Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Let's Think again] Startpage and DuckDuckGo are lying or not #168

Closed
gitkitten opened this issue Jun 26, 2013 · 47 comments
Labels

Comments

@gitkitten
Copy link

@gitkitten gitkitten commented Jun 26, 2013

I found an issue about Startpage.

http://zw3crggtadila2sg.onion/imageboard/fbi/
"Startpage seems using user's IP address to serve Ads.
Search something on startpage -> Show Ads near user's IP, or show Ads in user's IP language
Search via Tor -> Show ads in English"

I can confirm this: maybe startpage is a bad selection.
(I didn't search anything to Startpage, except query string. No JS. No Cookie, What else? IP, of course.)

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Jun 26, 2013

Interesting. Just for completion sake, let me also quote the first (and only) reaction:

Doesn’t mean they keep IP logs or send IPs to anyone. You can do that without keeping any logs; logging or not makes no difference. You can geolocate in the webserver without any external lookup, it’s easy.

I think I might fire off an email to their privacy representative. Their policy says the following:

The ads are NOT individually tailored to users, and Startpage does NOT record any personal information or share personal information with Google at any time.

But the fact that the language in the ads seems to be IP location dependant might tell us they share my approximate location with Google. I say might because they could very well be getting a list of different language ads from Google and then pick the one that matches my IP themselves – meaning they don’t tell Google a thing.

If they get back to my email I’ll update this issue.

@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Jun 26, 2013

Yeah, so I'm using Startpage via Tor for a several months.

And, Sometimes Startpage blocks Tor connection: something like this image:
https://trac.torproject.org/projects/tor/attachment/ticket/6151/182lhy.png

I made a small program which switch my Tor identity automatically 5min interval,
and the problem was gone.

But the problem is: why startpage block Tor?

I can understand if that message is "Are you using proxy?" or, "Too many connections from your IP."
They use the word "Tor", so I think,
they really wants Tor user to go away, they just didn't say anything.

@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Jun 26, 2013

The results are differnt when you change your IP address.

STARTPAGE: http://www.dotup.org/uploda/www.dotup.org4300881.jpg

(About No Ads| I hate Ads, so I'm currently using Adblock. Sorry about that)

This called "Filter Bubble",
means you are targeted by Search Engine Provider.

Good article: www.dontbubble.us/

that breaks you out of your Filter Bubble by default,
Reeeeeeeeeeally? I don't think so!

What about DuckDuckGo? Yep, I test it ;)
DUCKDUCKGO: http://www.dotup.org/uploda/www.dotup.org4300916.jpg

If both search engine really don't using your IP address (or your IP Location),
both results should be same, because those tests are

  1. made from same computer
  2. and nearly same time.

Differnt results will tells you that they also send your IP or location to search things.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Jun 26, 2013

  1. The Tor ticket (torproject.org) about Startpage has been closed 8 months ago. If this is still happening for you I would recommend you ask for them to reopen the ticket. This does not change anything about Startpage’s privacy policy. The reason they are calling out to Tor users is because Startpage is the default browser in the Tor browser bundle. When they see something that looks like a proxy it very probably is Tor.

    Also note that Startpage has officially requested to be removed from the Tor Browser Bundle (torproject.org). This does not mean you cannot use their service through Tor. It also does not mean their privacy policy will be changed. It means they know about Tor and stay in contact with the people behind the Tor project.

  2. Your “proof” talks about targeted search results. Targeted search results are something completely different from the issue you raised at first. These can be done without storing your IP address. This is about the different in using your location for better results or storing your location for tracking. Startpage has never claimed not to do the first.

    Whether you like it or not, when you use them to search you give them your IP address. That’s how the internet works. They then promise not to store this or give it to third parties, they do not promise not to use it to give you better search results. They have no anti-bubble policy. They have an anti-recording policy.

    While dontbubble.us is a great read it talks about a much more invasive form of bubbling: a bubble created on previous search queries and clicks. This is not what Startpage is doing. Startpage cannot do this because they do not store your previous queries and clicks. Startpage is only giving you resources based on your location.

Startpage is still a great pick for people who simply want to stop feeding the NSA through Google, Yahoo!, and Microsoft. That’s what prism-break.org is about. It gives them high quality results without being logged and that’s what is most important. The fact that the Tor project has not found an issue with them either strengthens my resolve. I vote for keeping them on the list unless it can be shown they break their own privacy policy (which also makes them liable for lawsuits) and actually record data.

There is only one thing that is bothering me: the advertisements provided by Google are also location targeted so they might be sharing my approximate location with Google.

@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Jun 26, 2013

These can be done without storing your IP address.
Startpage is only giving you resources based on your location.

So, startpage is doing something like this?
My IP Address -> Get Location(hostname, or GeoIP File) -> Send LOCATION and QUERY to google
-> Return that result to me

Wait a minute, they said

Startpage does NOT record any personal information or share personal information with Google

LOCATION is not a personal information? Oh, really?

I don't think like this:
My IP -> Location -> Send Google only QUERY -> trim QUERY order by MY LOCATION LANGUAGE

This won't happen, because,

  1. Sometimes, startpage go overload webpage (= has no server power like Google)
  2. Startpage is fast: I think Startpage is act like a transparent proxy

Whatever or not, I'll keep using it with Tor...

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Jun 26, 2013

My IP Address -> Get Location(hostname, or GeoIP File) -> Send LOCATION and QUERY to google
-> Return that result to me

Probably, yes. Although this will only be an approximate location. In fact, they might even only send the country to Google. That way you get culturally relevant results and Google only learns that people from France like searching for ‘striped shirts’. (Completely fictitious example.) Even sending along 5 different countries and only showing you the results for yours to make it hard on Google, however unlikely, is very possible.

I just want to make it very clear for people that might read this in the future: the results you are seeing from Startpage are no proof of them recording your personal information.

Thank you for your concern and we will see if I can get some answers through email.

@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Jul 9, 2013

So, no answer from Startpage?

I also email them about the details using my IP address & location, but no response.

What if they(Startpage) are Google's friend?
scroogle is down because of Google -> http://www.freerepublic.com/focus/f-news/2511477/posts

I think the reason why Startpage still alive
is Google accepts startpage's server IP address.
(Google is blocking BOTs connect to their service. Search many things on Google with 1 static IP - you'll be blocked by Google)

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Jul 9, 2013

Can I ask what address you have used to contact them? Did you write to the privacy policy representative or somewhere else?

I haven’t had the time to get a good email drafted. Which is a good thing, as I will now be able to ask them about something that has not been discussed here yet:

Try to change the HTTP useragent header/string of your own browser to an empty one or replace it with a single random letter such as a space, and then perform any search with Startpage or Ixquick

———

[…] the search engine doesn’t let me perform searches if my UA is empty, and why is it checking what my UA is in the first place?

From a topic on the DuckDuckGo forums. (Note that, again, using and accessing something like the UA does not mean they log it. It’s just unusual.)

Note that your link about Scroogle is hugely outdated. Google only throttled them, a major contribution to Scroogle going down were the multitude of DDOS attacks they suffered. See this article on Search Engine Land from when the site really closed in 2012 (two years after your link): “Scroogle Is Gone Forever” Says Site Owner.

@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Jul 9, 2013

Can I ask what address you have used to contact them?
https://support.startpage.com/index.php?/Tickets/Submit/RenderForm
and one more webpage (on startpage.com). Sorry, I don't record any History.

the search engine doesn’t let me perform searches if my UA is empty
I don't realize that.
Because I let my browser to pick up one UserAgent from a huge "UserAgent list" randomly.
This list can make using this data => http://www.useragentstring.com/
"Hiding UA" is abnormal. Just Modify it ;)

Google only throttled them
Can I say that this word "throttled" is same to
"(Google is blocking BOTs connect to their service. Search many things on Google with 1 static IP - you'll be blocked by Google)"?

@jfml

This comment has been minimized.

Copy link

@jfml jfml commented Jul 19, 2013

I also experienced not being able to search DDG when sending now Referrer in the past but this issue seems to be gone for me. I just checked and I'm not sending any Referrer but I can use DDG, Startpage an ixquick without problems.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Jul 19, 2013

That must have been a bug, not sending a referer header should never give problems. Especially considering HTML5 will have a ‘noreferrer’ rel setting.

@nylira

This comment has been minimized.

Copy link
Collaborator

@nylira nylira commented Aug 3, 2013

Feel free to re-open this if you have issues with the anonymity provided by Startpage or DDG.

@nylira nylira closed this Aug 3, 2013
@utapyngo

This comment has been minimized.

Copy link

@utapyngo utapyngo commented Aug 24, 2013

I am sorry for repeating some facts, but I have to ask.

These days almost everyone suggests using Startpage.com or DuckDuckGo instead of Google in order to avoid surveillance. It is also a well-known fact that Startpage.com offers Web search results from Google, as Scroogle did. We also know that Scroogle was closed not without Google's help. According to betabeat.com:

Scroogle was a basic search engine that takes users to their Google results through a circuitous route that masks much of the data Google normally harvests. [...] Google started punishing Scroogle severely for queries, choking off access for 90 minutes at a time. Google says it was not targeting Scroogle but that the search engine may have tripped a spam control mechanism.

“Scroogle.org is gone forever,” Mr. Brandt wrote. “Even if all my DDoS problems had never started in December, Scroogle was already getting squeezed from Google’s throttling, and was already dying. It might have lasted another six months if I hadn’t lost seven servers from DDoS, but that’s about all.”

Let's compare the numbers. According to Wikipedia

Before its demise, Scroogle handled around 350,000 queries daily.

International Business Times published the following information about Startpage.com:

... StartPage and Ixquick, both owned by Netherlands-based Surfboard Holding BV, have seen their daily traffic shoot from 2.8 million searches to 4.2 million, and increasing every day.

I wonder how Google throttled 350,000 queries from Scroogle but does not throttle millions of queries from Startpage. If Scroogle's activities technically violated Google's terms of service, does not Startpage.com violate them too?

I can advance some hypotheses:

  • Google has become very kind and will not throttle anyone anymore.
  • Google engineers are just too busy to blacklist Startpage.com.
  • Startpage.com uses TOR or I2P or other advanced techniques in order to circumvent Google's limitations (still violating Google TOS). But this would make their service very slow, in consideration of TOR speed and the number of queries Startpage.com serves.
  • Startpage.com is controlled by Google or government authorities who promote it as a private search engine in order to continue collecting information about unsuspecting users.
  • Startpage.com agreed to provide Google with information about its users (IP address, user agent) in exchange to whitelisting.

Where did I go wrong? Why is not Startpage.com blocked or attacked by Google yet, like Scroogle was? If it was, how did it manage to survive? Why is not this discussed in their FAQ? Am I missing something? I have been using Startpage.com for almost a year, but now I am thinking about switching to something else.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Aug 24, 2013

It might be because Startpage is serving Google Ads. Or because they are some sort of subsidiary. It doesn’t matter very much though because of this sentence in their privacy policy:

Startpage does not share personal information with any third party search engine or the provider of its sponsored results.

If they were to supply anything to Google in trade for the search results they will be in legal jeopardy. And I can guarantee you they will not quickly find a judge in Europe who will let them off the hook.

Of course your questions are interesting, have you thought emailing them?

@hasufell

This comment has been minimized.

Copy link
Contributor

@hasufell hasufell commented Aug 24, 2013

I have been using Startpage.com for almost a year, but now I am thinking about switching to something else.

Also note that Ixquick does not give you any google results. So their business concept doesn't solely rely on google being nice or not blocking them.

@utapyngo

This comment has been minimized.

Copy link

@utapyngo utapyngo commented Aug 24, 2013

If they are some sort of subsidiary, then Google is not a third party search engine for them. And the provider of their sponsored results can be a different juridical entity than the one they share personal information with.

They can also be just playing the same word games that NSA plays.
For example, the word "sharing" could have another meaning, like "collection" for the NSA has. By the way, the word "collection" is also found in Startpage privacy policy.

They define "personal information" as

interests, family circumstances, political leanings, medical conditions, and more.

(see the "privacy" page).

Of course they don't share it with anyone. According to their privacy policy, they don't store IP addresses, but this does not prevent them from passing IP addresses to Google (probably using a special API).

@i2000s

This comment has been minimized.

Copy link

@i2000s i2000s commented Aug 24, 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  • From my observation, I would like to say that Using Google from Tor or
    Startpage with Tor to hide IP address may cause potential problems. I
    have encountered "Google Sorry" that Google forbids my Google search by
    using Tor+Google or Tor+Startpage. I have to refresh my Tor identity to
    make the search work. The warning from Google said that they suspected I
    was doing automatic searching based on their observation on the IP
    section I was using. I guess Google is blacklisting all known Tor IP
    addresses or the transmitting IP addresses anonymous agents like
    Startpage.com are using.

I wish there comes another powerful search engine supported by
volunteering organizations. Many other people and I can donate for them,
just like how we support Wikipedia to survive.

On 08/24/2013 08:32 AM, utapyngo wrote:

If they are some sort of subsidiary, then Google is not a third party search engine for them. And the provider of their sponsored results can be a different juridical entity than the one they share personal information with.

They can also be just playing the same word games that NSA plays.
For example, the word "sharing" could have another meaning, like "collection" for the NSA has. By the way, the word "collection" is also found in Startpage privacy policy.

They define "personal information" as

interests, family circumstances, political leanings, medical conditions, and more.

(see the "privacy" page).

Of course they don't share it with anyone. According to their privacy policy, they don't store IP addresses, but this does not prevent them from passing IP addresses to Google (probably using a special API).


Reply to this email directly or view it on GitHub:
#168 (comment)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSGNmFAAoJEH/rH4HDrGD9/vcIAIcKIIdxf3kVB13+VSmTfy6N
PtF069tD80FuJ2znywOEbMVLqAmtIfDbjL4r6+RlI9A5N+tXANtAip/HaRRBjMs6
xqYSbPeCP9dQ/P0vCd7rbJDaPcpEShPM2dySX/CcD+hCNT53ZjoZUm6x1jnzlMzZ
wzKZEYlNuFwZoRbzPvWR5iWq20+ccouooRHskq1QGHVk6KTNRDN68ZyZ+5HDIUL0
61EzfrJF5UhVF07hO8tKu9dDlZn8WUn1DAdth6xSFvAskZ/0BsQ5zpBJK+0s0TUS
RlUU95CjSVRXberlI75N7Cu7uGrTMXy6F4SpLRMW/M3pDKsLDkHsTXL20XiP7II=
=QG9W
-----END PGP SIGNATURE-----

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Aug 24, 2013

The warning from Google said that they suspected I was doing automatic searching based on their observation on the IP section I was using.

This also happens when I am using my VPN, I think it might just happen when they get too many queries from the same IP within almost no time. I guess the chance of this happening with Tor is pretty big too.

If you are using Tor it might be better to switch to the DuckDuckGo and use it as a hidden service (3g2upl4pq6kufc4m.onion), that way you will not even need to go out through an exit-node.

@utapyngo

This comment has been minimized.

Copy link

@utapyngo utapyngo commented Aug 29, 2013

Let's sum up:

  • Startpage does not like to be queried from Tor
  • Startpage has officially requested to be removed from the Tor Browser Bundle
  • Startpage does not serve requests that hide useragent
  • Startpage is not blocked nor throttled by Google while serving more than 4 millions requests per day
  • Startpage's "crystal clear" privacy policy does not contain a clear definition of "personal information": it is questionable whether IP addresses, useragents and other browser identifying information are included (please point me to the definition if I am wrong)
  • prism-break.org recommends Startpage

@nylira, could we reopen this issue?

@hasufell

This comment has been minimized.

Copy link
Contributor

@hasufell hasufell commented Aug 29, 2013

@utapyngo write a mail to the privacy policy representative

The only interesting thing I see in your list is the definition of "personal information".

@nylira nylira reopened this Aug 29, 2013
@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Aug 29, 2013

Startpage's "crystal clear" privacy policy does not contain a clear definition of "personal information": it is questionable whether IP addresses, useragents and other browser identifying information are included

Yeah, some of that is a bit weird. Later on they use the term ‘personal data’, which they specify to include IP addresses, and vouch not to provide Google with it:

[…] we don’t store any personal data (like your IP address) and don’t pass on any of this data to third parties, including Google.

@utapyngo

This comment has been minimized.

Copy link

@utapyngo utapyngo commented Aug 29, 2013

@Zegnat, yes, I have seen this.
Can we consider this Q & A page legal, despite it is not the privacy policy page? I am not a lawyer and particularly don't know European laws.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Aug 29, 2013

I’m not sure if anyone has ever sued a company over a Q & A page so precedence would be weak. But I would think such statements made could be treated as promises and are very much legally enforceable in many countries.

There are some more texts in effect here:

  1. From the actual privacy policy:

    Startpage does not share personal information with any third party search engine or the provider of its sponsored results.

  2. From the information sharing page:

    Startpage does NOT record any personal information or share personal information with Google at any time.

As for the definition of ‘personal information’ I think we can infer from the Data Collection section of the privacy policy where this sentence:

We don’t collect any personal information on our visitors.

Is explained as:

When you use Startpage, we do not record your IP address, we do not record which browser you are using (Internet Explorer, Safari, Firefox, Chrome etc.), we do not record your computer platform (Windows, Mac, Linux, etc.), and we do not record your search words or phrases.

This would make personal information synonymous to (at least): IP address, User-Agent, OS, and search queries.

@011010101101

This comment has been minimized.

Copy link
Contributor

@011010101101 011010101101 commented Aug 30, 2013

utapyngo:

Can't respond to all your points but I did find it interesting so I looked into a few of them.

I thought Google had shut down their web search API but apparently the custom search API can still be used to fetch Google search results. So I'm guessing this is what startpage.com is using.

If so, they have to pay Google for every query, so it is not surprising they would not like Tor. Unless they have captchas implemented someone could anonymously bankrupt them simply by programatically submitting queries through Tor. Since Tor users are anonymous it is impossible to give a particular person the first few searches "for free"; even your very first search might require a captcha (that happens to me all the time when I try to use Google through Tor).

I personally have never seen a captcha when using startpage.com through Tor, so it seems like they haven't implemented this kind of protection yet.

I guess the point here is that since they have to pay Google for every query there are strong financial incentives for them to block Tor or add captchas and they may already be planning to do that in the future. But this doesn't necessarily mean they are a bad company or don't respect privacy.

I don't know if duckduckgo pays on a per-query basis for results. If not they might be a better choice for the Tor Browser Bundle's default search engine.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Aug 30, 2013

DuckDuckGo does not list Google as one of its sources. Instead they are paying other companies for results. Note that DuckDuckGo also crawls the web itself and might very well use search results they pay for to extend their own databases, which means they do not have to pay for the same query several times.

DDG does seem to be paying some of its sources:

  • Yahoo! BOSS: $0.80/1 000 queries.
  • Bing Search: $2/1 000 queryes.
  • Yandex: 10 000 queries/day, no price given. But you contact them to make deals if you need loser restrictions, which may or may not cost something.
  • Wolfram|Alpha: 2 000 non-commercial queries/month. As with Yandex they cater to others with flexible pricing, no way to know what DDG is actually paying.
@gitkitten

This comment has been minimized.

Copy link
Author

@gitkitten gitkitten commented Sep 24, 2013

If startpage pay for every single queries, where does the money come from?

Privacy Policy is NOT a law, you know. Only a developer know the truth.
I know some companies which fake their policy and make their customers down. And I'm one of them.
(I don't write their name, because I don't wanna fight :P )

If you have a server and some bandwidth, you maybe like 2 projects: Yacy, Majestic12.
Server-side service is going to an end. It's time to use P2P-type search engine.

@Zegnat

This comment has been minimized.

Copy link
Collaborator

@Zegnat Zegnat commented Sep 24, 2013

Privacy Policy is NOT a law, you know.

No, but breach of contract is certainly taken care of by law. And many of these laws (at least in Sweden, where I have taken law courses) even apply to oral promises. Written promises doubly so. Ignoring your own privacy policy can become a big mistake if you are not careful, and not just for your image. They decide what is in their policy and are more likely to change it than disobey it.

If you know any European companies that do not uphold their own policy I would urge you to take them to court. Especially if you are a customer as you could certainly earn back your expenses. If you are unable to start litigation yourself try getting in touch with an ombudsman.

@error10

This comment has been minimized.

Copy link

@error10 error10 commented May 10, 2014

I've personally spoken to Katherine Albrecht, Startpage's US media representative, about some of these issues. I've also known her for years, and I know she is absolutely committed to privacy (look her up on... Startpage?!) and would not work for the company if anything inappropriate was going on.

First, Google has an AdSense Premium service, which is available to sites with at least 5 million search queries or 20 million pageviews per month. Under this program, a publisher can negotiate a contract with Google with any mutually agreeable terms, and Albrecht has said that Startpage has such a contract with Google stipulating that no personally identifying information will be shared with Google about Startpage users to whom ads are served.

Second, from a system administration perspective, any automated potentially malicious traffic is at minimum a nuisance, and can be much worse, even resulting in denial of service for legitimate users. It's not surprising that IP addresses (corresponding to Tor exit nodes) are being rate limited; this is one common method of dealing with such traffic, and there really aren't any better solutions. Obviously the ideal situation is for such traffic to not exist, but as long as Tor exists people are going to abuse it. The rest of us are occasionally going to get caught in the middle.

Finally, I'm disappointed to hear that Startpage might be discouraging people from using Tor, and I will have to ask her about it the next time I see her.

@theGuruWithin

This comment has been minimized.

Copy link

@theGuruWithin theGuruWithin commented May 11, 2014

"Google stipulating that no personally identifying information will be shared with Google about Startpage users to whom ads are served"

Please ask about actual definition of "personally identifying information" and does it include ip info, agent info, system info, etc. We need to have concrete specific list in writing as policy to know what is really going on.

Also anyone think Startpage etc are shells for NSA or CIA as honeypots of a sort - that is another issue worth discussing IMHO... Remember National Security are telling the Global Community out and out lies even under oath to US Congress.

Lastly if Google is serving ads by some ip info at StartPage does that mean the searches are individualized. I always thought Startpage would deliver same results for anyone anywhere.... Please clarify for this newbie.

@foobar13372

This comment has been minimized.

Copy link

@foobar13372 foobar13372 commented Jun 19, 2014

Taking your laptop from Europe to East Asia suddenly lets Startpage display East Asia stuff which it did not display before (try it yourself if you ever fly around the world). So somehow Startpage does know and work with the user's location. I do not how how it works, however.

@error10

This comment has been minimized.

Copy link

@error10 error10 commented Jun 19, 2014

@foobar13372 The country associated with every IP address is public information and easily accessible.

@foobar13372

This comment has been minimized.

Copy link

@foobar13372 foobar13372 commented Jun 19, 2014

@error10 But the search results come from Google. So the question is: Is it possible to request country-specific results from Google WITHOUT sharing the user's IP? I thought the Startpage results are either generic or NL/US-based Google results (where the startpage proxy's are).

@error10

This comment has been minimized.

Copy link

@error10 error10 commented Jun 19, 2014

@foobar13372 Yes, it's easy enough to say "Give me results for Japan" or "Give me results for Sweden" without sharing an IP address, which isn't technically required to do the search anyway. Google also supports the reverse, getting generic results regardless of country, though I don't know if Startpage has preserved this ability (I'm in the US).

@foobar13372

This comment has been minimized.

Copy link

@foobar13372 foobar13372 commented Jun 19, 2014

@error10 So, then why is this issue still open? I thought it's open because it is still unclear, whether Startpage really don't give anything to Google.

@error10

This comment has been minimized.

Copy link

@error10 error10 commented Jun 19, 2014

@foobar13372 I don't think it can ever be closed. You can't trust me, I'm just some guy on the Internet. You can't trust Katherine Albrecht, despite her long history as a privacy activist maybe she was secretly bought out. You just never know. You have to take all the available information and decide for yourself.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Mar 17, 2015

Also, it is true that Startpage is sending user's GeoIP location. I can confirm it.

Search "Project (something)" using USA proxy.
Search "Project (something)" using China proxy.
Search "Project (something)" using India proxy.

@ghost ghost referenced this issue Mar 17, 2015
@GreenLunar

This comment has been minimized.

Copy link
Contributor

@GreenLunar GreenLunar commented Sep 16, 2015

Remove Startpage and Ixquick.

Do not trust them nor its redhead marketing lady who is affiliated with a propaganda-driven, false multi-level marketing operations handler, and traumatizing radio network.

They claim that they are for privacy, but they really want to keep the status-quo-ante so that they would have an excuse to keep doing what they do (fighting "for" privacy) to generate profit.

Seeks and Searx already do what StartPage does and even better, and we can install them on our own.

@GreenLunar

This comment has been minimized.

Copy link
Contributor

@GreenLunar GreenLunar commented Sep 16, 2015

@foobar13372 wrote:

Is it possible to request country-specific results from Google WITHOUT sharing the user's IP?

You have Seeks and Searx search engines which very soon will support sharing results in P2P, so you may either get results from country-specific users or even ask for a filtering mechanism on-searx-side that would trim results by region.

@alerque

This comment has been minimized.

Copy link
Contributor

@alerque alerque commented Sep 16, 2015

@GreenLunar Keep the personal disparaging remarks about individuals out of this please. If you have a suggestion to make for PRISM-Break based on the technical merits (or faults) of a solution go ahead, but keep the discussion above the belt. Your Argumentum ad Hominem above is out of line.

@GreenLunar

This comment has been minimized.

Copy link
Contributor

@GreenLunar GreenLunar commented Sep 16, 2015

@alerque I am serious, you can check by yourself.

Dominant individuals of that radio network, which the StartPage redhead lady is affiliated with, are constantly lying, scaring, fear mongering and do not provide solutions, not even in software or hardware level.

They would encourage you to buy iPhone devices (the worst) more so than Android devices (lesser worse).

They demonize Linux (of all things!) by claiming that it always gets stuck, while they use CentOS for their servers and they use Ubuntu on most of their desktops in their offices.

They use the closed system SHOUTcast for most of their audio streams. They are not for freedom, they care for profiting even when they misleading their listeners.

Do not trust StartPage. The more StartPage or their people are mentioned, the more harm PRISM-Break and free software would have.

@alerque

This comment has been minimized.

Copy link
Contributor

@alerque alerque commented Sep 16, 2015

@GreenLunar I didn't question whether you were serious. I didn't even dispute that there are likely real issues with StartPage. But I was serious too — and you seem to have missed my point (because you just repeated the offense I was pointing out). Constructive criticism is welcome, but criticize ideas, not people. If StartPage has issues that warrants consideration on technical merits relevant to PRISM-Break goals then bring those aspects to the table. Leave personalities, people's hair color, and what you think of their character out of it.

@GreenLunar

This comment has been minimized.

Copy link
Contributor

@GreenLunar GreenLunar commented Sep 16, 2015

I didn't question whether you were serious.

Indeed, you did not. I apologies for the implication.

I truly think that the nature of some of the people behind StartPage, especially the Americans involved in it, should be taken into consideration.

For a long time, I have followed the redhead woman who does not offer solutions, since the days she was on We The People Radio Network, and some of her current internet radio colleagues, and I came into a conclusion that they are for profit generating at any cost, the last thing they will provide us with is practical solutions. Just like Mainstream Media, they care for their sponsors, nothing more.

That, alone, should be a good reason to remove Startpage and Ixquick.

The people involved with StartPage are not trustworthy. Period.

@GreenLunar

This comment has been minimized.

Copy link
Contributor

@GreenLunar GreenLunar commented Sep 16, 2015

An objective reason might be to replace the search engines in question by searx, as searx already provides hooks to retrieve results from all of the above search engines.

See https://github.com/asciimoo/searx/tree/master/searx/engines

@Atavic

This comment has been minimized.

Copy link

@Atavic Atavic commented Feb 19, 2017

The CEO of DuckDuckGo joined a similar discussion.

@lewisl

This comment has been minimized.

Copy link

@lewisl lewisl commented Mar 31, 2017

@gitkitten
I know this is old, but I didn't see your concern answered correctly. In the pseudo code you provided where startpage provides your location to Google when startpage retrieves a search result from Google for you, startpage is NOT sharing personal information about you when they send the query to Google with a location. It is not anyone's location. Or it is startpage's location--NOT YOURS. In other words, it is just a random location that is NOT linked to any personal identifying information or even your IP address or any cookie or any information about your computer (all of which CAN be used to track you). Even if (and that if really means "when") Google deeply probes the sending IP address (the actual address generating the query--and that is startpage) and everything else in the http request, Google won't find anything about YOU. That location is a random person who seems to use startpage's server.

A more interesting question is whether or when Google will start blocking startpage. Google certainly has the technical means. Of course, it would be grossly hypocritical because Google proxies, scrapes, and caches nearly every content site on the internet and denies those sites ad revenue and any opportunity to have a legitimate, voluntary (in the sense that as the user you could agree to allow it) relationship with users. So, Google pretty much disintermediates sites from users and proxies pretty much the universe. But, hey--they're Google--smarter, better, more justified than anyone else in the universe.

I think, though, that startpage has a decent answer to Google: we drive you traffic, we display your ads back to OUR (start page's) user. So, you--Google--gain. But, of course Google's real view is that startpage is a disintermediating competitor and Google aims to crush all competition. Despite this potential startpage answer being entirely valid, it would not satisfy Google.

I answered because I am incredibly concerned about the abusive violations of our privacy that are rampant and largely unchallenged (dumb US Congress members taking massive bribes). I think you had a misunderstanding about a helpful service that does hide us from Google's prying "eyes."

@LizMcIntyre

This comment has been minimized.

Copy link

@LizMcIntyre LizMcIntyre commented Aug 21, 2017

Here are answers to some of the questions posted earlier:

StartPage uses an anonymized country code that is required to provide results at the country level for your search. In no circumstance does StartPage share your actual IP address, exact location, or other personally identifiable data. In addition, StartPage does not record your IP address or log any other personal information.

StartPage backs up its privacy promises with an independent 3rd party audit to prove it does what it says it does for privacy and on every level.

StartPage can deliver Google results in privacy because it has a contract to do that. StartPage pays for those results.

StartPage is located in the Netherlands, outside of US jurisdiction so it cannot be forced to cooperate with the US government to spy on its users. This is important because US companies are subject to National Security Letters and gag orders that can compromise their privacy policies.

If you have any additional questions, feel free to visit the StartPage knowledge base and/or write to the support team: Support@StartPage.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.