Is Privacy-Protected Search Just A Gimmick?

Ixquick new

Privacy protection has become a big factor in the realm of smaller search engines. It’s one way in which an otherwise unremarkable site can compete with the most accomplished and spectacular in the world. If users fear serious privacy breaches enough, they’ll seek out a search engine which professes not to store any of their data, and in the wake of media stories about mass government surveillance, that’s exactly what’s been happening.

But is privacy protection a real commitment on the part of the search providers involved, or is it just a gimmick? If one of the search businesses currently trading on privacy were to grow to the size of Google, would it maintain its values, or would it quietly throw that privacy commitment out of the window and start mining data, just like everyone else?…

Private Search Engines’ Deals With Oppressive Trackers
How private are so-called “private search engines”, when they’re sleeping with the enemy?

I issued a semi-rant back in 2014 about a range of updates to privacy-focused search engine DuckDuckGo, under the general notion that the site was showing early signs of ‘selling out’. I suggested that the privacy focus may indeed be a gimmick, and I questioned what might happen to that privacy focus if DDG really started to give the mighty Google a run for its money in market share.

Afterall, Google itself once championed the phrase “don’t be evil”, but then it gained unprecedented levels of control, and “don’t be evil” quickly became “surrender or be crushed”. The level of tax avoidance alone shows what Google really is. It’s a company making hundreds of billions, which would rather let the poor foot its tax bills. Add to that the staggering level of audacity in the company’s quest to gain from other people’s intellectual property, without permission, and you have a damning picture. Some copyright holders would contend that Google has become one of the most evil businesses on the Web. Living proof that commitments can very easily come undone when there’s enough capital to be gained.

Search Engines

Above: Top left – Startpage (2009), top right – Yippy (2015), bottom left – Clusty (2004), bottom right – Ixquick (2000).

So what’s the reality of the various privacy-protected search engines’ intentions? Well, a good starting point in finding out would be to look at whether the enhanced privacy was the site’s original intention, or whether the site started out with a less attractive privacy policy, and then jumped onto a privacy ‘bandwagon’ at a later date. With that in mind, I’m going to explore the three main current options on privacy-protected search…



Yippy, a lesser-known ‘private’ search engine, is our first example of search privacy being a progression rather than an original intent. Yippy’s roots can be traced back to 2004, with the appearance of Clusty – a search engine designed to distinguish between the different linguistic meanings of keywords, and cluster the results accordingly.

Clusty’s original Privacy Policy was bog-standard. The search engine collected data and shared it with partners. Back in 2004, Clusty stressed that no personally-identifiable data would be sold, but also confirmed that personally-identifiable information could be passed on to third parties with reference to law enforcement. Clusty also offered a toolbar download, which as a concept alone would probably raise concerns with any switched-on privacy advocate.

Clearly, then, Clusty was not specifically devised as a privacy-orientated search engine. Its policy of not collecting any data was not brought in until the beginning of February 2006. And the timing of this change strongly suggests a reaction to the burgeoning success of privacy-focused search engine Scroogle through 2005. A bandwagon-hop, in other words.

After Clusty became Yippy, the privacy focus was maintained, but the search engine was once again repositioned in the market – this time aiming itself at families concerned about protecting their children from adult material, hatred and the like. The protections, however, don’t seem particularly sophisticated. It appears that apart from the main homepage, the whole of Tumblr is banned! Given that only around 12% of Tumblr’s makeup is deemed to be adult in nature, completely eliminating the other 88% of the enormous site as a ‘side-effect’ is a hell of a sacrifice to make. It’s like: “New!… Great way to eliminate undesirable search results!… BAN THE ENTIRE INTERNET!!!

An overreaction on my part, possibly, but an overreaction on Yippy’s part too. There’s only a very fine line between banning masses of content, and rigging the results. Does Yippy rig the results? You may just find out if you read on, but whether or not that’s the case, such drastic filtering can and does make some search results lists terribly irrelevant, even when you’re looking for family-compatible info. There’s so much that Yippy simply can’t find and doesn’t even attempt to, that it’s fair to categorise the site as not fit for purpose.

I wouldn’t expect Yippy to rival Google anytime soon, especially given its close association with – infamous for the Ask Toolbar, which became well known as an aggressive piece of spyware. And with regard to that result-rigging, try searching for “ask toolbar” “spyware” on Yippy, and you get three results, none of which are accusatory. Search the same on Google, however, and it cites 114,000 results – the top page of which definitely bursts with accusations. An even greater number of results – 167,000 – is cited by the metasearch engine Ixquick, and once again, the front page does not make for complimentary reading. Draw your own conclusions.

Yippy doesn’t have any encryption, which is very much at odds with its supposed privacy focus.

I wouldn’t trust Yippy, and I absolutely would suspect that the privacy focus is a tenuous means of attracting interest in a business which could drop the policy like a bomb if the financial incentive was big enough. That said, though, the search engine is so poor, I don’t imagine it ever will be.


Ixquick june and July 2006

Ixquick appeared in the late 1990s, but like Clusty, its focus was not originally privacy-protected search. It was ‘sold’ as a high-powered metasearch routine (‘secondhand’ querying of multiple sources), and once again it showed no interest in privacy until the upsurge of Scroogle. Indeed, Ixquick took even longer than Clusty to jump onto the privacy bandwagon, taking until late June 2006. The capture above combines two Ixquick homepages. The top one from June 2006, with no reference to privacy protection, and the bottom one from July 2006, introducing a “protects your privacy” badge. – also hailing from the late ‘90s – was originally a text-link directory called Starting Page, which subsequently added a search function. The search function was branded with Ixquick’s logo by the early noughties, and shortly afterward the Starting Page site name became Startpage. The directory was dropped sometime between late 2002 and early 2003, as Startpage became a simple search engine. The domain went inactive in the mid noughties, but returned to use in mid 2009, as a straight parallel to Ixquick – with a more commercially viable name.

In spring 2011 Startpage shifted its results-gathering query process from metasearch, specifically to Google. Its cohort Ixquick retained the metasearch basis.

Whilst Ixquick and Startpage might want to wax about their heritage in privacy, in fact, the first six years plus of the business’s life majored on metasearch and had nothing whatsoever to do with the Scroogle model of privacy protection. Indeed, Ixquick’s claim about becoming: “the first search engine dedicated to privacy in 2006” is arguably untrue. I suppose it depends what they mean by “dedicated to privacy”, but both Scroogle and Clusty were promoting privacy-focused search options before Ixquick.

However, I think Ixquick/Startpage’s privacy advocacy looks a lot more ingrained and committed than Yippy’s. Ixquick may have seized upon a growing buzz in the mid noughties, but it has taken the privacy issue more seriously than others. For a start, the Ixquick Proxy, available on both Ixquick and Startpage, extends your privacy wall onto the actual sites you visit, which, let’s face it, may be just as big a concern as the search engines themselves. That’s a massive, massive advantage over rivals – none of which inherently do proxying.

Secondly, Ixquick/Startpage has paid considerable attention to closing privacy loopholes. For instance, there’s an anonymiser for image search, which, when activated via the Settings page, means the source sites whose images you view can’t record your browsing of their content as a hit, along with all the data that could feasibly entail. I criticised DuckDuckGo for overlooking this when its image search capability was introduced in the first half of 2014. Without an anonymiser, image search on a privacy-protected search engine is like locking the door when you have a wall missing.

Thirdly, Ixquick/Startpage clearly takes encryption very seriously, and is the antithesis of a site like Yippy in this respect.

So there’s a lot to suggest that Ixquick/Startpage is more serious about privacy. In my view, it’s the most serious, by a considerable margin.

Ixquick Supercookie

It should be mentioned that Ixquick has used LSO cookies (a highly controversial cookie type) in the past. Above you can see one examined in HexEdit. I’m not an LSO expert, so what the exact purpose if this cookie would be I’m not sure. It appears, however, to relate to the old Settings page, and I’d guess it would serve as a means of preserving the user’s preferences. Currently, the use of any type of cookie in storing Ixquick user preferences can be bypassed with the substitution of a custom URL, which is bookmarked instead of the standard homepage.



Yet again, a look into the history of a search engine which markets itself very heavily on privacy issues, shows that DuckDuckGo did not start its life with privacy protection. DDG may have picked up on user privacy much earlier in its own life than other search engines, but it had the advantage of starting out later in the overall timeline (not until 2008), and was therefore subjected early on to feedback which took into account privacy-driven predecessors. Since 2010, DDG has majored on privacy, and this has benefitted the site massively – particularly since 2014, in the aftermath of huge, game-changing revelations about NSA surveillance.

But once more, with DuckDuckGo, we find a search engine trying to imply a monopoly on privacy-protected use. It’s like all those competing for the privacy market want to try and pretend they’re the only option when they know they’re not. That, to me, suggests that they’re using privacy protection as a marketing tool, and that’s not the same as being inherently committed to it.

Gabriel Weinberg, owner of DDG, also notably made $10million mining data before starting the search business, and only switched his search engine to the ‘privacy’ model after its original privacy policy was criticised on Reddit, and a member suggested a better privacy policy could give him leverage to gain market share. DuckDuckGo has blocked the Internet Archive, presumably because it doesn’t want users to see its original privacy policy.

However, DuckDuckGo undeniably looks attractive, and it seems, perhaps courtesy of its rather unusual and viral name and Gabriel Weinberg’s considerable PR savvy, the most likely to grow into a bigger force in the market.


Ask (with Ask Eraser) and Blekko have also provided privacy-focused options for Web search, but Blekko is currently inactive, and I wouldn’t trust Ask as far as the recycle bin.

By July 2018, the date of the most recent update to this article, it has become the fashion to launch pretty much any search-related project as a “private search engine”. Some options, such as Search Encrypt, have been listed as malware, and others are little more than a front for affiliate marketers or MLM bods. One hilarious “private search provider” can currently be found plugging overpriced, pull-the-other-one fitness products on Facebook. “Private search” has gone beyond “gimmick”, and appears to be rapidly wading into scam territory.

The now defunct Scroogle should take the credit for paving the way in the privacy-protected search genre. But among the current players, it doesn’t seem to be getting much.


There is no question whatsoever that Google is the best search engine in the world for drilling right down into the depths of the Internet and unearthing amazing, obscure information. It’s not privacy-focused and it doesn’t pretend to be. Neither, of course, does it need to. When your search engine does what Google does – not just with Web Search, but with functions like Streetview, Reverse Image Search, etc – you don’t need a gimmick to get people on board.

So is the privacy thing always a gimmick? Well, ask yourself this: if DuckDuckGo did not market itself on privacy protection, who’d be using it? The answer, I suspect, is hardly anyone. Before the lightbulb of privacy was shone in the direction of Gabriel Weinberg on Reddit, DDG was only getting between 10,000 and 30,000 searches per day. Whether or not all private search providers calculatingly sat down and said: “How can we get more users?… Hmmm… Oh I know – PRIVACY!!!”, or whether some genuinely are committed to the idea through thick and thin, only they know. But things are what they are, and we have to look at the situation as it currently stands.

At face value, as of July 2018, my recommendation would be: if you want the best search capability and functionality, use Google. If you care about whether other people are reading what you type into the search box, and can potentially identify you, use Startpage. But don’t be under any illusions about where this privacy friendliness could go in future. ALL of the current privacy-protected search businesses have changed their minds about how they want to present themselves in the past, and they’ve ALL collected data before. There’s no reason, if the rewards were big enough, why they couldn’t go back to doing so again.

This article was last updated in July 2018.