Has DuckDuckGo ever been criticized for privacy practices by privacy advocates?
Executive summary
Yes. DuckDuckGo has been publicly criticized by multiple privacy researchers and advocates, most prominently after a 2022 disclosure that its mobile browser allowed Microsoft-placed trackers to run on some pages — a revelation that triggered widespread scrutiny and debate about DuckDuckGo’s privacy guarantees [1] [2] [3]. Additional technical critiques — including claims about unencrypted auto-suggest leakage, tracker exceptions, and limits compared with layered privacy tools — have kept privacy experts skeptical even as many continue to use DuckDuckGo for partial protections [4] [5] [6].
1. The Microsoft-tracker controversy that focused attention
A security researcher’s inspection in 2022 showed Microsoft tracking scripts communicating with Microsoft domains on pages visited through DuckDuckGo’s mobile browser, leading to accusations that DuckDuckGo made an exception for a business partner and thereby undermined its “we don’t track you” ethos [1] [7]. Coverage from outlets including WIRED, Tom’s Guide and other tech outlets documented the finding and the ensuing backlash from privacy-minded users and experts who viewed the browser behavior as a betrayal of DuckDuckGo’s brand promise [1] [2] [7].
2. Technical critiques beyond the tracker exception
Independent write‑ups and security posts have expanded criticism beyond the Microsoft exception, alleging technical weaknesses such as an auto-suggest mechanism that leaks unencrypted data and search terms remaining visible in URLs, which together can expose queries to observers monitoring network traffic or browser histories [4] [6]. Analysts have also compared DuckDuckGo’s protections unfavorably to layered privacy solutions like Tor or VPN-plus-hardened browsers, arguing that DuckDuckGo offers useful but ultimately superficial safeguards that privacy experts warn should not be the sole defense [5].
3. Company responses, clarification, and subsequent changes
DuckDuckGo’s leadership publicly clarified that the issue related to its Privacy Browser app behavior rather than its search backend and said adjustments were made after the outcry, with the company altering some arrangements and explanations to assuage users [7] [4]. Reporting notes that DuckDuckGo changed agreements with Microsoft and walked back or modified some of the contested behaviors after criticism, although some experts say trust damage persisted and technical fixes were only partial [4] [8].
4. How privacy advocates reacted — split opinions and implicit agendas
The privacy community’s response has been mixed: many advocates and researchers sharply criticized DuckDuckGo for what they saw as an avoidable privacy exception [1] [2], while others continued to recommend DuckDuckGo as a pragmatic, better-than‑default choice for users unwilling or unable to adopt more complex privacy stacks [7] [3]. Some critical commentary comes from vendors or publishers with an incentive to promote alternate products (e.g., VPN or security companies), so the debate blends technical critique with competitive and rhetorical agendas that readers should weigh when interpreting severity claims [5] [8].
5. The current practical takeaway for privacy-minded users
Reporting across independent outlets concludes that DuckDuckGo provides meaningful improvements versus mainstream defaults but is not a panacea: privacy advocates have raised real and documented concerns (Microsoft tracker exception, possible autocomplete leaks, limits vs. Tor), and responsible users should treat DuckDuckGo as one tool in a layered approach rather than a single solution [1] [4] [5]. The critiques are concrete and sourced in technical findings and audits, but they coexist with continued endorsement from some experts who value DuckDuckGo’s default blocking and minimal‑tracking ad model [7] [3].