[HN Gopher] Startpage.com: Privacy-oriented search engine
___________________________________________________________________
Startpage.com: Privacy-oriented search engine
Author : activatedgeek
Score : 82 points
Date : 2021-01-10 16:17 UTC (6 hours ago)
(HTM) web link (www.startpage.com)
(TXT) w3m dump (www.startpage.com)
| AniseAbyss wrote:
| When Google had to cave in to copyright and made their image
| search shit on mobile I switched to startpage who doesn't care
| and let you download images- anonymously to boot.
| eecks wrote:
| The anonymous view feature is cool. A comparison with DDG would
| be nice.
| ignoramous wrote:
| As cool as it is, I usually find myself using
| https://archive.is as a browser.
|
| For a time, I used https://brow.sh but its hosted _html_
| browser is not up anymore.
| godzillabrennus wrote:
| That must be a great experience...
|
| RMS has improved upon that if you are interested in privacy
| to that extent: https://lwn.net/Articles/262570/
| ignoramous wrote:
| It is, especially for Medium and Substack posts, websites
| that my DNS resolver or ISP block, and for _webpages_ that
| refuse to load with uMatrix in its default setting.
| ffpip wrote:
| uMatrix in default settings pretty much breaks every
| website.
|
| You definitely need to whitelist cloudflare CDN and other
| popular CDNs like Amazon S3, things like jquery.com ,and
| maybe Google for the recaptcha (unless you whitelist
| google for individual websites)
| NieDzejkob wrote:
| I have had very good experience with Startpage. Unlike DDG, it's
| a Google proxy, so the search quality tradeoff is much less stark
| (not non-existent, as there's no personalization...)
| prox wrote:
| I noticed this week / month that ddg must have gotten an
| upgrade, it's results are a lot better, to the point of beating
| Google in my search patterns.
| bzb6 wrote:
| No personalisation is a positive for me.
| SimeVidas wrote:
| In what aspects is it more private than the duck?
| dgut wrote:
| The two noteworthy aspects are: 1) if you click on an ad on
| startpage, you're inside Google's network. If you click on an
| ad on the duck, you're inside Bing's network. 2) the duck is
| independent and startpage is owned by an advertising company.
| a3n wrote:
| ddg has a bang code for startpage.
|
| !sp
|
| takes you to their home page.
|
| !sp privacy
|
| does that search on sp.
|
| !sp duck duck go
|
| does that search on sp.
|
| EDIT: Ahem ...
|
| !ddg
|
| !ddg recursion
| nacs wrote:
| ddg also has !s for Starpage
| a3n wrote:
| Cool. When I want a bang code, my first (!sp) or second guess
| is usually there.
| dgut wrote:
| Shameless plug,.. I run Okeano [1], a privacy friendly [2] search
| engine that aims to use 80% of profits to purchase river
| interceptors from the Ocean Cleanup Project and deploy them to
| the worlds most polluting rivers.
|
| We support domain blocklist [3] natively and have !waves (similar
| to !bangs).
|
| We're bootstrapped and not owned by an advertising company
| (startpage.com is owned by System1).
|
| [1] https://okeano.com
|
| [2] https://okeano.com/privacy
|
| [3] https://okeano.com/blocklist
| jchook wrote:
| Coincidentally I also see Ecosia[1] on HN front page right now,
| a search engine that plants trees.
|
| 1. https://www.ecosia.org/
| rkudeshi wrote:
| Do you index webpages yourself or piggyback off Bing/Google?
| dgut wrote:
| It uses Bing as a backup and for most general search. We have
| our own index that focuses on specific communities, including
| HN. Eventually you'll see more tailored search for that
| index, including a "privacy rank" and page size.
| forgotmypw77 wrote:
| please test your site with nojs.
|
| js is not an option with many devices and useragents.
|
| thank you for doing what you do.
| jdemaeyer wrote:
| https://okeano.com/reports gives me
|
| > Can't find what you're looking for.
| dgut wrote:
| Yes, sorry. Have to fix that. We are not making money yet so
| no reports to show.
| hundchenkatze wrote:
| It's probably not the best idea to go against established
| conventions, but I think it'd be pretty cool if you used tilde
| instead of exclamation marks for waves. :)
| dgut wrote:
| Yes, I think this is a good idea. Might make this optional or
| as an alternative. Added to the pipeline.
| lasagna_coder wrote:
| I like this. But without adblock I see no ads. Also would it be
| possible to have a subscription based no-ad version so we don't
| see ads + don't feel guilty that we aren't helping out by not
| clicking any ads? I guess it would be hard to stay private
| because it would mix an paid account id with search queries,
| but maybe there's a way.
| dgut wrote:
| We aren't running ads.. yet. Need more users before we can
| make a contract where we aren't required by the ad company to
| send user data.
|
| Paid plan has been on my mind for a while now.. and as you
| said, it's complicated. It's in the pipeline.
| lasagna_coder wrote:
| Would be a nice secondary business idea for some to create
| an ad company to cater to smaller online platforms like
| yours without requiring user data. Another complicated
| prospect but at least it would give you a starting point.
|
| There's also things like https://coil.com/ who seem like
| they help support online content creators. I wonder if
| there's a way to treat search results like "content".
| chris_f wrote:
| _> "There's also things like https://coil.com/ who seem
| like they help support online content creators. I wonder
| if there's a way to treat search results like "content"._
|
| It is possible. I built the search engine [0] that was
| the first to integrate Coil as a monetization source. It
| is pretty small, but Coil payments do cover about 2% of
| the monthly cost to run the service.
|
| Infinity Search also uses Coil. [1]
|
| Here is an article with some thoughts around monetizing a
| privacy based search engine [2].
|
| ---------
|
| [0] https://www.runnaroo.com/
|
| [1] https://webmonetization.org/
|
| [2] https://coil.com/p/runnaroo/Privacy-and-Search-
| Engine-Moneti...
| lasagna_coder wrote:
| thanks, this is some good insight!
| lasagna_coder wrote:
| also, dark mode pls
| dgut wrote:
| In the pipeline!
| marban wrote:
| Random anecdote on the intangible value of "Privacy" for real-
| world users: I run a news website with the upsell argument of
| zero ads, tracking, or third-party cookies and have gained no
| significant increase in conversions from it.
| vimy wrote:
| Is a decentralized search engine possible?
| ignoramous wrote:
| There are two that I know of:
|
| YaCy: https://github.com/yacy/yacy_search_server (functional)
|
| Seeks: https://github.com/beniz/seeks (defunct?)
|
| ---
|
| There's also SearX, which isn't distributed but is a metasearch
| engine (pulls results from multiple search engines) that you
| can self-host [0] or use one of its many mirrors [1].
|
| [0] https://github.com/searx/searx
|
| [1] https://searx.space/
| tobias2014 wrote:
| YaCy is one https://en.wikipedia.org/wiki/YaCy
| astrea wrote:
| How do they make money?
| notadog wrote:
| They have ads.
| astrea wrote:
| Are they keyword-based ads like DDG?
| ffpip wrote:
| Yes. It's in their privacy policy.
|
| https://www.startpage.com/en/privacy-policy/
| UShouldBWorking wrote:
| Senator, we have ads.
| onetimemanytime wrote:
| so they say. Sorry. I use them to search for certain things but
| don't expect much in protection
| eth0up wrote:
| Startpage had a strong beginning, eg ixquick. I think I first
| learned of it through Katherine Albrecht. It's now a pitiful
| mutant of its origins, which I miss. Options are waning, but I've
| been using MetaGer[1] with fair results. I wish scroogle was
| still up.
|
| https://en.m.wikipedia.org/wiki/MetaGer
| _emacsomancer_ wrote:
| Re: Scroogle &c. - there are some Searx instances which manage
| to return Google results, e.g. https://searx.be - and this is
| what I've generally settled on. (Bing-backed searches,
| including DDG, don't end up working very well for me.)
| ignoramous wrote:
| A caveat: I stopped using StartPage after it sold to an
| advertisement firm and switched to https://lite.duckduckgo.com/
| instead. The sale doesn't necessarily mean StartPage is any less
| private (because you can sell to an _ethical_ advertising firm,
| why not) but something to keep in mind.
|
| Ref:
| https://www.reddit.com/r/privacy/comments/di5rn3/startpage_i...
| djeiasbsbo wrote:
| I would highly recommend Searx instead. You don't have to host
| your own instance either, there are many available at
| https://searx.space.
|
| It's essentially a "proxy" search engine for many different
| ones. It has some really cool features aas well as a dark mode.
| notjulianjaynes wrote:
| I like searx quite a bit. I would ise it exclusiveley if
| there was a well functioning instance available.
| Unfortunately some features (search for files, search social
| media) didn't work on the instances I've tried, and there
| seems to be some issue with setting it as your default search
| engine on android. For me it works fine for a few searches,
| then at a certain point searchong for anything from the
| browser bar just redirects you to the sites homepage and you
| have to start over there. Local results are a bit lacking but
| this is essentially by design and adding a zip code or
| whatever usually helps.
| ehnto wrote:
| Certainly food for thought. Unless startpage.com has revenue,
| and they leave it unchanged, I would have to be cynical and say
| that it's only a matter of time before the advertising shows
| up.
| imglorp wrote:
| They can make money without advertising. Selling your search
| queries correlated to your browser fingerprint, for example.
| ehnto wrote:
| Indeed, which is probably worse. Advertising could in
| theory could be done ethically, unpersonalized, untracked.
| yuhong wrote:
| This is why my history of Google is important: https://en
| .wikipedia.org/wiki/Draft:Effects_of_the_2007-2008...
| xref wrote:
| Thanks for the tip on DDG lite, never heard of it. Sounds like
| it reduces assets from 2mb to 33kb and makes fewer calls to
| populate the results. Will have to use it for a bit and see if
| result quality is comparable to standard ddg
|
| https://lifehacker.com/use-duckduckgo-lite-for-absurdly-fast...
| nitrohorse wrote:
| Also worth noting is that since the acquisition, Startpage has
| added these support pages:
|
| - Startpage CEO Robert Beens discusses the investment from
| Privacy One / System1 [1]
|
| - What is Startpage's relationship with Privacy One/System1 and
| what does this mean for my privacy protections? [2]
|
| - What is the Startpage privacy-guarding data flow? [3]
|
| Some further context [4].
|
| [1]
| https://support.startpage.com/index.php?/Knowledgebase/Artic...
|
| [2]
| https://support.startpage.com/index.php?/Knowledgebase/Artic...
|
| [3]
| https://support.startpage.com/index.php?/Knowledgebase/Artic...
|
| [4] https://blog.privacytools.io/relisting-startpage/
| jjd33 wrote:
| so you moved from startpage because they sold to an advertiser,
| to ddg, a company whose owner is an advertiser. look at gabriel
| weinbergs business history.
| dang wrote:
| If curious see also
|
| 2019 https://news.ycombinator.com/item?id=21371577
|
| 2017 https://news.ycombinator.com/item?id=13514805
| rasengan wrote:
| Private.sh ( https://private.sh ) actually encrypts your search
| query and washes it thru a proxy prior to delivering it to the
| search engine entity which decrypts it, performs the search, and
| encrypts the results before sending it back through the same
| channel.
| nitrohorse wrote:
| Also worth noting is that Private.sh is run by Private Internet
| Access / Kape Technologies [1] in partnership with Gigablast
| for its search index. [2]
|
| [1] https://www.voxmarkets.co.uk/articles/kape-technologies-
| to-a...
|
| [2] https://gigablast.com/blog.html#privatesearch
| nacs wrote:
| Which "search engine entity" are they sending the queries to?
| It doesn't appear to be Google or Bing and the search results
| seem pretty bad..
| forgotmypw77 wrote:
| are you planning to add nojs support or is that not an option
| for your tech?
| oehtXRwMkIs wrote:
| How is that encryption scheme any better than https?
| rasengan wrote:
| Regardless of https, ddg or startpage see your IP address and
| search query and you'll have to trust they don't log it even
| passively.
|
| In this case, your query is encrypted on the client side,
| passed through a proxy, decrypted at the engine, search is
| performed, and then results are encrypted, passed through the
| proxy, and the client side decrypts and displays the results.
|
| USER Encrypted Search --- Proxy --- Search Engine Decrypts
| Search, Searches, Encrypts Search --- Proxy --- USER decrypts
| results and displays.
|
| The search engine does not know your IP, and Private.SH does
| not know what you searched for.
| pmoriarty wrote:
| _" Private.SH does not know what you searched for."_
|
| but
|
| _" your query is encrypted on the client side"_
|
| and then
|
| _" the client side decrypts and displays the results"_
|
| So all this encryption/decryption code, where does it come
| from?
|
| If the answer is Private.SH, then Private.SH can in fact
| know what the user searched for and the results they got by
| feeding the user code that sends that information (or even
| just the encryption keys) back to Private.SH
|
| Also, I'm not clear on how the search engines are supposed
| to be able to decrypt something encrypted by the client.
| What actually happens there?
| prophesi wrote:
| Most of it's answered here https://private.sh/how-it-
| works.html
|
| So you're using the search engine's public key to encrypt
| it, meaning the proxies can't decrypt it. But yes, you
| have to trust the client-side code, which is an
| insurmountable problem.
|
| On the plus-side, the code is really short and easy to
| read. Perhaps a standalone app with reproducible builds
| could solve this, but that's much more of a pain than
| simply entering your query straight from the browser.
|
| Edit: I was also going to mention that you can download
| the chrome/firefox extension by themselves, but the
| download link has an expired certificate which doesn't
| instill much confidence.
| pmoriarty wrote:
| _" you have to trust the client-side code, which is an
| insurmountable problem"_
|
| That depends on what you're trying to achieve, who you're
| willing to trust, and what you're willing to do.
|
| If your goal is to do searches without having to trust
| client-side code from a search engine or Private.SH, then
| you could (assuming they have support for such a
| workflow) do your own encryption using a tool you do
| trust, such as gpg, then submit the encrypted query to
| Private.SH, which would hand it off to the search engine.
|
| The search engine could then decrypt it, perform the
| query, and re-encrypt it to your public key (which would
| be contained in the encrypted query they got) and pass it
| back to Private.SH, which would then pass the encrypted
| query back to the user.
|
| This way no code from Private.SH nor the search engine
| has to be trusted.
|
| Of course, this does not help if Private.SH is secretly
| owned by, compromised by, or has a data-sharing agreement
| with some entity you don't want your data to be seen by
| (such as the search engine, hostile agency, data
| harvesting/reselling organization, etc).
|
| This latter possibility is what I really don't see an
| easy way to mitigate.
|
| For all we know any/all of these "privacy respecting"
| services might be owned by Google, Palantir, some other
| data harvesting corporation, government agency,
| intelligence service, etc.
| oehtXRwMkIs wrote:
| Oh, so the search provider is a separate entity.
| Interesting, looking forward to seeing their source code.
___________________________________________________________________
(page generated 2021-01-10 23:01 UTC)