Aren't all search queries available to whoever hosts an instance? In my eyes this is much worse to privacy and a much bigger risk unless you really know who is behind your chosen instance. I would trust some a company a bit more with safeguarding this information so it does not leak to some random guy.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
I've always gotten the impression it was mostly intended to be self hosted. I've self hosted it for something like a couple years now, runs like a clock. It still strips out tracking and advertising, even if you don't get the crowd anonymity of a public instance.
Self hosting doesn’t make sense as a privacy feature because then it’s still just you making requests to google/other SE
It's not useless, it removes a lot of the tracking cookies and such and sponsored links loaded with telemetry. Theoretically you can also get the benefits of anonymity if you proxy through Tor or a VPN, which I originally tried to do but turns out Google at least blocks requests from Tor and at least the VPN endpoint I have and probably most of them. Google or whatever upstream SE can still track you by IP when you self host, but its tracking is going to much less without the extra telemetry cookies and tracking code it gets when you use Google results directly.
But yes, practically you either have to trust the instance you're using to some extent or give up some of the anonymity. I opted to self host and would recommend the same over using a public instance if you can, personally. And if privacy is your biggest concern, only use upstream search providers that are (or rather, claim to be) more privacy respecting like DDG or Qwant. My main use case is primarily as a better frontend to search without junk sponsored results and privacy is more of a secondary benefit.
FWIW, they have a pretty detailed discussion on why they recommend self-hosting here.
As someone who hosts an instance, news to me lol
Edit: Developer says this can't be done currently? Reddit comment
Of course it can be done, check your web server logs.
If you are using GET requests to send search queries to searxng, what you searched for will show up in the logs as
2024-10-31 123.321.0.100 /?query=kinky+furry+pictures
If you use POST requests the server admin can also easily enable logging those.
People hosting searxng can absolutely see what you searched for, along with your IP address, user agent string etc.
Well my instance’s logs are sent to null for this reason already, but thank you for the info!
Thanks for clarification and great that this is not included in project, but couldn't someone change the server side code and somehow see more info that goes through?
I know there is that HTML check in https://searx.space/ to see if search interface code is not heavily modified, but on server side anything could go on.
If requests are encrypted in a way that searxng does not see contents then it probably is not trivial to do, but there always is a possibility something clever could be done.
Companies are definitely selling your data. Use a VPN.
A VPN will not save you, they are easily worse for privacy in terms of user tracking. It centralises your entire web traffic in a single place for the VPN provider to track (and potentially sell).
You either trust the ISP or a VPN. Its a tool not a blanket of protection. Opsec and knowing how to move is most important.
Man, i wish i had the same experiencr
The couple of times I tried it out, the search results where barely accurate
Try kagi. It's paid at $5/mo., but you get 300 searches to try it out.
I mean it's often better than nothing, but it is a meta search that still often uses Google or Bing to gather results. IMHO, cut off the need for that data on the whole and use an option like Mojeek
For all their talk of doing things different with their own index and rankings. Mojeek is following exactly what Google did. It's still an ad based business model that makes users into products to be sold to advertisers. They're good now, while still trying to build market share. But once their investors get hungry, the enshitification will commence.
we make money mainly from our api, our investors are patient private capital and we don't take vc, appreciate your point but these are fundamentally different situations, our ads (when they run) will also be contextual so more of a ddg situation than a "makes users into products to be sold to advertisers"
fair enough if it's not for you though
I don't know if the comparison is inaccurate.
You make money from advertising to your users ("ddg situation" notwithstanding), are beholden to your investors (private status notwithstanding) and need to see more users to increase revenue. The person above you is saying that this model is what will drive you to eventually be as bad as Google. Do you understand?
Mojeek is cool, but trying to search something in my first language results in 0 results find.
which language are we talking?
Been rocking self-hosted Searxng for the last 3 weeks now as my default search engine; it's as good or better than DDG and certainly better than Google. Results I need are usually within the first three items, no extraneous shit.
I thought I'd just try it out, but it's staying. The ability to tune the background engines is awesome. My search history is private (though I wasn't that worried about DDG, there was no way in fuck I was using Kagi) since it's running it's searches via a VPN and returning me results locally.
it’s as good or better than
It's only as good as the search engines you select. Which ones have you selected?
I stopped using it not because of the results but because you couldn't swipe back without it sending you to the base website.
On DuckDuckGo (and google n others) a search is shown in the URL like looking for frog:
https://duckduckgo.com/?q=frog&t=fpas&ia=web
However in SearXNG it just shows
https://searxng.world/search
Which I don't have an issue with, however when you click on a link and then go back to the search results it would have no idea what you searched for as it's not in the URL and show an error.
That aside, the UI is great. icons don't swap around on you like Google or have annoying popups about 'privacy' like DDG. On the topic of search results, it was good enough for me. Not great but then again there aren't any good search engines right now.
it's like using google from 2000's; thanks for sharing
If you set it as your default search in chrome or such, it will convert the Google search bar in Android to a SearXNG search bar. I started using it a little while back. Firefox never did well for me on Android (I'm sure it's anecdotal)
I'd use it if its public instances didn't get rate-limited so often
Whoogle is a good option for self hosting as well
btw