Security researcher alleges DuckDuckGo privacy policy to be shady

Samuel Walker  - Technology Policy Researcher
Last updated: November 6, 2023
  • DuckDuckGo allows Microsoft to access users' data for targeted ads due to an ongoing agreement with Microsoft to permit access.
  • The search engine blocks third-party trackers from Facebook, Google, etc. but allows Bing and LinkedIn trackers.
  • DuckDuckGo has tweaked its description and Help Center to reveal a collaboration with Microsoft and possible data collection on its platform.

Privacy savvy individuals prefer surfing the internet with safe search engines that keep them anonymous. The reason is to prevent tech giants from accessing their digital footprints for business transactions with third parties. But as per the new reports, one of the supposedly safe search engines, DuckDuckGo, is not offering 100% security.

In a recent development, a security researcher discovered that DuckDuckGo’s privacy policy had some exceptions favoring Microsoft. The supposed Google alternative boasting of ensuring users’ anonymity instead exposes them. According to the research, Microsoft tracks users’ footprints on DuckDuckGo without their knowledge. This could only mean one thing, data harvesting for targeted services or solutions.

This development is a big disappointment for users who expect privacy on DuckDuckGo. On the surface, DuckDuckGo prevents third-party trackers from monitoring users’ activities. It indeed prevents trackers from Facebook and Google from tracking their users. But a deep dive revealed that it is feeding Microsoft with users’ data through Bing and LinkedIn trackers. Microsoft owns both platforms, and the search index working on DuckDuckGo is from Bing.

According to Zack Edward, many Microsoft sites bypass the blocks that DuckDuckGo supposedly erected to prevent access. The worst is that the data harvest is mainly used for advertising since it flows to the Bing ad domain. Edwards even shared a screenshot in his tweet to support his findings.  

DuckDuckGo reacts to the security breach

In response to this incident, DuckDuckGo founder Gabriel Weinberg revealed that the company had an agreement with Microsoft. As a result, blocking the trackers won’t be possible unless there’s a modification to the terms. 

Weinberg has assured users that the DuckDuckGo browser prevents trackers from third-party opportunists. But the only ongoing exposure is to Microsoft due to the agreement. He, however, disclosed that they would open the discussion with the company soon to fix the clauses.

Apart from disclosing the agreement with Microsoft, DuckDuckGo has also tweaked its description from claiming to be utterly anonymous to revealing exception addition. It now shows that the search engine is blocking “most” hidden third-party trackers instead of all.

Also, DDG now indicates in its “Help Section” that the engine shares data with Microsoft. The details show that it has partnered with Microsoft for relevant ads in a privacy-enhanced manner. According to the details, if a user clicks on an ad now, a redirect link will take him to the advertising landing pages but through the Microsoft platform. 

Privacy options for internet users

The internet is filled with criminals targeting users’ data and sensitive personal information. This is why many cases of data breaches, exploits, hacks, identity theft, and doxxing have become the other of the day. So, if you want to stay unscathed while comfortably using the internet, take some actions to ensure your security. Some of the things you can do include: 

Use privacy-centric search engines

As things stand, it seems DuckDuckGo is not as private as many believe. Even though DuckDuckGo has failed in its claims of protecting users’ privacy, there are still some private search engine alternatives to consider. 

  • Qwant 
  • Startpage
  • Mojeek
  • SearX
  • Swisscows
  • MetaGer, etc. 

While these browsers might offer anonymity to internet users, some of them might not be completely secured. That’s why you must check out their data tracking policy, the settings, the interface, data log practices, etc. 

Use Virtual Private Network (VPN)

One of the best ways to ensure anonymity on the internet is using VPNs. Fortunately, there are many such services available these days. For instance, you can use ExpressVPN, NordVPN, SurfSahrk VPN, IPVanish, PureVPN, etc. 

These services are at the top of the list in the industry. You can browse easily through their networks, and no one will access your IP address or other sensitive information. But note that all the services might not offer the same features. So, research more to choose the right one for you. But no matter what you do, never use a free VPN; they collect data for ads.

Share this article

About the Author

Samuel Walker

Samuel Walker

Technology Policy Researcher

Sam Walker is a tech-focused writer who has traveled the world but currently lives in Australia. He has a keen interest in digital privacy and security. Sam loves testing new technology and researching the latest security trends to keep others informed (and ultimately safe) online.

More from Samuel Walker


No comments.