this post was submitted on 23 May 2024
512 points (97.9% liked)
Asklemmy
43943 readers
419 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you're using DDG for privacy, then indeed you are wrong.
It may be "less invasive" than google, but it's neither anonymous, nor private.
Direct privacy abuse:
DDG was caught violating its own privacy policy by issuing tracker cookies.
DDG’s app sends every URL you visit to DDG servers. (reaction).
DDG is currently collecting users’ operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the “network” tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
DDG is accused of fingerprinting users’ browsers.
When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium."
CloudFlare:
DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity.
Full article: http://techrights.org/2020/07/02/ddg-privacy-abuser-in-disguise/
ETA: The bulk of the text in my reply was lifted from a reddit comment. I tried to format my comment to reflect that it's a "quote", alas I've failed. Hence this.
Also, I don't have a card in this game. I understand anonymity and privacy - I dislike intentional deception.
What to use them, if not DDG
I'm currently using searx.be with good results
Searx improved a lot since I last used it. Was really slow before
Its searxng now (the original searx is dead) and is quite good. Performance differs. I've seen very slow instances, but when I started hosting my own semi-private instance, I saw how fast it can be, if the server isn't a potato.
How can I set it as default browser on Android Brave?
Not able to do it
I've collected these 3 so far, but Swiss Cows if you go deep enough uses Bing. I'm not sure about Mojeek or Start Page.
Swisscows does use Bing, Startpage uses Bing and/or Google depending upon where you are, we are fully independent: https://www.searchenginemap.com/ is a visualisation that might be useful
So is Mojeek a standalone since it's yellow? It looks like a lot of other people use them and not the other way around. Yep is cool, but I think they get their money from the sites that pay them? I looked at it yesterday, it's sort of a strange set up that I'm not sure I understand.
I have good experience with brave search, after I moved away from the crap Qwant actually is
I believe Startpage uses Google
I use kagi, it's very good.
I can’t justify Kagi’s pricing but I liked it. I’d blow through the cheapest plan in a week. Neeva was pretty good too before they pivoted, also pricey imo though.
I blew through the $5 plan in a short amount of time. I'm a curious person, I guess! I really like it though so decided $120/year was worth it for unlimited.
Compared to DDG (Bing) the search results are really good. When using DDG I would frequently revert to Google, but not with Kagi.
I was gonna try it, but then I saw this: https://d-shoot.net/kagi.html
The CEO doesn’t understand GDPR, so I’m not inclined to let them handle my data, and even pay them for the privilege.
If you have spare hardware lying around and a public IP (or a server anyway), you can selfhost SearXNG.
If you're fine with paying 12$/month (with tax) for a customizable search engine, very accurate and transparently sourced/quoted LLM, and just a better index than any other search engine I know, use Kagi. I heard some rumors and bad things, but nothing to do with privacy, only the aforementioned tax.
And for a free search engine which claims privacy and is an alternative to DDG, with its own index afaik, Brave.
Kagi is anything but private friendly. Their CEO claims only criminals actually want anonymity.
They also think they don't need pay taxes or to abide by GDPR if they invent their own definitions of the laws.
https://d-shoot.net/kagi.html
This is an article often quoted, which makes it seem like it's a kind of consensus. Yet one of the main points, taxes, can just be disproven by reading the Kagi FAQ about it. Find it by searching "Kagi inc tax" on any search engine, like Kagi itself. Or just https://help.kagi.com/kagi/faq/sales-tax-vat.html.
And sooo many other things in this article are purely based on assumptions, incorrect data and misquotes. This personal blog is exactly none better than your average hustle-finance-nazi-bro podcast, in almost all terms (except political views).
Misquotes? There are literally screenshots in the article showing full quotes, I don't know who are you trying to lie to...
And just because Kagi put some text on their website doesn't make it true.
Taxes don't work like that (at least not VAT) and you're a fool for trusting a company which tried to commit a fraud.
Some EU countries do have tax exemptions for small businesses, which Kagi isn't by any definition.
Anyway, that sure didn't take long for you to prove Godwin's law, huh?
Sick never heard or searxng, hosting my own instance now
Mojeek isn't perfect, but it's truly independent search engine.
and when people let us know where we fall down we're able to make it better, growing alongside the userbase!
Do they "give high rankings" to CloudFlare sites because they just boost up whoever is behind CloudFlare, or because the sites happen to be good search hits, maybe that load quickly, and they don't go in and penalize them for... telling CloudFlare that you would like them to send you the page when you go to the site?
Counting the number of times results for different links are clicked is expected search engine behavior. Recording what search strings are sent from results pages for what other search strings is also probably fine, and because of the way forms and referrers work (the URL of the page you searched from has the old query in it) the page's query will be sent in the referrer by all browsers by default even if the site neither wanted it nor intends to record it. Recording what text is highlighted is weird, but probably not a genuine threat.
The remote favicon fetch design in their browser app was fixed like 4 years ago.
The "accusation" of "fingerprinting" was along the lines of "their site called a canvas function oh no". It's not "fingerprinting" every time someone tries to use a canvas tag.
What exactly is "all data available in my session" when I click on an ad? Is it basically the stuff a site I go to can see anyway? Sounds like it's nothing exciting or some exciting pieces of data would be listed.
This analysis misses the important point that none of this stuff is getting cross-linked to user identities or profiles. The problem with Google isn't that they examine how their search results pages are interacted with in general or that they count Linux users, it's that they keep a log of what everyone individually is searching, specifically. Not doing that sounds "anonymous" to me, even if it isn't Tor-strength anonymity that's resistant to wiretaps.
There's an important difference between "we're trying to not do surveillance capitalism but as a centralized service data still comes to our servers to actually do the service, and we don't boycott all of CloudFlare, AWS, Microsoft, Verizon, and Yahoo", as opposed to "we're building shadow profiles of everyone for us and our 1,437 partners". And I feel like you shouldn't take privacy advice from someone who hosts it unencrypted.
Christ on a bicycle.
I just learnt of searx today, any bad news there?
I'm running a search instance on a VPS so my home IP isn't linked to my searches. The main disadvantage is that my VPS is in Toronto and I live 2hrs away so geo searches don't work very well. For instance, if I Google "restaurants" I get results for local restaurants whereas if I Gregle (I named my search engine Gregle) I get results for results near my VPS.
DM me if you want a link to my instance to check it out. It's open but I don't publicize it because bad actors could ruin my IP addresses reputation with spam queries via the API.
I recently learned about it, but haven't used it. From what I understand, it's similar to how the fediverse works; individual instances are run by whoever wants to run them. If you run your own instance, you have complete trust in it, but you effectively aren't anonymous (unless you support a whole bunch of users to pool together. If you join someone else's instance, you have to trust them. There's public and private instances.
The other downside is that, like many other small players, they are a metasearch engine, so they rely on the big players like Google and Bing who actually crawl the web for information to index. If Google or Bing want to hide information, that trickles down into metasearch engines, too. It's somewhat buffered by thr fact that your metasearch can look through a whole bunch of different indexes, so you aren't held to one countries censorship, but it probably still has an effect.
Fuck this. Fuck search engines. I'm going back to curated website lists.
Webrings ftw
Where do you find them?
My FIL has a book from the 90s that's basically an internet yellow pages.
I never left.
I knew my bookmarks would save me
Also as DDG is based in the US it is most likely legally bound to give your informations to any agency with a nice gag order on top of it.
I can't imagine any serious privacy oriented business to be headquartered in the US.
The whole better privacy is true with DDG but certainly not to the extent people would like to think.
That being said DDG has decent search results and is slightly better than Google for privacy. Google is an ecosystem so every little bit you don't give them is a success.
It's really too bad we don't have good private search engines..
Excellent reply. Thank you. Do you have any suggestions for alternatives?
Thanks for sharing - didnt know. Thats a long list ..... So which search engine is good and privacy friendly then?
It depends on what you're trying to be private from. Kagi has been good to me so far, my goal is mainly to escape from corporate/ad profile tracking.
You need to put a > in front of each new line.
Honestly thats like the most annoying thing about lemmy. Or maybe its just sync. But still damn annoying.
Just check the web ui and it appears it's part of Lemmy.
Edit: Sync doesn't seem to require one added to blank new lines but Lemmy does.
Not to be dismissive, but if you deconstruct every website like this, won't they all look horrible? I mean how long would Google's list be if you detailed every single controversy and dodgy thing they've done in/to/from their search engine?