DuckDuckGo or Startpage – Update (March 2, 2017)

24. October 2016 Security 27
DuckDuckGo or Startpage – Update (March 2, 2017)
Click here to see the changes, updates and notes.
  • March 2, 2017:
    Based on a conversation and email correspondence with Gabriel Weinberg in December ’16, as well as several emails and follow up emails with DDG and StartPage and additional research:
    – Added a note regarding ixquick.eu in the intro.
    – Changed “Look and Feel – Homepage” – DuckDuckGo adjusted their index page so information that was previously in a slider is now available just by scrolling down.
    – Changed “Look and Feel – The search” – Removed the mention of Yahoo helping DDG get fast loading times as Yahoo had nothing to do with this.
    – Changed section title “Interesting Partnerships” to “Partnerships and Hosting”.
    – Changed “Look and Feel – Search results, Images – StartPage” – Added additional information.
    – Added “Omissions”.
    – Changes to “Interesting Partnerships – DuckDuckGo and Amazon” to correct my assumption traffic contents to and from DDG is visible to Amazon.
    – Changes to “Interesting Partnerships – DuckDuckGo and Yahoo” Added explanation for the DDG removal of Yahoo logo and Yahoo web pages from their site.
    – Changes to “Logging” – Removed “In the case of DuckDuckGo it’s hard to say if Amazon and/or Yahoo log any sensitive data flowing to and from their servers.” as it was based on the same assumption about traffic contents to and from DDG.
    – Changes to “Location – DuckDuckGo” – Removed reference to Yahoo as US based company as, from what I understand, only Yahoo technologies are used, not actual servers or infrastructure. Also added quote from DDG and some more text.
    – Changes to “Additional features – DuckDuckGo – Bangs” – Explaining privacy implications of using bangs.
    – Changes to “Additional features – StartPage – Maps” – Mentioning OpenStreetMap integration.
    – Added “Certification”.
    – Added “Referers”.
    – Added “Behind the Engine”.
    – Added “Law”.
    The previous version (original) of this article can be found here.

 

As this has become a fairly lengthy article, I have created topic shortcuts that make content easier to find and/or to link to.

Click here to see all topics this article covers.

 

In 2013 I wrote a basic comparison between DuckDuckGo (DDG) and Startpage. That article has since been viewed several hundreds of thousands of times and I receive regular requests for updates. Has anything changed since then? Is DDG the new king? Let’s find out.

Last time I explained why Startpage was my search engine of choice. This time I’ll do a side by side comparison of both covering features and everything that matters when it comes to privacy and security.

I use startpage.com in most of my examples but you can use ixquick.com as well. Everything mentioned in this article applies to ixquick.com too as the two sites have merged earlier this year. There is also ixquick.eu which returns results from search engines that are not Google (Yahoo, Yandex, Statesman). I found no visible difference in use of ixquick.com or .eu so I won’t mention .eu in the rest of the article. NOTE: Due to Google’s recent omission of content that affected StartPage, the ixquick.eu site is mentioned once as an alternative engine.

Look and Feel – Homepage

The vast majority of people I know, don’t use a search engine’s homepage to perform a search. Instead they use the browser’s address bar or designated search field. This doesn’t mean there are not a lot of people out there using search engines the classic way; open searchengineofchoice.com > type search. So the homepage can be important as a lot of people see and use it often.

StartPage

startpage-homepage
Startpage.com front page

A clean and simple homepage. Rather than having additional links and information in a slide deck it’s readily available without making the page appear messy or crowded. To learn more about how StartPage works I can click the arrow at the bottom of the page which just extends the current page. When I’m done reading I just scroll up and enter my search. They make adding the search engine to your browser very easy too, it’s right there. “Add to Firefox” (or Safari, the URL and wording adjust depending on the browser you use to visit the page) shows a small information window with instructions and you’re done in just a few seconds.

DuckDuckGo

Also clean and simple and easy to see where to type to start a search. Previously an impractical slide deck presented additional information but took you away from the index page. DDG changed this so now all one has to do for additional information is simply scroll down. A much better experience and actually smoother than that of StartPage as the ‘down’ button does not even have to be clicked, just scroll and read. Once done reading you can dismiss that information forever and all you’re left with is a clean index page with a search bar (which can also be invoked by going straight to start.duckduckgo.com).

This one goes to DuckDuckGo.

Look and Feel – The search

Here there are really only two things that matter, for me anyway. Search suggestions as I’m typing and how fast it performs the search and loads my results.

Search suggestions
Both engines can do it. DDG does so by default but for StartPage you have to enable it in the settings.

Speed
DuckDuckGo loads results faster. Of course being served through Amazon AWS helps a lot in this regard. When it comes to web results, the engines are matched. However on an image search StartPage is clearly slower. Slow enough to notice the difference but not too slow to be annoying.

DuckDuckGo is superior here.

Look and Feel – Search results, Web

The page every user will see, regardless of which search method they use, is the results page. The search results must be accurate, relevant and easy to read. Loading more results or switching between “web”, “image” and “video” should also be easy to do. Finally no-one likes to scroll to get to what they’re looking for (though this of course depends on how clear the search term is) For this example I used the following search query: “Apple privacy policy”.

StartPage
startpage-search-results
After a pretty big block of ads, the page I was after is listed first. I didn’t have to scroll. The layout is standard what we’re used to from a search engine but the colors and font size choices make it look a bit messy and not as easy to read at a glance. The placement of the URL directly underneath the title is also not something I’m a big fan of. The search tools to select a time frame to search in are available on the left and don’t require additional clicking to get to. Where StartPage shines when it comes to privacy, is the proxy. They load the website for you and display it in a frame. As far as that website knows, you were never there. Any browsing you do on that site is routed through the proxy as well so your click away. It’s a great feature.

DuckDuckGo
duckduckgo-search-results
My results are the first thing to show up and ads are pushed to the side (occasionally one ad would show at the top of the list, the rest would still be off to the side). This is the way it should be in my humble opinion. The page I was looking for is first in the list so no scrolling required. The layout is standard but the use of color (lack of), font, font size and favicon makes the way these results are displayed much easier to digest. Search tools are hidden behind the “Anytime” button rather than shown by default and a globe button allows you to narrow the search down to a specific region which can be very useful. In this case setting Brazil as the region showed me the URL to the Portuguese privacy policy just a few places down in the results list.

Easy to read VS extra privacy features? I have to go with StartPage. If it wasn’t for the proxy though, DDG would have won this hands down.

Look and Feel – Search results, Images

I search for images A LOT so having a clear presentation and of course relevant results is very important. The ability to quickly pull up similar images is also a big deal for me. but unfortunately neither engines offer this feature. For the images test I used the search query: “White cat with green eyes”.

DuckDuckGo
duckduckgo-white-cat-image-search
That’s a lot of white kitties with green eyes. As expected, I got the results I wanted. Click on an image to see the dimensions and a link to the actual file. Basic filter options let me select a size of small, medium or large. Offering an image search is new since I wrote the last article. At that time DDG was unable to do this.

StartPage
startpage-white-cat-image-search
Here as well, all the cats I expected to see. The layout is the same on both engines and while there are currently no filter options to select an image size or type, there are a few other really nice options and additional filters are coming very soon. First, the option to visit the page the image is on, very useful if you want additional info on the image or the story that goes with it. Second, the option to visit the page anonymously, this is the same proxy feature mentioned earlier which loads the page in a frame. Last, that good ‘ol proxy to view just the image. At the time of writing, yours truly was shown some new image filters that will be rolling out within the next month. Something that makes me very happy as these filters are what I miss the most from Google.

Image filter: image size
Image filter: color

The ability to select size, color and type are a huge deal to me and I really look forward to testing these filters out. Thanks to StartPage for providing this sneak peek.

Note: While the first results were mostly spot on, DuckDuckGo started mixing in other content much faster than StartPage. Meaning after scrolling just once on the DDG results I started seeing black cats with blue eyes, random color cats with yellow eyes etc. On the StartPage results this happened too but there were much more white cats with green eyes preceding it.

For both the amount of accurate images it pulled up and the proxy options, StartPage takes this round. The upcoming image filters from StartPage did not influence this decision as those filters are not live yet and their performance is yet to be tested.

Look and Feel – Search results, Videos

For this one I went back to the “Apple privacy policy” search. There are just wayyyy to many cat videos out there..

DuckDuckGo
duckduckgo-videos-results
DDG pulls up relevant results and displays a privacy warning when clicking on a video. No filter options though.

StartPage
startpage-videos-results
StartPage, same story. Relevant results and a privacy warning when clicking on a video. Unfortunately their proxy can not help here. A nice addition is the menu “Relevant” which can be changed to “Popular”, “Recent” or sort the results by playback time of “Short”, “Medium” or “long”.

The engines are matched when it comes to video search but StartPage takes this one home just by offering some useful filter options.

Browser integration

In the 2013 article I mentioned one had to install additional software; Glims, to be able to add StartPage as a browser search engine. Luckily StartPage can easily be added to Firefox and Safari now. For Safari the site downloads an extension that takes over the built-in preset search engines and for Firefox it’s as easy as just clicking a button and changing a setting. Once added, it works as one would expect. Type a search into the address bar and Startpage will take over and show you the results. In Firefox you can use the address bar or the designated search field next to it, the results are the same. StartPage was added to Vivaldi and Brave but not to any of the major browsers yet.

For DuckDuckGo, browser integration is a lot easier (which is likely why they don’t offer buttons for it on their homepage), Apple has chosen to offer DDG as a search engine option. No need to install an extension, just change the setting from Google to DuckDuckGo and Safari is all set. The same goes for Firefox which has it’s default set to Yahoo. Go to settings, pull down the list of options and DDG is right there. If StartPage can get these vendors to build their engine in as an option it would go a long way to getting them more users. Almost everyone I know has heard of DuckDuckGo but has never heard of StartPage. Built-in presence would likely change that.

Again once StartPage has been manually added to your browser, it works like a charm. However just because of the easy change in settings and no additional clicking or downloading required, DuckDuckGo takes this round.

Omissions

Both DuckDuckGo and StartPage keep you out of the “Filter Bubble“. You get the raw search results and not any one content is prioritized based on personalization, how popular it is etc. However there can be a problem with the search results. For example, because StartPage uses only Google search results, Google’s omissions are passed on to StartPage. One recent example is naturalnews.com which was removed from Google in what was believed to be the war on “fake news” according to some or a technical issue according to others.

The point is, Google decides something is omitted from their results which automatically means it’s omitted on StartPage as well. This was not an intentional move from StartPage, it’s just a result of the way the service is set up. Now I do not keep track of which sites may or may not be omitted by Google (and are therefore missing from StartPage as well) but if you suspect search results are missing, try your search in https://ixquick.eu which uses results from non-Google sources.

StartPage was already aware of this issue when I reached out for comment and several options were being explored to prevent or correct this kind of thing in the future. Before the updated version of this article published, Google added Naturalnews.com back to their index so it showed up on StartPage again too. I decided to leave this section in to show the importance a search engine has access to multiple sources to generate it’s search results. Both companies get their search results from other companies and websites, they are not the ones that did the indexing of these result pages. Being dependent on others for anything can always carry a risk. I do feel DDG is better protected from a scenario like this as it draws it’s information from several sources but even for them, this could happen if their sources decide to omit content. (I believe this does not apply to Instant Answers on both sites).

Additional features

DuckDuckGo

• Bangs – Bangs are little codes you can add to your search to narrow your search to a specific website or service. For example a search for “!a shoes” searches for shoes on amazon.com. There are thousands of bangs you can use which can speed up your search a lot. Keep in mind that using these bangs will instantly connect you to the service you requested. For example typing “!g white cat with green eyes” and hitting return, drops you off on the Google website to display your results (thus logging your IP, search term and browser info immediately). It does not get you Google results inside DuckDuckGo. It is reasonable for DDG users to assume and expect a private search engine warns if there is a risk to that privacy being lost, like it does with Youtube videos but in the case of Bangs this does not happen.

• Adapting search tools – Depending on what you’re searching for, the default “web, Images, Videos” expands and offers more filters. Here are a few examples:

A specific search shows the default filters.
A specific search shows the default filters.
Search for an artist and additional filters show up showing useful and relevant info.
Search for an artist and additional filters show up showing useful and relevant info.
Typing "forecast" not only shows web results but a weather pane showing all the relevant info.
Typing “forecast” not only shows web results but a weather pane showing all the relevant info.
duckduckgo-4
“Local theaters” pulls up Yelp suggestions.


• Maps – Enter an address and a window-wide map is presented, powered by OpenStreetMap. You can zoom, pan around, make it fullscreen or open the displayed address in the Maps service of your choice including Apple Maps. It’s very slick and works great.

duckduckgo-maps-1
duckduckgo-maps-2
duckduckgo-maps-3

• Customization – You can select several themes that play with colors, font, font sizes, page width, alignment etc. but the default settings are the best I believe. Overall DDG has much more granular customization which allows you to tweak everything and set it exactly how you want it. I did not see any obviously missing features when it came to customization, there is something for everyone.

Click to see all available DDG settings.
Click to see all available DDG settings.


• Saving your settings – If you made changes to the settings, maybe a different theme and some font changes, you want to be able to save those tweaks so you don’t have to make them every time you use the site. DDG offers to save your settings to the cloud so you can easily load them on any device. You set a passphrase and it stores basic parameters. A quick test with several passphrase showed me how easy it is to load someone else’s data (and delete it). So if you put a lot of time and effort into customizing your DDG, make sure you set a passphrase no-one will easily guess because some clown can pull up your settings, change or delete them. Cloud save and the ability to pull up your settings on any device is a nice idea but the implementation needs work.

StartPage

• Proxy – The gem of StartPage is the proxy feature. I have mentioned it earlier but it’s worth repeating. Perform a search, then visit the desired page and browse it, all anonymously. It’s a feature that’s easily overlooked but worth exploring.

• Maps – Pulling up a map in StartPage can be tricky. Sometimes it’s clever enough to figure out you’re looking for a location and will show a map. Most of the times though, even if you enter a complete address, you have to add the word “map” to the search before the map shows up. StartPage has begun the transition to OpenStreetMaps and in a test site they granted me access to so I could see the implementation in action, it worked smooth. It’s still a small square image that can not be enlarged but I could zoom and pan around. A big improvement over the static Google Maps image that it replaces. Their OpenStreetMaps implementation will roll out in the next few weeks and additional functionality such as enlarging the map and/or opening a location in a 3rd party maps app may be added in the future.
Getting the new map to show in the first place is still hit or miss and how the map is displayed and can be interacted with is still not even close to what DDG offers. It is a step in the right direction though.

• Customization – The user has a choice between a few pre-set themes. They are equally bad as the presets seen in DDG. and there are no further tweaks you can make to enhance the visual experience. What StartPage does offer, is an option to select a continent when it comes to the server you connect to. But that’s it.

Click to see all the available StartPage settings.
Click to see all the available StartPage settings.


• Saving your settings – No cloud setting here but an option to save your settings as a cookie or as a URL (which acts as a cloud saved setting). If you frequently clear cookies from your browser or don’t accept them to begin with, the URL option is for you. Once you configure the settings to your liking, generate the URL and bookmark it, set it as your homepage or install it as a custom search engine in your browser.
startpage-save-settings

Behind the Engine

I was debating if I should include this section but after talking to a few people, decided there is enough interest in these details to include them.
StartPage is owned by Surfboard Holding B.V., a privately held, independent Dutch company, run by Robert Beens, whose only activities are operating StartPage, Ixquick and StartMail. No 3rd party investors or venture capital behind it as far as I could find. StartPage (and Ixquick) generates income solely from advertising (Google Ads).
DuckDuckGo is owned by Gabriel Weinberg who is is the founder, current CEO and controlling shareholder. Investors (/shareholders?) include Union Square Ventures and several others. DuckDuckGo generates it’s income from advertising (Bing Ads) and collects affiliate revenue (Amazon, eBay).

We covered quite a bit of ground here and kudos for making it this far. Surely you’re wondering about security and privacy at this point so let’s get to it.

Partnerships and Hosting

DuckDuckGo and Amazon – DuckDuckGo uses Amazon AWS for hosting, which explains the speed at which it’s able to crank out search results. One of the problems with using Amazon is the location the company is based in, more on that below. Privacy may be another concern. According to Amazon’s Data Privacy FAQ

“Disclosure of customer content: We do not disclose customer content unless we’re required to do so to comply with the law or a valid and binding order of a governmental or regulatory body.”

and by customer content they mean:

“software (including machine images), data, text, audio, video or images that a customer or any end user transfers to us for processing, storage or hosting by AWS services in connection with that customer’s account and any computational results that a customer or any end user derives from the foregoing through their use of AWS services.”

Your search query is typed text, sent to Amazon because that’s where DDG is hosted. After a chat with Gabriel Weinberg I realized this was of course a wrong notion. Thanks to the SSL/TLS encryption of the session the traffic contents between you and DDG are not visible to anyone else.

What is, or can be, a concern however is the way Amazon’s hosting servers are set up. Amazon AWS uses servers that run many virtual servers in them. Using a system called hypervisor (which is the software that creates and runs the virtual machines) it allows Amazon to run a lot of guest machines on a single piece of hardware. If you use Amazon AWS, you’re using one or more of those virtual machines, or guest machines. Amazon has access to the hypervisor and therefor access to all the virtual machines that run on it. Amazon has the ability to log into the hypervisor and they do so when required by court order, when requested by a customer (under certain circumstances), or when an Amazon director authorizes it. With access to the virtual machine that runs the DDG website… imagine the possibilities. SSL/TLS won’t mean a thing if there is root access to the hypervisor and everything running on it. I’m not saying this has happened or is currently happening. I’m simply pointing out that being a U.S. company, with resources hosted on hardware owned by another U.S. company, can pose an issue for privacy and security. DDG mentioned their virtual server infrastructure uses encryption.

StartPage and hosting – Physical hardware servers on multiple continents that are owned, controlled and administered by StartPage, hosted in colocation facilities. The host facilities can not log in to the servers and encryption is used in several ways. Servers are located in The Netherlands, California and the state of New York but who the colocation hosts are is unknown.

DuckDuckGo and Yahoo – On October 4, 2016, news was published showing Yahoo had secretly been scanning customer emails for the government. The “In partnership with Yahoo!” text that graced DuckDuckGo’s pages (Still visible in the screenshots I took while writing this article) was quickly removed, as was their webpage that explained the Yahoo partnership and technical details. DuckDuckGo has been working with Yahoo since the very beginning, most people just weren’t aware until the partnership was officially announced. Reactions to the news can be seen here in a blog post. DDG pointed out to me that the pages and references of Yahoo were removed because the Yahoo implementation did in fact change on the back-end and are no longer relevant. “In particular, the previous implementation used https://duckduckgo-owned-server.yahoo.net, and that server is no longer in use.” The way I understand it now is that DDG never used Yahoo server(s) but only their technologies that drive some of the features on the site and perhaps anonymized search results. This means there is still a partnership with Yahoo but the removal of the logo was just for PR reasons, which is understandable. After reading the DuckDuckGo / Yahoo Technical Details page, it does indeed show Yahoo’s physical servers were never used.

To get access to the most relevant Yahoo technology, due to contractual obligations that call has to be associated with a Yahoo domain, in this case, duckduckgo-owned-server.yahoo.net. To make sure this call does not violate our privacy policy, Yahoo delegates this domain to us via DNS. In other words, duckduckgo-owned-server.yahoo.net is operated by DuckDuckGo and runs solely on our servers. Yahoo does not have access to these servers in any respect.

This does make me believe the DuckDuckGo/Yahoo partnership is/was not a reason for concern when it comes to privacy. What I do find interesting and probably needs further investigating is that DDG states “we have never used any servers but our own”. According to an older article I found most of the DDG components run on Amazon AWS. Being hosted in a virtual machine owned and operated by Amazon, to me, is not using your own server.

StartPage and Yahoo – No partnerships there. Their site ixquick.eu did serve up anonymized Yahoo search results but stopped doing so when the previously mentioned Yahoo news became public.

The issue was raised that “Google has been known to shut down anyone trying to access their service anonymously, and I know of several companies that have been refused contractual access if they didn’t share with them a unique user identifier”. This may mean that for DDG (using results from various engines) and StartPage (using Google) to use those search results and ads there must be some kind of deal that give them some kind of valuable information. Does the contract between the search engines “create any persistent unique identifiers like by hashing the IP?” Interesting point and one I had not thought of until it was brought up, so I asked both DDG and StartPage “Did Google, or any of the other engines you use request user data in one way or another” For example the mentioned unique user identifiers like hashed IP’s. Both companies replied:

DuckDuckGo and other search engines – “With regards to your question about engines requesting user data, they do request it, and we don’t give it. This is especially important around ad networks because they are intrusive, but also from their perspective, they have to protect their advertisers against fraud, and there is a lot of fraud on the Internet. I believe most private search engines have good intentions, but without significant technical background, I can see them getting tripped up and may provide a persistent unique identifier when they didn’t intend to (like by hashing the IP).”

StartPage and Google – “StartPage purchases search results from Google because they are known to be the best in the world. We also run Google ads. We have negotiated a very strict contract with Google to ensure user privacy is protected. We NEVER create any persistent user identifiers to send to Google, and we never transmit even a portion of a user’s IP, to safeguard our users’ privacy.”

Both DDG and StartPage pay for the right to use the results from other engines and have agreements in place that allow them to do this without sacrificing user privacy.

I asked both DDG and StartPage if they are willing to share the contracts they have with the engines they draw search results from. Of course these kinds of agreements are covered by NDA’s so neither could share any of that information. Expected but was worth a shot.

Another issue that was raised was “if you outsource server maintenance, who’s to say who has access to the root account on these machines anyway from a software perspective”. Valid point. You can own and operate your own servers but if maintenance is outsourced, how do you control whom has access to what? Also, who does the maintenance and where are they located? The relevance of location is detailed in the next section. So, the who, what and where details were asked of both companies:

DuckDuckGo and technical staff – Gabriel Weinberg commented: “It is all done in-house, we have two factor security on everything, we limit access to our ops team, etc. etc.”

StartPage and technical staff – “Like many companies, StartPage works with individuals (whether as employees or through contracting) with whom we have longstanding relationships. But we also have a dedicated technical team in the Netherlands and strict controls to ensure work meets our strict privacy specifications. For example, we use multi-factor authentication and limit server access to just a few individuals. Contracted work is an aspect that is closely scrutinized by our 3rd party EuroPriSe code auditor.”

Looking at the EuroPriSe certification, details show the following:

Surfboard Holding BV, the owner of Ixquick, has a contractual relationship with Web Intensive LLC, having its registered office in New York that develops software for Ixquick, and is monitoring and doing maintenance work on the assets, equipment, servers, software, networks and other components relevant to the operation of Ixquick. Web Intensive LLC has a subsidiary in India that performs the abovementioned activities.

The required data export and data import agreement (Commisson Decision C(2010)593) has been duly signed by Surfboard Holding B.V., WebINTENSIVE Software LLC and its Indian subsidiary and checked on compliance.

DDG states it has all it’s staff in-house however according to their careers page on one of their open positions: “We are a small, remote team in different time zones and communicate with a variety of tools throughout the day” and another page mentions “The majority of our staff work from home or shared office spaces in countries all around the world” There is nothing wrong with this arrangement, but my definition of “in-house” is different. However this is 2017 so.. things change. It appears that both DuckDuckGo and StartPage have what I would call “remote workers.”

StartPage outsources part of the technical work to a US company that in turn outsources to India. Their 3rd party certification however is aware of this, saw the agreement involved and states is up to snuff.

Personally, from a security perspective, I feel whether you outsource to another country of have your own employees or contractors in another country.. it’s the same thing. Unless the staff that do server maintenance, for example, are in the same building where data traffic, access and assets can be closely managed, you don’t really know what goes on at all times, you just can’t. Both DDG and StartPage have remote workers, but say they keep a close eye on quality. StartPage backs up its quality with a 3rd party certification by EuroPriSe, and any outsourcing or remote work is closely scrutinized through the audit process. DuckDuckGo does not have this kind of audit to provide quality assurance.

Location

You might wonder, why is location relevant? The biggest concern is government surveillance, something on a lot of people’s minds ever since Snowden.

DuckDuckGo is a U.S. based company and their hosting is done on Amazon servers. Amazon is a U.S. based company which means it’s subject to U.S. legal pressure. Being subject to surveillance mandates like PRISM and laws like the U.S. Patriot Act make it a less than desirable location for anything you want to keep private and secure.

StartPage is based in The Netherlands, where privacy is protected by law, so it is not subject to the same mandates and laws which is one (BIG) less thing to worry about. They own and operate their own servers in colocated facilities both in the U.S. and internationally.

Every search engine I’m aware of hosts servers in multiple countries, DuckDuckGo and StartPage are no different. Of course the facility/company hosting the StartPage servers in the U.S. can be compromised by the government and because of gag orders StartPage will likely not know if there is any tampering with their servers or any data being intercepted. However in this case it’s Amazon VS unknown company somewhere. Who do you feel is a better host/location for your search queries? Of course you can set StartPage to just use a server in the EU or Asia instead and not use the U.S. server at all.

startpage-server-selection
StartPage server selection

startpage-server-selection-1

When it comes to the ability to choose your server, DDG had the following to say:

“DuckDuckGo has servers around the world, and if you are in Europe you will be connected to our European servers. It doesn’t make much sense in terms of privacy to be in the US and set a European server since your traffic has to go through the US to get to Europe in any case, and we are not storing any personal information in the US (or anywhere). All that would get you is a slower search experience.”

Which of course makes sense from a usability perspective. After some more research I’ve also found that even if DDG offers the option to manually select a non-U.S. server, it really doesn’t matter from a privacy standpoint. DuckDuckGo is a U.S. company it is subject to U.S. laws, period. This means even their servers in other countries are fair game if the government wants the data that’s on them. This was made clear in the recent case where Google was ordered to comply with a warrant to turn over emails that were stored on overseas servers. While DDG does not store any data, so there is nothing to hand over, don’t forget the SSL keys are stored on the servers as well.

When it comes to privacy, location is a big deal. A U.S. company’s privacy intentions, no matter how sincere, can be derailed if it’s served a national security letter (NSL). As those always include a gag order, the public won’t know if their information is compromised until it is too late. However DDG pointed out to me this perception is not accurate:

In fact, those letters have to operate under legal authority, and there is no clear authority to force a company to create new code and collect new information. Instead, the legal authority operates on asking for existing business records, of which we have none. This is why the recent Apple case was such a big deal. Independently, if you’re worried about government surveillance, you have to similarly analyze the legal situations in other countries. If you’re worried about organizations like the NSA in particular, you also should note that inside the US they have legal restrictions (they cannot spy on US citizens) that prevent them from taking certain actions, but outside the US they have no such legal restrictions, and are therefore free to operate clandestine operations without any similar threat of legal recourse.

Organizations like the NSA, FBI and CIA, just to name a few, do have legal restrictions which means they can not spy on US citizens which should put all our minds at ease, if that’s the way it actually worked. The NSA has been caught doing, pardon my French, all kinds of shady crap in the past, including spying on US citizens. Just because they, and other branches of government, shouldn’t, does not mean it hasn’t happened and/or is happening right now. It takes people like Snowden for the truth to come out which can take years or never happen at all.
All that said, I do want to point out that both DDG and StartPage do not collect any personal information or information that should be of value to a government agency, wherever they may be located. With nothing stored to hand over if served an NSL, apart from maybe those SSL keys, is being based in the U.S. really that much of a concern? You be the judge. The topic of location has many many angles, too many to explore or mention in this article. If you are concerned about the impact location may have on your privacy, in regards to search engines, search the web, see how laws apply and have been applied/abused in the past. Do your homework and make up your own mind (and feel free to share the results of your homework in the comments for other readers!)

Logging

Nothing has changed here. Your IP address, search query, what site you came from and what site you click on in the results, none of this is logged. That is, by the search engine operators themselves.

Encryption

Both sites use strong encryption with TLS. Pretty much the standard but let’s have a virtual expert take a look at it. Using Qualys SSL Labs I pulled up both sites and got the following results:
StartPage


DuckDuckGo
duckduckgo-ssl-score
Enough said, certificate security is not an issue on either site. If you want to analyze a full breakdown of the results just visit Qualys SSL Labs and plug in the domain you want to check.

Certification

StartPage has been audited by a 3rd party; EuroPriSe. They look at much of the same things that were covered in this article such as use of cookies (all kinds), logging, web hosting and content delivery networks, use of social plugins and much more. This certification is renewed every two years. Having a trusted and respected 3rd party verify your claims is a big plus.

Surfboard Holding B.V. proved that its meta search engine which is provided under the names “Ixquick” and “Startpage” complies with EU data protection law. Users of Ixquick and Startpage can be sure that processing of their personal data which is related to their use of the meta search engine is in line with the high requirements of EU data protection law. (source)

DuckDuckGo has no 3rd party certifications.

With DuckDuckGo based in the U.S. theoretically it does have one thing going for it; the law. At least in the case of their privacy policy. If DDG violates it’s own privacy policy they can be sued by the FTC and lose all of their customers in the process. The FTC’s press releases indicate that in just a few extremely egregious cases of blatant misrepresentation they have taken action, often with no financial penalty. Based on their history it is extremely unlikely they would be aware of or care about, for example, technical implementations that are problematic or not as strong as they could be which makes the FTC threat much less threatening. Does this make it just as good and trustworthy as a 3rd party certification? I’ll leave that up to you.

Referers

Defined by Wikipedia as “The HTTP referer (originally a misspelling of referrer) is an HTTP header field that identifies the address of the webpage (i.e. the URI or IRI) that linked to the resource being requested. By checking the referrer, the new webpage can see where the request originated.” Basically it tells a website where you came from. One way to see if your search engine enhances your privacy by not sending referer data is to do a search for “What is my referer”. One of the results that pops up is “whatismyreferer.com” which simply does the following: “This service is mainly used by people who want to test whether their anonymization service or their browser settings work correctly.” Click on that and see if they were able to make out where you came from.
DuckDuckGo

StartPage

As you can see, DDG sends a referer, StartPage does not. This is because StartPage uses POST and DDG uses GET by default. By using POST StartPage avoids transmitting the referer which hides the search term and search engine when you click on a search result. It also keeps that referer information out of referer logs and your browser history where browser extensions, malware or snoopers can find it.

In the settings on the DDG site you can disable GET so that POST is used, however in my testing once GET was disabled and settings were saved my referer still popped up. This was tested in several browsers on several computers. DDG states GET is their default for better usability (for example, you can use the browser’s back button) and they use a variety of methods to strip search terms from the referer. The end result, even though both engines use different techniques, is that your search term is not known to the site you visit after clicking a search result. With your search query private, is it a big deal that the domain itself is visible? I don’t think so but the domain being passed on might be a turnoff for you.

Law

At this point this deserves it’s own section as it was pointed out I “spend a good portion of the article talking about the US, but literally zero talking about the equivalent legal situation in the Netherlands and European Union.” Which is fair. And there is a reason my focus has been on US law and not Dutch law, there really isn’t much to mention about Dutch law that impacts this conversation. Does the Dutch government have investigatory powers like every other country in the world, yes. I’m sure they do their own fair bit of snooping and intercepting as well just like every other country. The biggest problem in the US however is The Patriot Act and is what underlines the problem with hosting a private and/or secure service in the US. There is no “Dutch Patriot Act” or equivalent to the National Security Letter (NSL) and gag order that accompanies them. Being based in the US is part of the reason privacytools.io removed DuckDuckGo from their top recommended search engines, thanks to laws like the patriot act and surveillance programs. No country is perfect and The Netherlands is no exception but when it comes to laws that protect your privacy, it stands far above the US.

And unlike with the FTC in the US, there is a far more serious slap on the wrist you can get in Europe for violating user privacy. Under the current Dutch Data Protection Act, the Dutch Privacy Authority has the possibility to impose fines of up to €820.000 or 10% of the annual turnover, for infractions of applicable privacy laws and regulations. In May 2018 the General Data Protection Regulation will enter into force, which will provide for the possibility to impose fines up to €20.000.000 or 4% of the total annual worldwide turnover of the preceding year, whichever is higher. Such fines can be imposed in the event personal data is processed without consent or another legitimate ground for processing of personal data under the law. (If personal data is processed in violation of the applicable privacy policy, this would mean in principle that there is no consent, and probably no legitimate ground for processing.)
The definition of personal data under European law includes any information relating to an identified or identifiable natural person, and is generally construed much broader than the US definition of personally identifiable information (PII). For example, IP-addresses are generally presumed to constitute personal data under European law, while IP-addresses are generally not held to be PII under US law.

I can go on but US VS Dutch privacy laws and regulatory agencies can easily be researched online if you want to further look into this.

I did ask both companies the following question: “if you were served an NSL or were commanded to compromise your service/customer privacy in any way, would you and could you just pull the plug like Lavabit did or would you run into opposition from shareholders/investors that would prevent you from doing so?” Both companies replied:
DuckDuckGo – Gabriel Weinberg said: “No one is preventing me from doing that.”
StartPage – “If we receive a request from any foreign government, including the United States, we will refuse to comply. Under the strong current laws that protect the right to privacy in Europe, European governments cannot legally force service providers to implement a blanket spying program on their users. Were that ever to change, we would move or close shop.”

And the title of most private search engine goes to:
startpage-banner

DuckDuckGo is superior when it comes to the user experience but a smooth interface is not their selling point, privacy is. And when it comes to privacy, StartPage is the obvious choice.

Both engines need work in certain areas and there is no telling where we’ll be another 3 years down the road. Going into this I expected DDG to come out on top but tally all of the above and it’s StartPage that takes home the prize. So what do I use now, what’s my go-to search engine? The answer; it depends on what I’m searching for. My browsers on the Mac are configured to use StartPage by default but if I have to spend a lot of time searching for stuff, have a bunch of tabs open and am on a time crunch, I use DuckDuckGo. Just for the speed and how easy the results page is on my eyes. Being able to scan a page full of results in just a few seconds is a big deal for me and just isn’t something I can do with StartPage. The ads displayed by StartPage are annoying too. They take up too much space, are not labeled as ads clearly enough and their positioning forces me to scroll down unless what I’m looking for is in the first 4 results. At least DDG lets you disable ads in the settings. Then again I am willing to deal with it if privacy is a concern.

I believe this article offers a comprehensive, unbiased comparison of the two search engines and it will offer all relevant information to those looking to reclaim some privacy online and those that are hard-core must-be-as-private-as-possible. Everything covered in this article is drawn from my own research and was not influenced by what either company said (those claims were researched as well and some did not make the cut) or what popular figures or sites recommended one engine over the other.

In short (too late for that now, I know), they are both solid search engines that take your privacy serious and between both of them, you won’t need another search engine again.

While writing and updating this article I have reached out to both DDG and StartPage for comment several times. I’d make changes, send a draft to both, receive feedback, research claims, make changes, send a draft etc etc. Both StartPage and DuckDuckGo have been very helpful answering my questions and providing feedback and I thank them both for their time and patience. I invite both StartPage and DuckDuckGo to contact me if they wish to dispute/correct any information in this article or simply to provide additional information.


27 thoughts on “DuckDuckGo or Startpage – Update (March 2, 2017)”

  • 1
    Liz McIntyre on October 24, 2016 Reply

    It is unfortunate that US laws like the Patriot Act can turn a private Internet service into a “honey pot,” gagging the owners and employees under threat of criminal prosecution and jail time. This needs to change or US based companies like DuckDuckGo will continue to suffer.

    You’re right that both DuckDuckGo and StartPage are solid search engines, and it’s a shame that, as in real estate, location has become one of the most important factors in choosing a private service.

  • 2
    Mirko on October 24, 2016 Reply

    Startpage is really great. Private search as it should be. I use Startpage for about 2,3 years now and simply can recommend it. The Company behind this Search Engine seems pretty serious about keeping it all private, not just because they’re located in the Netherlands. You should take a closet look to StartMail as well. 🙂

    • 3
      Jay on October 24, 2016 Reply

      I plan to do a writeup on StartMail in the future 🙂 Can’t commit to a timeframe yet though.

      • 4
        DJ32BY on April 12, 2017 Reply

        I stumbled on this – Perfect Email Privacy / EasyCrypt
        https://easycrypt.co/
        2:14 min. video https://youtu.be/yIGHEEubECM

        I don’t know what route your going to use, but it seems like a lot of the leg work has already been done where you just need to check statements and facts.
        https://easycrypt.co/email-privacy-crash-course-part-6-make-choice/

        Existing solutions – key points
        Server side encryption services such as Startmail, Hushmail, and TorGuard use standard OpenPGP encryption, allow use of any email client, and some of them allow connection to any PGP user using any email service. However, they are inherently insecure as emails emerge unencrypted on their servers, meaning that their encryption is not end-to-end. Do not use them.

        Stand-alone PGP-enabled email clients such as Thunderbird, GPG for Outlook, Mailvelope, Mailfence (PGP client + email service) and Mailpile are mostly open-source, provide sound end-to-end encryption and enable you to communicate with any PGP user over any email service. However, they create a usability nightmare for most of the users due to manual key management and manual synchronization of keys with mobile clients. Consider using them if you and your correspondents can tolerate their poor usability.

        Browser-based email encryption services with transparent key management such as Protonmail and Tutanota provide excellent usability. However, their users can communicate securely and smoothly only with other subscribers of the same service. Moreover, they charge hefty fees for use of email storage above a bare minimum. Since they store your messages, liberation of data from them when switching to another solution is, at best, difficult. Consider using them if usability is your prime concern and your correspondents are also using the same service.

        Tor-based anonymous email services such as SIGAINT provide excellent anonymity and metadata protection, but no end-to-end encryption (except possibly with some difficult acrobatics such as using TorBirdy plugin). They can be used securely only if your correspondent is also a subscriber. Consider using them if you value anonymity above all and trust that your messages will not be read by the operator of the service or an intruder hacking into it.

        Throughout this Email Privacy Crash Course we did our best to perform an accurate review of the surveyed email privacy solutions. Email privacy services are complex, and factual inaccuracies may have sneaked in. If you spot them, please let us know and we will edit accordingly.

        Please include in your review this EasyCrypt as it’s free.

        PS: Of a privacy matter with StartPage,
        I ran across this article in a forum that stated. I found that they are detecting the usage of adblockers on their site by loading this URL: –
        https://www.startpage.com/js/abp.js?adType=1&advertiser=1&advertising=1
        as you can see this is created specifically for detecting the use of an adblocker. This URL is blocked by ?adtype= filter in EasyList.

        This is a concern as one of the major factors for using this site is protecting your privacy by not submitting any information to the search engines. This behavior is very indiscreet of a company which claims to protect the privacy of its users at any cost.

        Therein lies the caveat and breach of this privacy policy by tracking adblock users. They say they do not collect personal statistics but detecting if a user has an adblock or not is a violation of this as I consider that information to be personal/private.
        They might aggregate this data but neither do they acknowledge of such a behavior nor do they inform and, that is very indecent on their part.
        [Ads are where the most privacy is lost is it not.]
        Just wondered of your thoughts here, as may be same of that authors who wrote this.
        His final words were – disturbing about StartPage was that they do not mention or even hint at collecting data about a separate subset of users, in this case adblock users. They are targeting specific users for data collection, I did not find any information about targeted data collection on their website.
        [Isn’t transparency the key here?]

      • 5
        DJ32BY on April 12, 2017 Reply

        Of a privacy matter with StartPage,
        I ran across this article in a forum that stated. “I found that they are detecting the usage of adblockers on their site by loading this URL: –
        https://www.startpage.com/js/abp.js?adType=1&advertiser=1&advertising=1
        as you can see this is created specifically for detecting the use of an adblocker. This URL is blocked by ?adtype= filter in EasyList.

        This is a concern as one of the major factors for using this site is protecting your privacy by not submitting any information to the search engines. This behavior is very indiscreet of a company which claims to protect the privacy of its users at any cost.

        Therein lies the caveat and breach of this privacy policy by tracking adblock users. They say they do not collect personal statistics but detecting if a user has an adblock or not is a violation of this as I consider that information to be personal/private.
        They might aggregate this data but neither do they acknowledge of such a behavior nor do they inform and, that is very indecent on their part.”
        [Ads are where the most privacy is lost is it not.]
        Just wondered of your thoughts here, as may be same of that authors who wrote this.
        His final words were – “disturbing about StartPage was that they do not mention or even hint at collecting data about a separate subset of users, in this case adblock users. They are targeting specific users for data collection, I did not find any information about targeted data collection on their website.”
        [Isn’t transparency the key here to your review?]

  • 6
    CP on October 24, 2016 Reply

    I’ve used both after seeking an option outside of Google’s ever increasing invasiveness & agenda-skewing practices. The first one I learned about was DuckDuckGo and was immensely impressed with their updates into an almost comparable Google alternative, but eventually found them to be following much of the same Google constraints that I’ve come to learn are most likely from their Yahoo upline, turning them into a Privacy Search Engine that essentially limit your results. Whether thats by keeping to regional/national results or the common Disney-fied sanitized results (even with content filters off). Thats when I found Startpage, and have become a fanboy ever since. Its in truth, as the article states, not much different in the mechanics, but in my experiences with it, its almost a return to old school basics. I put the shortcut into Firefox and when I want something its there. Not constrained or filtered or edited. Its simple, effective and private. I need no other bells, whistles or hand-holding to get what i want…as I said, I’ve become a fanboy.

  • 7
    Alex on October 26, 2016 Reply

    Because Startuppage shows you Google ads, your search query and browser fingerprint data are sent to Google anyway. That’s kind of a big deal for me if the goal of using something else instead of Google was to not have them log my queries.

    • 8

      StartPage is an independent company, separate from Google. We do not share your IP address with Google or with any provider of sponsored search results or ads.

      StartPage acts as an intermediary between you and Google. StartPage submits your query to Google anonymously, then returns Google results to you privately. Google never sees you and does not know who made the search request; they only see StartPage.

      Since Google never sees your IP address or interacts with your web browser, you do not receive tracking cookies from Google. What’s more, since Google can’t determine your interests based on your past search history, you receive standard search results rather than Google’s “personalized” results.

      We never record your visits, your searches, or your IP address, and we do not use tracking cookies. Any ads that appear on StartPage are generated solely from the search term you entered. Ads are not customized for the person entering the search nor do they reflect your prior search or browsing history, since we never access or store that information.

      • 9
        Mr. FOSS on November 25, 2016 Reply

        I’m sorry, but since I’m not able to see the code, as StartPage is proprietary, it’s not trustworthy in my opinion. It means you can say you don’t track your users as much as Google can say the same. The same way I don’t trust anything Google says, I don’t trust you. StartPage should become open source/free software if it’s serious about privacy.

        • 10
          StartPage on November 26, 2016 Reply

          Hi Mr. Foss,

          Since this is a comparison article, we should first point out that DuckDuckGo is not open source. Only parts are open to inspection, as you likely know. Regardless, privacy is inherently an issue of trust.

          There are several compelling reasons to trust StartPage:

          First, there’s the lengthy certification process we have chosen to undergo. While other companies make privacy claims with no independent validation, we have gone to considerable effort to obtain independent certification.

          We are certified by Europrise, an independent auditing and certifying authority backed by numerous European privacy organizations. Europrise performed a thorough audit of our privacy and data-handling practices in 2007/2008, and has regularly certified us ever since.

          The second reason to trust us is that we set the standard and blazed the trail for private search. Long before it was “cool,” we were the first search engine to delete user details and focus on privacy. We did it first, and we do it best.

          We are in good standing with privacy organizations from the US and worldwide. We have received brilliant reviews from EFF (http://www.eff.org), and have met with representatives from EPIC (http://epic.org/), Privacy International, and others.

          Even Edward Snowden recommended using a search engine like StartPage in a recent talk. See: https://www.youtube.com/watch?v=7_RnBX3l124

          There’s yet another compelling reason to believe our claims: We’re obsessed with privacy. It’s our life blood. Privacy is our primary focus and our main selling proposition. Without it, we would lose 99% of our users and be crushed by the big players. So if anyone is going to be vigilant about your privacy it’s us!

          Finally, you have the reassurance of knowing that StartPage is owned by a privately held corporation, Surfboard Holding, B.V., making us completely independent of outside forces that look to exploit user data. We are not affiliated with any national or international organization, corporation, commercial enterprise, or government, and we will firmly say “no” to anyone who tries to interfere with your privacy.

          StartPage is located outside of US jurisdiction so we are not subject to the US Patriot act and US data collection mandates, like Prism.

          Talk is cheap, and on a Wild West Internet where anything goes, companies face huge pressure to profit from your personal information. We don’t recommend that you trust just any company simply because it says it’s respecting your privacy. We back up our extraordinary privacy claims with rock-solid evidence, and we encourage you to demand this kind of evidence from every company you do business with.

  • 11
    max09 on October 29, 2016 Reply

    Thanks Jay, I hope people finally will understand that privacy is very important these days, and g੦੦gle didn´t respect as, our privacy. Anyway, we can decide what to use, start from operative system, browser, search engine, extensions….. Also to say about startpage – for me, this “proxy” option is very useful. 🙂
    If I can recommended to all people who cares about privacy: don´t use popular email service, use “Protonmail”. I am sure you heard & seen what happened with Yahoo. I saw Jay mention StartMail, sure – but compare it with Protonmail. There is no doubt – win goes to Protonmail, and I must notice a big difference – — which Protonmail have. Let´s say email servers been hacked. Trick question – what “curios eyes” will find on Protonmail? Nothing! And I´m sure they´ll find on Startmail servers a lot of things.
    Also use some good extensions – like “uMatrix”. Don´t be lazy, take a few minutes to read a little about all this. Regards, 09@

    • 12
      max09 on October 29, 2016 Reply

      Protonmail have END-TO-END ENCRYPTION! 🙂 Hope you know what that mean – no one, neither Protonmail members can´t read your mail. Enjoy, max

    • 13
      StartMail Press on October 31, 2016 Reply

      Hi Max09. Thank you for caring about privacy!

      There is an important distinction to be made when it comes to private email services: the choice of server-side vs. client-side encryption. In StartMail, all OpenPGP operations take place server-side.

      A commonly cited benefit of performing client-side cryptography is that, in theory at least, the server or mail provider never has access to the user’s OpenPGP private key, thus reducing the amount of trust that the user needs to place in the mail provider.

      In practice, however, this security benefit is illusory. The only way in which OpenPGP private keys are truly not in contact with any server or server-provided code is by performing cryptography through native desktop applications (e.g. GnuPG or GPGtools). StartMail already fully supports this through IMAP.

      Client-side encryption through JavaScript is overall less secure and dangerous for several reasons:

      – Users, generally, have less secure computing environments than companies that have teams dedicated to privacy and security. This makes storing a private key in a user’s browser more risky.

      -JavaScript is executed in an environment (the browser) over which the programmer has extremely little control. In these conditions it becomes hard or impossible to perform secure memory management, protect against timing attacks, and so forth.

      -JavaScript is a poor environment for handling cryptography. What’s more, JavaScript code that runs in the browser can be influenced by any other piece of JavaScript code running in the same browser window, and sometimes even by other pages.

      -Users have to trust that the email server is not compromised by malicious JavaScript code delivered by an attacker or state actor. Every time the client requests a page from the server, new JavaScript is downloaded.

      -Browser JavaScript is not ready for cryptography in terms of programming primitives such as a reliable source of random numbers, mathematical functions etc.

      -The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: the server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

      There is more written about these risks here: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful and here: https://tonyarcieri.com/whats-wrong-with-webcrypto

      Hope this helps! We encourage you to give StartMail a try for yourself at https://www.startmail.com

  • 14
    Mr. FOSS on November 25, 2016 Reply

    Hello, Jay. There is a free software metasearch engine called Searx, which features the possibility to gather results from multiple search engines (including Google, Yahoo, Bing, Ixquick, StartPage, DuckDuckGo and many more, even Wikipedia and other non-search engine websites) and choose which ones you want it to retrieve results from, also showing you which engine the result came from, search using a specific language, change the interface appearance, choose what kind of content you wanna search for, etc. Since it’s a metasearch engine, it’s a search aggregator, what indicates it just gathers results from search engines, and that way they don’t know about you. It really doesn’t track anything from you, and you can trust that because its code is publicly available at GitHub and anyone with programming knowledge can verify that. So, it’s feature-rich and cares about your privacy, but with the benefit of being free software. Take a look at it here: “https://searx.me”. Its code is available here: “https://github.com/asciimoo/searx”.

  • 15
    Encr on December 5, 2016 Reply

    StartPage <3

  • 16
    brisl on December 7, 2016 Reply

    All the respect for the compared parties! I think they are great services and dedicated to the course!

    Reading the article I just have to whisper about our new project our team is working on. Even that is is in closed beta – I would love you to take a look behind the scenes. So try a real search engine, it’s private and open source – http://www.findx.com.

    • 17
      Garth on December 20, 2016 Reply

      Hot diggitty! A contact with an actual person working on a search engine? I’d like to request a case-sensitive search. Sometimes it can make the difference between 30,000 results and 3 results, when the one I want is in the three. Also, please do not use this miserable gray writing. It’s so hard to read! I feel like my glasses are super fogged up! Make the writing black. Yes, black.

      • 18
        brisl on December 29, 2016 Reply

        Hi Garth – Interesting request about case sensitive search – bet the dev team will love it 😉 – If you want in, then sign up for the beta still room for people in the closed beta

  • 19
    Fred on January 19, 2017 Reply

    In my opinion, DDG gives better results, more accurate, when StartPage most of the time doesn’t show what I want.

  • 20
    A nono mas on March 3, 2017 Reply

    Being I use start page and smart mail I now have military looking individuals (Shaved head) wandering around the neighborhood pretending to listening to music and talking into their phones. Being I live next door to a Walmart that has face recognition cameras and mac address capture antennas I don’t know if they are interested in me or just doing military style exercises. Whatever the case. Welcome to the new secure america. Where security is an excuse to take away your privacy. And remember the difference between a cell phone and an house arrest ankle monitor is one you can talk on. Oh and by the way this is not a secure site (http) and it’s being sucked up by the NSA. So be nice and be good for you and me are being cataloged in a giant data base in Utah. Smile your on the government watch list? 🙂

    • 21
      Jay on March 4, 2017 Reply

      As no user accounts are required on this site I am not worried about HTTPS. It would be an extra cost for me and more server load for no good reason, in this case. If privacy is really a concern you also better get rid of the @yahoo.com email address 😉

  • 22
    Garth on March 3, 2017 Reply

    Are we supposed to be able to read the comments which are in light gray on white?? It’s almost invisible!

    Anyway, I used to use StartPage but I stopped when they went to getting search results from Google which biases the search results toward liberal causes and the profits of the pharmaceutical industry.

    • 23
      Jay on March 4, 2017 Reply

      You can tweak your display using accessibility features on your Mac (no idea about PC) or by changing the contrast. The comments font color is very legible on all the computers and iOS devices I’ve tested it on.

      I have yet to see “filter bubble” results on StartPage as they feed me the raw results without any of Google’s algorithms applied to them. An identical search on StartPage and Google are vastly different from eachother in my experience.

  • 24
    Jay on March 9, 2017 Reply

    Not mentioned in the article but both search engines do Instant Answers as well. DDG had it already, StartPage just rolled it out: https://www.startpage.com/blog/our-latest-developments/new-startpage-instant-answers/

  • 25
    circe801 on March 11, 2017 Reply

    i use ixquick/startpage because i do not like DDG’s look–but one thing about startpage–if you change your user agent, you cannot use their search. DDG, on the other hand, has no problem with it.. just sayin’…

  • 26
    AlanM on April 2, 2017 Reply

    Thank you for this in-depth comparison. One important aspect that I didn’t see covered is: do your searches actually go to Google, or are they done just within the StartPage servers?

    My specific concern is: what happens if you do a search in StartPage, don’t like the results, so then immediately do the same or a similar search using Google directly? Can Google see the two searches and therefore figure out that you’re the one who created that prior StartPage search?

    If that’s the case, then Google could probably infer other related StartPage searches I made around the same timeframe, which is quite unfortunate.

  • 27
    KK on April 10, 2017 Reply

    What are the difference between Ixquick.com and Startpage.com? It confuses me alot.

Leave a Reply

Your email address will not be published. Required fields are marked *

*