Startpage and Ixquick - Search in Privacy
I should start off by saying I have known the guys at Startpage for a number of years and consider them as friends, so it seems wholly appropriate to launch the reviews section of the site with a piece about their services. Another great reason would be that they are enjoying a rapidly increasing popularity – delivering more than 2,5 million daily searches worldwide and showing more than 100% growth year on year, so they are certainly a valid interest.
In the words of Robert Beens (Director of Startpage.com and Ixquick.com):
"Privacy is a fundamental right and the basis of a free society. People need to have alternatives for privacy invading and profiling search engines. Startpage.com is that alternative."
I have met with the team on a number of occasions and over the years have advised them on various privacy related issues to help them improve their services and develop new ones. They have always been very respectful of advice and implemented it at every opportunity, which I have to say is refreshing from an advocate’s perspective – and rare.
What is Startpage/Ixquick?
Startpage.com are a search engine (sometimes referred to as a meta-search engine as they utilise other search engines to deliver results) with privacy at the core of everything they do (privacy by design). They have spent a number of years and significant resources developing their service to be what I consider the most privacy friendly search that exists on the Internet today.
Ixquick.com is the original meta-search engine, using up to 10 different underlying search engines to retrieve results from that then get filtered, organized and prioritized or ranked according to the underlying algorithms.
Both Startpage.com and Ixquick.com are run by the same company, the primary difference between the two is Startpage.com's search results come directly from Google’s syndicated search. For the purpose of this review I will be talking about Startpage.com although the review should be valid for both services equally.
What makes Startpage.com so special? Well everything really, but let me try to break it down into specific points.
Startpage.com don’t log anything – that is, no IP address, nothing to tell them who you are, where have come from or where you went to. They don’t care, they are not interested in profiling you or harvesting vast amounts of data about your searches, all they care about is delivering results to you in the most privacy focused way possible.
One of the first pieces of advice I gave to the Startpage.com team about three years ago was to enable SSL (HTTPS) by default – at the time, no search engines were using SSL by default which is a significant security and privacy issue.
Many people are not aware that when they go from one web site to another, they leave a trail in that the web sites they visit know which site you came from and which site you go to when you leave. This is useful for analytics but it also creates a risk to users as it enables a certain degree of profiling.
However, when a site is using SSL it does not send the information, known as a referrer header, to the site you go to when you leave – or at least that is true if you are clicking on a normal HTTP link - if you are clicking on an HTTPS link the referrer is transmitted but Startpage.com deal with this as well by using POST vs GET by default.
For many sites you might not understand why this is a problem - for example, why would you care if a web site knows which site you visited before you visited theirs? For many sites you are probably right, it is trivial information, but with search engines it is a little different because most search engines include the search terms in the URL when you get the results for example if you search Google for “hair removal cream” you end up with a list of results but the page URL will look something like this (note the bold):
The web site you go to next from clicking on a search result is able to see these search terms because they are present in the URL you came from – this makes profiling more of an issue. You might think it isn’t a big deal for hair removal cream, but what if you were searching for “domestic abuse advice” or “cancer treatments” – there are many things we might search for that we want to remain private. With the POST method Startpage uses, your search terms are stripped off, keeping your search terms private.
Furthermore, there are some governments and companies (even here in Europe) that want to know what people are doing online. Europe has what is known as the Data Retention Directive which requires services providers to log certain information such as which web sites you visit, when, who you get emails from etc.
Also companies like Bluecoat and Detica (to name just a few) make their money through the sale of Deep Packet Inspection technology which is used by Intelligence agencies such as the FBI and advertising companies (such as Phorm) to profile your Internet activities. Your search terms over time paint a very high resolution picture of you and this picture or behavioural profile is used to infer specific things about you.
In the case of Government surveillance, they might use this profile to determine your political point of view (which in some countries could lead to your execution as a dissident); in the case of advertising it can be used to determine your income levels, what your health is like etc. which can have a profound and prejudicial impact on your consumer choices.
So Startpage turned on SSL by default for all users, protecting your search terms from being seen by anyone else, no matter who they are or what their purpose is.
Anyone who knows me knows about my work on cookies – more specifically cookies which are used to track you around the Internet and again use this information to build a profile about you for the purpose of behavioural advertising.
Startpage.com wanted to provide a solution which would allow users to personalise their experience through preferences, but would do so without leaving those users exposed to identification as a result (most web sites store preferences in a cookie). They didn’t need to do this, the purpose of a preference cookie is pretty benign, but they wanted to do so as a proof of concept to counter the spin by the advertising lobby that cookies are essential for the Internet to function properly and that EU regulations (which were being amended at the time to protect citizens from tracking cookies and other similar technologies) posed a threat to the very core of the Internet itself.
So they set up a solution on their web site which created a specific code for every single possible combination of preferences available to their users. Once you have set your preferences on Startpage.com, you can click a button to generate a special URL which stores these preferences in it. Users can then bookmark the URL and use it every time they wish to access Startpage.com to make sure their settings are preserved.
This adds an extra layer of privacy protection in that no set of preferences is unique to any single user, all users who have the same preferences have the same URL, which makes identifying users based on their preferences impossible. But it also shows that cookies are not the only answer to providing a personalised experience online and that not using cookies does not mean the Internet will break, as was (and still is) the moral panic being spread by the advertising lobby.
Of course a search engine provides users with a list of results for a specific query and those results are contained within links to specific web sites which meet those search criteria. Startpage.com do everything they can to ensure the privacy of their users is protected when on their site and utilises SSL by default to prevent passing search terms on to any link they click in the results, but they wanted to go beyond that and provide another layer of protection for users. They wanted to ensure that when users click on a result the web page they request doesn’t have a negative impact on their privacy either.
So they introduced their proxy service, which allows users to download the page that is linked to in the results but without the remote server ever connecting to their computer. As far as the remote servers are concerned, the Startpage.com servers are the computers requesting the web page so all their tracking scripts, cookies etc. - malicious or otherwise, are sent to their servers which means Startpage.com can sanitize that data before sending it to your computer. This adds an extra layer of protection for their users and whereas it might not guarantee privacy it certainly goes a very long way to preserving it.
Don’t just take my word for it when I say Startpage.com are a company committed to privacy. They were the first company to be certified by EuroPriSe and have passed the rigorous certification process every year since 2008 – they are currently the only search engine to be certified by EuroPriSe.
Furthermore they score 100 out of 100 on the popular Privacy Score system.
As you can probably guess already, I have a great deal of respect for Startpage.com and what they have done over the years to increase awareness of privacy issues and to develop a privacy enhancing technology. So it should come as no surprise that I thoroughly recommend and endorse their search engine.
Furthermore, I know that they are working on an email service called Startmail, which sets a new standard for privacy that I am incredibly excited about and is due to launch later this year; so watch this space because as soon as they are ready to launch I will be doing a review of that too. It includes a whole host of privacy enhancing features (some of which I suggested) and I have no doubt it is going to be incredibly popular.
To Robert, Alex and the rest of the team, it has been my pleasure to do this review and I personally wish you great success in the future. I couldn’t have wished to write my first privacy review on anything else.