Right after few days of posting about DuckDuckGo is sharing tracking data on 1Aug we all have started getting news about DuckDuckGo.
Now the enemy is up with new tracking products mentioned at the end of this post some new techniques.
https://www.msn.com/en-us/news/tech...microsoft-blockers-after-backlash/ar-AA10lYKd
https://www.yahoo.com/lifestyle/duckduckgo-removes-carve-microsoft-tracking-120019262.html
New Tracking Products
https://www.msn.com/en-us/news/tech...ail-service-is-now-open-to-anyone/ar-AA11fRJF
Want to ditch Gmail? DuckDuckGo’s private email service is now open to anyone :lol:
https://www.komando.com/security-privacy/whatsapp-sharing-your-data/773481/
whatsapp is doing this since Jewbook acquired whatsapp they disclosed it after many years of acquiring it
you can also try this open any msn link on duckduckgo and you will see this warning msessage from Tor
This Potential Identity Leak warning can be seen if you are browsing a website and do duckduckgo search on a new tab.
Something more on DuckDuckGo
Tor browser on mobile
they are using some java scripts that acts a cookies even if you have disabled browser cookies.
i was searching something on DuckDuckGo and changed the region country for search results when i was done i closed the DuckDuckGo tab on Tor browser.
and opened a new tab on Tor browser.
and i made a new search on DuckDuckGo to my surprise the DuckDuckGo on Tor showed me the results from the same country i previously changed to.
that could be a co-incidence then i changed tor new identity.
changed the Tor Security level in Tor browser settings from Safer to Safest.
DuckDuckGo did the something again, shows results from the same country.
Stop using Duckduckgo if you privacy conscious.
Tags: cyber security , cybersecurity
Now the enemy is up with new tracking products mentioned at the end of this post some new techniques.
https://www.msn.com/en-us/news/tech...microsoft-blockers-after-backlash/ar-AA10lYKd
DuckDuckGo rolls out new Microsoft blockers after backlash
Read- Aug 5
DuckDuckGo is looking to douse the fire that started in late June, when researchers discovered its mobile browser permitted Microsoft’s trackers to operate, while blocking those of Google, and Facebook.
In a blog post published earlier today, the company CEO and founder, Gabriel Weinberg, sought to clarify the issue and set out a series of improvements.
As per the post, the third-party tracker scripts from Microsoft are now blocked from loading across DuckDuckGo's browsing apps (iOS and Android) and browser extensions (Chrome, Firefox, Safari, Edge, and Opera).
“This expands our 3rd-Party Tracker Loading Protection, which blocks identified tracking scripts from Facebook, Google, and other companies from loading on third-party websites, to now include third-party Microsoft tracking scripts,” Weinberg said.
DuckDuckGo tracking protections
Weinberg further explained how the company was “limited” in applying its third-party tracker protection program on Microsoft’s tracking scripts, due to a policy requirement related to DuckDuckGo’s use of Bing as a source for search results.
The company seems to have ditched the requirement in the meantime: “We’re glad this is no longer the case,” the CEO said. “We have not had, and do not have, any similar limitation with any other company.”
In a separate note shared with TechRadar Pro, the company explained it believes the issues were blown out of proportion.
“To help clear up some other misconceptions floating around,” said the firm, “Microsoft scripts were never embedded in our search engine or apps, which do not track you. Websites insert these scripts for their own purposes, and so they never sent any information to DuckDuckGo.”
DuckDuckGo also says that to suggest the company previously allowed "all or even most" Microsoft tracking attempts in its browser “would not be correct”.
“Prior to this update, we were already blocking most MSFT scripts from loading and further restricting Microsoft tracking through our other web tracking protections, like blocking Microsoft’s third-party cookies in our browsers," said the firm.
Websites use tag managers to load multiple other scripts, including those of Microsoft. Because of that, “those requests were already being blocked” by protections before this update, DuckDuckGo added.
https://www.yahoo.com/lifestyle/duckduckgo-removes-carve-microsoft-tracking-120019262.html
DuckDuckGo removes carve-out for Microsoft tracking scripts after securing policy change
A few months on from a tracking controversy hitting privacy-centric search veteran, DuckDuckGo, the company has announced it's been able to amend terms with Microsoft, its search syndication partner, that had previously meant its mobile browsers and browser extensions were prevented from blocking advertising requests made by Microsoft scripts on third party sites.
In a blog post pledging "more privacy and transparency for DuckDuckGo web tracking protections", founder and CEO, Gabe Weinberg, writes: "Over the next week, we will expand the third-party tracking scripts we block from loading on websites to include scripts from Microsoft in our browsing apps (iOS and Android) and our browser extensions (Chrome, Firefox, Safari, Edge and Opera), with beta apps to follow in the coming month."
"This expands our 3rd-Party Tracker Loading Protection, which blocks identified tracking scripts from Facebook, Google, and other companies from loading on third-party websites, to now include third-party Microsoft tracking scripts. This web tracking protection is not offered by most other popular browsers by default and sits on top of many other DuckDuckGo protections," he added.
DDG claims this third-party tracker loading protection is not offered by most other popular browsers by default.
"Most browsers’ default tracking protection focuses on cookie and fingerprinting protections that only restrict third-party tracking scripts after they load in your browser. Unfortunately, that level of protection leaves information like your IP address and other identifiers sent with loading requests vulnerable to profiling. Our 3rd-Party Tracker Loading Protection helps address this vulnerability, by stopping most 3rd-party trackers from loading in the first place, providing significantly more protection," Weinberg writes in the blog post.
"Previously, we were limited in how we could apply our 3rd-Party Tracker Loading Protection on Microsoft tracking scripts due to a policy requirement related to our use of Bing as a source for our private search results. We’re glad this is no longer the case. We have not had, and do not have, any similar limitation with any other company."
"Microsoft scripts were never embedded in our search engine or apps, which do not track you," he adds. "Websites insert these scripts for their own purposes, and so they never sent any information to DuckDuckGo. Since we were already restricting Microsoft tracking through our other web tracking protections, like blocking Microsoft’s third-party cookies in our browsers, this update means we’re now doing much more to block trackers than most other browsers.
Asked if DDG will be publishing its new contract with Microsoft, or whether it's still bound by an NDA, Weinberg said: "Nothing else has changed and we don't have other information to share on this."
The carve-out for DDG's search supplier was picked up in May via an independent audit conducted by privacy researcher, Zach Edwards.
At the time DDG 'fessed up to anomaly but said it essentially had no choice to accept Microsoft's terms, although it also said it wasn't happy about the restriction and hoped to be able to remove it in the future.
Asked whether the publicity generated by the controversy helped persuade the tech giant to relax the restriction on its ability to block Microsoft ad scripts on non-Microsoft sites, DDG referred us back to Microsoft.
When we put the same question to the tech giant a spokeswoman told us:
Microsoft has policies in place to ensure that we balance the needs of our publishers with the needs of our advertisers to accurately track conversions on our network. We have been partnering with DuckDuckGo to understand the implications of this policy and we are pleased to have arrived at a solution that addresses those concerns.
In a transparency-focused steps being announced today, DDG said it's publishing its tracker protection list -- available here on GitHub -- although the company told us the information was available before but suggested it's easier to find now.
It also sent us the following list of domains where it said it will be blocking Microsoft tracking requests:
adnxs.com
adnxs-simple.com
adsymptotic.com
adv-cloudfilse.azureedge.net
app-fnsp-matomo-analytics-prod.azurewebsites.net
azure.com
azure.net
bing.com
cdnnwlive.azureedge.net
clarity.ms
dynamics.com
fp-cdn.azureedge.net
licdn.com
linkedin.com
live-tfs-omnilytics.azurewebsites.net
msecnd.net
nlo-stl-web.azureedge.net
nuance.com
pestcontrol-uc1.azureedge.net
sdtagging.azureedge.net
serviceschipotlecom.trafficmanager.net
Despite this expansion of DDG's ability to block Microsoft tracking requests, there are still instances where Microsoft ad scripts are not blocked by DDG's tools by default -- related to processes used by advertisers to track conversions (i.e. to determine whether an ad click actually led to a purchase).
"To evaluate whether an ad on DuckDuckGo is effective, advertisers want to know if their ad clicks turn into purchases (conversions). To see this within Microsoft Advertising, they use Microsoft scripts from the bat.bing.com domain," explains Weinberg in the blog post. "Currently, if an advertiser wants to detect conversions for their own ads that are shown on DuckDuckGo, 3rd-Party Tracker Loading Protection will not block bat.bing.com requests from loading on the advertiser’s website following DuckDuckGo ad clicks, but these requests are blocked in all other contexts. For anyone who wants to avoid this, it's possible to disable ads in DuckDuckGo search settings.
DDG says it wants to go further to protect user privacy around ad conversion tracking -- but admits this won't happen any time soon. In the blog post Weinberg writes that "eventually" it wants to be able to replace the current process for ad conversions checks by migrating to a new architecture for assessing ad effectiveness privately.
"To eventually replace the reliance on bat.bing.com for evaluating ad effectiveness, we’ve started working on an architecture for private ad conversions that can be externally validated as non-profiling," he says.
DDG is by no means alone here. Across the industry, all sorts of moves are afoot to evolve/rethink adtech infrastructure in response to privacy backlash -- and to rising regulatory risk attached to individual tracking -- efforts such as Google's multi-year push to replace support for tracking cookies in Chrome with an alternative adtech stack (aka its 'Privacy Sandbox' proposal; which remains a [delayed] work in progress).
Google delays move away from cookies in Chrome to 2024
"DuckDuckGo isn’t alone in trying to solve this issue; Safari is working on Private Click Measurement (PCM) and Firefox is working on Interoperable Private Attribution (IPA). We hope these efforts can help move the entire digital ad industry forward to making privacy the default," adds Weinberg. "We think this work is important because it means we can improve the advertising-based business model that countless companies rely on to provide free services, making it more private instead of throwing it out entirely."
Asked about the timeline for developing such an infrastructure, he says: "We don't have a timeline to share right now but it's not an imminent announcement."
Despite DDG's assertion that viewing ads via its browsers is "anonymous", its ad disclosure page confirms that it passes some personal data (IP address and user string) to Microsoft, its ad partner -- for "accounting purposes" (aka "to charge the advertiser and pay us for proper clicks, which includes detection of improper clicks", as Weinberg puts it).
"Per our ad page, Microsoft has committed [that] "when you click on a Microsoft-provided ad that appears on DuckDuckGo, Microsoft Advertising does not associate your ad-click behavior with a user profile. It also does not store or share that information other than for accounting purposes," he says when pressed on what guarantees he has from Microsoft that user data passed for ad conversions doesn't end up being repurposed for broader tracking and profiling of individuals.
In back and forth with TechCrunch, DDG also repeatedly emphasizied that its policy states that Microsoft does not link this data to a behavioral profile (or, indeed, share a user's actual IP address etc).
However Weinberg concedes there are limits on how much control DDG can have over what happens to data once it's passed -- given, for example, the adtech ecosystem's penchant for sharing (and synching) pseudonymized identifiers (e.g. hashes of identifiers) in order that digital activity may still be linked back to individual profiles, say after a few hops through a chain of third party data processors/enrichers, and thereby removing an earlier privacy screen... So, tl;dr, trying to shield your users' privacy from prying third parties whilst operating in an ad ecosystem that's been designed for pervasive surveillance (and allowed to sprawl all over the place) remains a massive firefight.
"Staying anonymous 'through the adtech ecosystem' is a different story because once someone clicks on a site (whether or not they got there through DuckDuckGo search), they become subject to the website owner's privacy policy and related practices," Weinberg admits. "In our browsers, we try to limit that through our web privacy protections but we cannot control what the website owner (the 'first party') does, which could be sharing data with third-parties in the ad tech ecosystem."
"The ad disclosure page makes clear viewing ads is anonymous and further covers ad clicks, which has a commitment from Microsoft to not profile users on ad click, which includes any behavioral profiling by them or others. This commitment includes not passing that data on to anyone," DDG also claims.
"Our privacy policy states that viewing all search results (including ads) is anonymous, and Microsoft Advertising (or anyone else) does not get anything that can de-anonymize user searches at that time (including full IP address) in terms of being able to tie individual searches to individuals or together into a search history," it adds.
In further developments being highlighted by the company today, DDG said it's updated the Privacy Dashboard that's displayed in its apps and extensions -- to show "more information" about third-party requests, per its blog post.
"Using the updated Privacy Dashboard, users can see which third-party requests have been blocked from loading and which other third-party requests have loaded, with reasons for both when available," Weinberg writes on that.
It has also relaunched its help page -- with a promise that the overhauled content offers "a comprehensive explanation of all the web tracking protections we provide across platforms".
"Users now have one place to look if they want to understand the different kinds of web privacy protections we offer on the platforms they use. This page also explains how different web tracking protections are offered based on what is technically possible on each platform, as well as what’s in development for this part of our product roadmap," its blog post suggests.
DDG has a tracker blocking carve-out linked to Microsoft contract
New Tracking Products
https://www.msn.com/en-us/news/tech...ail-service-is-now-open-to-anyone/ar-AA11fRJF
Want to ditch Gmail? DuckDuckGo’s private email service is now open to anyone :lol:
https://www.komando.com/security-privacy/whatsapp-sharing-your-data/773481/
Has WhatsApp been sharing your data with Facebook for years?
whatsapp is doing this since Jewbook acquired whatsapp they disclosed it after many years of acquiring it
you can also try this open any msn link on duckduckgo and you will see this warning msessage from Tor
Potential Identity Leak
You are about to load a page from msn.com.
If you are a msn.com logged-in user, information about your identity might be acquired by duckduckgo.com.
This Potential Identity Leak warning can be seen if you are browsing a website and do duckduckgo search on a new tab.
Something more on DuckDuckGo
Tor browser on mobile
they are using some java scripts that acts a cookies even if you have disabled browser cookies.
i was searching something on DuckDuckGo and changed the region country for search results when i was done i closed the DuckDuckGo tab on Tor browser.
and opened a new tab on Tor browser.
and i made a new search on DuckDuckGo to my surprise the DuckDuckGo on Tor showed me the results from the same country i previously changed to.
that could be a co-incidence then i changed tor new identity.
changed the Tor Security level in Tor browser settings from Safer to Safest.
DuckDuckGo did the something again, shows results from the same country.
Stop using Duckduckgo if you privacy conscious.
Tags: cyber security , cybersecurity