DuckDuckGo heads the list of alternative search engines to industry giants such as Google Search, Microsoft Bing or Yahoo! and has recently released its own web browser. Since its inception it has been promoted as the great “advocate” of privacy and transparency and has waged legal and moral wars against Google over the processing of personal data.

But as the Spanish saying goes, Everywhere they boil beans…Turns out while doing a security audit of DuckDuckGo’s new web browser, a researcher discovered that the company’s browser allows the execution of Microsoft advertising trackerswhile it does block Google and Facebook trackers.

DuckDuckGo CEO and founder Gabriel Weinberg has confirmed that his browser allows Microsoft to track third-party sites due to a ‘syndicated search content contract‘ with the signature of Redmond. According to the executive, this confidential agreement whose details are unknown does not affect his search engine.

It should be noted that DuckDuckGo extracts its search results from other services, mainly the Bing search engine. It is also known that clicking on an advertisement provided by Microsoft on DuckDuckGo will reveal your IP address to Microsoft’s advertising service. This is explicitly stated on the company website and in the company search engine.

But in light of this information it follows that the deal with Microsoft is “deeper” than previously thought. Although Weinberg insists that Microsoft can’t see what you’re looking for on DuckDuckGo and the browser blocks all cookies from the Redmond firm, if you visit a website that contains Microsoft trackers, your data is exposed to services like Bing and LinkedIn.

Nor has it been explained how Microsoft uses the data from the trackers on third-party sites because the agreement with DuckDuckGo is confidential, but you can imagine that Microsoft, like Google and the rest of the big technology companies, seek to obtain income by exploiting that gold mine that in the Internet age is personal data.

DuckDuckGo, a very serious mistake

In an era where all the red lines have been crossed in the violation of a right as fundamental as privacy gaining user trust is extremely difficult. Losing it costs very little and this case may cut DuckDuckGo’s huge rise among search engines, although the matter really only affects its web browser for iOS and Android.

In specialized security media such as hackernews It’s a big mess and criticism against the company is piling up. The CEO and founder of DuckDuckGo has activated the ‘damage control’ phase and ensures that DuckDuckGo browser users “they still get significantly more privacy protection” than with Chrome, Safari, Firefox and other browsers.

The executive strives to clarify that “this case deals with superior protection that most browsers don’t even attempt to do, i.e. blocking third-party tracking scripts before they load on third-party websites”. It has also indicated that they are working to eliminate this type of tracking and be more transparent in the descriptions of the app store.

We do not know if these clarifications convince you. Beyond the tracking itself, the worst part is that DuckDuckGo has not disclosed the authorization of the Microsoft trackers. until a security researcher has figured it out. A bad practice that others generally carry out, but if you are a “champion” of transparency in the processing of personal data you cannot afford it.

The reputational damage has already been done and it is a shame because certainly this open source development that bets on privacy as its main feature (and in fact is the default engine in the TOR browser) is very necessary as an alternative to the engines of the big technology companies. . And it’s certainly more private than theirs, but not as private as we thought.