*Permananently Deleted*
trash
28

Permananently Deleted

@ajz
910M

Searx on your own Yunohost server is fairly easy to install, and if you restrict it for usage by yourself and your users it might not get blocked soon by Google etc. See also https://lemmy.ml/post/30827 for a comparison between 4 search engines. And https://metager.org/ is based on open source, so you might run that yourself as well : https://gitlab.metager.de/open-source/MetaGer See also : https://searchengines.netlify.app/

ufra
410M

Curious if anyone has been using runnaroo.com ; it seems a bit too good to be true. here is a hacker news thread on it

@cipherpunk
410M

Runnaroo’s IP is owned by Google according to my records, although the “Cloud Firewall” add-on says it’s owned by Amazon. Either way, that’s not good.

BTW, ycombinator is has ties to Peter Thiel and runs on Amazon AWS, so not a good link to share publicly.

ufra
29M

Appreciate your insights. Any search recommendations?

Dessalines
admin
410M

I wish, seems like searx is the only good option, but many of its main instances are usually down or restricted. https://searx.me

Personally I use searx.ninja and have not had any issues with it so far

@Duck
110M

That instance is hosted in the US.

Yes I am aware of this. While it is not perfect searx.ninja is the best instance I have found. Many other instances were very slow for me to the point of being almost unusable, and I still think that it is better than DDG considering that is also based in the US. searx.ninja also has pretty sane defaults so I can use it in a private window just fine. Also while it may sound silly to be completely honest I am not that concerned about it being based in the US, the chance of the government going after a random searx instance seems low to me and searx does not keep logs anyway so unless they start monitoring everything going on on the server it does not seem like they can do much. It is also not like I am on a VPN or Tor all the time so if the US government really wants to get my search history they probably can. I may look for a more private alternative at some point that is not based in the US but for now I am fine with searx.ninja.

@Witcom
creator
4
edit-2
2M

deleted by creator

Dessalines
admin
110M

It default sorts by most seeded currently.

Halce
310M

Metager.org has decent search results in my experience.

@ajz
310M

https://www.gigablast.com/ got mentioned already ?

Qwant and SearX.

@TheMainOne
3
edit-2
3M

deleted by creator

Qwant nonetheless is transparent enough and pretty good compared to the hundreds of other backstabbers like StartPage.

SearX is not a search engine though, it is simply an interface to use others. If it were not as buggy, I would be using it, since I did use it for a week or two (around the time I exposed StartPage on Reddit once after which I switched to the forementioned two.

@cipherpunk
310M

I see a pattern of emotional StartPage bashing – and it’s bizarre that it often comes from loyal DDG patrons. Both DDG and StartPage profit from untargeted ads. Both are US companies. StartPage self-hosts while DDG hosts on Amazon. DDG’s supply chain is far more evil than Startpage’s.

Qwant is worse than both DDG & SP b/c it treats tor users with hostility. Qwant and DDG both source from MS Bing, and I find MS a more evil force in the world than Google. I’m not just talking about privacy but also involvement in fossil fuels and private prisons.

This is quite false to begin with. One does not need to use Tor all the time, firstly. Secondly, I am not a DDG patron, and do not even touch it. It is one of the crappiest “private” search engines, simply by looking at its history and ownership. I openly advocate against DDG.

Moreover, DDG being a US company is an instant red flag for me. I will never use a closed source US technology service.

It is a fact that any search engine, no matter SearX (instance) or Qwant or Ecosia or DDG, have to rely on either Google’s or Microsoft’s web crawlers and index databases. Nobody in this day and age can create their own competing index database even in 10-20 years. What matters to us is tracking, and Qwant helps prevent it effectively.

@cipherpunk
2
edit-2
10M

This is quite false to begin with. One does not need to use Tor all the time, firstly.

We’re talking about searches. Of course you should use Tor for searches. To avoid Tor (and the like) in the context of web searching is to compromise more of your identity attributes for nothing. That’s a bad trade.

Secondly, I am not a DDG patron,

I was speaking generally. Ppl bashing Startpage w/such emotion (“backstabbing”) tend to be DDG patrons. This particular crowd is relatively irrational. Startpage has some issues but nowhere near as extreme as the laypeople’s reaction.

Moreover, DDG being a US company is an instant red flag for me.

Sure, but it shouldn’t be the biggest red flag in your box of red flags, and it shouldn’t outweigh sound security practices (like using Tor or i2p or the like for web searching).

It is a fact that any search engine, no matter SearX (instance) or Qwant or Ecosia or DDG, have to rely on either Google’s or Microsoft’s web crawlers and index databases.

That is not a fact. Gigablast, Exalead, Mojeek, & Metager are all search engines with unique indexes that rely wholly on their own crawling. Some searx instances source from a local YaCy crawler.

It’s also an oversight to describe searx instances, Qwant, Ecosia, and DDG as equals in this regard. Most searx instances scrape their results, which means they do not financially support the privacy abusing corporation they source from. DDG pays MS & Yahoo for API access, thus financially sponsoring adversaries of privacy proponents. Qwant and Ecosia likely also pay for API access (and if they don’t, you can bet the price is paid by direct data sharing - which Ecosia and Qwant admit to in their privacy policy).

What matters to us is tracking, and Qwant helps prevent it effectively.

Qwant treats Tor users with hostility. This means that Qwant disables an important tool to help prevent tracking. You’re left with trusting Qwant’s adherence to their privacy policy, which is obviously a bad idea when it’s a company who is hostile toward users who act to protect themselves. We have to trust privacy policies to some extent, but Qwant ensures that the extent of trust needed is greater than it is with Tor friendly services.

It’s suspect that Qwant allows Tor users to submit a query, and only thereafter pushes a Google reCAPTCHA – which is exactly what Ecosia does. This suggests that Bing triggers the CAPTCHA, which means that more information is being fed to Bing than just the query string.

And the privacy policies confirm this. Ecosia’s privacy policy admits to sharing everything with Bing, while Qwant only admits to sharing user agent and the first 3 octets of your “salted” IP address, approximate geolocation with Bing. What’s the “salt”? It’s not necessarily random (in fact, not likely random). It could even be an encoded composition of anything from your browser print. Whatever is sent, it’s evidentally specific enough for Bing to know the query comes over Tor. And in any case, you’re trusting some weasel wording with Qwant. You have no guarantee that the hash that Qwant generates is not unique to you and non-unique across your multiple visits. The hash could even be more unique than your IP address, and it’s supplemented with your approximate geographic location (which as well could simply be expressed as “Tor” since exit node geolocation is meaningless).

Although Ecosia admits to sharing more data than Qwant, Ecosia honors the do-not-track flage and Qwant does not. It’s quite possible that setting the DNT flag reduces Ecosia’s info sharing more than Qwant’s.

Using Tor for searches ironically puts you at risk if you are spending all your time on Tor network. There is a good chance you will end up using the clearnet via mobile phone or computer at some place or time, thus breaking your OPSEC like a twig.

I was the one to expose StartPage when the System1 deal happened: https://www.removeddit.com/r/StartpageSearch/comments/djshn3/_/f49krhw/

StartPage is just about as worse as DDG gets, and contributes to creating a false pro privacy culture by fooling people and keeping them under the dark.

YaCy, Metager and the likes will take decades to catchup with Microsoft and Google indexes, and that is assuming they have similar infrastructure and expendable capital, which they do not.

Qwant is not even remotely at the same level as DDG or StartPage or Ecosia. You can use Qwant without JS, so most of the problems are solved there.

I am a regular user of I2P and Tor networks. And no, one does not use their search engines for regular needs.

As far as using Qwant on Tor goes, Qwant is very decent for clearnet, and DDG must not be used on Tor, even though it is presented to us as the main search engine there. Torch exists, as does http://xenon3oeazebb7aa.onion/

We have to get more into the theory if Qwant really is as bad as you make it out to be. They are pretty transparent for what they do via Reddit AMAs.

@cipherpunk
1
edit-2
10M

Using Tor for searches ironically puts you at risk if you are spending all your time on Tor network.

What does time have to do with anything here? If all you do is search the web, most of your time is likely spent reading the screen, not moving data. And when you are retrieving data, you’re less exposed if you do so over an e2e tunnel that runs over Tor – not the clearnet as you suggest.

There is a good chance you will end up using the clearnet via mobile phone or computer at some place or time, thus breaking your OPSEC like a twig.

There’s so many things wrong in this statement. I rarely use a “phone” (and rarely as a phone) but when I do I am not limited to clearnet. If you do a web search from your phone of course you should still use Tor, tools permitting.

You speak of OPSEC as if to know what my threat model is. You don’t. And generally speaking in the context of the thread, it’s safe to say mass surveillance is in all our threat models. Of course you should avoid the clearnet to mitigate mass surveillance. It’s poor advice to tell ppl to do their searches over clearnet. It’s also poor advice to tell people that if the hypothetical situation arises that they’re forced to use the clearnet, that this somehow ruins all the OPSEC they’ve done on past searches before that point. It’s asinine.

Formally speaking, the rule of least privilege is sensible. That is, you give the least amount of privilege necessary to get the job done. If you don’t need to expose your home IP in one search and you don’t need to expose to your ISP where you visit, of course you should not. If in another circumstance you need to give up that protection for some bizarre reason, then the rule of least privilege still applies; that is, you only give what you must. To suggest that ppl throw their hands up and say “because I can’t securely do this search on my phone, I might as well give up on all my searches and do it all on the clearnet” is absolutely foolish.

You secure what you can to the best extent that you can, or you’re not doing security properly. If after exhausting non-clearnet searches you still don’t get the search result that you’re after, only then would it be sensible to resort to Qwant over clearnet. I’ve never had to do that, btw. I’ve always been able to find what I need w/out clearnet searching. Some searx instances successfully scrape MS Bing, which brings you close to Qwant results w/out the clearnet and without financially sponsoring Microsoft.

Firefox’s DoH combined with a HOSTS blocker and a systemwide firewall with custom DNS like NetGuard serve to mask your internet traffic to ISP even via clearnet, outside the domain name. This allows to have a profile of commonly visited websites, making your shadow profile look less creepy to the governments, and you a lesser target of any kinds of snooping.

It is always said to not use a sword to cut an onion. Use a house knife. So, instead of using Tor for all your traffic, use it for your non common website portal accesses. It helps way more in a stronger OPSEC and keeping your chances of becoming a target very low.

In the end, we are trying to not just minimise our digital footprint over clearnet, but instead minimise our risks of collected information in the past possibly becoming a target and being misused. Staying under the radar by posing as legitimate users is important, as we use ISP services, and those are subsidised by the very governments and organisations we despise.

By mixing use of clearnet and Tor cleverly, we can mask our activities separately, since Tor traffic is always seen as suspicious by ISPs. So, we get to use our swords, and use our knives in regular situations.

@cipherpunk
2
edit-2
10M

This allows to have a profile of commonly visited websites, making your shadow profile look less creepy to the governments, and you a lesser target of any kinds of snooping.

You’re afraid that by securing your communication and following sound security practices you’ll stand out and appear suspicious. This is exactly what the gov and other pushers of mass surveillance want you to think. The idea has no merit.

The privacy arising from the Tor network improves as traffic increases – privacy in numbers. Being afraid to use it, and then minimizing your use as you do is detrimental to privacy for a few reasons:

  • When you need Tor’s protection the most (e.g. when you’re buying drugs or whistle blowing), you’ve made that traffic stand out from your other traffic. IOW, you’re signaling your adversary precisely when it’s most interesting to pay extra attention to you. Your drug purchase traffic should look no different than your bicycle purchase.
  • You also harm the privacy of others by reducing the cover traffic that helps everyone.
  • If the bicycle shop never gets legitimate Tor traffic, this prompts the shop to mistreat Tor users by policy, which in turn weakens the usefulness of the Tor network and actually constrains it to malicious use cases – when in fact there are non-malicious use cases that are often denied (e.g. a Qwant search).

Tor is rapidly becoming a honeypot, and so it becomes riskier to use it in daily life. Also, there is too much US government funding into it.

While it is a great tool for anonymity, chasing this very anonymity at any and all times of your life is very straining, and serves to create needless tension about staying connected to Tor.

Participation in Tor network for me is a matter of using it for tiny sessions for coverups, not maintaining the network chain itself. I cannot be held individually responsible for maintaining a network which is essentially free and DARPA funded. It is not running because of us, but them.

@fruechtchen
310M

https://ask.moe is interesting, but uses microsoft bing.

@Molly666
19M

So, today I just got really mad talking about privacy. I believe that it does not exist, because any search engine indexes a query. https://utopia.fans/privacy/the-myth-of-the-privacy/ You can, of course, turn your attention to the darknet, but I don’t think this illegal action is worth it. Yes, you can use VPN and / or proxies - but this will also not help you much in the conditions of the modern model of the indexed Internet.

@ajz
2
edit-2
10M

Speaking only for myself, I need search engines for different things. Briefly :

  • look up answers to tech issues for work and private use.

  • look up musical or philosophy history details.

For the latter I noticed that Mojeek works very well, now that they have included Wikipedia results and let it come up as exclusive first hit search result. Here an example in a screen shot. This means that for option 2 I could use Mojeek with their own crawler more often.

Metawish
210M

I found something called Cyber (cyber.page) which seems interesting enough, but I’m not tech-versed enough to give it as a recommendation. The FAQ (https://github.com/cybercongress/congress/blob/master/ecosystem/ELI-5 FAQ.md) makes enough sense to me

@k_o_t
mod
admin
110M

it only indexes ipfs websites, no?

Metawish
210M

I think yes, I remember reading though that people can make webpages into ipfs? There was an addon for browsers to do that? Although like you said, probably not a good alt search engine

I use ecosia.org, according to their FAQ they don’t use 3rd party trackers or sell data to advertisers, and any privacy issues that might arise from them using Bing for personalizing search results (which can be disabled) are worth it imo for them planting trees with their ad revenue. But if I really need a private search, I’ll use something like duckduckgo

@dirtfindr
39M

Ecosia is bad for both privacy and the environment.

DDG is also bad for privacy – and it’s bad for the environment due to MS & Amazon ties.

@aeroplain
13
edit-2
8M

deleted by creator

ufra
510M

using duckduckgo.com/html without the nasty js (user dirtfindr pointed out a few weeks back) has been a refreshing change.

@dirtfindr
29M

DDG is not “good enough”.

Most search engines are better than that.

@ajz
010M

Facebook also provides an onion service. Does that make Facebook okay ?

@GaussNoise
6
edit-2
10M

I would guess the onion service with FB is useless since you’re signing in with an account, while ddg you don’t have such an account thereby making it harder for them to track you.

Therefore at least its an olive branch, where you don’t need an account, can use an onion service and you can use ddg without JS.

At the same time I don’t believe anything by ddg is FOSS. They shut down ddg hacker a bit ago.

@aeroplain
3
edit-2
8M

deleted by creator

@cipherpunk
210M

Even by your standard of trusting the privacy policy, DDG is a fail. DDG has already been caught violating their own privacy policy.

W.r.t threat models, an appropriate threat model for most people is to at a bare minimum control for mass surveillance, since we’re all impacted by it. DDG directly pushes CloudFlare sites to users and its supply chain is infested with PRISM corps and other mass surveillance entities.

see https://lemmy.ml/post/31321

@developred
7
edit-2
3M

deleted by creator

@shachtmanite
4
edit-2
10M

deleted by creator

@Crems0n
1
edit-2
7M

deleted by creator

@limecool
4
edit-2
10M

Last i used swisscows. They used to replace the 1st search result with a weird smartredirect.de link. Here’s a site speaking about that redirect behaviour: https://digdeeper.neocities.org/ghost/search.html#swisscows

@ajz
210M

Interesting. Thanks a lot for sharing!

@ajz
310M

The swisscows.ch one gave a blank page with Javascript disabled last time I tried. So, thanks but no thanks.

@Crems0n
1
edit-2
7M

deleted by creator

@anonymous
banned
4
edit-2
10M

removed by mod

@anonymous
banned
3
edit-2
10M

removed by mod

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote closed source software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 73 users / day
  • 120 users / week
  • 232 users / month
  • 482 users / 6 months
  • 2533 subscribers
  • 1117 Posts
  • 5104 Comments
  • Modlog