this post was submitted on 04 Apr 2024
153 points (96.4% liked)
Firefox
17952 readers
437 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Mozilla didn't choose privacy. Qwant sends you IP address to Microsoft when you search on their platform. If you want a more responsible search engine, DuckDuckGo is still the way to go.
Update 3: DuckDuckGo also sends along more information than I originally noticed, including "anonymous browser and device information with our hosting and content providers for security and display purposes (for example, that you’re using a mobile device)"
The information collected by Qwant includes...
Qwant may (will) transfer to Microsoft:
Update 2: removing name and email as that's only for optional account creation
Update 1: Qwant wants you to disable your ad blocker
doesn't duckduckgo do the same thing at this point with tracker links? it also uses bing
What tracker links?
DuckDuckGo's policy is much less specific but makes it a point that they aren't sending your exact IP address to Microsoft or anybody else for any reason. Among other, IMO even better policies.
last we checked they preserved the tracker links bing themselves would use on results, which you had to opt out of.
Can you be more specific?
I would use SearxNG instead, using a public instance like searx.be. It is really lightweight, gets results from multiple indexes and is very privacy-friendly.
Honestly, I set up SearxNG on my own server, and it's not very nice to use, not very configurable and doesn't return high quality results. It's also kinda slow. Maybe I'm missing something?
It is recommended to use a public instance because it makes it harder to fingerprint you off of your searches. It gets most results from Google and Bing, so you will have similar search results. I haven't experienced any slowness yet, so I can't say anything about that.
@isVeryLoud @hash0772 I had similar experience. I was able to resolve the slowness by enabling swap on the vps. What was worst is that over time Bing and Google API changed and it stopped working, took quite long troubleshooting. Occasionaly I would hit some kind of rate limit and got nothing from Google. It was too much hassle and not worth the vps cost.
Cost is whatever since this VPS is being used for other things.
I'm a bit confused about swap solving things though since it's unlikely to be a memory issue.
@isVeryLoud It was for me, I monitored the server and each query would bump up the memory quite a bit. But that sucker had only 512 MB I think. It could've been some issue that's already fixed with newer Searx versions.
Ah that would definitely be it, my VPS has 4 GB of RAM and runs other services just fine. I set it up about a month ago.
You can try it yourself: https://searx.veryloud.ca/
I'm sorry but that is not correct. In the link that you shared to their privacy statement it is explicitly stated that they do not collect your identity when using the service. They say that your identity " is the information we use to ensure that you are who you say you are when you make a de-listing request, report or create an account. This includes: first name, last name, email address."
Furthermore, unlike duckduckgo which to my knowledge relies entirely on Bing's search index, Qwant does actually index the web itself and only uses the Bing index when a search returns insufficient hits from their own index. When they query the microsoft index they send the following data along: "Search keywords; Information about the browser you are using (the User Agent); The first three bytes of your IP address; The approximate geographic area at the origin of the search, at the scale of a region or city; The salty hash generated from your IP address, your User Agent and a salt changing no later than every 3 months; A random token generated by Qwant (aiming to limit data cross-checking)."
I do not know much about DuckDuckGo, but from an initial read the privacy policy is much more vague than Qwant's, not mentioning any specific information that is shared. As they are a US company, they are also not covered by the general data protection regulation.
In general, both search engines seem to do a good job at protecting users' privacy, which to me sounds like something that should be encouraged, not polluted with misinformation.
You're probably wondering why I say "your full IP address" versus "partial IP address"; you quote the policy correctly but you missed a separate but crucial section in the privacy policy:
The transfer happens separately from searches, sure, but if two requests get sent to Microsoft at the same time and with the same parsable information (the full IP address from the security query can be used to link a partial IP address and city-level location from a search query) then it seems like Qwant is giving Microsoft the ability, even if unintentionally, to link IP address and search.
I agree and I'll add a disclaimer or something. DuckDuckGo says this:
Fair points. Thank you for amending your comment 👍. I wonder in which situations Qwant sends the full IP address specifically. The wording is a bit vague
Any company doing business with EU residents has to comply with GDPR, even if it is not from the EU.
DuckDuckGo claims to also use more than just Bing.
Thank you for informing us. This is what I wanted to know.
what are you making misleading claims about Qwant for??? if you click your own damn link you’ll see that the only case where they need to collect your name is if you make an account (completely unnecessary), make a de-listing request (to verify that you are who you say you are before removing something, otherwise i could just go and have jeff bezos removed), or if you report something.
also, 80% of your bullet points after “user agent” are redundant because they are literally just what makes up a user agent. newsflash: every single website you ever visit in your life collects your user agent because it needs to know whether to give you the mobile or the desktop version of the site. this has nothing to do with privacy in this case, you’re just slandering to slander
I updated my comment to remove name and email. But I maintain the stuff after "user agent" isn't redundant because part of it is your IP address and another part is your location, neither of which appear to be included in your browser user agent string.
They're getting the location from your IP
DuckDuckGo is US-based and founded by the person who previously founded “The Names Database”.