Fresh off a yearlong beta test, DuckDuckGo moved its email protection service into an open beta. The service works across iOS and Android; browser extensions for Edge, Chrome, Firefox, and Brave; and DuckDuckGo for Mac. The service blocks trackers in emails, reducing the amount and type of data emails can send to third parties (like data brokers, analytics companies, and so on).

Before the email makes it to your real inbox, DuckDuckGo’s service strips the trackers from the email message before final delivery. Email tracking is a pervasive practice — during the beta, DuckDuckGo said it found trackers in 85% of testers’ emails — used for everything from tracking opens and clicks to serving dynamic content (e.g., changing the email content based on your local weather).

DuckDuckGo provides users with an @duck.com email address or a user-generated private email address that masks the user’s actual email address. Users can reply to emails using their @duck addresses without exposing their forwarding address in most cases.

Many of these features parallel those available in Apple’s Hide My Email capabilities, but DuckDuckGo does extend support across devices and browsers in ways Apple does not.

Additionally, email protection applies the same URL encryption used in the DuckDuckGo search engine and apps to convert “http://” links to “https://”, providing a shield from those who may want to see and leverage what you’re viewing online.

And who doesn’t want more of all the above? Oh wait …

Email Tracker Exposure Delivers Brand Damage

DuckDuckGo takes it a step further. Users will receive a tally of the trackers and companies linked to them, adding a much-needed layer of transparency — and potential accountability — in this service. This goes well beyond stripping trackers from emails prior to delivery. This will expose the purpose of the tracker and the intended destination of the collected data, opening a brand-new level of scrutiny for email recipients.

Expect to see DuckDuckGo tracker dashboards posted as evidence in the court of social media, leading to reputational harm. Expect an onslaught of data deletion requests and the other obvious outcome: litigation.

With evidence at users’ fingertips, the class action lawsuits will come fast and furious, though the law firms that handle those probably won’t advertise via email.

Users No Longer Have To Sacrifice Privacy For Convenience

We predicted The Rise Of Anti-Surveillance Capitalism as a sort of backlash against expansive advertising-driven surveillance. The initial choices in our research made life more private and more complex. That tradeoff disappears day by day. The numbers show that when consumers can choose privacy and convenience without one hobbling the other, they want privacy.

Apple made privacy an easy choice in iOS with App Transparency, Private Relay, and Hide My Email.

Signal brought encrypted messaging to the masses.

DuckDuckGo aims to become the easy button for online privacy, and the company surpassed $100 million in revenue — while also being profitable — in 2021. Making privacy simple and convenient works as a business model, even on the advertising-funded internet that exists today.

What’s An Email Marketer To Do?

This is yet another chapter in the data deprecation story. Marketers have deployed countless covert data collection strategies to understand who someone is, what content they’re engaging with, what they’re interested in, and so on. But as consumer privacy awareness grows and the steady drumbeat of privacy regulation continues, marketers face a new reality where covert data collection increasingly difficult — and risky.

It’s time for marketers and their organizations to weigh the pros and cons of deploying third-party trackers on their sites, emails, and other owned properties. We’ve already seen hospitals take a reputational and legal hit for inappropriately using Meta Pixel on their websites.

To avoid very likely public and costly mistakes, marketers must reach out to their counterparts in security and risk (S&R) to evaluate if the upside is worth it. In the case of email trackers, do they provide actionable data, and can marketers turn that data into real benefits for customers? Note that personalization isn’t a good enough reason — Forrester’s data shows that only 27% of US online adults are interested in personalized emails. S&R leaders can help evaluate the security and reputational risks the organization faces by sending data to different partners or platforms.

Ultimately, sending consumer data to third parties is becoming increasingly risky from a trust and regulatory perspective, so marketers need to build strategies now in collaboration with S&R leaders to adapt to and differentiate themselves in a new world of transparent, consent-based data collection.