Cafe wifi and Startpage's Anonymous View

[MXRobo]

Hello MX'ers

The following link mentioned DNS resolvers for secure cafe wifi browsing.
viewtopic.php?p=759522#p759522

Any thoughts on the privacy of Startpage's Anonymous View?
https://www.startpage.com/en/anonymous-view/
This link contains more informative links.

A redditer suggested opening this link https://browserleaks.com/ip in startpage, but opening in Anonymous View.
Many reddit comments contradicted each other.

Cheers!

[CharlesV]

My understanding of startpage "Anonymous View" is that it is pretty good, however really it just strips away all the user data except for browser and OS. ( this can already be accomplished via your web browser.)

And, by using a good DNS (in https mode) , you circumvent most of the entire 'DNS leak' issue as well.


Now, having said that
- startpage DOES collect some data of its own. (check out their privacy policy.)
- they are in a nine eyes country, so there is that.
- startpage makes money through advertising... so ?

[ForkTheWire]

I use duckduckgo, though I haven't gone deeper than reading their statements and comparing comments and articles, so I can't truely vouch for it being better than startpage.

[LU344928]

...Any thoughts on the privacy of Startpage's Anonymous View?
https://www.startpage.com/en/anonymous-view/

Didn't see it mentioned there but Startpage actually uses Google's search engine:

https://www.howtogeek.com/718781/want-g ... startpage/

[FinalFox420]

It all depends on your "threat model".
but if all you want is browsing safe from anyone at the cafe, then
1. Enable DNS over HTTPS aka DoH (protec DNS requests).
2. Any proxy or VPN is better than webpage ones like startpage's.

If you want to be safe from cafe and the endpoints you're visiting, then the rabbit hole goes pretty deep.
Start here:
github.com/abrahamjuliot/creepjs
coveryourtracks.eff.org
browserleaks.com is good too
Javascript fingerprinting is probably the most invasive tracking on the server side (vs network/cafe side)
and a very important one is MAC randomization

thats all if you want to customize your system or learn
if you want to easily just blend in and be private and anonymous, you need a Live OS

[MXRobo]

Hello all, thanks for the replys.

If you shrink the view on this website: https://searchengine.party/ you can easily see that generally the ones closer to the top have more green.
But I'd think that some columns are not as important, or not even a concern in particular situations.
For example, Onion Service, IPv6, Adult Filtering, or the Proxy Service, I don't really understand Post Request Support.
New - SearX queries are submitted via HTTP POST, to prevent keywords appearing in the linked sites' server logs.

Not sure who the source is - https://gitlab.com/nitrohorse or SearXNG https://github.com/searxng/searxng

And I've been meaning to thank you @FinalFox420 for some time for the LibRedirect extension.
I've been using it since shortly after you mentioned it – love it. I may try to work the https://farside.link/ into it also. I assume that you saw the other extension for that – redirector. And thanks for the links.

=========================================
The first link that I provided also has "GET URLS" on the right side of the page for adding directly into your browser settings for search engine shortcuts like d = https://duckduckgo.com/?q=%s
https://thenewleafjournal.com/adding-cu ... k-machine/
Obviously, slightly different method for Chromium and Firefox based browsers.
===================================================================

Back to Startpage's Anonymous View, I don't really use Cafe wifis, but I was specifically interested in the "Anonymous View' and the links within my original link:
https://support.startpage.com/hc/en-us/ ... View-work-
https://support.startpage.com/hc/en-us/ ... al-details
https://support.startpage.com/hc/en-us/ ... ymous-View
keywords: proxy, user agent, javascript, vpn, fingerprinting.

Re: the chart, "Disabled JS Support" I think Startpage may be able to disable when using Anonymous View.
Startpage and MetaGer appear to be the only search engines that provide a proxy service.

Here's a biased "comparison" of Startpage and DDG, and this is probably an equivocation fallacy, but they all have cons. https://reddit.invak.id/r/privacy/comme ... ?context=3
https://www.computing.co.uk/feature/308 ... nes-review
(pg. 2) was not pleased with Startpage's investment by System1.
Here's an update: https://www.computing.co.uk/news/401733 ... investment


I'm slowly gravitating to more privacy, security, and anonymity but most of this is new to me, particularly the DNS, proxy, and anything to do with wifi, routers, proxy, etc.

Currently, I use the Brave Browser set fairly securely, and I use Privacy Badger, Ublock-Origin in medium or hard-modes depending on the browser, sometimes Chromium, and I realize that some of these can conflict with each other. I recently installed Mullvad Browser, and I'll probably use Mullvad, Librewolf, maybe arkenfox, and fallback to Brave.

I use, or will VERY soon start to use, Startpage, DDG, a few of the SearXNG instances as some have TOR capabilities and , maybe Brave, MetaGer the [Searx (e foundation) https://spot.ecloud.global/ which is murena, good free privacy email with IIRC, no phone or email require to sign-up], and others, Qwant, Swisscows, etc.

I still need to look into DNS, the links form this link: viewtopic.php?p=740084#p740084
[CharlesV link included] which seemed like opening a can of worms. https://www.grc.com/dns/dns.htm

Thanks all for replying – any thoughts on the Anonymous View specifically, and the proxy and/or keywords I mentioned.

[DukeComposed]

Back to Startpage's Anonymous View, I don't really use Cafe wifis, but I was specifically interested in the "Anonymous View' and

Re: the chart, "Disabled JS Support" I think Startpage may be able to disable when using Anonymous View.

Startpage and MetaGer appear to be the only search engines that provide a proxy service.

Here's a biased "comparison" of Startpage and DDG, and this is probably an equivocation fallacy, but they all have cons.

I use, or will VERY soon start to use, Startpage, DDG, a few of the SearXNG instances as some have TOR capabilities and

I get the impression from this that Startpage is the be-all and end-all of online security, which simply isn't true. It may be a fine search engine and it may take user privacy very seriously, but I would encourage you to look at the bigger picture of what, exactly, you're trying to secure.

There's online security, as in "no one can steal my credit card info when I buy something from eBay", there's privacy, as in "no one knows I'm shopping for fuzzy handcuffs on eBay", and then there's anonymity, as in "eBay doesn't knw who is buying fuzzy handcuffs on their website and can't give any personally-identifiable information about the transaction to the police".

As FinalFox420 mentioned, it all comes down to your threat model. Do you have a vested interest in protecting yourself online because you are at risk for persecution or punishment by a state entity? Or do you just want to not have your ISP snooping on your shopping habits? Both of these are valid concerns, and you should tailor your efforts accordingly.

This means understanding, and understanding well, that all Internet traffic deals with endpoints: your computer asks a server somewhere a question, and that server sends a response. Everyone who handles that packet can see their part of the transaction and can inspect the packet's "to" and "from" addresses, as well as its full contents. So if you want to browse securely at a coffee shop, you will want to be able to decide if using the default in-house DNS resolvers they provide is a good idea. Even if you're searching on the best search engine there is, your DNS queries will give away exactly which websites you're trying to find, even if the data between your machine and the destination is encrypted.

This is a very complicated topic, and I'm sorry to say that just using Startpage or DuckDuckGo isn't an easy fix.

[CharlesV]

I think FinalFox420 's first line in his post pretty much says it all. And really the question is what are you trying to achieve?

If your goal is to shutdown ads, thats pretty much a couple of different steps.
If your wanting to hide from your isp thats slightly different model.
If your wanting to protect yourself from cafe wifi, another set of steps.
If your goal is to be completely hidden from everyone and everything... then you have a bunch of work ahead of you and continued work - and imo ... not going to ever REALLY happen.

[MXRobo]

I'll be, and was, the first to admit that I do NOT know this stuff, and I don't know how you got the impression that I believe that Startpage is "the be-all and end-all of online security" as that is why I created the topic; although I did include some links in defense of Startpage, but I hope that others would realize that defensive links do not exclude, or are not mutually exclusive of anything against a product either.

But seriously, thank you very much for the reply and info.
As I stated, I don't have a solid grasp of "all of this", i.e. privacy, security, and anonymity (and more) , but I generally know the difference, hence listing them individually, and my current threat model is not that of attempting to elude ending up in fuzzy or any other handcuffs, so currently I'm more concerned with privacy and security – maybe some overlap - but yea need to be conceptualized separately.

================================================================================================================================================
I did however, post because I was wondering if perhaps Startpage's Anonymous View could do what, or something similar to what you @DukeComposed posted in my original link regarding the DNS because of reading this:

How Anonymous View protects your connections

The Startpage proxy protects users who connect over untrusted internet connections, like public Wi-Fi in coffee shops and airports. It also protects against DNS attacks, like DNS hijacking, because communications are encrypted and sent over a secure HTTPS channel. All non-HTTPS connections are blocked.
quote

[and also seeing the Proxy Service in Startpage and MetaGer in the chart – again, I don't really understand this either.]

I think you will believe me when I state that I don't intuitively – or maybe otherwise - understand DNS resolvers yet, but thank you for the entire paragraph that contained this:

your DNS queries will give away exactly which websites you're trying to find, even if the data between your machine and the destination is encrypted.

as it clarified a lot because I was seeking thoughts regarding Startpage's Anonymous View claims, and while they may be accurate, and although in hindsight rather obvious, I simply did not know the what to look for to find the weaknesses.
========================================================

Good news, recently, I also added/been using more private email aliases than the aliases that I had before, virtual CC's, and firejail. The last step may be DNS resolvers at the router level, perhaps VPN at the router level too.

@CharlesV, I am willing to put in some work to obtain these goals, albeit slowly, and yes hiding in a cave might be one solution – that and a license-plate cover flap.

Yes, it's complicated and thanks for the replies.

[CharlesV]

So... no startpage anonymous view does NOT filter out DNS. (in fact, there is NO mention of DNS on the startpage anonymous view page at all! NOR is is a VPN...

What many people dont realize is that there are three pieces here that all come into play:
A) search
B) DNS call
C) URL call/connection

A VPN typically, but not always, interjects its own DNS, so IT sees / knows where you go, but then it has sole discretion on what it does with that knowledge!

VPN's hide from your ISP the URL call / connection and in most cases the DNS call, but not the actual search. (where you went to search yes. But the search itself is all search engine based - so that se knows what you searched for - and in many cases knows who you are too - vpn or not!)

Additionally, startpage talks about 'their https' connection ( no big deal since pretty much everyone is!) , and it says something key "acts like a vpn" ... but IS NOT a vpn. I can packet snoop ALL startpage hits (not what I search for, but that I *am* going there.)

And in my opinion - this is WORSE than many since it leaves a very false sense of security ! Really, only your search is supposed to be private. Nothing else.