Search engines are popping up like mushrooms, and they all want your attention. As consumers begin to be more concerned about their privacy, search engines are suddenly profiling themselves en masse as privacy-friendly. But when is a search engine truly privacy-friendly, and what methods do they employ to protect users' personal data?
Author: Léonhard Weijmar Schultz
Anyone who values privacy but wants to enjoy the benefits of the Internet would do well to stay away from services bearing the Google name. After all, Google is much more than just the world's largest search engine. Avoiding Google means no Youtube, Gmail, Picasa, AdSense or Google Chrome, -Translate, -Maps or -Analytics. You want to install a handy extension for your web browser? Chances are it comes from the Google Play Store. By avoiding Google services, you make it difficult for the tech giant to collect data about you, but not impossible. Other parties are also after your data. For example, Google is only too happy to pay to be able to map your browsing habits after all. After all, knowledge is power.
If you want to roam the Web completely anonymously, you can use anti-tracing software such as the Tor Web browser, or one of the many proxy servers or VPN services offered on every digital street corner these days. Thanks to such a proxy server or Virtual Private Network, your data is encrypted and redirected so you can surf the Web completely anonymously. However, a search engine is not a VPN service, so the question arises: how privacy-friendly is a privacy-friendly search engine?
By taking a bird's eye view of three search engines that profile themselves as privacy-friendly, we zoom in on some of the methods the service providers use to protect their users' data. Based on this, you can determine which method is most appropriate for you and thus which search engine you may want to look into first.
DuckDuckGo is a metadata search engine and for years has been the most popular "privacy-friendly" alternative to Google. A metadata search engine does not have its own index of Web pages, but searches various other search engines and then compiles its own list of search results. This has some technical advantages and disadvantages, but otherwise does not affect the degree of privacy you enjoy.
DuckDuckGo does not collect, store or share its users' data. Unless you make changes in the search engine settings, the company will also not place a cookie on your computer. If you are nevertheless forced to sit at the settings, DuckDuckGo ensures that the cookie stored on your computer does not contain any data traceable to you.
Suppose you are looking for a car. You surf to Google and use the search term "car. The first result immediately offers hope; you click on it and arrive at an interesting advertisement. You are one step further, but the web shop a lot wiser. Because by visiting an external website via a search engine, you not only share your IP address and information about the device you are surfing with, but also the search term you used. The website now knows who you are and what you are interested in. DuckDuckGo prevents your search term from reaching the external website by redirecting your query. The web shop then knows who you are, but not what you searched for.
While using DuckDuckGo, you will see ads, but they are based on the search terms used and not on your search history. If you search for "bicycle," you will see ads and search results about bicycles. According to DuckDuckGo founder Gabriel Weinberg, more specific search results are not necessary at all: "It's really a myth that you have to follow people to get good search results." The search engine has partnerships with Amazon and eBay; for every person who enters one of the two Web shops through DuckDuckGo, the search engine receives a small fee. With an estimated annual revenue of 10 million and a modest but growing market share, Weinberg puts strength to his statement.
DuckDuckGo is a U.S.-based company and its servers are hosted by Amazon Web Services. Reason to panic? Not immediately. DuckDuckGo has numerous servers around the world and is the only one with access to them. If you use the search engine from Europe, you connect through a European server. In addition, all data sent to DuckDuckGo is encrypted so no one, including DuckDuckGo itself, can see the data you send.
Because the company is located in the United States, DuckDuckGo is subject to U.S. law and, among other things, the controversial Patriot Act. The Patriot Act gives U.S. security agencies the right to request all stored data of an organization at any time. Organizations are obliged to cooperate and are not allowed to inform their customers about this. The Patriot Act applies not only to organizations located in the United States, but also to organizations outside the United States that use a U.S. service, such as a server or the .com extension.
Because DuckDuckGo does not collect or store data, there is little to be gained from them. Therefore, the decision to locate the company in the United States was a conscious choice. Should you be concerned about the influence of security services such as the National Security Agency (NSA), it is best to be located in the United States; unlike outside the United States, the NSA's powers are limited within U.S. land borders. Given the past, however, it is questionable whether security services like the NSA and companies like Amazon are compliant.
Still, there are caveats to how DuckDuckGo works. For example, the standard version of DuckDuckGo uses the scripting language JavaScript. In practice, it is not too complicated to misuse JavaScript to intercept user data. On the other hand, almost nine out of ten websites use JavaScript and disabling JavaScript can cause websites to no longer function properly. Thereby, in certain cases, JavaScript can also be abused when it is disabled in the Web browser. As a solution, DuckDuckGo offers a number of alternative versions of its search engine, including DuckDuckGo Lite and -HTML. These versions both work without JavaScript.
Equally problematic is the !Bang feature. DuckDuckGo users can use bangs to search specific Web sites. Anyone who enters '!g' for their search query, for example, will land on Google's search results page, and '!a' will redirect you to Amazon's search results page. A handy feature, were it not for the fact that bang requestsare not encrypted. And although DuckDuckGo builds a high wall around its users, local personal data protection falls short. Recently clicked search results are highlighted in purple and search terms used are fully readable in the local browser history. Beware, then, that no one is looking over your shoulder.
A frequently mentioned alternative to DuckDuckGo is Startpage, a Dutch-based search engine. With Startpage, the focus is not privacy, but control over one's own data. How does this compelling marketing story translate into practice? Like DuckDuckGo, Startpage does not collect, store or share data about its users. Its cookie policy is also similar; only when changing search engine settings is an anonymous cookie placed on your computer. So much for the similarities.
'Keep your enemies close,' they must have thought at Startpage. The search engine, known in the past as iXquick, pays Google to allow its users to show search results originating from the tech giant. This means you can expect high-quality search results. To ensure privacy, searches in Startpage are completely stripped of unnecessary information and only then sent to Google. Google then returns the search results to Startpage, which in turn delivers the results to its users without modification. In this way, Startpage prevents its users and Google from interacting, and Google sees nothing but a request from Startpage. Because Google does not know who it is really dealing with, no personalized ads or search results can be shown.
By using a proxy server, you and Google never come into direct contact with each other; when you give Startpage a search, the proxy makes contact with Google. Google then delivers the search results to the proxy, after which the proxy shows you the search results. Where Uber and Airbnb directly connect supply and demand, a proxy does the opposite. The price you pay for this is dependence on the search results Google provides. Even though Google does not know who uses which search term, you are bound to the search results from the tech giant and not a mix of results from various search engines, as is the case with metadata search engines.
A relatively new feature offered by startpage is anonymous viewing. Not only is the search engine privacy-friendly, it also offers a privacy-friendly way to visit the websites that have appeared in the search results. You will find the Anonymous view button behind every link to a specific search result. When you press it, it is not you, but Startpage's proxy that visits the external website. The external website does not know who you are, let alone what search terms were used. When you visit an external website using Anonymous View, the tab is marked with a purple border. There are some drawbacks to using the Startpage proxy to visit external websites anonymously; for example, it is not possible to log in or place orders.
Using JavaScript poses a risk to your privacy, but disabling it makes browsing a lot less enjoyable. For Startpage too, JavaScript proved to be a concern, but the company seems to have found a definitive solution. Startpage works with a special version of JavaScript; elements that posed a potential risk have been rewritten and only what is necessary for websites to function properly has been kept intact in this special version of JavaScript.
Like DuckDuckGo, SearX (pronounced: Sirks) scours dozens of other search engines to generate its own list of search results based on them. The metadata search engine thus resembles DuckDuckGo, and the two also show similarities in terms of cookie policies. If you want to be attached to the settings but don't want cookies on your device, SearX offers you the alternative option of generating a unique URL that you can use to load your settings again.
SearX differs from DuckDuckGo and Startpage because, unlike the aforementioned, the search engine is completely open source. This means that anyone can access the search engine's source code and run with it. It is therefore not a matter of trusting SearX, but of trusting the party hosting the server on which the search engine runs. After all, the source code is completely customizable, for both good and evil purposes. There are several lists on the Internet of digital sites hosting SearX that can be considered privacy-friendly.
If you don't trust anyone but yourself, you can run SearX on your own server. You then control everything, from how far you allow cookies to which search engines SearX gets its results. In that case, of course, it is important that you have your own server. As the story about DuckDuckGo made clear, the choice of where to host your server and which domain extension to use for SearX is important. For example, to prevent security services from suddenly showing up at your doorstep to confiscate all of your retained data, based on the Patriot Act, for example, you might choose to host your server from a country with privacy laws that do suit your needs. If you use a .com extension for your website, then your website is subject to U.S. law and therefore the Patriot Act - wherever you host it. Should you wish to host SearX on your own server, carefully consider which server host you wish to commit to and which domain extension you wish to use.
Running SearX on your own server is highly recommended if you want to ensure your privacy. However, if you are the only one using the search engine and the retained data is confiscated for some reason, a simple addition still reveals that you entered the search terms.
DuckDuckGo, Startpage and SearX all have their pros and cons when it comes to privacy. We trust DuckDuckGo and Startpage based on their privacy policies and the idea that if it turns out that they are not as privacy-friendly as they say, they will soon be finished with. We also assume that governments are compliant. Whether the latter is very prudent, we leave to one side. Should you have such doubts, you might do well to start using the Tor Web browser in addition to a privacy-friendly search engine. Tor is a Web browser and closed network in one. Both DuckDuckGo, Startpage and SearX can be used from within the Tor web browser. You can read more about using Tor and other privacy-friendly Web browsers on Privacyweb later this year.
This article can also be found in the Information Security dossier
