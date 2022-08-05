



Months after the tracking controversy that hit privacy-centric search veteran DuckDuckGo, the company announced it had been able to amend its terms with search syndication partner Microsoft. This previously meant that his mobile browser and browser extensions could not block ads. Requests made by Microsoft scripts on third-party sites.

In a blog post promising to “increase the privacy and transparency of DuckDuckGo web tracking protection,” founder and CEO Gabe Weinberg wrote: Available from Microsoft in browsing apps (iOS and Android) and browser extensions (Chrome, Firefox, Safari, Edge, Opera), followed by beta apps in the next month. ”

“This expands our third-party tracker loading protection, which blocks identified tracking scripts from Facebook, Google, and other companies from loading on third-party websites, and third-party Microsoft tracking scripts. This web tracking protection is not offered by default in most other popular browsers and sits on top of many other DuckDuckGo protections,” he added. rice field.

DDG claims that this third-party tracker loading protection is not provided by default in most other popular browsers.

“Most browsers’ default tracking protections are focused on cookie and fingerprinting protections that limit third-party tracking scripts only after they have been loaded into the browser. Unfortunately, this level of protection does not provide load request Information such as IP addresses and other identifiers sent over the Internet remains vulnerable to profiling.Our third-party tracker loading protection stops most third-party trackers from loading in the first place. , to help address this vulnerability.

“Previously, policy requirements related to using Bing as a source of private search results restricted how Microsoft tracking scripts could be applied with third-party tracker loading protection. We didn’t have the same restrictions as other companies.”

“Microsoft scripts have never been embedded in search engines or apps that do not track users,” he adds. “Websites insert these scripts for their own purposes, so they do not send any information to DuckDuckGo. We were already restricting it, so this update means we now block far more trackers than most other browsers.

Asked if DDG plans to publish a new deal with Microsoft or if it’s still bound by an NDA, Weinberg said:

DDG’s search supplier carve-out was revealed in May through an independent audit conducted by privacy researcher Zach Edwards.

At the time, DDG acknowledged the anomaly, but said it basically had no choice but to accept Microsoft’s terms, but said it was unhappy about the restrictions and hoped they could be removed in the future.

When asked if the publicity generated by the controversy helped persuade the tech giant to ease restrictions on its ability to block Microsoft’s ad scripts on non-Microsoft sites, DDG recommended a return to Microsoft. I was.

When I asked the tech giant the same question, a spokesperson said:

Microsoft has policies in place to balance the needs of publishers and advertisers to accurately track conversions on our network. We have partnered with DuckDuckGo to understand the impact of this policy and are pleased to have reached a solution that addresses these concerns.

In a transparency-focused procedure announced today, DDG said it is making its tracker protection list public. It is available on GitHub. However, the company said the information was available before, suggesting it’s easier to find now.

I was also sent the following list of domains that said they would block Microsoft’s tracking requests:

Despite DDG’s enhanced ability to block Microsoft tracking requests, Microsoft ad scripts may not be blocked by DDG’s tools by default. This relates to the process advertisers use to track conversions (i.e. to determine if an ad click actually resulted in an ad). purchase).

“To evaluate whether ads on DuckDuckGo are effective, advertisers want to know if ad clicks turn into purchases (conversions). To see this within Microsoft Advertising, bat We use Microsoft scripts from the .bing.com domain,” Weinberg explains in a blog post. “Currently, if an advertiser wants to detect conversions of their own ads that appear on DuckDuckGo, third-party tracker loading protection will prevent bat.bing.com requests from loading onto the advertiser’s website following a click on the DuckDuckGo ad. , but these requests are blocked in all other contexts.Those who want to avoid this can disable ads in DuckDuckGo’s search settings.

DDG says it wants to further protect user privacy around ad conversion tracking, but admits that this won’t happen anytime soon. In a blog post, Weinberg wrote that he hopes to “eventually” replace the current ad conversion checking process by moving to a new architecture for privately evaluating ad effectiveness. .

“To finally replace our reliance on bat.bing.com to measure advertising effectiveness, we began working on an architecture for private ad conversions that could be externally verified as non-profiling,” he says.

DDG is not the only one here. All sorts of moves are underway across the industry to evolve/rethink ad tech infrastructure. This is in response to the backlash against privacy and the growing regulatory risks associated with tracking individuals. For example, tracking cookie support in Chrome is an alternative adtech stack (aka “privacy sandbox” proposal. [delayed] work in progress).

“DuckDuckGo is not alone in trying to solve this problem. Safari is working on Private Click Measurement (PCM) and Firefox is working on Interoperable Private Attribution (IPA). We hope it helps move the whole thing forward and make privacy the default,” Weinberg adds. “We believe this work is important because it allows us to improve the ad-based business model that countless companies rely on to provide free services and make it more private, rather than abandoning it entirely.” thinking about.”

When asked about the timeline for developing such infrastructure, he said:

Despite DDG’s claim that the display of ads through the browser is “anonymous,” its ad disclosure page allows some personal data (IP addresses and user strings) to be passed on to its advertising partner, Microsoft. has been confirmed. This includes detecting inappropriate clicks,” Weinberg said.)

“According to our advertising page, Microsoft is committed. [that] “When you click on a Microsoft-provided ad displayed on DuckDuckGo, Microsoft Advertising does not associate the ad-click behavior with your user profile, nor does it store or share that information outside of accounting purposes. ‘, he said when asked about assurances from Microsoft that user data passed for ad conversion will not be diverted for broader tracking and profiling of individuals.

In its correspondence with TechCrunch, DDG reiterated Microsoft’s stated policy of not linking this data to behavioral profiles (indeed, not sharing users’ real IP addresses, etc.).

But Weinberg acknowledges that there are limits to how much control DDG can have over what happens after data passes through it. For example, after several hops through a series of third-party data processors/enrichers, which removed the previous privacy screens, they may be linked to individual profiles. Operating in an advertising ecosystem designed for widespread surveillance (and allowed to spread everywhere) remains a massive shootout.

“Maintaining anonymity ‘through the adtech ecosystem’ is a different story, because when someone clicks on a site (whether or not they arrive through a DuckDuckGo search), the website owner’s privacy policy and related It’s subject to practice,” admits Weinberg. “Our browsers try to limit it through web privacy protections, but we have no control over what website owners (“first parties”) do. This may share data with third parties in the ad tech ecosystem. ”

“The ad disclosure page makes it clear that the display of ads is anonymous and further targets ad clicks. Microsoft is committed to not profiling users for ad clicks. This includes behavioral profiling by other users, and this commitment includes not passing that data on to anyone else,” DDG claims.

“Our privacy policy states that displaying all search results (including ads) is anonymous, and Microsoft Advertising (or anyone else) may de-anonymize user searches at that time (fully We tie individual searches to individuals and aggregate them into search histories,” he added.

Among further developments the company is highlighting today, DDG is adding a privacy dashboard visible in its apps and extensions to show “more information” about third-party requests, according to a blog post. I said I updated.

“With our updated privacy dashboard, users can see which third-party requests were blocked from loading and which third-party requests were loaded, along with both reasons,” Weinberg wrote.

We have also relaunched the help page. The reviewed content promises to provide a “comprehensive description of all web tracking protections we offer across our platforms.”

“Users now have one place to go if they want to understand the different types of web privacy protections offered by the platforms they use. We also explain how various web tracking protections are offered based on what’s under development for this part of our product roadmap,” the blog post suggests.

