Brave Roasts DuckDuckGo Over Bing’s Privacy Exception • The Registry

Brave CEO Brendan Eich on Wednesday took aim at rival DuckDuckGo by defying the web search engine’s efforts to brush aside revelations that its Android, iOS and macOS browsers have, to some extent, given Microsoft trackers Bing and LinkedIn a pass compared to other trackers.

Eish caught the eye to one of DuckDuckGo’s defenses for exempting Microsoft’s Bing and LinkedIn domains, a condition of its research contract with Microsoft: that its browsers block third-party cookies anyway.

“For blocking non-search related trackers (e.g. in our browser), we block most third-party trackers,” Explain DuckDuckGo CEO Gabriel Weinberg last month. “Unfortunately, our Microsoft search syndication agreement prevents us from doing more for Microsoft-owned properties. However, we have been pushing hard and plan to do more soon.”

However, Eich argues that this is dishonest because DuckDuckGo also includes exceptions that allow Microsoft trackers to bypass third-party cookie blocking through added URL parameters.

“Trackers try to circumvent cookie blocking by adding identifiers to URL query parameters, to identify you to sites,” he explained.


DuckDuckGo tries to explain why its browsers don’t block certain Microsoft web trackers


DuckDuckGo is aware of this, Eich said, because its browser prevents Google, Facebook and others from appending identifiers to URLs to circumvent third-party cookie blocking.

“[DuckDuckGo] removes Google’s ‘gclid’ and Facebook’s ‘fbclid’,” Eich said. “Test it yourself by visiting in [DuckDuckGo]macOS’s browser. The ‘fbclid’ value is removed.”

“However, [DuckDuckGo] does not apply this protection to Microsoft’s “msclkid” query parameter,” Eich continued. “[Microsoft’s] the documentation clarifies that ‘msclkid’ exists to bypass third-party cookie protections in browsers (including Safari’s browser engine used by DDG on Apple operating systems).”

Eich concluded by saying that privacy-focused brands need to prioritize privacy. “Brave categorically does not harm and will not infringe on users’ privacy to satisfy partners,” he said.

A DuckDuckGo spokesperson called Eich’s conclusion misleading.

“What Brendan seems to be referring to here is our ad clicks only, which are protected in our agreement with Microsoft as strictly non-profiling (private),” a company spokesperson said. The register in an email.

“That is to say, these ads are privacy protected and the way he presents them is ultimately misleading. Brendan, of course, kept the fact that our ads are private and there’s really nothing back here since everything has already been leaked.”

Our listings are private…there’s really nothing new here as everything has already been leaked

In other words, allowing Bing to append its ID to URLs lets Bing advertisers know if their ad got a click (a conversion), but not target DuckDuckGo browser users based on their behavior or identity. .

DuckDuckGo’s spokesperson highlighted Weinberg’s attempt to resolve the controversy on Reddit and argued that DuckDuckGo offers very strong privacy protections.

“This is link tracking that no major browser protects against (see, but we have started to protect ourselves against link tracking, and have started with the main offenders (Google and Facebook),” the DuckDuckGo spokesperson said. Of note, we plan to expand this to more companies including Twitter, Microsoft, etc. . We are not limited to that and we will.”

Judging data from, DuckDuckGo’s iOS browser’s handling of Bing ads represents the only significant difference from Brave’s iOS browser. A macOS browser comparison isn’t yet available because DuckDuckGo’s macOS browser is still in beta, the site maintainer told us. Brave on Android, however, blocks significantly more trackers than DuckDuckGo on Android – and contrary to DuckDuckGo spokesperson claims, appears to offer protection against link tracking (23 out of 24 identifiers in “Tests of Tracking Query Parameters”). DuckDuckGo for Android does this too, but much less (3 out of 24).

Really Microsoft?

Perhaps more notable than Brave dunk on DuckDuckGo, is the fact that Microsoft’s Bing openly describes how to track ad conversions even when people use privacy protections that block third-party cookies and expect not to be monitored.

“Last year, Apple Inc introduced a feature called Smart Tracking Prevention which impacts how conversion tracking works on the Safari browser”, Microsoft Bing Ads Documentation Explain. “To ensure that conversions continue to be reported accurately and in full across your Bing Ads campaigns, automatic tagging of Microsoft Click ID in ad URLs is now required.”

In other words, here’s how to bypass privacy protections to measure your ads whether people like it or not.

In 2012, when Google agreed to pay a $22.5 million civil penalty to settle Federal Trade Commission charges that it misled Apple Safari users by stating that it would not place or broadcast tracking cookies to them no targeted ads, the problem was the gap between what Google was saying and doing.

Here we have Microsoft Bing Ads tips customers how its technology facilitates tracking without third-party cookies, whether or not users have expressed a wish not to be tracked by adopting a privacy-focused browser.

Justin Brookman, director of technology policy for Consumer Reports, said The register during a telephone interview that the law is not established regarding this type of behavior.

Google, he explained, got into trouble dropping cookies on Safari users, but that’s because the company said it wouldn’t. Existing laws, he said, can potentially address some of the more sophisticated tracking methods, like bounce tracking, if the behavior is found to be misleading. And if someone in California says they don’t want their data sold, that has legal effect, thanks to the state. recently adopted confidentiality regime.

“There are exceptions, however,” Brookman said. “This could stop targeted advertising while still allowing ad attribution to be tracked. The law is unclear in many ways.”

Brookman pointed to a recently introduced privacy bill, the US Data Privacy and Protection Act (ADPPA), as a possible improvement to the status quo, though the wording of the proposed legislation has yet to be released. agreed and the bill was not voted on. ®

Boot Note

We note that is managed by Arthur Edelstein, who works for Brave. He insisted that the site is independent of his employer.

“This website and browser privacy testing is an independent project of me, Arthur Edelstein,” a statement dated this month reads on dot-org.

“I developed this project on my own time and on my own initiative. Several months after the website was first published, I became an employee of Brave, where I contribute to Brave’s browser privacy engineering efforts. I continue to operate this website independently of my employer, however. There is no connection to Brave’s marketing efforts.”