Brave founder slams DuckDuckGo’s browser for not removing Microsoft’s tracking parameters from URLs
Remember the recent controversy surrounding the DuckDuckGo privacy browser? It turns out that the app not only allows cookies from Microsoft’s trackers, but also allows users to be tracked via URLs.
Asked about the original problem, DuckDuckGo founder Gabriel Weinberg clarified that his company has a partnership with Microsoft, which prevents them from blocking ads. He played down the review, saying the search engine protects user anonymity, even when ads are displayed from the Redmond company, by blocking third-party cookies.
Brave Browser founder Brendan Eich doesn’t seem to have been happy with the flippant explanation given by the rival browser maker. In fact, he accused DuckDuckGo of lying to its users. (The source: Twitter)
DuckDuckGo’s browser has a built-in tracker blocker and cookie blocker, this should, on paper, prevent users from being tracked by ad networks, right? It does, but with a few exceptions.
Eich says that DuckDuckGo’s browser on macOS removes tracking parameters from URLs, if they come from third parties like Google or Facebook,
For example https://example.org/?fbclid=sample
Visiting the above URL in the DuckDuckGo browser on macOS removes the tracker from the address bar, which is how the Tracking Protection feature should work. However, when you use a similar link and replace it with Microsoft’s tracking method, such as the one below, the browser does not strip the query URL parameters.
The tracker part is visible in the address bar of the browser even after loading the page.
When I tested extensions like ClearURLs, Redirect AMP to HTML extension, I explained how URL-based tracking works. Here is an overview of how users are generally tracked on the Internet.
If you click on a link in a web page and the URL has certain parameters such as an affiliate ID or other tracking elements, the website can know which link you clicked and, depending on its policies, can earn a commission from the destination. site to advertise. Similarly, the page you were redirected to may know what site you were on previously, i.e. how you got there (via a search, a specific article, a product promotion, etc.). This data could be used to profile your browsing habits, serve personalized advertisements, etc. In other words, it’s not good for privacy. Google’s AMP is perhaps the most notorious example of URL-based tracking, besides Facebook, of course.
Essentially, this method bypasses cookie-based tracking, to identify you across sites. If you take a look at DuckDuckGo’s GitHub page for privacy configuration, you can see the list of tracking settings that it blocks. Guess which one is not on the list?
Let’s take a look at this support page on the Microsoft Advertising blog. He mentions that the Microsoft Click ID, which is the tracking parameter, msclkid, automatically adds a unique click ID to the landing page after a user clicks on an ad.
This is why Eich claimed that the cookieless tracking method is not blocked by the browser, because it is not in the code. He also speculated that DuckDuckGo circumvents Bing’s tracking protection, in order to generate revenue from Microsoft.
DuckDuckGo denies allowing link tracking in its browsers
A DuckDuckGo spokesperson told The Register that the ads users see are private and not used to track them. They denied Eich’s claims and said the tracking parameters merely sent a click through to the provider. Interestingly, the person also pointed out that no browser protects against link tracking (based on data from PrivacyTests) and that his browser has started protecting Google and Facebook users. The company has confirmed that it will block Twitter and Microsoft tracking settings in the future.