What data flows to Microsoft when using DuckDuckGo search as a proxy?
Executive summary
When DuckDuckGo serves search results it proxies requests to its partners and says it does not retain personal identifiers with search terms; partners (including Microsoft for ads) receive proxied content and — in the case of ad clicks — Microsoft Advertising receives the IP address and user-agent necessary to process the click, which DuckDuckGo says Microsoft will not associate with a user profile except for accounting [1] [2] [3]. Separately, a 2022 controversy revealed that DuckDuckGo’s browser once allowed some Microsoft-owned tracking scripts to load on third‑party sites because of a search syndication agreement; DuckDuckGo later removed that carve‑out [4] [5] [3].
1. How DuckDuckGo routes search requests and what Microsoft can see when providing ads
DuckDuckGo explains that it proxies requests to partners like Microsoft for ads and Apple for maps, claiming it does not store personal identifiers (for example IP addresses) together with search terms, and that partners cannot tie viewed search results back to an identified user [1]. When a user clicks a Microsoft-provided ad from DuckDuckGo search, Microsoft Advertising will receive the full IP address and user-agent string “so that it can properly process the ad click and charge the advertiser,” according to DuckDuckGo’s help pages, and DuckDuckGo cites Microsoft’s commitment that ad-click behavior is not associated with a profile and is only kept for accounting purposes [1] [3]. Independent reporting and DuckDuckGo’s own documentation emphasize the company’s proxying architecture is intended to prevent partners from receiving raw search+identifier pairs [1] [6].
2. The 2022 browser carve‑out: what leaked and what it meant for data flows to Microsoft
Security researcher Zach Edwards demonstrated that DuckDuckGo’s mobile browser allowed Microsoft-placed tracking scripts (Bing, LinkedIn domains) to load on certain third‑party sites, which meant requests from the browser could reach Microsoft properties and expose IPs or other request metadata before tracker-block protections applied; DuckDuckGo’s CEO acknowledged a contractual limit stemming from a search syndication agreement that prevented the browser from fully blocking Microsoft-owned scripts at that time [5] [4] [7]. Coverage framed this as data “flowing” to Microsoft via third‑party scripts — not necessarily DuckDuckGo handing raw search histories to Microsoft — but critics argued the effect undermined user expectations about browser-level privacy [8] [2] [9].
3. How DuckDuckGo and independent fact‑checks describe the current state
After public scrutiny DuckDuckGo said it amended terms with Microsoft and removed the exceptional allowance that previously let some Microsoft scripts bypass blocking in its browser; TechCrunch and DuckDuckGo state the company now prevents those third‑party Microsoft scripts from loading and maintains that it does not save or share search/browsing history when users search on DuckDuckGo or use its apps [3] [6]. Reuters’ fact‑check noted context was missing in earlier viral claims and reported that independent experts say DuckDuckGo blocks known tracking scripts to prevent exposing personal identifiers, including previously Microsoft-owned scripts, and that the syndication partnership is limited to ad placements rather than allowing Microsoft to build profiles from DuckDuckGo search views [10] [1].
4. What technically may be exposed to Microsoft (summary of concrete items reported)
According to DuckDuckGo’s own help pages and reporting, concrete request-level items that can be received by Microsoft when handling ad clicks are the full IP address and user-agent string (used for ad processing) and the fact of an ad click; historically, third‑party Microsoft scripts could also receive standard HTTP request metadata (including IP) when they were allowed to load on visited sites via the browser exception [1] [4] [5]. DuckDuckGo and Microsoft’s public statements insist that Microsoft Advertising does not associate ad clicks with a cross‑site profile from DuckDuckGo searches and that any retained information is used only for accounting, though critics and researchers warned that the raw metadata itself can enable profiling if correlated elsewhere [3] [1] [9].
5. Caveats, competing narratives and limits of available reporting
The factual record shows two separate things often conflated in public debate: (a) DuckDuckGo’s search proxy and ad system that, by design, tries to avoid coupling identifiers with search queries while still sending ad‑click metadata to Microsoft for processing [1], and (b) an earlier browser-level exception that allowed Microsoft-owned tracking scripts to load on third‑party websites, creating direct request flows to Microsoft domains — an exception DuckDuckGo later says it removed [4] [3]. Reporting differs on emphasis: some outlets and researchers call the carve‑out a “deal” that betrayed trust [5] [2], while DuckDuckGo and fact‑checks stress mitigations, contractual promises, and subsequent fixes [6] [10] [3]. The available sources document request-level metadata flows and contractual constraints, but do not provide independent packet captures of every possible interaction today; therefore, absolute technical guarantees beyond the published statements and audits are not present in these sources [3] [10].