Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Interesting you feel like with all this content, there's not enough. Usually we hear there's too much content. Can you elaborate? What's too flashy?

Yap, we have to use some APIs but the searches come from our servers... Which search engine doesn't call any APIs and has great privacy?

We dropped the extension requirement.

The extension has no read access.

No social trickery, I just posted?



    Which search engine doesn't call any
    APIs and has great privacy?
This question seems strange to me and makes me think you don't know the difference between API calls on the backend and sending http requests from the users browser?

Go to https://duckduckgo.com/ and open your network tab. You will never see any requests to non-DDG owned websites.

Your site sends requests to all kind of companies. Which exposes data about your users (IP, UserAgent, that they use you.com ...) to those companies.

Maybe you should talk to your devs about it.


Right. Have you tried the private mode (top right dropdown)? Like DDG we proxy everything in that mode. It's a bit slower so we haven't done it in default mode yet.


It is getting absurd. Having "private" in your marketing front and center and at the same time defaulting to sending your users data out to all kind of companies.

I would not have said anything if you did not post with "private" and "build for devs" in the title. I have no opinion on your project. I only know it is not private and not build for devs. This is just marketing speak and I don't like to see that on my favorite news aggregator.

By the way, have you tried the "private mode"? Even when I enable it, I still see requests to third parties.

If I should take a guess why, I would say because you use external javascript. And even when you proxy that, it can still access external hosts directly. Or your own javascript does not get sanitized correctly. Since JS is turing complete, there can never be a guarantee that your proxy mechanism sanitizes everything.

For example, every time I saw Etsy in the results, my browser made direct requests to Google.


Goddamn, thank you for pointing that out. I knew I was right to not trust him regarding privacy [1], I just didn't expect to see something like this backing that up so quickly lol.

[1]https://news.ycombinator.com/item?id=29170624


I'd listen to TekMol's feedback and made "private mode" default. Marketing privacy while making the client send traceable queries to third parties severely break user expectations.

There should be no reason why all required queries aren't going to first-party servers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: