Skip Navigation

Search Engines

One of the most common online services that we use on a day-to-day basis is the search engine. However, search engines represent a unique type of privacy threat. Every search engine in existence has at least a few privacy issues, and we tend to put sensitive information into the search boxes.

Page Contents

Video Lecture


Watch at Internet Archive

Search Engine Threats

Due to a combination of the evolution of the Internet and some clever marketing, the word “Google” has become a common verb in the English language (and perhaps some others also). Need an answer to a question? Just Google it. Want to find a place to eat? Google it.

Professor Douglas Schmidt of Vanderbilt University describes Google this way:

“Google is the world’s largest digital advertising company. It also provides the #1 web browser, the #1 mobile platform, and the #1 search engine worldwide. Google’s video platform, email service, and map applications have over 1 billion monthly active users each. Google utilizes the tremendous reach of its products to collect detailed information about people’s online and real-world behaviors, which it then uses to target them with paid advertising.”1

Whenever a user makes a Google search query while logged into the service, Google collects and saves that search activity, tying it to the user along with location data provided by the user’s browser or device. Even if the user is not logged into Google at the time of the search, the search engine is instrumented to collect considerable data about the user.2

Microsoft isn’t doing any better in this arena. After a data breach involving their Bing search engine, researches discovered that Bing logs search terms, location coordinates to within a half kilometer, the exact time of the search, URLs the user visited from the search results, and information about the user’s device and operating system (among other data). If the user is signed into Bing at the time of the search, there also appears to be an association of the search terms with the user’s account.3

Alternative Search Engines

Ultimately, choosing a search engine requires trusting some third party or entity with search queries. Two sites have historically marketed themselves as “private” search engines: DuckDuckGo and StartPage. While these search engines are still worth considering and are listed below, they are far from perfect. DuckDuckGo was caught allowing Microsoft to track their mobile app users.4 While this issue didn’t affect their search engine, the company wasn’t upfront about the problem and only renegotiated their contract with Microsoft after this fact was discovered by a third party.5 In another case of a search engine becoming owned by an advertising technology company, StartPage was acquired by Privacy One Group, which is a subsidiary of advertising technology company System1.6

The trouble with third-party search engines is that the success of a search engine depends on the breadth and depth of its search index. This search index is the database of content from which the search engine can return results to a query. If the index is too small, the quality and number of results will be lacking. Since crawling websites to build and maintain a search index is extremely expensive, it isn’t surprising that two of the wealthiest companies – Google and Microsoft – control the largest indexes.7 Most other search engines wind up purchasing results from Google or Bing data in an arrangement known as search syndication.

“Private” Search Engines

CAUTION: Some of the following content is based on the privacy policies in place by the respective search engines as of early April 2023. All corporate privacy policies can be changed with little to no notice. Readers are cautioned to read the privacy policies for themselves to see if any changes have been made. Also, it is necessary to review privacy policies periodically for all services, in case the company makes an undesired change.

If we stop to consider some of the alternatives to Google and Bing, DuckDuckGo and StartPage are still viable in spite of their issues. In the case of DuckDuckGo,8 their privacy policy claims that IP addresses are not logged, and that search queries cannot be tied back to uses (although they are logged).9 DuckDuckGo primarily syndicates its results from Bing. StartPage,10 on the other hand, syndicates its results from Google. Despite its ad tech ownership, the StartPage privacy policy claims not to record IP addresses, not to use tracking cookies, and not to store search queries in a way that can identify users.11

MetaGer12 is another option for a search engine that syndicates results from a variety of other search engines. Their privacy policy claims to log IP addresses for up to 96 hours and that the search query is not considered “personal data.”13 Given the sensitivity of many of the queries users tend to make, claiming the query is not “personal” does not exactly inspire confidence.

Yet another third-party search engine is Ecosia.14 Based on a review of its privacy policy, this search provider may log IP addresses for up to 7 days, and search queries can be associated with the IP address for that long as well.15 This provider syndicates results from Bing, positioning it as a possible competitor to DuckDuckGo.

Two third-party search engines maintain their own search indexes. Brave Search16 provides results from its own index but supplements these results from Google syndication where needed. According to its privacy policy, Brave Search claims not to collect personal information about users, devices, or queries, and IP address logs are only retained for a few seconds to deter abusive bots.17 Mojeek18 serves results from its own index and claims not to log IP addresses or track users, but it does log country codes, timestamps, URL information, and browser data.19 It is unclear whether or not Mojeek logs search queries.

All the above analysis of search engine privacy policies is all well and good, but ultimately, no meaningful conclusions can be drawn about any of the alternative search engines. Since it is hard to obtain independent confirmation that a company is following its own privacy policies, it is best to consider all search engines to have questionable privacy at best. Cases of companies claiming not to track users and then found to support tracking have been observed in practice, as noted with DuckDuckGo above.

Consider also the wealth of personal information that users routinely give to search engines. If one could observe a person’s search queries over time, it would be possible to build a comprehensive profile of them as a consequence. Humorous depictions of this observation have been made.20

Alternatives for Improving Privacy

Instead of using a corporate search engine, one alternative would be to use an open-source metasearch engine like Searx.21 With this approach, searches are sent to an automated software platform that queries a variety of backend search engines to obtain results. While Searx can be self-hosted and run on a user’s computer, all the backend search engines would see the user’s IP address and could associate that address with the search queries. Community instances of Searx are available online, but then the trust model is simply shifted from a corporation to an individual, volunteer group, or perhaps even an unknown entity.

Since there is ultimately no way to guarantee that the search provider is trustworthy in terms of user privacy, it is probably a better approach to treat search providers as privacy adversaries. However, the use of search providers is an indispensable part of modern life. Therefore, private use of any search engine will require some way of hiding the user’s identity from the search provider. Use of a Virtual Private Network (VPN) connection or The Onion Router (Tor) when performing searches could help to improve privacy.

References and Further Reading

  1. Douglas C. Schmidt. “Google Data Collection.” Vanderbilt University Technical Report ISIS-20-201. August 15, 2018. Available from Vanderbilt University 

  2. Ibid. p.26 

  3. Data Leak: Unsecured Server Exposed Bing Mobile App Data. WizCase. September 21, 2020. 

  4. Sead Fadilpašić. DuckDuckGo in hot water over hidden tracking agreement with Microsoft. TechRadar. May 25, 2022. 

  5. Natasha Lomas. DuckDuckGo removes carve-out for Microsoft tracking scripts after securing policy change. TechCrunch. August 5, 2022. 

  6. StartPage. Building a more private internet experience with Privacy One Group. September 19, 2019. 

  7. Daisuke Wakabayashi. “Google Dominates Thanks to an Unrivaled View of the Web.” The New York Times. December 14, 2020. 

  8. DuckDuckGo

  9. DuckDuckGo Privacy Policy

  10. StartPage

  11. StartPage Privacy Policy

  12. MetaGer

  13. MetaGer Privacy Policy

  14. Ecosia

  15. Ecosia Privacy Policy

  16. Brave Search

  17. Brave Search privacy notice

  18. Mojeek

  19. Mojeek Privacy Policy

  20. CollegeHumor. “If Google Was A Guy (Full Series).” November 26, 2019. 

  21. Searx

Private and Incognito Browsing

Private Browsing
Internet Service Providers
Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.