this post was submitted on 04 Apr 2024
153 points (96.4% liked)

Firefox

17952 readers
437 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] LWD@lemm.ee 63 points 7 months ago* (last edited 7 months ago) (6 children)

Mozilla didn't choose privacy. Qwant sends you IP address to Microsoft when you search on their platform. If you want a more responsible search engine, DuckDuckGo is still the way to go.

Update 3: DuckDuckGo also sends along more information than I originally noticed, including "anonymous browser and device information with our hosting and content providers for security and display purposes (for example, that you’re using a mobile device)"

The information collected by Qwant includes...

  • hash of the IP address
  • User Agent
  • market segment of a request
  • date and time of the visit
  • information of the country and the chosen language
  • search keywords
  • where a user came from
  • type of device used
  • source of visit
  • operating system
  • major browser version

Qwant may (will) transfer to Microsoft:

  • your full IP address
  • Information about the browser you are using (the User Agent
  • The first three bytes of your IP address;
  • The approximate geographic area at the origin of the search, at the scale of a region or city;
  • The hash generated from your IP address and User Agent

Update 2: removing name and email as that's only for optional account creation

Update 1: Qwant wants you to disable your ad blocker

[–] soupermkc@lemmy.blahaj.zone 16 points 7 months ago (1 children)

doesn't duckduckgo do the same thing at this point with tracker links? it also uses bing

[–] LWD@lemm.ee 18 points 7 months ago (1 children)

What tracker links?

DuckDuckGo's policy is much less specific but makes it a point that they aren't sending your exact IP address to Microsoft or anybody else for any reason. Among other, IMO even better policies.

we share anonymous browser and device information with our hosting and content providers for security and display purposes (for example, that you’re using a mobile device), but we never share any information with them that could tie your searches or website visits to you personally, or that could allow them to create a history of your individual search queries or the sites you browse.

[–] soupermkc@lemmy.blahaj.zone 5 points 7 months ago (1 children)

last we checked they preserved the tracker links bing themselves would use on results, which you had to opt out of.

[–] LWD@lemm.ee 6 points 7 months ago

Can you be more specific?

[–] hash0772@sh.itjust.works 12 points 7 months ago (1 children)

I would use SearxNG instead, using a public instance like searx.be. It is really lightweight, gets results from multiple indexes and is very privacy-friendly.

[–] isVeryLoud@lemmy.ca 4 points 7 months ago (2 children)

Honestly, I set up SearxNG on my own server, and it's not very nice to use, not very configurable and doesn't return high quality results. It's also kinda slow. Maybe I'm missing something?

[–] hash0772@sh.itjust.works 6 points 7 months ago

It is recommended to use a public instance because it makes it harder to fingerprint you off of your searches. It gets most results from Google and Bing, so you will have similar search results. I haven't experienced any slowness yet, so I can't say anything about that.

[–] BeamMeOut@mastodon.social 2 points 7 months ago (1 children)

@isVeryLoud @hash0772 I had similar experience. I was able to resolve the slowness by enabling swap on the vps. What was worst is that over time Bing and Google API changed and it stopped working, took quite long troubleshooting. Occasionaly I would hit some kind of rate limit and got nothing from Google. It was too much hassle and not worth the vps cost.

[–] isVeryLoud@lemmy.ca 1 points 7 months ago (1 children)

Cost is whatever since this VPS is being used for other things.

I'm a bit confused about swap solving things though since it's unlikely to be a memory issue.

[–] BeamMeOut@mastodon.social 0 points 7 months ago (1 children)

@isVeryLoud It was for me, I monitored the server and each query would bump up the memory quite a bit. But that sucker had only 512 MB I think. It could've been some issue that's already fixed with newer Searx versions.

[–] isVeryLoud@lemmy.ca 1 points 7 months ago

Ah that would definitely be it, my VPS has 4 GB of RAM and runs other services just fine. I set it up about a month ago.

You can try it yourself: https://searx.veryloud.ca/

[–] me_ow@feddit.nl 9 points 7 months ago (2 children)

I'm sorry but that is not correct. In the link that you shared to their privacy statement it is explicitly stated that they do not collect your identity when using the service. They say that your identity " is the information we use to ensure that you are who you say you are when you make a de-listing request, report or create an account. This includes: first name, last name, email address."

Furthermore, unlike duckduckgo which to my knowledge relies entirely on Bing's search index, Qwant does actually index the web itself and only uses the Bing index when a search returns insufficient hits from their own index. When they query the microsoft index they send the following data along: "Search keywords; Information about the browser you are using (the User Agent); The first three bytes of your IP address; The approximate geographic area at the origin of the search, at the scale of a region or city; The salty hash generated from your IP address, your User Agent and a salt changing no later than every 3 months; A random token generated by Qwant (aiming to limit data cross-checking)."

I do not know much about DuckDuckGo, but from an initial read the privacy policy is much more vague than Qwant's, not mentioning any specific information that is shared. As they are a US company, they are also not covered by the general data protection regulation.

In general, both search engines seem to do a good job at protecting users' privacy, which to me sounds like something that should be encouraged, not polluted with misinformation.

[–] LWD@lemm.ee 7 points 7 months ago (2 children)

You're probably wondering why I say "your full IP address" versus "partial IP address"; you quote the policy correctly but you missed a separate but crucial section in the privacy policy:

In addition, for security purposes and reliability of our partner’s services (detection of spam, automated activity, fraudulent clicks on advertisements …), Qwant may also collect and transfer to this partner [Microsoft Ireland] your full IP address.

The transfer happens separately from searches, sure, but if two requests get sent to Microsoft at the same time and with the same parsable information (the full IP address from the security query can be used to link a partial IP address and city-level location from a search query) then it seems like Qwant is giving Microsoft the ability, even if unintentionally, to link IP address and search.

I do not know much about DuckDuckGo, but from an initial read the privacy policy is much more vague than Qwant's, not mentioning any specific information that is shared. As they are a US company, they are also not covered by the general data protection regulation.

I agree and I'll add a disclaimer or something. DuckDuckGo says this:

In order for our product to function, we share anonymous browser and device information with our hosting and content providers for security and display purposes (for example, that you’re using a mobile device )*

[–] me_ow@feddit.nl 4 points 7 months ago

Fair points. Thank you for amending your comment 👍. I wonder in which situations Qwant sends the full IP address specifically. The wording is a bit vague

[–] redxef@scribe.disroot.org 1 points 7 months ago

Any company doing business with EU residents has to comply with GDPR, even if it is not from the EU.

[–] accideath@lemmy.world 3 points 7 months ago

DuckDuckGo claims to also use more than just Bing.

[–] some_guy@lemmy.sdf.org 3 points 7 months ago

Thank you for informing us. This is what I wanted to know.

[–] FIST_FILLET@lemmy.ml 3 points 7 months ago (1 children)

what are you making misleading claims about Qwant for??? if you click your own damn link you’ll see that the only case where they need to collect your name is if you make an account (completely unnecessary), make a de-listing request (to verify that you are who you say you are before removing something, otherwise i could just go and have jeff bezos removed), or if you report something.

also, 80% of your bullet points after “user agent” are redundant because they are literally just what makes up a user agent. newsflash: every single website you ever visit in your life collects your user agent because it needs to know whether to give you the mobile or the desktop version of the site. this has nothing to do with privacy in this case, you’re just slandering to slander

[–] LWD@lemm.ee 3 points 7 months ago (1 children)

I updated my comment to remove name and email. But I maintain the stuff after "user agent" isn't redundant because part of it is your IP address and another part is your location, neither of which appear to be included in your browser user agent string.

[–] Jakeroxs@sh.itjust.works 2 points 7 months ago

They're getting the location from your IP

[–] FIST_FILLET@lemmy.ml 0 points 7 months ago

DuckDuckGo is US-based and founded by the person who previously founded “The Names Database”.