DuckDuckGo removes carve-out for Microsoft tracking scripts after ensuring policy change – Yahoo Finance | Hot Mobile Press

A few months after a tracking controversy hit privacy-centric search veteran DuckDuckGo, the company has announced that it has been able to change terms with Microsoft, its search engine syndication partner, that had previously meant that its mobile browsers and browser extensions were prevented from blocking ads requests from Microsoft scripts on third-party websites.

In a blog post promising “more privacy and transparency for DuckDuckGo web tracking protections,” Founder and CEO, Gabe Weinberg writes: “Over the next week, we will expand the third-party tracking scripts that we block from loading on websites to include scripts from Microsoft in our browsing apps (iOS and Android) and our browser extensions (Chrome, Firefox, Safari, Edge and Opera). Beta apps will follow in the coming month.”

“This adds third-party tracking scripts from Microsoft to our third-party tracker load protection, which blocks identified tracking scripts from Facebook, Google and other companies from being loaded on third-party websites. This web tracking protection is not offered by most other popular browsers by default and sits on top of many other DuckDuckGo protections,” he added.

DDG claims that this third-party tracker charging protection is not offered by most other major browsers by default.

“The default tracking protection of most browsers focuses on protecting against cookies and fingerprints, which restrict third-party tracking scripts only after they have loaded in your browser. Unfortunately, this level of protection makes information like your IP address and other identifiers sent with loading requests vulnerable to profiling. Our 3rd-party tracker loading protection helps address this vulnerability by preventing most 3rd-party trackers from doing so in the first place , to be loaded, and thus offers significantly more protection,” writes Weinberg in the blog post.

“Previously, due to a policy requirement related to our use of Bing as a source for our private search results, we were restricted from applying our third-party tracker load protection to Microsoft tracking scripts. We are glad this is no longer the case. We have not had and do not have similar restrictions at other companies.”

“Microsoft scripts have never been embedded in our search engine or apps that don’t track you,” he adds. “Websites inject these scripts for their own purposes and as such have never submitted any information to DuckDuckGo. Because we have already limited Microsoft tracking through our other web tracking protections, such as B. Blocking third-party cookies from Microsoft in our browsers, this update means we’re now doing a lot more to block trackers than most other browsers.

When asked if DDG will release its new deal with Microsoft or if it’s still bound by an NDA, Weinberg said, “Nothing else has changed and we don’t have any more information to share about it.”

That Carve-out for DDG’s search provider has been addressed Can via an independent audit conducted by privacy researcher Zach Edwards.

At the time, DDG “admitted the anomaly but said it essentially had no choice but to accept Microsoft’s terms, although it also said it wasn’t happy with the restriction and hoped to remove it in the future.”

When asked if the publicity generated by the controversy helped convince the tech giant to relax restrictions on its ability to block Microsoft ad scripts on non-Microsoft websites, DDG referred us back to Microsoft.

When we asked the tech giant the same question, a spokeswoman told us:

Microsoft has policies in place to ensure we balance the needs of our publishers with the needs of our advertisers to accurately track conversions across our network. We’ve partnered with DuckDuckGo to understand the implications of this policy, and we’re pleased to have come to a resolution that addresses these concerns.

In a transparency-focused move announced today, DDG said it is releasing its tracker protection list — available here on Github — although the company told us the information was available before, but has indicated it’s more easily available now are to be found.

It also sent us the following list of domains where it claims to be blocking Microsoft tracking requests:

Despite this expansion of DDG’s ability to block tracking requests from Microsoft, there are still instances where Microsoft advertising scripts are present Not Blocked by DDG’s tools by default – related to processes used by advertisers to track conversions (ie, to determine if a click on an ad actually resulted in a purchase).

“In order to evaluate whether an ad on DuckDuckGo is effective, advertisers want to know if their ad clicks result in purchases (conversions). To see this in Microsoft Advertising, they use Microsoft scripts from the domain,” Weinberg explains in the blog post. “Currently, if an advertiser wants to detect conversions for their own ads displayed on DuckDuckGo, the third-party tracker load protection will not block requests from loading on the advertiser’s site after clicks on DuckDuckGo ads, but will Requests are blocked in all other contexts. If you want to avoid this, you can disable ads in DuckDuckGo’s search settings.

DDG says it wants to go further to protect user privacy around ad conversion tracking — but admits it won’t be doing so any time soon. In the blog post, Weinberg writes that “eventually” they could replace their current ad conversion verification process with migrating to a new architecture for privately evaluating ad effectiveness.

“In order to ultimately replace the reliance on to measure ad effectiveness, we started working on a private ad conversion architecture that can be externally validated as non-profiling,” he says.

DDG is by no means alone here. All sorts of moves are afoot across the industry to evolve/rethink adtech infrastructure in response to the decline in privacy – and the rising regulatory risk associated with individual tracking – such as: B. Google’s multi-year push to replace support for tracking cookies in Chrome with an alternative adtech stack (aka its “Privacy Sandbox” proposal; which is still (delayed) in the works).

“DuckDuckGo isn’t the only one trying to solve this problem; Safari is working on Private Click Measurement (PCM) and Firefox is working on Interoperable Private Attribution (IPA). We hope these efforts can help advance the entire digital advertising industry,” adds Weinberg. “We think this work is important because it allows us to improve the advertising-based business model that countless companies rely on, to offer free services and make it more private rather than discarding it altogether.”

When asked about the timeline for developing such infrastructure, he says, “We don’t have a timeline to share at the moment, but it’s not an imminent announcement.”

Despite DDG’s claim that showing ads through its browsers is “anonymous,” its ad disclosure page confirms that it shares some personally identifiable information (IP address and user string) with Microsoft, its advertising partner — for “accounting purposes.” ‘ (aka ‘to collect fees’) takes advertisers and pays us for legitimate clicks, which includes detecting improper clicks,” as Weinberg puts it).

“According to our ad page, Microsoft has committed [that] “If you click on a Microsoft-provided ad that appears on DuckDuckGo, Microsoft Advertising does not associate your ad-clicking behavior with a user profile. It also doesn’t store or share that information except for accounting purposes,” he says when pressed about the guarantees he has from Microsoft that user data shared for ad conversions will not be repurposed for broader tracking and profiling of individuals .

In the back-and-forth with TechCrunch, DDG has also repeatedly emphasized that it should be The policy states that Microsoft does not associate this data with a behavioral profile (or indeed share a user’s actual IP address, etc.).

However, Weinberg acknowledges that there are limits to how much control DDG can have over what happens to Data as soon as it’s shared – given the adtech ecosystem’s penchant for example for sharing (and syncing) pseudonymised identifiers (e.g. chain of third-party data processors/enrichers, removing a previous privacy screen… So, tl;dr, trying to protect your users’ privacy from nosy third parties while operating in an advertising ecosystem designed for pervasive surveillance (and allowed to propagate everywhere) remains a massive firefight.

“Remaining anonymous through the adtech ecosystem is a different story because once someone clicks through to a website (regardless of whether they got there from DuckDuckGo search or not), they are subject to the privacy policy and related practices of the owner of the site,” admits Weinberg. “In our browsers, we try to limit this through our web privacy policies, but we can’t control what the website owner (the ‘first party’) does, which might share data with third parties in the ad tech ecosystem.”

“The ad disclosure page makes it clear that viewing ads is anonymous and also covers ad clicks, which includes a commitment by Microsoft not to profile users when they click ads, which includes any behavioral profiling by them or others. That commitment includes not disclosing this data to anyone,” DDG also claims.

“Our privacy policy states that viewing all search results (including ads) is anonymous and Microsoft Advertising (or anyone else) will not receive anything that can de-anonymize user searches at that time (including full IP address) to perform individual search queries with individuals or together in link to a search history,” it adds.

In other developments the company is highlighting today, DDG said it has updated the privacy dashboard it shows in its apps and extensions – to show “more information” about third-party requests, according to its blog post.

“The updated privacy dashboard allows users to see which third-party requests have been blocked from loading and which other third-party requests have been loaded, with reasons for both where available,” Weinberg wrote.

It’s also relaunched its help page – with a promise that the revamped content will “provide a comprehensive explanation of all the web-tracking protections we offer across platforms.”

“Users now have one place to look if they want to understand the different types of web privacy protections we offer on the platforms they use. This page also explains how different web tracking protections are offered based on the technical capabilities on each platform, how and what is in development for this part of our product roadmap,” the blog post suggests.

Leave a Comment