DuckDuckGo removes carving for Microsoft tracking script after securing policy change – Meczyki.Net

A few months after a tracking controversy struck privacy-focused search giant, DuckDuckGo, the company has announced that it is able to amend terms with Microsoft, its search syndication partner, which meant that its mobile browser and browser The extension was prevented from blocking ads. Requests made by Microsoft scripts to third party sites.

one in blog post Pledging “Greater Privacy and Transparency for DuckDuckGo Web Tracking Protection”, Founder and CEO, Gabe Weinberg writes: “Over the next week, we’ll be expanding blocking third-party tracking scripts from loading on websites to include scripts from Microsoft in our browsing apps (iOS and Android) and our browser extensions (Chrome, Firefox, Safari, Edge and Opera) . More to come with beta apps in the coming month.”

“It Expands Us” Third-party tracker loading protection, which prevents tracking scripts identified by Facebook, Google and other companies from being loaded on third-party websites, now includes third-party Microsoft tracking scripts. This web tracking protection is not offered by default by most other popular browsers and sits on top of many other DuckDuckGo protections,” he said.

DDG claims that this third party tracker loading protection is not provided by default by most other popular browsers.

“The default tracking protection of most browsers is focused on cookie and fingerprint protection that only restricts third-party tracking scripts once they are loaded into your browser. Unfortunately, that level of protection is sent with your IP address and loading requests. This leaves information like other identifiers vulnerable to profiling. Our third-party tracker loading protection helps address this vulnerability, providing significantly more protection, by preventing most third-party trackers from loading in the first place. is,” Weinberg writes in the blog post.

“Previously, we were limited in how we could apply our third-party tracker loading protection to Microsoft tracking scripts due to a policy requirement regarding the use of Bing as the source of our private search results. We are glad that is no longer the case. We do not and do not have any such limitation with any other company.”

“Microsoft scripts were never embedded in our search engines or apps that don’t track you,” he says. “Websites incorporate these scripts for their own purposes, and so they never sent any information to DuckDuckGo. Since we were already restricting Microsoft tracking through our other web tracking protections, such as blocking Microsoft’s third-party cookies in our browsers, this update means that we are no longer able to track them than most other browsers. Doing a lot to block trackers.

When asked whether DDG will publish its new contract with Microsoft, or whether it is still bound by an NDA, Weinberg said: “Nothing else has changed and we don’t have other information to share on this. “

The quest for DDG was carved for supplier May Through an independent audit conducted by privacy researcher, Zach Edwards.

At the time DDG acknowledged the discrepancy but said it had essentially no choice but to accept Microsoft’s terms, although it also said it was not happy with the ban and hoped to be able to remove it in the future. .

When asked whether the hype generated by the controversy helped the tech giant relax restrictions on its ability to block Microsoft ad scripts on non-Microsoft sites, DDG traced us back to Microsoft.

When we asked the tech giant the same question, a spokesperson told us:

Microsoft has policies in place to ensure that we balance the needs of our publishers with the needs of our advertisers to accurately track conversions across our network. We are partnering with DuckDuckGo to understand the implications of this policy and arrive at a solution that addresses those concerns.

In transparency-focused steps being announced today, DDG said it is publishing its tracker protection list – available Here On Github – Although the company told us the information was previously available, suggested it is now easier to find.

It also sent us the following list of domains where it said it would stop tracking requests from Microsoft:

Despite this expansion of DDG’s ability to block Microsoft tracking requests, there are still instances where Microsoft advertising scripts No Blocked by DDG’s tools by default — related to the processes advertisers use to track conversions (ie, to determine whether an ad click actually resulted in a purchase).

“To evaluate whether an ad is effective on DuckDuckGo, advertisers want to know whether their ad clicks turn into a purchase (conversion). To view this within Microsoft Advertising, they visit the bat.bing.com domain Use a Microsoft script from Microsoft,” Weinberg explained in the blog post. “Currently, if an advertiser wants to detect conversions for their own ads to be shown on DuckDuckGo, third-party tracker loading protection DuckDuckGo Ads Bat.bing.com will not prevent requests from loading on the advertiser’s website after clicks, but these requests are blocked in all other contexts. For anyone who wants to avoid this, it is possible to disable ads in DuckDuckGo’s search settings.

DDG says it wants to go further to protect user privacy around ad conversion tracking — but acknowledges that won’t happen anytime soon. Weinberg writes in the blog post that “ultimately” it wants to be able to replace the existing process for ad conversion checks by migrating to a new architecture for assessing ad effectiveness privately.

“To finally replace the reliance on bat.bing.com for evaluating ad effectiveness, we have begun work on an architecture for private ad conversions that can be externally validated as non-profiling. is,” he says.

DDG is not alone here. Across the industry, there are all kinds of moves to evolve/rethink the edtech infrastructure in response to the privacy backlash – and to the increased regulatory risk associated with personal tracking – to replace support for tracking cookies in Chrome. Efforts like Google’s multi-year push for an alternative edtech stack (aka its ‘Privacy Sandbox’ proposal; which is a (delayed) work in progress).

“DuckDuckGo is not alone in trying to resolve this issue; Safari is working Personal Click On Measurement (PCM)) and Firefox is working Interoperable Private Attribution (IPA), We hope these efforts can help move the entire digital advertising industry toward making privacy the default,” Weinberg says. “We think this work is important because it means we can improve the advertising-based business model that countless companies rely on to provide free services, rather than throwing it away altogether.” Makes it private.”

Asked about the timeline for developing such an infrastructure, he says: “We don’t have a timeline to share right now, but it’s not an imminent announcement.”

Despite DDG’s claim that viewing advertisements through its browser is “anonymous”, its Ad Disclosure Page confirms that it contains certain personal data (IP address and user string) from Microsoft, its advertising partner – for “accounting purposes” (aka “to charge the advertiser and pay us for reasonable clicks”, including as Weinberg Detection of inappropriate clicks.

“To Us” advertising pageMicrosoft has committed [that] “When you click on a Microsoft-provided ad that appears on DuckDuckGo, Microsoft Advertising does not associate your ad-click behavior with a user profile. It does not store or share information other than for accounting purposes, “What guarantees they have from Microsoft, they say, is that user data passed for ad conversions is not reused for extensive tracking and profiling of individuals.

With Meczyki.Net back and forth, DDG has also repeatedly emphasized that its The policy states that Microsoft does not link this data to any behavioral profiles (or, in fact, share the user’s actual IP address, etc.).

Although Weinberg admits that there are limits to how much control a DDG can have over what happens. data once passed – for example, the edtech ecosystem’s penchant for sharing (and syncing) pseudonymous identifiers (such as hashes of identifiers) so that digital activity can still be linked to different profiles, e.g. That after a few hops through a series of third party data processors/enrichers, and thus removing the privacy screen of the first… Therefore, tl; dr, trying to protect the privacy of its users from third parties while operating in an advertising ecosystem designed for widespread surveillance (and allowed to spread all over) remains a massive firepower.

Weinberg acknowledged, “‘Staying anonymous’ through the edtech ecosystem is a different story because once someone clicks on a site (whether or not they got there via DuckDuckGo Search), they’re accessing the privacy of the website owner.” become subject to policy and related practices.” “In our browsers, we try to limit this through our web privacy protections but we cannot control what the website owner (‘First Party’) does, which data is shared with third parties in the advertising technology ecosystem. can share.”

The Ad Disclosure page clarifies that viewing of ads is anonymous and further covers ad clicks, with Microsoft’s commitment not to profile users on ad clicks, including any behavioral profiling by them or others. This commitment includes not giving that data to anyone,” the DDG also claims.

“Our Privacy Policy states that viewing all search results (including ads) is anonymous, and Microsoft Advertising (or anyone else) does not find anything that would enable user searches (including full IP addresses) at that time.” To de-anonymize individual searches into individuals or together into a search history,” it adds.

Highlighting further developments by the company today, DDG said it has updated the privacy dashboard that is displayed in its apps and extensions — according to its blog post for “more information” about third-party requests. to show up.

Weinberg writes on that, “Using the updated Privacy Dashboard, users can see which third-party requests have been blocked from loading and which other third-party requests have been loaded, both for reasons.”

It has also relaunched its help page — with the promise that the overhauled content provides “a comprehensive description of all the web tracking protection we provide across all platforms.”

“Users now have a place to look to see if they want to understand the different types of web privacy protections that we provide on the platforms they use. This page also explains how on each platform Various web tracking protections are offered based on what is technically possible, as well as what is in development for this part of our product roadmap,” its blog post states.