How did DuckDuckGo’s deal with Microsoft affect tracker blocking in 2022, and what changes followed?

1. The reveal: a carve‑out for Microsoft surfaced in May 2022

Security researcher audits and reporting in late May 2022 showed DuckDuckGo’s mobile browsers and extensions were blocking many third‑party scripts (Facebook, Google) but permitting some Microsoft scripts (Bing, LinkedIn) to run, and DuckDuckGo’s CEO Gabe Weinberg confirmed the behavior and linked it to a search syndication agreement with Microsoft that constrained blocking on non‑DuckDuckGo sites ^{[4] [5] [1]}.

2. What the contractual limit actually meant in practice

The practical effect was limited but specific: DuckDuckGo said it could still apply other protections such as blocking Microsoft third‑party cookies and post‑load mitigations, yet the “above‑and‑beyond” protection of preventing certain Microsoft scripts from loading was restricted by the agreement, meaning some scripts could fire and send data like IPs until browser protections kicked in ^{[6] [7] [3]}.

3. User outrage and the narrative battle over “selling out”

Once the restriction was publicized, the company faced sharp backlash—users and commentators framed the carve‑out as a betrayal of DuckDuckGo’s privacy brand—while DuckDuckGo pushed back that the exception was narrow, that its search product was unaffected, and that blocking already exceeded the protections most mainstream browsers offered ^{[8] [9] [10]}.

4. Company response: transparency, blocklists, and an announced fix

Under pressure, DuckDuckGo promised clearer disclosure, published tracker blocklists, and committed to expanding its third‑party tracker loading protection to include Microsoft scripts across its mobile apps and browser extensions, with desktop/beta coverage to follow; the company said the only remaining unblocked case by default would be bat.bing.com requests triggered directly after DuckDuckGo ad clicks for advertisers’ conversion measurement unless users disabled DuckDuckGo ads ^{[2] [3] [11]}.

5. The August 2022 change: carve‑out largely eliminated, but with a narrow ad measurement exception

In early August DuckDuckGo announced that it had removed the Microsoft carve‑out so Microsoft tracking scripts would no longer be allowed to load on pages reached via DuckDuckGo’s browsing apps and extensions in most contexts, while acknowledging a specific limited flow—bat.bing.com after an ad click—would not be blocked by default because it’s used for advertisers’ conversion tracking, and that users can avoid it by turning off ads ^{[7] [2] [3]}.

6. Interpretations, motivations, and unresolved questions

Observers note competing incentives: DuckDuckGo relied on Microsoft for search syndication and ad serving, which created contractual friction with its privacy posture, and the company’s rapid policy reversal reflected reputational vulnerability as much as technical feasibility; critics argue the episode exposed how ad networks and platform agreements can subtly constrain privacy vendors, while DuckDuckGo and defenders counter that the company still provided stronger protections than most browsers and moved to fix the gap once public scrutiny intensified ^{[1] [8] [11]}.

7. What remains unconfirmed or outside available reporting

Public reporting documents the timeline, the contractual constraint claim, the company’s mitigation steps, and the August 2022 blocklist expansion, but precise contract language, Microsoft’s internal stance, and technical telemetry about how often the bat.bing.com flow occurred for users before the change are not published in the sources provided, so those points cannot be verified here ^{[6] [3]}.