What evidence exists about DuckDuckGo’s Microsoft partnerships and their practical impact on tracker exposure in the DuckDuckGo browser?

1. The discovery: researchers found Microsoft-owned scripts slipping past DDG’s blocks

Security researchers, notably Zach Edwards, tested the DuckDuckGo Privacy Browser and reported that trackers from Microsoft domains such as bing.com and linkedin.com were allowed to run while many other third‑party trackers were blocked; multiple outlets documented those tests and DuckDuckGo’s confirmation that the behavior was intentional due to its Microsoft agreement ^{[1] [7] [8]}.

2. DuckDuckGo’s admission and the company explanation

DuckDuckGo’s CEO Gabe Weinberg acknowledged the exception publicly, saying the search-syndication or advertising agreement with Microsoft limited how the browser could apply its third‑party tracker loading protection to Microsoft-owned scripts, and he framed the partnership as focused on ad placements and search results rather than creating user advertising profiles tied to clicks ^{[6] [4] [8]}.

3. The practical impact on tracker exposure in the browser

Empirical tests and reporting showed the practical effect was that some Microsoft tracking scripts could execute on non‑DuckDuckGo sites visited from the browser, potentially exposing identifiers in those contexts; reporters and security analysts highlighted that this undermined users’ expectations that the DuckDuckGo browser uniformly blocks hidden third‑party trackers ^{[1] [9] [5]}.

4. The company response and policy change in August 2022

Following public backlash and press scrutiny, DuckDuckGo announced it would expand its third‑party tracker loading protection to include Microsoft scripts across its mobile apps and browser extensions, publishing its tracker protection list to increase transparency; coverage noted the change but also flagged carve‑outs that remained for post‑ad click conversion measurement (bat.bing.com), and DuckDuckGo provided user options like disabling ads to avoid that specific flow ^{[2] [3] [10]}.

5. What independent fact‑checks and follow‑ups say about the partnership’s scope

Fact-checking outlets stressed that the Microsoft relationship was an ads/search syndication partnership and that DuckDuckGo was not granting Microsoft carte blanche to build click‑based ad profiles via the search product; independent experts also emphasized that DDG’s protections do block many known tracking scripts, including many Microsoft‑owned scripts after the August update ^{[4] [2] [5]}.

6. Competing narratives, motivations, and remaining limits of public evidence

Privacy critics used the episode to argue DuckDuckGo’s commercial choices can override privacy promises and pointed to earlier non‑disclosure of the exception as a transparency lapse, while DuckDuckGo and some reporters argued the practical business tradeoffs were limited and later remediated; sources differ on how large the real user‑risk was, and reporting shows some residual, narrowly scoped exceptions (ad conversion pixels) remained after fixes — reporting does not, however, supply public evidence of Microsoft using DuckDuckGo clicks to assemble long‑term identifiable ad profiles ^{[6] [5] [10] [4]}.

7. Bottom line on evidence and practical effect

Documented tests and corporate statements provide concrete evidence that the Microsoft partnership produced a real, observable exception permitting certain Microsoft scripts to run in DuckDuckGo browsers in mid‑2022, that the company acknowledged the contractual cause, and that DuckDuckGo revised its protections soon after — but some narrowly targeted ad‑conversion behaviors tied to clicks persisted as an acknowledged exception and were presented as user‑controllable by disabling ads ^{[1] [2] [10]}. Where reporting is thin: there is no public, verifiable evidence in these sources that the partnership enabled broad Microsoft profiling of DuckDuckGo users outside the limited ad‑click/conversion contexts the companies described ^{[4] [5]}.