New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Let's Think again] Startpage and DuckDuckGo are lying or not #168
Comments
|
Interesting. Just for completion sake, let me also quote the first (and only) reaction:
I think I might fire off an email to their privacy representative. Their policy says the following:
But the fact that the language in the ads seems to be IP location dependant might tell us they share my approximate location with Google. I say might because they could very well be getting a list of different language ads from Google and then pick the one that matches my IP themselves – meaning they don’t tell Google a thing. If they get back to my email I’ll update this issue. |
|
Yeah, so I'm using Startpage via Tor for a several months. And, Sometimes Startpage blocks Tor connection: something like this image: I made a small program which switch my Tor identity automatically 5min interval, But the problem is: why startpage block Tor? I can understand if that message is "Are you using proxy?" or, "Too many connections from your IP." |
|
The results are differnt when you change your IP address. STARTPAGE: http://www.dotup.org/uploda/www.dotup.org4300881.jpg (About No Ads| I hate Ads, so I'm currently using Adblock. Sorry about that) This called "Filter Bubble", Good article: www.dontbubble.us/
What about DuckDuckGo? Yep, I test it ;) If both search engine really don't using your IP address (or your IP Location),
Differnt results will tells you that they also send your IP or location to search things. |
Startpage is still a great pick for people who simply want to stop feeding the NSA through Google, Yahoo!, and Microsoft. That’s what prism-break.org is about. It gives them high quality results without being logged and that’s what is most important. The fact that the Tor project has not found an issue with them either strengthens my resolve. I vote for keeping them on the list unless it can be shown they break their own privacy policy (which also makes them liable for lawsuits) and actually record data. There is only one thing that is bothering me: the advertisements provided by Google are also location targeted so they might be sharing my approximate location with Google. |
So, startpage is doing something like this? Wait a minute, they said
LOCATION is not a personal information? Oh, really? I don't think like this: This won't happen, because,
Whatever or not, I'll keep using it with Tor... |
Probably, yes. Although this will only be an approximate location. In fact, they might even only send the country to Google. That way you get culturally relevant results and Google only learns that people from France like searching for ‘striped shirts’. (Completely fictitious example.) Even sending along 5 different countries and only showing you the results for yours to make it hard on Google, however unlikely, is very possible. I just want to make it very clear for people that might read this in the future: the results you are seeing from Startpage are no proof of them recording your personal information. Thank you for your concern and we will see if I can get some answers through email. |
|
So, no answer from Startpage? I also email them about the details using my IP address & location, but no response. What if they(Startpage) are Google's friend? I think the reason why Startpage still alive |
|
Can I ask what address you have used to contact them? Did you write to the privacy policy representative or somewhere else? I haven’t had the time to get a good email drafted. Which is a good thing, as I will now be able to ask them about something that has not been discussed here yet:
From a topic on the DuckDuckGo forums. (Note that, again, using and accessing something like the UA does not mean they log it. It’s just unusual.) Note that your link about Scroogle is hugely outdated. Google only throttled them, a major contribution to Scroogle going down were the multitude of DDOS attacks they suffered. See this article on Search Engine Land from when the site really closed in 2012 (two years after your link): “Scroogle Is Gone Forever” Says Site Owner. |
|
|
I also experienced not being able to search DDG when sending now Referrer in the past but this issue seems to be gone for me. I just checked and I'm not sending any Referrer but I can use DDG, Startpage an ixquick without problems. |
|
That must have been a bug, not sending a referer header should never give problems. Especially considering HTML5 will have a ‘noreferrer’ |
|
Feel free to re-open this if you have issues with the anonymity provided by Startpage or DDG. |
|
I am sorry for repeating some facts, but I have to ask. These days almost everyone suggests using Startpage.com or DuckDuckGo instead of Google in order to avoid surveillance. It is also a well-known fact that Startpage.com offers Web search results from Google, as Scroogle did. We also know that Scroogle was closed not without Google's help. According to betabeat.com:
Let's compare the numbers. According to Wikipedia
International Business Times published the following information about Startpage.com:
I wonder how Google throttled 350,000 queries from Scroogle but does not throttle millions of queries from Startpage. If Scroogle's activities technically violated Google's terms of service, does not Startpage.com violate them too? I can advance some hypotheses:
Where did I go wrong? Why is not Startpage.com blocked or attacked by Google yet, like Scroogle was? If it was, how did it manage to survive? Why is not this discussed in their FAQ? Am I missing something? I have been using Startpage.com for almost a year, but now I am thinking about switching to something else. |
|
It might be because Startpage is serving Google Ads. Or because they are some sort of subsidiary. It doesn’t matter very much though because of this sentence in their privacy policy:
If they were to supply anything to Google in trade for the search results they will be in legal jeopardy. And I can guarantee you they will not quickly find a judge in Europe who will let them off the hook. Of course your questions are interesting, have you thought emailing them? |
Also note that Ixquick does not give you any google results. So their business concept doesn't solely rely on google being nice or not blocking them. |
|
If they are some sort of subsidiary, then Google is not a third party search engine for them. And the provider of their sponsored results can be a different juridical entity than the one they share personal information with. They can also be just playing the same word games that NSA plays. They define "personal information" as
(see the "privacy" page). Of course they don't share it with anyone. According to their privacy policy, they don't store IP addresses, but this does not prevent them from passing IP addresses to Google (probably using a special API). |
|
-----BEGIN PGP SIGNED MESSAGE-----
I wish there comes another powerful search engine supported by On 08/24/2013 08:32 AM, utapyngo wrote:
iQEcBAEBAgAGBQJSGNmFAAoJEH/rH4HDrGD9/vcIAIcKIIdxf3kVB13+VSmTfy6N |
This also happens when I am using my VPN, I think it might just happen when they get too many queries from the same IP within almost no time. I guess the chance of this happening with Tor is pretty big too. If you are using Tor it might be better to switch to the DuckDuckGo and use it as a hidden service (3g2upl4pq6kufc4m.onion), that way you will not even need to go out through an exit-node. |
|
Let's sum up:
@nylira, could we reopen this issue? |
|
@utapyngo write a mail to the privacy policy representative The only interesting thing I see in your list is the definition of "personal information". |
Yeah, some of that is a bit weird. Later on they use the term ‘personal data’, which they specify to include IP addresses, and vouch not to provide Google with it:
|
|
I’m not sure if anyone has ever sued a company over a Q & A page so precedence would be weak. But I would think such statements made could be treated as promises and are very much legally enforceable in many countries. There are some more texts in effect here:
As for the definition of ‘personal information’ I think we can infer from the Data Collection section of the privacy policy where this sentence:
Is explained as:
This would make personal information synonymous to (at least): IP address, User-Agent, OS, and search queries. |
|
utapyngo: Can't respond to all your points but I did find it interesting so I looked into a few of them. I thought Google had shut down their web search API but apparently the custom search API can still be used to fetch Google search results. So I'm guessing this is what startpage.com is using. If so, they have to pay Google for every query, so it is not surprising they would not like Tor. Unless they have captchas implemented someone could anonymously bankrupt them simply by programatically submitting queries through Tor. Since Tor users are anonymous it is impossible to give a particular person the first few searches "for free"; even your very first search might require a captcha (that happens to me all the time when I try to use Google through Tor). I personally have never seen a captcha when using startpage.com through Tor, so it seems like they haven't implemented this kind of protection yet. I guess the point here is that since they have to pay Google for every query there are strong financial incentives for them to block Tor or add captchas and they may already be planning to do that in the future. But this doesn't necessarily mean they are a bad company or don't respect privacy. I don't know if duckduckgo pays on a per-query basis for results. If not they might be a better choice for the Tor Browser Bundle's default search engine. |
|
DuckDuckGo does not list Google as one of its sources. Instead they are paying other companies for results. Note that DuckDuckGo also crawls the web itself and might very well use search results they pay for to extend their own databases, which means they do not have to pay for the same query several times. DDG does seem to be paying some of its sources:
|
|
If startpage pay for every single queries, where does the money come from? Privacy Policy is NOT a law, you know. Only a developer know the truth. If you have a server and some bandwidth, you maybe like 2 projects: Yacy, Majestic12. |
No, but breach of contract is certainly taken care of by law. And many of these laws (at least in Sweden, where I have taken law courses) even apply to oral promises. Written promises doubly so. Ignoring your own privacy policy can become a big mistake if you are not careful, and not just for your image. They decide what is in their policy and are more likely to change it than disobey it. If you know any European companies that do not uphold their own policy I would urge you to take them to court. Especially if you are a customer as you could certainly earn back your expenses. If you are unable to start litigation yourself try getting in touch with an ombudsman. |
|
I've personally spoken to Katherine Albrecht, Startpage's US media representative, about some of these issues. I've also known her for years, and I know she is absolutely committed to privacy (look her up on... Startpage?!) and would not work for the company if anything inappropriate was going on. First, Google has an AdSense Premium service, which is available to sites with at least 5 million search queries or 20 million pageviews per month. Under this program, a publisher can negotiate a contract with Google with any mutually agreeable terms, and Albrecht has said that Startpage has such a contract with Google stipulating that no personally identifying information will be shared with Google about Startpage users to whom ads are served. Second, from a system administration perspective, any automated potentially malicious traffic is at minimum a nuisance, and can be much worse, even resulting in denial of service for legitimate users. It's not surprising that IP addresses (corresponding to Tor exit nodes) are being rate limited; this is one common method of dealing with such traffic, and there really aren't any better solutions. Obviously the ideal situation is for such traffic to not exist, but as long as Tor exists people are going to abuse it. The rest of us are occasionally going to get caught in the middle. Finally, I'm disappointed to hear that Startpage might be discouraging people from using Tor, and I will have to ask her about it the next time I see her. |
|
"Google stipulating that no personally identifying information will be shared with Google about Startpage users to whom ads are served" Please ask about actual definition of "personally identifying information" and does it include ip info, agent info, system info, etc. We need to have concrete specific list in writing as policy to know what is really going on. Also anyone think Startpage etc are shells for NSA or CIA as honeypots of a sort - that is another issue worth discussing IMHO... Remember National Security are telling the Global Community out and out lies even under oath to US Congress. Lastly if Google is serving ads by some ip info at StartPage does that mean the searches are individualized. I always thought Startpage would deliver same results for anyone anywhere.... Please clarify for this newbie. |
|
Taking your laptop from Europe to East Asia suddenly lets Startpage display East Asia stuff which it did not display before (try it yourself if you ever fly around the world). So somehow Startpage does know and work with the user's location. I do not how how it works, however. |
|
@foobar13372 The country associated with every IP address is public information and easily accessible. |
|
@error10 But the search results come from Google. So the question is: Is it possible to request country-specific results from Google WITHOUT sharing the user's IP? I thought the Startpage results are either generic or NL/US-based Google results (where the startpage proxy's are). |
|
@foobar13372 Yes, it's easy enough to say "Give me results for Japan" or "Give me results for Sweden" without sharing an IP address, which isn't technically required to do the search anyway. Google also supports the reverse, getting generic results regardless of country, though I don't know if Startpage has preserved this ability (I'm in the US). |
|
@error10 So, then why is this issue still open? I thought it's open because it is still unclear, whether Startpage really don't give anything to Google. |
|
@foobar13372 I don't think it can ever be closed. You can't trust me, I'm just some guy on the Internet. You can't trust Katherine Albrecht, despite her long history as a privacy activist maybe she was secretly bought out. You just never know. You have to take all the available information and decide for yourself. |
|
Also, it is true that Startpage is sending user's GeoIP location. I can confirm it. Search "Project (something)" using USA proxy. |
|
Remove Startpage and Ixquick. Do not trust them nor its redhead marketing lady who is affiliated with a propaganda-driven, false multi-level marketing operations handler, and traumatizing radio network. They claim that they are for privacy, but they really want to keep the status-quo-ante so that they would have an excuse to keep doing what they do (fighting "for" privacy) to generate profit. Seeks and Searx already do what StartPage does and even better, and we can install them on our own. |
|
@foobar13372 wrote:
You have Seeks and Searx search engines which very soon will support sharing results in P2P, so you may either get results from country-specific users or even ask for a filtering mechanism on-searx-side that would trim results by region. |
|
@GreenLunar Keep the personal disparaging remarks about individuals out of this please. If you have a suggestion to make for PRISM-Break based on the technical merits (or faults) of a solution go ahead, but keep the discussion above the belt. Your Argumentum ad Hominem above is out of line. |
|
@alerque I am serious, you can check by yourself. Dominant individuals of that radio network, which the StartPage redhead lady is affiliated with, are constantly lying, scaring, fear mongering and do not provide solutions, not even in software or hardware level. They would encourage you to buy iPhone devices (the worst) more so than Android devices (lesser worse). They demonize Linux (of all things!) by claiming that it always gets stuck, while they use CentOS for their servers and they use Ubuntu on most of their desktops in their offices. They use the closed system SHOUTcast for most of their audio streams. They are not for freedom, they care for profiting even when they misleading their listeners. Do not trust StartPage. The more StartPage or their people are mentioned, the more harm PRISM-Break and free software would have. |
|
@GreenLunar I didn't question whether you were serious. I didn't even dispute that there are likely real issues with StartPage. But I was serious too — and you seem to have missed my point (because you just repeated the offense I was pointing out). Constructive criticism is welcome, but criticize ideas, not people. If StartPage has issues that warrants consideration on technical merits relevant to PRISM-Break goals then bring those aspects to the table. Leave personalities, people's hair color, and what you think of their character out of it. |
Indeed, you did not. I apologies for the implication. I truly think that the nature of some of the people behind StartPage, especially the Americans involved in it, should be taken into consideration. For a long time, I have followed the redhead woman who does not offer solutions, since the days she was on We The People Radio Network, and some of her current internet radio colleagues, and I came into a conclusion that they are for profit generating at any cost, the last thing they will provide us with is practical solutions. Just like Mainstream Media, they care for their sponsors, nothing more. That, alone, should be a good reason to remove Startpage and Ixquick. The people involved with StartPage are not trustworthy. Period. |
|
An objective reason might be to replace the search engines in question by searx, as searx already provides hooks to retrieve results from all of the above search engines. See https://github.com/asciimoo/searx/tree/master/searx/engines |
|
The CEO of DuckDuckGo joined a similar discussion. |
|
@gitkitten A more interesting question is whether or when Google will start blocking startpage. Google certainly has the technical means. Of course, it would be grossly hypocritical because Google proxies, scrapes, and caches nearly every content site on the internet and denies those sites ad revenue and any opportunity to have a legitimate, voluntary (in the sense that as the user you could agree to allow it) relationship with users. So, Google pretty much disintermediates sites from users and proxies pretty much the universe. But, hey--they're Google--smarter, better, more justified than anyone else in the universe. I think, though, that startpage has a decent answer to Google: we drive you traffic, we display your ads back to OUR (start page's) user. So, you--Google--gain. But, of course Google's real view is that startpage is a disintermediating competitor and Google aims to crush all competition. Despite this potential startpage answer being entirely valid, it would not satisfy Google. I answered because I am incredibly concerned about the abusive violations of our privacy that are rampant and largely unchallenged (dumb US Congress members taking massive bribes). I think you had a misunderstanding about a helpful service that does hide us from Google's prying "eyes." |
|
Here are answers to some of the questions posted earlier: StartPage uses an anonymized country code that is required to provide results at the country level for your search. In no circumstance does StartPage share your actual IP address, exact location, or other personally identifiable data. In addition, StartPage does not record your IP address or log any other personal information. StartPage backs up its privacy promises with an independent 3rd party audit to prove it does what it says it does for privacy and on every level. StartPage can deliver Google results in privacy because it has a contract to do that. StartPage pays for those results. StartPage is located in the Netherlands, outside of US jurisdiction so it cannot be forced to cooperate with the US government to spy on its users. This is important because US companies are subject to National Security Letters and gag orders that can compromise their privacy policies. If you have any additional questions, feel free to visit the StartPage knowledge base and/or write to the support team: Support@StartPage.com |
|
Startpage is owned by an advertising company since 2019. System1 LLC Affiliate and lead generation:
|
I found an issue about Startpage.
http://zw3crggtadila2sg.onion/imageboard/fbi/
"Startpage seems using user's IP address to serve Ads.
Search something on startpage -> Show Ads near user's IP, or show Ads in user's IP language
Search via Tor -> Show ads in English"
I can confirm this: maybe startpage is a bad selection.
(I didn't search anything to Startpage, except query string. No JS. No Cookie, What else? IP, of course.)
The text was updated successfully, but these errors were encountered: