this post was submitted on 30 Oct 2024
341 points (98.0% liked)

Privacy

31974 readers
236 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

actually awesome and fast search engine (depending on which instance you use) with no trashy AI and ADs results also great for privacy, if you don't know which instance to use go to https://searx.space/ and choose an instance closest to you

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 2 weeks ago (3 children)

Aren't all search queries available to whoever hosts an instance? In my eyes this is much worse to privacy and a much bigger risk unless you really know who is behind your chosen instance. I would trust some a company a bit more with safeguarding this information so it does not leak to some random guy.

[–] [email protected] 10 points 2 weeks ago (1 children)

I've always gotten the impression it was mostly intended to be self hosted. I've self hosted it for something like a couple years now, runs like a clock. It still strips out tracking and advertising, even if you don't get the crowd anonymity of a public instance.

[–] [email protected] 2 points 2 weeks ago (1 children)

Self hosting doesn’t make sense as a privacy feature because then it’s still just you making requests to google/other SE

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago)

It's not useless, it removes a lot of the tracking cookies and such and sponsored links loaded with telemetry. Theoretically you can also get the benefits of anonymity if you proxy through Tor or a VPN, which I originally tried to do but turns out Google at least blocks requests from Tor and at least the VPN endpoint I have and probably most of them. Google or whatever upstream SE can still track you by IP when you self host, but its tracking is going to much less without the extra telemetry cookies and tracking code it gets when you use Google results directly.

But yes, practically you either have to trust the instance you're using to some extent or give up some of the anonymity. I opted to self host and would recommend the same over using a public instance if you can, personally. And if privacy is your biggest concern, only use upstream search providers that are (or rather, claim to be) more privacy respecting like DDG or Qwant. My main use case is primarily as a better frontend to search without junk sponsored results and privacy is more of a secondary benefit.

FWIW, they have a pretty detailed discussion on why they recommend self-hosting here.

[–] [email protected] 3 points 2 weeks ago (1 children)

Companies are definitely selling your data. Use a VPN.

[–] [email protected] 4 points 2 weeks ago (1 children)

A VPN will not save you, they are easily worse for privacy in terms of user tracking. It centralises your entire web traffic in a single place for the VPN provider to track (and potentially sell).

[–] [email protected] 2 points 2 weeks ago (1 children)

You either trust the ISP or a VPN. Its a tool not a blanket of protection. Opsec and knowing how to move is most important.

[–] [email protected] 1 points 2 weeks ago

But you pay more for what is essentially the same with a VPN. You have to buy a VPN subscription on top of your internet subscription, get less speed because your internet traffic is being routed through a different country and get no benefit to privacy. The only use case for a VPN is when you have to bypass georestrictions.

[–] [email protected] 6 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

As someone who hosts an instance, news to me lol

Edit: Developer says this can't be done currently? Reddit comment

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago)

Thanks for clarification and great that this is not included in project, but couldn't someone change the server side code and somehow see more info that goes through?

I know there is that HTML check in https://searx.space/ to see if search interface code is not heavily modified, but on server side anything could go on.

If requests are encrypted in a way that searxng does not see contents then it probably is not trivial to do, but there always is a possibility something clever could be done.

[–] [email protected] 6 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Of course it can be done, check your web server logs.

If you are using GET requests to send search queries to searxng, what you searched for will show up in the logs as

2024-10-31 123.321.0.100 /?query=kinky+furry+pictures

If you use POST requests the server admin can also easily enable logging those.

People hosting searxng can absolutely see what you searched for, along with your IP address, user agent string etc.

[–] [email protected] 2 points 2 weeks ago

Well my instance’s logs are sent to null for this reason already, but thank you for the info!

[–] [email protected] -1 points 2 weeks ago (1 children)

It doesn't bother me one bit of you know my search history. You'll learn I search a word to see if I know your to spell it properly and that I DIY a lot of stuff lol

[–] [email protected] 5 points 2 weeks ago (1 children)

Billions of Chinese also aren't bothered that they live under surveillance, but it isn't right.

[–] [email protected] 1 points 2 weeks ago

Good thing it only happens to the Chinese...