Startpage, LibreWolf, and the meaning of privacy

What started out as annoyance with DuckDuckGo developed into re-evaluating my privacy habits browsing the web. I’ve discovered a few interesting things.

First it was down-ranking Russian misinformation. Then, at some point, I learned that DuckDuckGo’s search results are mostly coming from Bing. Most recently, I discovered DuckDuckGo removed pirate sites from its search results1.

DuckDuckGo became my default search engine soon after I switched to Linux full-time, and with it, Firefox (more on this coming up below). I was fine with it, but now I felt it was time to explore my options.

Creepy tracking practices aside, Google is still a superior search engine. As a privacy-conscious person, I know I often shoot myself in the leg when I choose less popular options. There are noticeable exceptions, of course, and new ones keep appearing, but usually there’s a point where you have to swallow your pride and sneak your way through the back door. In the case of Google, there’s Startpage.

The idea behind Startpage is to utilize Google without leaving a footprint. Based in the Netherlands, the company says it strips all user identifiable data and uses a proxy before reaching out to Google. I compared search results between Startpage and Google. Besides the Google “fluff” (those little blurb of information on the right side of your search results, which can be useful, but are usually also paid-for placements that track you), they seem identical. Still, Startpage is a for-profit company that is partially owned by System1, which is an American marketing company that, from what I can tell, makes money from… users' data. And lots of it2.

Speaking of collecting user data, another popular tool I used since my early days of Linux came to question: Firefox. I configured Firefox to delete all browsing history (cookies, tracking content, cryptominers and Fingerprinters) every time I close it. There are the infamous Mozilla studies (that keep turning themselves on after browser updates!) and other features you have to disable deliberately deep inside Firefox options to make it truly a private experience (auto-complete in searches is not magic, it tracks your search live to feed you information that might be useful to you, but very useful for advertisers), and still you need to install extensions like ublock origin and privacy badger to be sure you’re not being tracked.

I was happy to find out about LibreWolf, a fork of Firefox aimed at privacy enthusiasts. LibreWolf is Firefox with all privacy settings turned on for you, without those pesky Mozilla studies. It is a FOSS community-driven project, which means the folks who maintain it don’t get paid, which keeps LibreWolf free from all sorts of ways to kinda-track-you-but-anonymously-maybe methods.I’ve only tried LibreWolf for a few days, and I can say it works pretty well… with a few caveats.

For instance, some extensions won’t work straight out of the box as you’d expect. In my case, KeePassXC’s integration was broken. As it turns out, this is because the extension “thinks” it’s working in Firefox but cannot find the right folder for it on your computer because, well, it’s not running in Firefox. Following KeePassXC’s troubleshooting guide I was able to figure out the problem and fix it. KeePassXC’s working fine now.

Another issue is actually a proof of LibreWolf superior privacy settings. Certain websites do not work because they relay on scripts and trackers that are blocked by default. This is all nice and good until you realize you can’t listen to music from a favorite radio station while writing blog posts such as this one, or when any search term you throw at Startpage using the address bar throws you a “Just Checking” 404 page from Startpage (see below) because apparently being behind a VPN and blocking tracking scripts is too private even for Startpage (To be honest, as I keep finding out more about Startpage writing this post, the less I want to keep using it)

Other features you might be used to from Firefox are off by default as well: DRM content is disabled by default (so no Netflix or Amazon Prime, for example) and if you use Firefox Sync for your bookmarks, that’s off as well. All of these options can be turned on, and I should mention that LibreWolf functions well without any technical issues I noticed. It makes you realize though, as you dial back LibreWolf’s privacy tweaks to function more like a daily browser and less like one used by tinfoil hatters, that the problem is much bigger than you realized at first.

At some point between doing research into Startpage/System1 and Learning why LibreWolf disabled DRM by default, I got a flashback. We live in a world that is not designed to be private anymore. Tracking user data is a billion dollar business, and one that is not understood (and therefor) regulated. The services that are provided by most big tech companies are not only leading because of their efficiency, but because there is no alternative. I’m not just talking about non-life essentials like Netflix or Amazon. You can’t pay your bills or book an appointment with a doctor if you don’t give up some of your privacy. Did you try to do your taxes behind a VPN and strip cookies away? Then a word of advice: just don’t.

How deep do you dig your hole? And when you’re done digging, who’s there to talk to, using whatever crazy measure you’ve taken? Are you just privacy aware or paranoid? I still don’t have satisfactory answers.

Footnotes


  1. Each one of the “wrongs” DuckDuckGo did come with a good counter argument. I briefly discussed DuckDuckGo’s actions against Russian propaganda on Mastodon and in Irreal’s post about this . You might argue it needs to get its ranked search results somewhere, and better Bing than Google. You can also say that DuckDuckGo is at the crosshairs of the trolls who use DMCA to sue it for millions. All fine and good, but I’m not searching the web to be a good moral citizen, I’m searching to find stuff, and the stuff that I find are not always “nice” or “family friendly” or “moral.” The point is that it’s up to me to make this choice. ↩︎

  2. I don’t trust what RestorePrivacy, a website I’m marginally familiar with, to be all true. However, they do raise important points that came out of my own research for this post already. So what’s better: using Startpage, or using TOR (with VPN, cookies blocked, etc.) while visiting google.com? At least Google’s creepy tools are familiar. ↩︎