Brave's founder calls out DuckDuckGo's browser for not removing Microsoft's tracking parameters from URLs

Ashwin
Jun 18, 2022
Browsers
|
42

Remember the recent controversy surrounding the DuckDuckGo Privacy Browser? It turns out that the app not only allows cookies from Microsoft's trackers, but also allows users to be tracked via URLs.

Brave's founder calls out DuckDuckGo's browser for not removing Microsoft's tracking parameters from URLs

When questioned about the original issue, DuckDuckGo's founder, Gabriel Weinberg, clarified that his company has a partnership with the Microsoft, which prevents them from blocking the ads. He played down the scrutiny, stating that the search engine protects the anonymity of users, even when ads are displayed from the Redmond company, by blocking third-party cookies.

Brave Browser's founder, Brendan Eich, doesn't appear to have been satisfied by the casual explanation given by the rival browser maker. In fact, he has accused DuckDuckGo of lying to their users. (source: Twitter)

DuckDuckGo's browser ha a built-in tracker blocker and cookie blocker, this should, on paper, prevent users from being tracked by ad networks, right? It does, but with some exceptions.

Eich says that DuckDuckGo's browser on macOS removes the tracking parameters from URLs, if they are from third-parties like Google or Facebook,

E.g. https://example.org/?fbclid=sample

Visiting the above URL in the DuckDuckGo Browser on macOS removes the tracker from the address bar, this is what the tracking protection feature should work like. However, when you use a similar link and replace it with Microsoft's tracking method, such as the one below, the browser does not strip the query URL parameters.

https://example.org/?msclkid=sample

The tracker part is visible in the address bar of the browser even after the page has loaded.

When I tested extensions such as ClearURLs, Redirect AMP to HTML extension, I explained how URL-based tracking works. Here's a gist of how users are commonly tracked on the internet.

If you click on a link in a web page, and the URL has some parameters such as an affiliate ID, or other tracking elements, the website can know which link you clicked, and depending on its policies, may earn a commission from the destination site for advertising it. Likewise, the page that you were redirected to, can know which website you were on earlier, i.e. how you landed there (via search, a specific article, a product promotion, etc). This data could be used to profile your browsing habits, deliver personalized ads, etc. In other words, it is not good for privacy. Google's AMP is perhaps the most notorious example of URL-based tracking, besides Facebook, of course.

Essentially, this method circumvents cookie-based tracking, to identify you across sites.  If you take a look at DuckDuckGo's GitHub page for Privacy Configuration, you can see the list of tracking parameters that it blocks. Guess which one isn't among the list?

Let's take a look at this support page on the Microsoft Advertising Blog. It mentions that the Microsoft Click ID, which is the tracking parameter, msclkid, automatically adds a unique click ID to the landing page after a user clicks on an ad.

msclkid advertising

That's why Eich has claimed that the cookie-less tracking method isn't blocked by the browser, because it is not in the code. He also theorized that DuckDuckGo is circumventing the tracking protection for Bing, in order to earn revenue from Microsoft.

DuckDuckGo denies that it allows link-tracking in its browsers

A spokesperson for DuckDuckGo told The Register that the ads that users see are private, and are not used to track them. They denied the allegations made by Eich, and said that the tracking parameters merely send an ad click to the provider. Interestingly, the person also pointed out that no browser protects against link tracking (based on data from PrivacyTests), and that their browser has started protecting users from Google and Facebook. The company has confirmed that it will block tracking parameters from Twitter and Microsoft in the future.

Summary
Brave's founder calls out DuckDuckGo's browser for not removing Microsoft's tracking parameters from URLs
Article Name
Brave's founder calls out DuckDuckGo's browser for not removing Microsoft's tracking parameters from URLs
Description
Brave's founder, Brendan Eich says that DuckDuckGo's browser is circumventing tracker protection for Microsoft's tracking parameters in URLs.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Post said on December 6, 2022 at 10:47 pm
    Reply

    Seems you can’t win whichever way you go – were picking the lesser of hundreds of evils !

  2. pd said on June 23, 2022 at 7:14 am
    Reply

    Upon first hearing of DDG, I thought they were being very optimistic / delusional by trying to take on the search giants. Bing was/is barely a competitor to Big G and it’s built and operated by another huge company.

    Then I read into where the DDG search results comes from: Bing (amongst others, so they said).

    Although I’ve used DDG for some time over recent years, it was with the sad knowledge that DDG is probably just one of best worst options.

    Unfortunately the web is built in such a manner as to require huge servers resources if you want to be a search engine. Forget the competitive corruption G engages in. Forget taking on the likes of similarly-resourced, historical just as evil, companies like BingSoft. The primary issue is surely the ridiculously expensive resources required to build and operate a search engine.

    What academic, open-source entity can afford that? Unless the architecture of the innernetwebs changes (distributed web?) would it not require something like a consortium of countries to fund the development of a genuine, privacy-respecting, non-profit, search engine? As with other too-big scenarios like abuse of default browser settings and other monopoly-generating nefarious practices from the commercial wublunetwebs, perhaps the only answer is government-level investment. Time for the EU to step in just like it helped in anti-trust scenarios. Partially funding the likes of Proton is a good start. Time to go many steps further.

  3. Derek Clements said on June 20, 2022 at 6:38 am
    Reply

    “computer said no” writes above that they installed Brave on a GNU+Linux system (Puppy). I’m assuming here, my learned Anonymous, that you installed Brave on a MS Windows system – perhaps that is why you are observing such performance differences. GNU Linux systems generally, to this point in time, are much more resource efficient than Microsoft systems.

  4. Chris said on June 19, 2022 at 8:12 pm
    Reply

    LOL this is coming from a company whose search engine trakcs peope by default (i.e. opt out instead of opt in) cf https://www.kuketz-blog.de/brave-search-opt-out-von-analyse-erforderlich-und-amazon-hosting/

    1. Iron Heart said on June 20, 2022 at 10:54 am
      Reply

      @Chris

      Fake news. It is strictly opt-in. New Brave install, brave://settings/search … See, it’s opt-in, not opt-out. Complete trash article.

  5. computer said no said on June 19, 2022 at 6:03 pm
    Reply

    Just installed the brave browser on my 64bit puppy linux and it runs superbly.I am extremely impressed and i am not sure how the brave team have kept the resource usage down to such a low amount.

    i don’t use the crypto stuff so i have disabled that but i could dump UBO as the brave shields have crushed every ad i could throw at it.

    Lots of genuinely useful privacy mitigations as well.
    my main browser now.

    1. Anonymous said on June 19, 2022 at 9:45 pm
      Reply

      I tried Brave and I got the opposite results. Slower than Edge on launch and their built-in blocker has bunch of ads coming through it.

      1. Iron Heart said on June 20, 2022 at 10:56 am
        Reply

        @Anonymous

        Go to brave://adblock/ and enable more lists there.

        Also, set the adblocker to “Aggressive”, only then it will also block 1st party ads. “Standard” only blocks 3rd party ads.

  6. Pop! Oh noes. said on June 19, 2022 at 12:41 pm
    Reply

    Yeah, let’s wait and see what Brave will resort to when the cryptobubble bursts.

    1. Iron Heart said on June 19, 2022 at 5:32 pm
      Reply

      BAT is still way above its initial price. Wake me up again if it sinks below that, not before. Thank you.

  7. Tim said on June 19, 2022 at 9:49 am
    Reply

    MetaGer, Swisscows and Mojeek are interesting options if one doesn’t want to use Google or DuckDuckGo. But honestly, there might be shady dealings behind your back even if you use the “privacy-oriented” search engines. DDG reputation was spotless for a long time…

  8. Mystique said on June 19, 2022 at 8:40 am
    Reply

    If anything this is another fine example why baked in adblocking is not great thing many people think it is. Maybe this is one small part of the broader plan Google has with manifest v3. Forcing propriety adblockers and then covertly whitelisting domains that they stand to benefit from is one of the reasons why they are doing this.
    Once you remove choice from a user and force something upon them then its always bound to be rubbish which is why the original design of phoenix/firefox was great. It was designed to be almost like a blank canvas that you then added to yourself through a thriving community of developers.

    If what one user states here regarding Brave is true then it only reinforces my statement and feelings upon the subject.

  9. Q said on June 19, 2022 at 12:39 am
    Reply

    In my opinion, the DuckDuckGo search engine or company should not be trusted. I hardly ever used the search engine.

    The search engine has also been guilty of manipulating results to favor various politics.
    An example: https://www.vox.com/recode/22981115/duckduckgo-free-speech-privacy-oops

  10. Yash said on June 18, 2022 at 10:37 pm
    Reply

    Why would you wanna use Duckduckgo browser anyway? In Windows/Linux Firefox(Librewolf) and/or Brave are the main ones to consider. DDG in Android is just a front end for Android System Webview. There isn’t a valid use case for DDG anyway over Firefox or Brave. And that’s before considering this latest fiasco where they deliberately whitelisted Microsoft.

    1. hg said on June 21, 2022 at 3:29 pm
      Reply

      I reverted to Firefox on IOS, and it doesn’t delete cookies etc on close unlike the desktop version; and there is no option to do so. It’s a PITA to go into settings and clear them each time.

      When I queried it, it was suggested I ask for it to be added to feature requests or some such. I have to assume this omission is not for the best reasons for users, so have switched back to DDG browser on IOS despite the MS issue.

  11. ha a said on June 18, 2022 at 8:10 pm
    Reply

    >DuckDuckGo’s browser ha a built-in tracker blocker and cookie blocke

    Sometimes I wonder what happened to spellcheckers and proofreading.

    ha a! built in, dear ghacks what is a ha a

  12. Herman Cost said on June 18, 2022 at 7:52 pm
    Reply

    DDG is now dead to me, although I’ll admit that I rarely used it in any case. I’m sympathetic about the need to monetize a business to survive, and the necessity to make these kind of deals is something I can understand. However, failure to disclose it to your users (particularly when all of your marketing relates to the privacy of your browser and search application) is simply not acceptable. And trust when lost is hard to regain.

    1. KL said on June 19, 2022 at 1:12 pm
      Reply

      Yes, that’s why I think they are a scam. Their whole marketing is about privacy. This is the only thing they can market anyway because they get the awful Bing results from Microsoft. I wouldn’t mind about DDG asking for data, but their company DuckDuckGo Inc is not a privacy focused company it claims to be and they think they can lie to people with no consequences. At least Microsoft, Google, Apple etc are honest, they don’t claim to be privacy focused companies. They are not liars like DuckDuckGo Inc. Brave is doing the right thing calling them out for their lies.

  13. Anonymous said on June 18, 2022 at 7:40 pm
    Reply

    If I was Brendan I wouldn’t have even mentioned this because people would bring up the Brave affiliate link that lasted like 2 seconds and are not the same.
    I mean, he would get the haters flying around him like mosquitos, but there is no reason why Brendan is testing DuckDuckGo, also, there is no reason why people would use DuckDuckGo, the search engine or any app or browser or anything, Brendan should just keep using Brave and move on, if people are stupid enough to use DDG, then… who cares?

    Do I have to remind people once again how DDG CEO is a Berg, ad he has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends, that was in 2006. What do people expect? He suddenly cares about privacy? no, he is only making money for people who has this fantasy fairy tale illusion that there is privacy on the internet.

    He also had weird partnerships through the years, he also ALWAYS used Bing for DDG indexer.

    But even the DDG app in android was sending all people’s urls information and they were stored in their servers for many months and maybe years until that was ‘fixed’, their donations seem to go to always the weird organization which are just as scammy as DDG.

    So people shouldn’t be using or trusting any DDG service, I haven’t done it in years, so why is Brendan calling out DDG for making money off their privacy butt lies? that’s what most companies do anyway.

    I don’t use Brave because Brave is such a mess anyway, I hate the updates that seem to be wallet and crypto crap only, how the opportunities to care about censorship and then Brendan admits they will censor when government tells them to, so if they can’t do anything about it and fight for people, they are not any better, they are just there for the money.

    And it doesn’t matter how companies want to make money these days, but if they are openly lying about something, then I believe they should just be punished. Better quiet and doing their whatever strategy to make money instead of pretending they are better.

    Just like the Berg uses Microsoft tracking and is kissing Microsoft’s butt for some money, Brendan uses cryptolies and scam to make money, someone will say “well one is privacy related the other isn’t” well, might be true in some way, but it is still business scheme. But knowing how privacy doesn’t exist in the internet or the real life world, then, people focusing too much in privacy are also wrong because they pretend some extensions and a browser and an app or vpn or anything can suddenly make you private when governments and big tech have supercomputers that probably find you in matter of seconds of the way you speak, the sites you visit, the time you do, for anything.

    Anyway is a bunch of drama about DDG when they were a scammy service from the start, so what is the surprise? the guy saying how they allow “Microsoft tracking” didn’t even properly test it since some services like https://d3ward.github.io/toolz/adblock.html, show that DDG on iOS and Android block LinkedIn, so even if the Berg even admits they don’t do it, for whatever reason they appear blocked by that website, and compare it to Brave or uBlock, not even uBlock is blocing 100%, doesn’t mean all the ‘trackers’ that website is using somehow are 100% trackers, but the difference bewteen DDG and uBlock or Brave adblockers is almost none.

    Also, I don’t understand Brendan, Brave adblocker’s unbreak list will literally whitelist a bunch analytics which includes DDG and Startpage. When I raised the problem, you can’t block a whitelisted rule but you can whitelist a blocked rule through custom rules, Brave pretty much said they wouldn’t do much, they were planning to, but in more than a year no solution to the problem, so if you go to DDG or Startpage, even using the strong protection you will still be sharing analytics with DDG and Startpage and many others, unless you use uBlock.
    Brave mentality about only blocking 3rd party ads and trackers, because “you are already giving your info to 1st party domains to no point on blocking 1st party ads”, then they allowed many analytics and non-1st party trackers, and they after so many years don’t fix it (they started blocking 1st and 3rd party ads around 2018).

    So DDG is doing a similar thing of what Brave is doing, whitelisting BS and doing URL BS because of money and because that’s how company runs things.
    So I see as a mistake Brendan getting in the middle of this when he literally has not done much of what he promised, and when then he explains better what he plans to do with Brave, I wish he wouldn’t even try to do anything either, like the Goggles system which first he said “it’s going to make internet better and less censorship” and recently he was saying “well, goggles will allow governments to censor more if they wish to do so”.
    But what can we expect from western companies? US and Europe? I am sure some people will think their French or English or German companies will be better than US but nah. They are all here for the money while telling you lies.

    1. Charles said on June 19, 2022 at 7:51 am
      Reply

      As a LindBERG I am ticked off by this. Clearly you meant “Do I have to remind people once again how DDG CEO is a Wein”

  14. DDG do be very Brave said on June 18, 2022 at 5:10 pm
    Reply

    I can’t even understand why a browser like duckduckgo browser exists, yet alone why would anyone ever use it beyond me. However, still better than Brave.

    1. USA said on June 18, 2022 at 11:05 pm
      Reply

      I am still trying to understand Dr.Pepper.

  15. steve99 said on June 18, 2022 at 2:54 pm
    Reply

    Sounds like DDG needs to hire a pro PR Firm (pro corp propagandist). DDG can’t spread nonsense about a very clear issue, about a technology that can be tested and understood. The facts are there in black and white, the technology has been reviewed, and DDG has been caught with its pants down past its ankles. I was hoping DDG would do a mea culpa and promise to do better. But when they do an inept, unprofessional job at spreading cognitive dissonance, I think it is time to avoid this lost corporation at all cost. Pity like many on ghacks I was an early adopter and an evangelist of DDG. Seems instead of being honest, they have gone full bore numb skull and prefer, hiding behind a cloud of bs instead of coming clean. In my circle of friends, DDG is toast and will receive contempt from this point forward.

  16. Duck. I mean it. said on June 18, 2022 at 2:16 pm
    Reply

    Anyone want to check what Avast Secure Browser is doing behind your back..? =) Privacy and security fraud tsunami incoming…..

    1. Anonymous said on June 18, 2022 at 8:30 pm
      Reply

      Well know fact, antiviruses are spyware.

  17. Ovenator said on June 18, 2022 at 2:13 pm
    Reply

    Weinberg. Who knew GREED would play a huge role in this. Quite deceptive actually, slowly build up a good reputation and reel in the users, just to stab them in the back. For money. Then try and play it down and act like nothing happened. You got SCAMMED by the Weinberg Company, that’s the bottom line. If you are a SuckSuckNo browser user, you probably read tech sites and are very aware of things that are going on so it’s up to you to choose if you’d like to keep being a little cash-cow for Weinberg at the expense of your privacy or dump this liar. This is actually headline news, a privacy company that’s selling your privacy. I will make some popcorn and watch Weinberg squirm.

    1. John said on June 20, 2022 at 1:36 am
      Reply

      Anti-Semitism is an ugly thing.

  18. semce said on June 18, 2022 at 1:39 pm
    Reply

    I use Qwant and I’m satisfied with it.

    1. ard said on June 18, 2022 at 3:59 pm
      Reply

      yep

    2. Tom Hawack said on June 18, 2022 at 2:22 pm
      Reply

      I used to use Qwant, though not as my main search engine, even if it provides results gathered by Bing but within privacy. Privacy so to say given uBo (with additional lists than the default ones) blocks no less than 5 items on Qwant’s home page. But OK, blocked anyway. if I definitely abandoned Qwant it’s basically because of its new layout, ugly, with a homepage that’s looks more as a full-page advertisement than as a search engine’s clean interface. Obviously the directives were commercial and this is a problem nowadays when commercials intervene in an area which is not theirs : commercials for business, coders for code, designers for design is how things work out correctly and bring a pleasant and efficient application to users. Qwant forgot that, myself and others consequently send it to garbage. When you have a small audience the first thing to do is to think twice before any modifications.

      Regarding DuckDuckGo (DDG for the sake of sanity) : I wouldn’t use it’s browser but I keep its search engine (after having removed it previously) as an alternative one (main being a searXNG instance). I wouldn’t use its browser and I truly feel ashamed for the company which lacks transparency, aka lies as a policy. People are fed up with the immensity of the hidden part of privacy intrusion icebergs when they hardly manage the visible portion (so to say).

      So that’s a very, very bad point for DDG’s browser but for DDG as a whole.
      Quoting the article, ” The company has confirmed that it will block tracking parameters from Twitter and Microsoft in the future.”. When? They better make it quick. Business knows that a fast u-turn is the only way to prevent spreading of what defeats its reputation.

  19. TelV said on June 18, 2022 at 11:36 am
    Reply

    I stopped using DDG at the beginning of last year and switched to Google even though I’m aware of its reputation for tracking users. Bing sucks and since DDG derives its search results from there it wasn’t worth my while continuing with it.

    But earlier this year I switched to Brave Search which works surprisingly well and finds what I’m looking 85% of the time. If Brave can’t fulfil the other 15% I’ll switch to Google again, trackers and all.

    Ublock Origin takes care of the ads problem so those don’t appear anyway.

    Similarly, I have Firefox configured to delete cookies, cache and site data on exit and a VPN is enabled most of the time.

    1. Anonymous said on June 19, 2022 at 2:17 am
      Reply

      Funny that I use DDG now because Google keeps throwing their captcha everytime I search something.

      Tracking me is one thing I tolerate but making me practice their captcha everytime is not something I can stand for

    2. ECJ said on June 18, 2022 at 1:14 pm
      Reply

      You can always try startpage.com – which is privacy orientated and uses Google search results behind the scenes, but without the tracking (or the intrusive full-page “Before you continue…” Google sign-in/cookie dialogue boxes).

    3. Neutrino said on June 18, 2022 at 11:56 am
      Reply

      ” If Brave can’t fulfil the other 15% I’ll switch to Google again”

      When you use Brave browser, there is an option in Brave Search settings for using anonymously Google search results, so you wouldn’t have to use it directly.

      1. AgentSmith007 said on June 18, 2022 at 3:58 pm
        Reply

        I couldn’t find that option.

      2. Neutrino said on June 18, 2022 at 5:17 pm
        Reply

        @Anonymous, @AgentSmith007

        https://search.brave.com/settings

      3. Anonymous said on June 18, 2022 at 9:52 pm
        Reply

        I turned on ”Google fallback mixing”. But when I load https://search.brave.com/settings again, I see that the setting is OFF again.

      4. Anonymous said on June 18, 2022 at 2:45 pm
        Reply

        ”there is an option in Brave Search settings for using anonymously Google search results”

        I looked in the Brave Settings but couldn’t find this option. Could you be a little more specific. Thanks in advance.

  20. Mystique said on June 18, 2022 at 11:18 am
    Reply

    You can’t pick and choose who you filter out and who you do not, this is particularly true if you make claims of privacy and place yourself on pedestal as being the champion of privacy and make no attempt at making it obvious that you are not filtering out particular entities.
    Once you do this then it sets a precedent, who else are you going to sell out to next?
    This is the same kind of behaviour that lead to people leaving adblock plus in their droves which honestly turned out to be a great idea regardless as the grass was indeed much greener in other pastures.

  21. boris said on June 18, 2022 at 11:06 am
    Reply

    Privacy browsers work like ponzi schemes. For a while they are protecting privacy. And as soon as they build big enough user base, they sell out.

    1. ha a said on June 18, 2022 at 8:13 pm
      Reply

      @boris, we live in a world of sellouts. Deal with it.

      1. pd said on June 23, 2022 at 7:04 am
        Reply

        @ha_a: we live in a world of people capable of using more than pathetic, pithy, throwaway three-word attempts to mute and dismiss people whose thoughts you cannot cope with.

        Shame you do not have the capability to be one of them. Until you do, maybe try not to dismiss others and see if you can morph into a human from your current troll existence.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.