyone has a price.
Great lesson.
Thanks for that too, (as all trust drains away).
(Score: 2, Informative) by Anonymous Coward on Thursday May 26 2022, @05:25PM (2 children)
I learned about startpage.com either on this site, or the green one. They are an anonymous proxy to google search. I've been using them for a while, and its worked out well for me.
What do you guys think of them?
(Score: 2) by KritonK on Friday May 27 2022, @12:00PM
It is supposed to filter out all of google's tracking. I don't know if it replaces it with its own, but it does make search results usable again, as it also filters out the irrelevant results that google produces. Most of the results are relevant to the search terms entered, and if there are no relevant results, startpage will tell you so, instead of producing results for some of the keywords you specified, like google does, ignoring any quotation marks that you entered.
(Score: 1, Interesting) by Anonymous Coward on Friday May 27 2022, @07:04PM
I much preferred their previous project, Ixquick, so I may be a little bitter from them killing that off. Then there is the fact that they were sold to a company with a questionable past with respect to privacy, so user beware. For what it is worth, I still pay for a startmail account.
/thoughts
(Score: 4, Informative) by number11 on Thursday May 26 2022, @05:28PM (1 child)
Important to note, this doesn't apply to the DDG search engine, which (along with Startpage) remains ok. It's just the browser, and there are a number of other browsers that don't do this.
(Score: 1) by liar on Thursday May 26 2022, @05:46PM
Thanks for this. I wasn't sure, reading the article. For quite awhile I used Iron for my browser, but in the last year or so I've been switching to Brave with Disconnect and Privacy Badger and Foxish for my plugins.
Noli nothis permittere te terere.
(Score: -1, Spam) by Anonymous Coward on Thursday May 26 2022, @05:34PM (1 child)
it's a rat faced Jew.
"DuckDuckGo CEO and Founder Gabriel Weinberg"
https://static-secure.guim.co.uk/sys-images/Observer/Pix/pictures/2014/3/26/1395856860948/Gabriel-Weinberg-014.jpg [guim.co.uk]
(Score: 0) by Anonymous Coward on Friday May 27 2022, @07:22PM
Admins need to penalize and eventually ban users who misuse moderation just to censor. Have some integrity.
(Score: 1) by Retian on Thursday May 26 2022, @09:41PM
I'm not seeing any info on what version first started doing this shit. Maybe it's in the Twitter link but damned if I'm going to go there willingly.