August 12, 2021

How Startpage keeps your search secure with SSL

How does Startpage stack up against other privacy-respecting search engines? Dan Arel reviews SSL reports for Startpage, DuckDuckGo, Qwant, and Ecosia.

When it comes to privacy respecting software and services from search engines, to email, and even VPNs, the discussion focuses heavily on logging, and what the provider stores about you, the user. And rightfully so, however, you’re using Startpage and you already know they don’t log you searches, or IP address, or any other identifying information.

But what you might not know is that they also go further to protect your privacy. By now, you’ve likely noticed the increased talk about HTTPS vs HTTP, if not, read about how to know if the website you’re visiting is secure.

HTTPS sites are considered secure, which means they help protect users from snooping eyes trying to steal data during a transfer, they call this a Man-in-the-Middle attack. In short, this would take place on an unsecure site, in which say you’re entering credit card information on page 1, while that data is being sent to the credit card processor, a hacker sets up a tool to watch for those numbers to be sent to across the web and picks them up, stealing your credit card info. 

An HTTPS site, which uses an SSL certificate to enable a secure, encrypted connection that should be nearly impossible to intercept. Nearly impossible because not all SSL certificates are created equal and not all system administrators set them up correctly. 

That’s why sites like Qualys SSL Labs exist. SSL Labs is one of the most widely respected tools for testing SSL certificates and connections for sites to document how secure a connection is. 

Startpage has an A+ on SSL Labs, and for those concerned about the privacy and security of their searches, as you should be, this is a big deal.

Why?

What good is a no-logging policy if a third-party can monitor the searches through a Man-in-the-Middle attack and log the searches on their own? This can be a malicious hacker, it could be a state-sponsored entity, or maybe a dubious competitor trying to learn more about its competitors’ users.

And what these results tell us is that Startpage takes the additional step of enabling “Perfect Forward Secrecy”, or PFS. Without PFS, if someone is monitoring your internet connection and records your secure web site accesses, they would be able to decrypt that data if the “private key” of a server without PFS would ever be compromised.

With PFS, they would never be able to decrypt encrypted information even if they did manage to break a server’s security.

This means that when you use Startpage, a third-party be it hacker or state-sponsored entity would not be able monitor your usage because it’s encrypted, and with PFS, they won’t be able to decrypt any information they might have recorded. 

And if that’s not enough for you, because Startpage does not log or retain any information on its users or their searches, so even if a government entity demanded all their records, they’d come up empty handed.

This is what makes Startpage the most private search engine on the market. 

But how does Startpage stack up against other privacy-respecting search engines? 

DuckDuckGo also receives an A+ rating, but do have some weaknesses in the Transport Layer Security (TLS) 1.2. 

Where you see Startpage has a stronger TLS 1.2 suite. 

Qwant, another popular privacy respecting search engine also comes in with an overall A+ rating, but unlike Startpage and DuckDuckGo, they do not offer TLS 1.3, the latest security protocol.

And then Ecosia, who we compared to Startpage here came in with a B rating, with no support for TLS 1.3 and multiple weaknesses in their 1.2, 1.1, and 1.0 protocols. 

Looking at these results, we can know that most of the privacy-respecting search engines are providing good layers of security, but none as good as Startpage. This means that when you use Startpage, not only can you rest assured they are not tracking you, but that they have worked to ensure vulnerabilities in their system don’t exist that will allow a third-party access to your data.


Dan Arel is a privacy and digital rights activist, founder and curator of ThinkPrivacy.ch, as well as an award-winning journalist, and best-selling author. His work has appeared in the Huff Post, OpenSource, Hacker Noon, Time Magazine, and more. You can follow him on Twitter @danarel.

The views expressed in this article are those of the author and do not necessarily reflect those of Startpage.

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default