StartPage has apparently started to fingerprint users

I understand, but i always want to give companies and peojects atleast to chance to respond and explain themselves before picking up and torches and pitchforks.

Always their anonymous view is a pretty cool feature.

1 Like

After some digging, it seems like uses the analytics product called “Amplitude” (https://amplitude.com).

It looks like a service that they don’t self host, but they proxy the results through startpage’s servers to strip personal data before sending it to amplitude. Maybe this is why the files seem locally hosted on Startpage’ s servers?

I have yet to recieve a reply on my email to startpage.

Looking at the contents from the .js @jonah links to, I cannot find any links to Amplitude, but I do see google ad services mentioned alot in the script, which according to Startpage’s privacy policy, is used for sponsored links.

They declare that some system information is shared in this process to prevent click fraud, but they do not declare what exact information is shared, only that its “non-identifying”.

So my best guess is that this script is used for collecting the necessary information for their sponsored links to work

I have yet to look into the .gif jonah mentioned.

5 Likes

This is more commonly done to get around blocks.

5 Likes

Quick update, still no response, however i found the phone number of their HQ, so I will just give them a call if they do not respond in the coming 24 hours.

7 Likes

Just wanted to jump in and say thank you for all your effort in vetting StartPage. I use them based on PG recommendation and have been keeping a close eye on this thread. I’m glad jonah mentioned that uBlock blocks the connections using EasyList which is a relief for now. Disroot search (https://search.disroot.org/) is my backup in case StartPage has to go. Thanks again for sticking to getting an answer for us all!

7 Likes

Thats what we are here for. Personally I don’t think anything major is happening here, we already knew they log some system information, as do most services we list on a very basic level.

However, its good to know if anything changes and that way stay on top of it. They simply need to explain what script does what so we can review their listing.

6 Likes

So my best guess is that this script is used for collecting the necessary information for their sponsored links to work

Personally I don’t think anything major is happening here, we already know they log some system information, as do most services we list on a very basic level.

I disagree. The information provided in that ct fingerprint is more than enough to track users individually, and is almost certainly not necessary for any functionality of the website to work.

2 Likes

StartPage is owned by System1 and currently does some sketchy stuff. It used to be a search engine to recommend for people who need Google results but in a more private way but now StartPage also indexes Bing results.

I’m the only one who doesn’t see a point in recommending StartPage anymore?

1 Like

Not for the website to work, no. Its to my knowledge against click spoofing. Anyhow i have never noticed this domain before, nor do i know how long this practice has been going on.

This is why we are trying to map this out and why I put out an email toward Startpage to explain themselves.

We cannot just go around and remove or add services over every suspicsion without knowing what it exactly is that going on.

4 Likes

Well, getting google search results for one. Google tends to serve better results for non english searches, and remember, PG is global, we don’t just look at the western world.

(Also, I like their anonymous view feature, but that’s just personal :wink:

They now also index Bing so it isn’t just Google, right? Also, something like Whoogle would be better.

If your technical, sure. But you try and convince my mother to use that and help her when the instance breaks. :slight_smile:

5 Likes

I posted on Mastodon, please re-post

Update: no response as off yet, I am going to attempt to call them during my lunch break today.

Edit: Just called, they didn’t pick up, so I left voicemail. I have also forward my mail to their press mail now to see if they respond quicker to that.

9 Likes

I have been too busy of late to look at this. I have to wonder if they’re doing this because of people pointing searx at them. They do buy from Google search API access.

Yeah, this all doesn’t have to be an issue if someone can simply explain what is what. Its like with the Apple foto restoration issue a few days ago.

Lots of folks are willing to pick up a torch and pitchfork to burn everything to the ground before knowing the details.

A site like startpage where a reputation as being privacy friendly is key, would very stupid to risk it all for a few simple trackers for some extra ad income, it would tank their company.

This is why I want to have a word with them before moving forward and making decisions on anything.

3 Likes

At this point you’re just strawmanning. You’re claiming that I’m “willing to pick up a torch and pitchfork to burn everything to the ground before knowing the details” (you didn’t address me specifically, but it’s obvious who you are talking about).

My comment here does not say anything about rushing a decision. What it is actually saying is that the sheer amount of information that the script is collecting should not be downplayed by claiming it is simply sponsored links or somehow an entire fingerprint getting sent over isn’t major.

Not downplaying a situation and going “around and removing or adding services over every suspicion” are two different things.

I’m willing to wait for Startpage to reply. But I’m not gonna make excuses for them, and I believe it is an issue for as long as the script exists.

2 Likes

Lets not point fingers here, the situation is clear, we assembled some pointers, and are now trying to wait for an answer from Startpage, and until then we wait ( for a while).

No need for negativity.

2 Likes

Yeah, let’s just wait until we get Startpage on the line.

2 Likes

Update, Startpage has reached out to me over mail. Apparently they haven’t seen my mails, but I will figuire that out later, Ill keep everyone posted.

6 Likes