DuckDuckGo chief executive Gabriel Weinberg has said the company is working to change its contract with Microsoft after an outcry over a privacy loophole.
Security researcher Zach Edwards last week found that DuckDuckGo’s Privacy Browser app for iOS and Android blocks trackers from Google and Facebook, while allowing Microsoft trackers.
In a reply to Edwards on Twitter, Weinberg said DuckDuckGo was obliged to allow the Microsoft trackers as part of its search-results syndication deal with Microsoft, which allows it to display Bing search results in its search engine.
Weinberg said on Twitter that the company has been “working tirelessly behind the scenes” to change the provisions of its arrangement with Microsoft and expects “to be doing more soon”.
He pointed out that the Microsoft deal was public but acknowledged there needed to be more transparency in the browser’s description on app stores.
“We have always been extremely careful to never promise anonymity when browsing, because that frankly isn’t possible,” he said in a statement provided to Bleeping Computer.
“I know our product is not perfect and will never be,” he told a Hacker News online forum. “We face many constraints: platform constraints, contractual constraints (like in this case), breakage constraints, and the evolving tracking arms race.”
Weinberg noted on the forum that the syndication deal with Microsoft has “broad confidentiality provisions” that prevent DuckDuckGo from discussing what the arrangement entails.
But he added that he believes the company’s offerings are “the best thing out there for mainstream users who want simple privacy protection”.
He pointed out that the tracking issues don’t apply to DuckDuckGo’s search engine, only its browser.
But users expressed anger, with one saying the issue “undermines trust” in the company.
“This is a problem, and it’s a serious one,” wrote a Hacker News user. “It undermines trust in a product that claims to be the bastion of privacy.”
The same user said Weinberg’s response “sounds like marketing mumbo jumbo”.
“If a privacy-centric browser is contractually obligated to load tracking scripts and is required to avoid disclosing that fact, I want absolutely nothing to do with either party,” the user wrote.
DuckDuckGo has positioned itself as a champion of privacy in high-profile marketing campaigns and public comments.
Earlier this month the company criticised new Google tracking and ad-targeting methods that Google had promoted as being more privacy-oriented.
“The simple fact is tracking is tracking, no matter what you call it,” DuckDuckGo said on Twitter at the time.
The company showed 46 percent growth last year amidst increased awareness of privacy issues.
Cillian Kieran, founder and chief executive of privacy infrastructure firm Ethyca, said the debate highlights the fact that amidst a lack of comprehensive privacy law in the US, “the most vocal arbiters of privacy are companies that are selling their own notions of privacy for profit”.
Apple, another firm that has positioned itself as a champion of privacy, is thought by some industry watchers to be developing its own mobile advertising platform.
The controversy underscores the need for privacy rules to be codified by a public institution “rather than a business that is itself playing the game”, Kieran said.
Ethyca points out that legal frameworks for privacy are being put into place around the world, and estimates that 83 percent of the world’s population is protected by modern privacy law as of the end of 2021.
Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…