Moving your search requests from one of your IP addresses to another doesn’t do much for privacy
July 26, 2021
Searx is a wonderful piece of software, it runs on a remote server and upon request will query multiple search engines all at once to find find what you are looking for, hiding the IP address you are using from all of these so that those search engines have a much harder time profiling you. Not only that but it has features that make it easy to find files across the internet and it has an incredibly functional UI that is not pretty enough for you to want to spend hours looking at it so it theoretically causes you to spend less time on your computer. And to many people the fact that you can host it yourself is absolutely great, but once you take a critical look at it you’ll find that it may not be the best idea.
Now don’t get me wrong, in many cases self hosting is great as it helps to decentralize our ever shrinking internet, but from a privacy perspective hosting your own instance of Searx is not a good idea. So which of these two things would you rather do, enter a search into one search engine allowing it to take record of your search linked to your IP address, or enter that same search into a dozen search engines letting them all take record of that search linked to your IP address? Obviously if you’re trying to protect your privacy you’d prefer the first option, but when you self-host an instance of Searx (which is being touted as the best thing for privacy) the latter option is what you are doing, sure your server is not located where you live so all those search engines won’t be able to track your location but they can still profile you based off of your searches that came from your server which is still an IP address that belongs to you. A self-hosted Searx instance is terrible for privacy, from a privacy perspective you’re probably better off just using DuckDuckGo or maybe even Google (although any search engine which shows ads before they show search results is unethical and should never be used), even without a VPN.
Now I imagine that I will get a bit of hate for making this observation, understand I am not bashing on Searx as a technology I think that it is absolutely great for many reasons, I’ve used it in the past and I will likely start using it again soon, I just find that it is important for people to critically think about programs that they may ever consider running, especially if you want them to run 24/7 on your server. If you want to use Searx find an instance that someone you trust is hosting, and if you do feel like you need to host a Searx instance yourself convince a few dozen people to use your instance as well, by drastically multiplying the number of diverse searches your Searx instance is handling, real search engines will probably mark your server’s IP address as one belonging to a bot and chose not to profile it as it would to one that was only handling the searches of a single person. Searx is a great tool for privacy, but as with all tools it must be used correctly in order to be effective.
I believe the issue would still be the same because it is still just your searches alone, which means a profile can be built based on your activity, regardless if done through a VPN, a “bot”, or the search engine itself. Self-hosting SearXNG essentially multiplies this issue by the number of search engines you use.
Getting your friends and family to use the instance can help obfuscate the potential profile to make it more difficult to tie the profile to yourself.
I’m not sure. I figured a profile could still be built based on similar searches across multiple IPs, which could be linked to the same person. I’m assuming search engines like Google are smart enough to detect similar data/metadata in such a fashion. What I understood from the article is that its not necessarily a matter of changing your IP, but making your searches appear generalized enough to not be easily matched to your tendencies/behavior/language, like alternating your walking style and covering your tracks so that it is more difficult to track you. Having a group of people use your instance hides yourself amongst a crowd essentially, since different people have different ways of expressing themselves.
It’s risky to self-host your searx instance for privacy reasons if you don’t share it with at least a few dozen people.
https://jacobwsmith.xyz/stories/searx.html
Hosting Your Own Searx Instance is a Bad Idea
deleted by creator
I believe the issue would still be the same because it is still just your searches alone, which means a profile can be built based on your activity, regardless if done through a VPN, a “bot”, or the search engine itself. Self-hosting SearXNG essentially multiplies this issue by the number of search engines you use.
Getting your friends and family to use the instance can help obfuscate the potential profile to make it more difficult to tie the profile to yourself.
deleted by creator
I’m not sure. I figured a profile could still be built based on similar searches across multiple IPs, which could be linked to the same person. I’m assuming search engines like Google are smart enough to detect similar data/metadata in such a fashion. What I understood from the article is that its not necessarily a matter of changing your IP, but making your searches appear generalized enough to not be easily matched to your tendencies/behavior/language, like alternating your walking style and covering your tracks so that it is more difficult to track you. Having a group of people use your instance hides yourself amongst a crowd essentially, since different people have different ways of expressing themselves.