[HN Gopher] Startpage.com: Privacy-oriented search engine ___________________________________________________________________ Startpage.com: Privacy-oriented search engine Author : activatedgeek Score : 82 points Date : 2021-01-10 16:17 UTC (6 hours ago) (HTM) web link (www.startpage.com) (TXT) w3m dump (www.startpage.com) | AniseAbyss wrote: | When Google had to cave in to copyright and made their image | search shit on mobile I switched to startpage who doesn't care | and let you download images- anonymously to boot. | eecks wrote: | The anonymous view feature is cool. A comparison with DDG would | be nice. | ignoramous wrote: | As cool as it is, I usually find myself using | https://archive.is as a browser. | | For a time, I used https://brow.sh but its hosted _html_ | browser is not up anymore. | godzillabrennus wrote: | That must be a great experience... | | RMS has improved upon that if you are interested in privacy | to that extent: https://lwn.net/Articles/262570/ | ignoramous wrote: | It is, especially for Medium and Substack posts, websites | that my DNS resolver or ISP block, and for _webpages_ that | refuse to load with uMatrix in its default setting. | ffpip wrote: | uMatrix in default settings pretty much breaks every | website. | | You definitely need to whitelist cloudflare CDN and other | popular CDNs like Amazon S3, things like jquery.com ,and | maybe Google for the recaptcha (unless you whitelist | google for individual websites) | NieDzejkob wrote: | I have had very good experience with Startpage. Unlike DDG, it's | a Google proxy, so the search quality tradeoff is much less stark | (not non-existent, as there's no personalization...) | prox wrote: | I noticed this week / month that ddg must have gotten an | upgrade, it's results are a lot better, to the point of beating | Google in my search patterns. | bzb6 wrote: | No personalisation is a positive for me. | SimeVidas wrote: | In what aspects is it more private than the duck? | dgut wrote: | The two noteworthy aspects are: 1) if you click on an ad on | startpage, you're inside Google's network. If you click on an | ad on the duck, you're inside Bing's network. 2) the duck is | independent and startpage is owned by an advertising company. | a3n wrote: | ddg has a bang code for startpage. | | !sp | | takes you to their home page. | | !sp privacy | | does that search on sp. | | !sp duck duck go | | does that search on sp. | | EDIT: Ahem ... | | !ddg | | !ddg recursion | nacs wrote: | ddg also has !s for Starpage | a3n wrote: | Cool. When I want a bang code, my first (!sp) or second guess | is usually there. | dgut wrote: | Shameless plug,.. I run Okeano [1], a privacy friendly [2] search | engine that aims to use 80% of profits to purchase river | interceptors from the Ocean Cleanup Project and deploy them to | the worlds most polluting rivers. | | We support domain blocklist [3] natively and have !waves (similar | to !bangs). | | We're bootstrapped and not owned by an advertising company | (startpage.com is owned by System1). | | [1] https://okeano.com | | [2] https://okeano.com/privacy | | [3] https://okeano.com/blocklist | jchook wrote: | Coincidentally I also see Ecosia[1] on HN front page right now, | a search engine that plants trees. | | 1. https://www.ecosia.org/ | rkudeshi wrote: | Do you index webpages yourself or piggyback off Bing/Google? | dgut wrote: | It uses Bing as a backup and for most general search. We have | our own index that focuses on specific communities, including | HN. Eventually you'll see more tailored search for that | index, including a "privacy rank" and page size. | forgotmypw77 wrote: | please test your site with nojs. | | js is not an option with many devices and useragents. | | thank you for doing what you do. | jdemaeyer wrote: | https://okeano.com/reports gives me | | > Can't find what you're looking for. | dgut wrote: | Yes, sorry. Have to fix that. We are not making money yet so | no reports to show. | hundchenkatze wrote: | It's probably not the best idea to go against established | conventions, but I think it'd be pretty cool if you used tilde | instead of exclamation marks for waves. :) | dgut wrote: | Yes, I think this is a good idea. Might make this optional or | as an alternative. Added to the pipeline. | lasagna_coder wrote: | I like this. But without adblock I see no ads. Also would it be | possible to have a subscription based no-ad version so we don't | see ads + don't feel guilty that we aren't helping out by not | clicking any ads? I guess it would be hard to stay private | because it would mix an paid account id with search queries, | but maybe there's a way. | dgut wrote: | We aren't running ads.. yet. Need more users before we can | make a contract where we aren't required by the ad company to | send user data. | | Paid plan has been on my mind for a while now.. and as you | said, it's complicated. It's in the pipeline. | lasagna_coder wrote: | Would be a nice secondary business idea for some to create | an ad company to cater to smaller online platforms like | yours without requiring user data. Another complicated | prospect but at least it would give you a starting point. | | There's also things like https://coil.com/ who seem like | they help support online content creators. I wonder if | there's a way to treat search results like "content". | chris_f wrote: | _> "There's also things like https://coil.com/ who seem | like they help support online content creators. I wonder | if there's a way to treat search results like "content"._ | | It is possible. I built the search engine [0] that was | the first to integrate Coil as a monetization source. It | is pretty small, but Coil payments do cover about 2% of | the monthly cost to run the service. | | Infinity Search also uses Coil. [1] | | Here is an article with some thoughts around monetizing a | privacy based search engine [2]. | | --------- | | [0] https://www.runnaroo.com/ | | [1] https://webmonetization.org/ | | [2] https://coil.com/p/runnaroo/Privacy-and-Search- | Engine-Moneti... | lasagna_coder wrote: | thanks, this is some good insight! | lasagna_coder wrote: | also, dark mode pls | dgut wrote: | In the pipeline! | marban wrote: | Random anecdote on the intangible value of "Privacy" for real- | world users: I run a news website with the upsell argument of | zero ads, tracking, or third-party cookies and have gained no | significant increase in conversions from it. | vimy wrote: | Is a decentralized search engine possible? | ignoramous wrote: | There are two that I know of: | | YaCy: https://github.com/yacy/yacy_search_server (functional) | | Seeks: https://github.com/beniz/seeks (defunct?) | | --- | | There's also SearX, which isn't distributed but is a metasearch | engine (pulls results from multiple search engines) that you | can self-host [0] or use one of its many mirrors [1]. | | [0] https://github.com/searx/searx | | [1] https://searx.space/ | tobias2014 wrote: | YaCy is one https://en.wikipedia.org/wiki/YaCy | astrea wrote: | How do they make money? | notadog wrote: | They have ads. | astrea wrote: | Are they keyword-based ads like DDG? | ffpip wrote: | Yes. It's in their privacy policy. | | https://www.startpage.com/en/privacy-policy/ | UShouldBWorking wrote: | Senator, we have ads. | onetimemanytime wrote: | so they say. Sorry. I use them to search for certain things but | don't expect much in protection | eth0up wrote: | Startpage had a strong beginning, eg ixquick. I think I first | learned of it through Katherine Albrecht. It's now a pitiful | mutant of its origins, which I miss. Options are waning, but I've | been using MetaGer[1] with fair results. I wish scroogle was | still up. | | https://en.m.wikipedia.org/wiki/MetaGer | _emacsomancer_ wrote: | Re: Scroogle &c. - there are some Searx instances which manage | to return Google results, e.g. https://searx.be - and this is | what I've generally settled on. (Bing-backed searches, | including DDG, don't end up working very well for me.) | ignoramous wrote: | A caveat: I stopped using StartPage after it sold to an | advertisement firm and switched to https://lite.duckduckgo.com/ | instead. The sale doesn't necessarily mean StartPage is any less | private (because you can sell to an _ethical_ advertising firm, | why not) but something to keep in mind. | | Ref: | https://www.reddit.com/r/privacy/comments/di5rn3/startpage_i... | djeiasbsbo wrote: | I would highly recommend Searx instead. You don't have to host | your own instance either, there are many available at | https://searx.space. | | It's essentially a "proxy" search engine for many different | ones. It has some really cool features aas well as a dark mode. | notjulianjaynes wrote: | I like searx quite a bit. I would ise it exclusiveley if | there was a well functioning instance available. | Unfortunately some features (search for files, search social | media) didn't work on the instances I've tried, and there | seems to be some issue with setting it as your default search | engine on android. For me it works fine for a few searches, | then at a certain point searchong for anything from the | browser bar just redirects you to the sites homepage and you | have to start over there. Local results are a bit lacking but | this is essentially by design and adding a zip code or | whatever usually helps. | ehnto wrote: | Certainly food for thought. Unless startpage.com has revenue, | and they leave it unchanged, I would have to be cynical and say | that it's only a matter of time before the advertising shows | up. | imglorp wrote: | They can make money without advertising. Selling your search | queries correlated to your browser fingerprint, for example. | ehnto wrote: | Indeed, which is probably worse. Advertising could in | theory could be done ethically, unpersonalized, untracked. | yuhong wrote: | This is why my history of Google is important: https://en | .wikipedia.org/wiki/Draft:Effects_of_the_2007-2008... | xref wrote: | Thanks for the tip on DDG lite, never heard of it. Sounds like | it reduces assets from 2mb to 33kb and makes fewer calls to | populate the results. Will have to use it for a bit and see if | result quality is comparable to standard ddg | | https://lifehacker.com/use-duckduckgo-lite-for-absurdly-fast... | nitrohorse wrote: | Also worth noting is that since the acquisition, Startpage has | added these support pages: | | - Startpage CEO Robert Beens discusses the investment from | Privacy One / System1 [1] | | - What is Startpage's relationship with Privacy One/System1 and | what does this mean for my privacy protections? [2] | | - What is the Startpage privacy-guarding data flow? [3] | | Some further context [4]. | | [1] | https://support.startpage.com/index.php?/Knowledgebase/Artic... | | [2] | https://support.startpage.com/index.php?/Knowledgebase/Artic... | | [3] | https://support.startpage.com/index.php?/Knowledgebase/Artic... | | [4] https://blog.privacytools.io/relisting-startpage/ | jjd33 wrote: | so you moved from startpage because they sold to an advertiser, | to ddg, a company whose owner is an advertiser. look at gabriel | weinbergs business history. | dang wrote: | If curious see also | | 2019 https://news.ycombinator.com/item?id=21371577 | | 2017 https://news.ycombinator.com/item?id=13514805 | rasengan wrote: | Private.sh ( https://private.sh ) actually encrypts your search | query and washes it thru a proxy prior to delivering it to the | search engine entity which decrypts it, performs the search, and | encrypts the results before sending it back through the same | channel. | nitrohorse wrote: | Also worth noting is that Private.sh is run by Private Internet | Access / Kape Technologies [1] in partnership with Gigablast | for its search index. [2] | | [1] https://www.voxmarkets.co.uk/articles/kape-technologies- | to-a... | | [2] https://gigablast.com/blog.html#privatesearch | nacs wrote: | Which "search engine entity" are they sending the queries to? | It doesn't appear to be Google or Bing and the search results | seem pretty bad.. | forgotmypw77 wrote: | are you planning to add nojs support or is that not an option | for your tech? | oehtXRwMkIs wrote: | How is that encryption scheme any better than https? | rasengan wrote: | Regardless of https, ddg or startpage see your IP address and | search query and you'll have to trust they don't log it even | passively. | | In this case, your query is encrypted on the client side, | passed through a proxy, decrypted at the engine, search is | performed, and then results are encrypted, passed through the | proxy, and the client side decrypts and displays the results. | | USER Encrypted Search --- Proxy --- Search Engine Decrypts | Search, Searches, Encrypts Search --- Proxy --- USER decrypts | results and displays. | | The search engine does not know your IP, and Private.SH does | not know what you searched for. | pmoriarty wrote: | _" Private.SH does not know what you searched for."_ | | but | | _" your query is encrypted on the client side"_ | | and then | | _" the client side decrypts and displays the results"_ | | So all this encryption/decryption code, where does it come | from? | | If the answer is Private.SH, then Private.SH can in fact | know what the user searched for and the results they got by | feeding the user code that sends that information (or even | just the encryption keys) back to Private.SH | | Also, I'm not clear on how the search engines are supposed | to be able to decrypt something encrypted by the client. | What actually happens there? | prophesi wrote: | Most of it's answered here https://private.sh/how-it- | works.html | | So you're using the search engine's public key to encrypt | it, meaning the proxies can't decrypt it. But yes, you | have to trust the client-side code, which is an | insurmountable problem. | | On the plus-side, the code is really short and easy to | read. Perhaps a standalone app with reproducible builds | could solve this, but that's much more of a pain than | simply entering your query straight from the browser. | | Edit: I was also going to mention that you can download | the chrome/firefox extension by themselves, but the | download link has an expired certificate which doesn't | instill much confidence. | pmoriarty wrote: | _" you have to trust the client-side code, which is an | insurmountable problem"_ | | That depends on what you're trying to achieve, who you're | willing to trust, and what you're willing to do. | | If your goal is to do searches without having to trust | client-side code from a search engine or Private.SH, then | you could (assuming they have support for such a | workflow) do your own encryption using a tool you do | trust, such as gpg, then submit the encrypted query to | Private.SH, which would hand it off to the search engine. | | The search engine could then decrypt it, perform the | query, and re-encrypt it to your public key (which would | be contained in the encrypted query they got) and pass it | back to Private.SH, which would then pass the encrypted | query back to the user. | | This way no code from Private.SH nor the search engine | has to be trusted. | | Of course, this does not help if Private.SH is secretly | owned by, compromised by, or has a data-sharing agreement | with some entity you don't want your data to be seen by | (such as the search engine, hostile agency, data | harvesting/reselling organization, etc). | | This latter possibility is what I really don't see an | easy way to mitigate. | | For all we know any/all of these "privacy respecting" | services might be owned by Google, Palantir, some other | data harvesting corporation, government agency, | intelligence service, etc. | oehtXRwMkIs wrote: | Oh, so the search provider is a separate entity. | Interesting, looking forward to seeing their source code. ___________________________________________________________________ (page generated 2021-01-10 23:01 UTC)