Hello Dev.to Community !
This time, I decided to write on tools/services/software etc. that have been designed and created to care about your privacy on the internet. I will present some tools that I use and/or can recommend and much more tools on which I made research on.
I've dedicated a huge amount of time, therefore at the very beginning, I request you to share β€΅οΈ this article with your fellows or someone that you think, that it would be useful to share this article with :D
Thank you in advance π !
Introduction
I didn't want to make this just another brief article, that will list you down the tools to use, brief info on them and that's all, download, put your trust into a thing and fingers crossed. This article delved a bit deeper into internals of each tool presented.
While writing the article I quickly realized that, writing a one long article with all of those tools/services is pointless, because I lost often my minds while checking the cohesion. Secondly, noone would like to direct through one hour+ long article, that could actually be a book (lol).
I decided, I will split this into an article series posted one per week. The split will be looking as following:
First Post (This one)
-- Dekstop OS
-- Mobile OS
Second Post:
Third Post:
Fourth Post (In this one there will be a special announcement with surprise for you all):
Fifth Post:
Sixth Post:
Seventh Post:
Eight Post:
- Outfit
- Everyday Items
- Payment Methods
- Events
- Transport
- Youtube Creators
- Educational Resources
BUT before I go into the main details, I want to start with an introduction on privacy and why it matters to everyone, regardless of who you are.
Why actually bother with privacy ?
A lot of people, when they hear term privacy, in front of their eyes emerges a chap in anonymous-mask, who likely commits cybercrimes and lives in a basement or some other shady place.... Probably something like this π is the match for what they see:
Candidly speaking, I do not wonder why people have such imagination about people who "obsessively" care about their privacy. On the other hand, for me as an crypto-anarchist, it's really harmful, because it generalizes every privacy-focused dude is like the guy on the image above.
I guess it will never disappear as human-species likes very much to over-facilitate things instead of understanding the more complex puzzles behind one's decision.
Moreover, the image of privacy preserving people in press or (social) media is rather prone to shift towards calling them some party's extremists or try to assign them to political fraction of the politics' scene, whereas it's not always the case when it comes to individuals.
Important thing to understand on the very beginning is:
Not everyone will need the same level of privacy !
And that should be the nr. 1 thing, you should take out from this article.
There will be a different need of software-developer, who is politically repressed and hounded, and completely different need will be of an regular woman out there who just doesn't want the companies to know about her to many details.
Having said that, I can move straightly into examples of why privacy matters.
Number 1. Advertisement and personal-data trade
Have you ever wondered, where tha heck is your money gone ?
Well...... Ads of some flashy product you talked about and decided to buy it without a real need could be the answer π
I will tell you a story, recently I was by a family-gathering and one person had a talk about bike-roads, and what did they saw first ? You guessed it ! The add of bike-road. I checked their permissions for facebook and everything was set to allowed. And this is a case where big techs ambush a lot of people, who are not aware enough.
I like to recall words said in some video by ThePrimeagen (shout out to you, Micheal :D). Those words were something like:
If you want to be a head of leading silicon-valley company, you have to sell either ads or hardware.
And it's actually true, at least at some point, look at some of the big-techs and their revenue model:
Facebook - Ads
Nvidia - Hardware
Tiktok - Ads
Google - Well they do everything, lol (Ads, hardware, software services etc.)
Microsoft - software services + ads
And in order to specifically profile you, the data is needed, Huge amount of data. Which often is used by unethical methods e.g. wiretapping (as in my story).
Thus, given you have issues that you lack money on some essentials, it might be that you purchase things that you actually don't need and only talked about with friend and under impulse, you bought those things. If you see you have issue with it, guess what privacy is for you !
There is not always about rigid self-control, but also a tooling to it. Sure you can pound a metal-bolt in a wall with your hand, but using hammer makes more sense though, especially as it would be less painful (Lol).
Having said that, I hope I managed to keep you engaged.
Number 2. Banking and Financial Operations
This case pertains a lot of people, not only those who are repressed or alleged of some crime.
I had almost every f*cking time I made a transaction online not even for big amount of money, it were transactions like 5$ or 100$, my account got temporarily frozen, because bank accessed it as suspicious activity, meanwhile it were just regular purchases like Copilot or Brilliant Subscription or even purchase of something from services like Temu or Ebay.
And you really would not like to listen to words I spit out to the consultant and to the bank in emails π
And in the times of growing surveillance (especially in sucky europe), I think it's real threat to most of us, than you think.
Therefore, you might want to have more privacy when it comes to your financial affairs, but also not like to relinquish digital payments.
Number 3. Location Tracking and Stalking
People who experience stalking or being bewilderingly frequently followed by some track while they go outside from somewhere, they also might want to have more privacy, when it comes to their actual location. Regardless if stalking pertains their kids or themselves.
Number 4. Password/Data-leaks
It's very common that in big/middle-sized companies occur breaches, and all of the sudden details about your life, might actually not be the same as the breach might have released a lot of sensitive private messages or data.
Number 5. Remote work setups
Companies very often while video calls, require candidates to perform some task live or to perform some task at all e.g. Make some coding recruitment-task. I have again a perfect example of why you might want to prevent your PC's content private.
To give you more context from December 2025 until Mid January 2026, I was actively looking for a job in IT, especially blockchain industry given my background. And all of the sudden I got a message. Here I will reveal some screen shots from the conversation and there is some pattern I noticed (likely they used AI for it) the account seemed to be legit (thus I hate linkedin π€¬, imo they should pivot their name to TornApart, describes perfectly the faith in not being scammed there)
Here step 1, the message arrives to potential prey/victim:
Here, I honestly answered that this position is beyond my skills and expertise, but they kept insisting
I got offered that I can actually for practice purposes, I can try solving the task so I agreed.
Note, that the messages were poem-long to convince me to run their code on my machine, but when I agreed and wanted to chat a bit more and expected a bit longer answer, I just was ghosted with one word response. Meaning they achieved their goal, so I can piss off now.
Then I was required to solve the task, which I did but I haven't run it purely on my machine, I used DOCKER !, about which fact I informed the employer. Surprisingly the recruitment task was super easy, it was about to build a WETH-like token with accruing value for depositors and test it in hardhat (whereas my setup is foundry and never used it). It turned out that although my code was correct, the test was specially written wrongly in some places especially when it come to rounding-math for the values given as output.
In the end I got no response back from the company, but from the service where the job offer was hoisted.
I cannot say what was their irregular behaviour, but I can assume that there was indeed some malicious code to be run and potentially I could loose my all crypto-assets I have purchased for my money and I could get robbed from my PRIVATE information on my PC.
Thus people like this, could are also highly welcome to read this article.
Number 6. State Oppression
There are a lot of people, who are targeted by the state. You would not even have to commit a crime, being regular chap is enough for the state to have interest in you. But the most frequent targets are people with anti-government attitude (e.g. like me). There were a lot of journalists or other activists that were victims of state oppression and not even activists. But if being an journalist or activist is not enough for you, Nigel Farage could not open a bank account in England and was separated from his money !. All because the government decided to seperate him from the financial system.
Summary of the section
Privacy is not just for weirdos from basements, but considers every single person, because we never know, how the our data is used or how we ourselves are viewed by the company, government or other institution. If you're interested on what's more, let's finally go into the details !
Online Privacy
As I emphasized in the introduction, in this section, I will do my best to present you the privacy tools I use on a daily basis, explain nuances related to each element from the list I mention. And why I recommend them specifically.
I will start with the with the very core of our internet usage, namely Operating Systems !
Operating Systems
Here I have split it into 2 types
- Desktop OS
- Mobile OS
I'll present you first the Desktop Operating Systems.
Desktop Operating Systems π₯οΈ
There is no wonder that I will say I use LINUX !
Yes, Linux is the operating system I use on daily basis. Why this operating system specifically is chosen by people with privacy concerns ?
There are many reasons, but I will name most important of them:
Linux is open-source: This provides transparency and more certainty that the OS is not malware or spyware, due to contributors and people who are interested in technical details and further Linux development.
No telemetry: Linux does not have a built-in telemetry, thus the operating system does not send the information about your activity to third party. The core of Linux is that you are the lord of your OS. If you want more analytics or tracking, you install tools specifically for it :D
No Forced Updates: In Linux you decide if you want to update your operating system or not and you are not forced to do it under circumstance of not being able to use some features or something like that as it happened often to Windows or MacOS users.
Selective Permission Management: In Windows everyone is an admin, which makes it one of reasons why Windows is often a target for hackers. In Linux there is a split between what you can run as a regular user and what you can run as an administrator. Which averts from some successful hacks on your machine.
Customizability: In Linux unlike Windows, you can customize your operating system however you want. You want to compile custom Kernel ? You can do it. You can rebuild the whole OS. Whereas in Windows, Microsoft decides what goes in, what stays out.
Distributions I use
Personally, I'm yet a freshman into Linux (8 months passed since I started using Linux). I use(d) until now Debian as a distribution, so I have no clue about other distributions. And I can recommend Debian for start with Linux as Operating System, it has slick design, and is very intuitive Operating System. Also I noticed a significant increase of free space on how my PC works in comparison to what I experienced with Windows.
However as I mentioned in my latest From Zero to Crypto-Hero post, I said I started playing around with QuebesOS on Virtual Machine, however I did not have enough time to test it out properly. I would say the learning curve is quite steep and basic browser usage like firefox was quite of not understandable for me.
For now on my laptop, I wanted to try out something different than debian, so currently I'm playing around with CachyOS on my laptop. If you ever would like to hear a review on the operating system, feel free to mention it in a comment.
I will only list down here some alternatives, if you don't want to use debian specifically.
Recommnded by experts for beginners: Ubuntu, Mint OS, Zorin
Specified distros for privacy: QuebesOS, Whonix OS, Tails OS
BEAR IN MIND !
That distros like Quebes come up with tradeoffs when it comes to UX, so people that are comming directly from microslop OS aka. Windows or Apple, might not want to choose those particular distros as they require more knowledge on Linux
Mobile Operating System π±
We all know how pure-android and AppleOS phones are filled with spyware. Eavesdropping is one of the most privacy violating action those phones do. However there is a solution for it, name use AOSP (Android Open Source Project) Operating systems that are privacy focused. My phone for daily usage is Pixel 6a with GrapheneOS on board.
Why GrapheneOS ?
There are multiple reasons, why I decided to use GrapheneOS instead of Samsung. But instead of more technical explanations let's start from the user POV.
- No Google by default - This is the first principle of GrapheneOS. Liberation of an operating system from google by default. Currently every android phone is merged/synchronized together with google by default, using google services. Your images are handled by google images, every service you use is basically bloated with google spyware (aka. personalization daemon-softwares).
However you can use your google play in GrapheneOS and are not exposed on mass surveillance over your entire phone. That's because GrapheneOS sandboxes the app usage and does not grant permission to access anything on your device.
Though if you really want to liberate your self from big tech, you probably would like to use open-source app-stores like F-droid, Aurora Store or APK Pure.
- Heavy protection against unknown (0 day) vulnerabilities - GrapheneOS uses measurements to prevent from security flaws in software or hardware that are unknown to the vendor and the public.
The measurements that used are following:
Attack surface reduction - Removing unnecessary code or exposed attack surface eliminates many vulnerabilities completely. GrapheneOS avoids removing any useful functionality for end users, but we can still disable lots of functionality by default and require that users opt-in to using it to eliminate it for most of them.
Containment through sandboxing at various levels - Fine-grained sandboxes around a specific context like per site browser renderers, sandboxes around a specific component like Android's media codec sandbox and app/workspace sandboxes like the Android app sandbox used to sandbox each app which is also the basis for user/work profiles.
GrapheneOS improves all of these sandboxes through fortifying the kernel and other base OS components along with improving the sandboxing policies.
What sandboxing really means is that e.g. if there is an app compromised, then because it's in sandbox, meaning isolated, no other app is compromised.
- Preventing an attacker from persisting their control of a component or the OS/firmware through verified boot and avoiding trust in persistent state also helps to mitigate the damage after a compromise has occurred.
Attack surface reduction
Greatly reduced remote, local and proximity-based attack surface by stripping out unnecessary code.
Making more features optional and disabling optional features by default (NFC, Bluetooth, UWB, etc.), when the screen is locked (USB, USB-C, pogo pins, camera access)
Optionally after a timeout (Bluetooth, Wi-Fi)
USB-C port and pogo pins control
USB-C port and pogo pins setting protects against attacks through USB-C or pogo pins while the OS is booted. For the majority of devices without pogo pins, the setting is labelled USB-C port.
The default is Charging-only when locked, which significantly reduces attack surface when the device is locked.
After locking, it blocks any new USB connections immediately through either USB-C and pogo pins at both the hardware level via configuring the USB controller and also at the OS level in the kernel to provide a second layer of defense.
The highest security however is when our charging is set to Off mode.
Other privacy protections are following, about GrapheneOS there could be really created separate posts series:
Hardened kernel
Hardened app runtime
Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions. Or even there is a feature, that can send you alerts whenever an app will request for sensors.
LTE-only mode to reduce cellular radio attack surface by disabling enormous amounts of both legacy code (2G, 3G) and bleeding edge code (5G).
Wi-Fi privacy
- MAC randomization per each connection unlike in standard android it's done per network. So regardless whether I've been connected to the network or not, if I reconnect, my device is treated as completely different one.
There is a whole much more when it comes to GrapheneOS and what they do, when it comes to privacy protection. If you're more tech savvy than me and you know the infrastructure of the internet from the ground up, you can check out the GrapheneOS website
Unfortunately, GrapheneOS is limited only to Pixel 6 and newer phones, however there was announced that arguably Motorola will have partnership with GrapheneOS
Now you might wonder, why tha heck is a private OS available only on Google's phones ? Let me explain.
The Technical Constraint
GrapheneOS needs direct control over the Titan M2 security chip, which only Pixels expose at the required level. This isn't arbitrary gatekeeping; it's a hardware reality. Other devices either don't provide the necessary low-level access or have weaker security foundations. You're not choosing Googleβyou're choosing the only viable hardware that can run proper security hardening.
Stripping Google Down
Here's what actually happens: GrapheneOS removes Google Play Services, GMS, and proprietary Google binaries by default. Your bootloader locks with your key, not Google's. No persistent telemetry pipeline. The OS doesn't phone home unless you explicitly enable Sandboxed Google Play for specific apps.
So yeah, you bought from Google. But the software surface they can exploit is drastically smaller than stock Android.
The Trust Question
Can Google backdoor you through the Titan chip? Technically yes. But realistically? It'd destroy their business model (which runs on advertising data, not targeted espionage) and burn every ounce of credibility they have.
What you can actually verify:
- Audit the open-source code yourself
- Run tcpdump to inspect network traffic
- Enable reproducible builds to verify the binary matches the source
- Confirm zero Google domains in your traffic
The Real Answer
You're not achieving perfect de-googling. You're reducing Google's attack surface from massive to moderate. It's not self-denialβit's accepting that perfect security doesn't exist and choosing the best available option given the constraints.
The alternative isn't "truly de-googled." It's either stock Android (guaranteed surveillance) or building your own phone from discrete components (impractical). GrapheneOS + Pixel is the pragmatic best-in-class solution for commodity mobile privacy.
Alternative Privacy Operating Systems: CalyxOS, IodeOS, LineageOS
Browsers
We've got private OS, private messengers, now it's time to talk about private browsers so that you're not screwed and spied by simply browsing through the internet.
There are couple of privacy options that are worth switching to. The Browsers are following:
- Tor Browser
- Brave
- Firefox
- LibreWolf
- Mullvad Browser
- DuckDuckGo
Tor Browser β The Gold Standard
Tor's the closest you get to truly untraceable. Here's what makes it beast-level:
Onion routing: Your traffic bounces through minimum 3 encrypted nodes. Even if someone sniffs the exit node, they can't connect it back to you because the previous relay is encrypted.
Letterboxing: Rounds your screen resolution to standard buckets (1000x1000, 1400x900, etc.) so sites can't fingerprint you via screen dimensions.
First-Party Isolation (FPI): Cookies are isolated per-domain. A tracker pixel from Facebook can't see what you did on Amazon because they're treated as completely separate contexts.
Standardized everything: User agent, fonts, extensionsβeveryone looks identical on the network, so statistically you're hidden in a crowd of thousands.
Tradeoff: Slower (routing overhead), some site breakage from hardened CSP/XSS protections.
Brave
Brave is the pragmatic choice for daily use. You get strong protections without sacrificing UX:
Shields: Built-in tracker blocking (uses multiple blocklists) + ad blocking at the rendering level. No extensions needed.
Script sandboxing: Third-party scripts execute in isolated contexts, limiting their ability to communicate across sites.
Cookie isolation: Tracks HTTPS/HTTP + domain separation so cross-site tracking is harder.
Fingerprint randomization: Changes some fingerprinting vectors (Canvas, WebGL) on reload.
Additionally when it comes to features that some people might search for, is actually ads-blocking so you can enjoy watching youtube without any ads and I think it's awesome, I remember how much I suffered because of stupid ads that were kind of targeted at me by youtube.
Brave supports extensions as it's based on chromium engine.
It supports also in-background running by default so you don't have to spend monthly on spotify subscription or something else. You can run youtube music on brave and you have the same effect.
Firefox
I was honestly shocked it is privacy browser, because as I was younger I always associated it with spyware. However Firefox turns out to be privacy respecting.
Firefox lets you actually own your privacy config:
Total Cookie Protection (ETP): Isolates cookies in a "cookie jar" per website. Cross-site tracking via cookies is blocked by default.
Container tabs: Firefox Multi-Account Containers segregate cookies/data per container, so different "identities" don't bleed together.
Advanced hardening via about:config: You can disable WebGL, limit canvas fingerprinting, disable plugins, tweak timing attacks, etc.
Catch: Requires manual tuning for maximum security. Stock Firefox is good, but paranoid Firefox requires config knowledge.
Furthermore, they added 50GB Free VPN recently for every user. And firefox is one of the only browsers that support extensions/add-ons in mobile browsers, so if you have something like blocking keywords or you basically want to add nsfw extensions to your phone it's a good solution to use firefox, while keeping you private.
Mullvad Browser
This is the Tor Project + Mullvad VPN collab. Basically:
Takes Tor's hardening tech (letterboxing, FPI, standardized fingerprints).
Removes the onion routing overhead.
Assumes you'll pair it with a external VPN for network-level privacy.
Key quirk: Zero persistent state. You log out when you close the browser. No bookmarks saved, no history. That's intentionalβharder to track habits.
LibreWolf
LibreWolf's Firefox with Mozilla's telemetry ripped out + pre-baked security config:
No telemetry, no studies, no data sharing with Mozilla.
Ships with hardened about:config by default.
uBlock Origin pre-installed.
Minimal network calls back to Mozilla servers.
Perfect if: You like Firefox's ecosystem but want Mozilla's data collection gone.
DuckDuckGo Browser
I actually used to use Duckduckgo as a browser, but because it was annoying that they had no extensions support for mobile apps. I would rather treat it as quick-search browser and nothing else. However I do use DuckDuckgo products and I really appreciate them. Also they do not support the in-background running by default just as firefox, so you're prolly need an extension for it.
Core Privacy Tech Stack
Search Layer (No Tracking)
Zero search history storage: DuckDuckGo doesn't save or tie your searches to you. Compare that to Google storing everything linked to your account.
No user profiles: Unlike Google's ad-targeting, they literally can't build a profile because they don't collect the data in the first place.
Business model is honest: Makes money from context-based ads (ads based on what you're currently searching, not your history), not behavioral targeting. This is keyβit removes the incentive to spy on you.
Third-Party Tracker Blocking (The Heavy Hitter)
This is where DDG flexes. They've built multiple overlapping protections:
3rd-Party Tracker Loading Protection β Blocks trackers before they even load
Uses Tracker Radar (their own open-source web crawler) to identify tracking domains
Prevents requests to known trackers (Google Analytics, Facebook pixels, etc.) from being sent at all
This is crucial: Stops your IP + other identifiers from being sent
to tracker endpoints
3rd-Party Cookie Protection β Isolates cookies per domain
A Facebook tracker pixel on Amazon can't see what you did there
1st-Party Cookie Protection β Protects against persistent cookies on individual sites
CNAME Cloaking Protection β Blocks sneaky tracker domains hidden under first-party CNAME records
Tech companies sometimes mask tracker domains to look like the site's own domain to bypass cookie protections
Fingerprinting Protection
Randomizes canvas/WebGL fingerprinting vectors
Limits what scripts can detect about your device
Google-Specific Protections (Because Google is Everywhere)
They literally have dedicated protections for Google's tracking schemes:
Google AMP Protection β Strips Google AMP wrappers that let Google track your clicks
Google Topics Protection β Blocks Google's Topics API (their creepy replacement for third-party cookies)
Google Protected Audience API Protection β Blocks FLEDGE (their new ad auction system that still tracks you)
Google Sign-In Pop-Up Protection β Removes those annoying "Sign in with Google" nags
Link Tracking Protection
Strips tracking parameters from URLs before you click
Example: amazon.com?utm_source=facebook&utm_medium=ad gets cleaned to just amazon.com
Referrer Tracking Protection
Blocks the HTTP Referer header from leaking where you came from
Encrypted Connections (Smarter HTTPS). Automatically upgrades to HTTPS when available. Prevents ISP/network-level snooping.
Email Protection
Generates unique @duck.com email aliases when signing up for services. Aliases forward to your real email but mask your identity
Strips email tracker pixels before forwarding
Example: You get unique-alias@duck.com, give it to a sketchy site, it forwards to your real inbox but without the tracking pixel
Duck Player (YouTube)
Strips YouTube's tracking and disables personalized recommendations
Reduces invasive ads. Your video views don't pollute your YouTube history.
Cookie Pop-Up Protection
Automatically clicks the most privacy-friendly option on GDPR/CCPA pop-ups. Then hides the pop-up so you don't see it again.
The Fire Button
One-click nuke of recent browsing data. Clears locally stored data instantly.
Global Privacy Control (GPC)
Sends a standard signal to websites telling them not to sell/share your data.Works via HTTP header + JavaScript signal (platform-dependent). On Windows, it sends both header + JS. On Mac, JS only for compatibility reasons.
Search Engines
Ok, now as we took care of the Operating System, Browser it's time for Search Engines. And in advance I say, no there will be no google in this list (lol).
That's because we would not like to be targeted for ads and having collected our data by company or companies that appear to be friendly to your privacy and data and apparently they see and store all our movements, conversations and more. We would do it for many reasons, either to prevent ourselves from unnecessary expenditures, prevent from trackers e.g. location trackers, profiling us etc.
Before we start yet, I have to mention that there are a ton more search engines, than I thought there are. Therefore I will not discuss each one but will discuss only 6 and for more knowledge I highly encourage to read this article.
Let's first understand the fundamentals of how these systems operate before we list the details on each search-engine. This knowledge is crucial for appreciating the technical differences between privacy-focused and traditional engines.
The Web Crawler: Your Digital Librarian
A web crawler (also called a bot or spider) is an autonomous software agent that systematically browses the web to discover and index content. Think of it like a tireless librarian that never sleeps. Here's how it works:
Discovery: The crawler starts with a list of known URLs, then follows hyperlinks to discover new pages
Fetching: It downloads the HTML, CSS, and other content from each page
Indexing: The content is analyzed and stored in a massive database (the search index)
Processing: Text is extracted, links are catalogued, and metadata is recorded
Updates: Crawlers continuously revisit pages to detect changes
The crawled data is stored in an inverted index β a data structure that maps every word on the web to the pages containing that word. This allows lightning-fast lookups when you search for a query.
The Search Algorithm & Ranking System
When you submit a query, the search engine doesn't re-crawl the web β it queries its pre-built index. The ranking algorithm determines which results appear first. Traditional engines like Google use factors like:
- Relevance: How well the page matches your query keywords
- Authority: Link count and quality (PageRank)
- Personalization: Your search history, location, device, and browsing behavior (the privacy killer)
- Click-through rates: Which results users click on
- Freshness: How recently the page was updated
The Privacy Problem in Search
Here's where traditional search becomes invasive. When you search Google:
- Your IP address is logged
- Your search query is stored and linked to your account/device
- Cookies track you across the web
- Your behavior is profiled to personalize ads
- This data is cross-referenced with your other Google services (Gmail, YouTube, Android)
This creates a detailed profile of your interests, location, health concerns, financial status, political beliefs, and more. That's the data economy that funds free search.
And in order to prevent companies or even governments from taking advantage of your searches, you should use private search engines.
1. DuckDuckGo
Location: Paoli, Pennsylvania, United States
Founded: September 25, 2008
CEO/Founder: Gabriel Weinberg
Market Share: ~2% (highest among privacy engines)
DuckDuckGo is the heavyweight of private search β and for good reason. It's been my personal choice because the entire ecosystem they've built goes beyond just search.
I personally use DDG as my search-engine together with other products offered by DDG, but more on that in next posts.
How DuckDuckGo Works
Unlike many competitors, DuckDuckGo doesn't rely on a single source. Its search results come from a hybrid of over 400+ sources:
- Bing API: Primary source for general web results
- DuckDuckBot: DDG's own web crawler that supplements Bing results
- Wolfram Alpha: For computational queries
- Yahoo! Search BOSS: Historical data
- Yandex: International coverage
- Wikipedia: Knowledge panels
This is crucial because it means DDG isn't fully dependent on Microsoft's infrastructure. They've invested in building their own crawler (DuckDuckBot) to create partial independence.
Privacy Architecture
DDG's privacy model is straightforward:
- Zero Tracking: No IP address logging, no search history storage, no user profiling
- No Search Leakage: Your search query isn't passed to the websites you click on (this alone is huge)
- Encryption: All connections use HTTPS, preventing ISP snooping
- No Cookies for Tracking: Only essential cookies for functionality
- Global Privacy Control (GPC): Auto-signals opt-out preferences to websites
Pros
β
Largest privacy search community β best network effects
β
Actual independence β uses own crawler + multiple sources
β
Clean interface β no bloated UI
β
Respectable search quality β Bing's index is solid
β
Full ecosystem β everything integrates
β
Open source contributions β DuckDuckHack community
β
Transparency β clear about what they don't collect
Cons
β Depends on Microsoft Bing β During 2024 Bing outages, DDG stopped working
β Less personalized results β No history means generic suggestions
β Limited independent index β DuckDuckBot is supplementary, not primary
β Ad-supported model β Non-personalized ads still shown
β Search quality inconsistency β Sometimes results lag behind Google
β Premium required for full privacy β Basic version still has limitations
The Real Talk
DDG is solid if you want the path of least resistance. The ecosystem approach means you get privacy across multiple touchpoints. But here's the thing β it's still fundamentally dependent on Bing's infrastructure. That 2024 outage proved it.
2. StartPage
Location: The Hague (Den Haag), Netherlands
Founded: 2006
Ownership: Dutch company, part of System1 (US-listed)
Market Share: ~0.06%
StartPage is the proxy-based privacy champion. If you want to understand sophisticated privacy architecture, this one's worth studying.
The Architecture: Proxy-Based Anonymization
Here's what makes StartPage different from DDG β it uses a middleman approach:
- Your Query: You search on startpage.com
- Premise Servers: Locked cabinets with non-US administrators
- Your IP Removed: All identifying info stripped (full IP, not just last octet)
- Query to Google: Startpage's servers ask Google for results (no user info attached)
- Results Returned: Google sees Startpage, not you
- You Get Results: Back to your browser without tracking
This is clean. Google literally doesn't know who's searching. The encryption uses:
- SSL/TLS: Secure socket layer between you and Startpage
- Perfect Forward Secrecy (PFS): Each session gets unique encryption keys
- HTTPS Everywhere: All connections encrypted
Why Google Results Matter
StartPage literally serves Google's search results but anonymizes your query. This is a trade-off:
Pro: You get Google-quality results (often considered the best)
Con: You're still dependent on Google's index, just with privacy wrapping
Pros
β
Google-quality results β Best-in-class search
β
True anonymity β Full IP removal, not partial
β
EU jurisdiction β GDPR protections, privacy-first legislation
β
Transparent operations β Explains technical flow clearly
β
Anonymous View feature β Proxy browsing for extra privacy
β
No account required β Works anonymously out of the box
β
Endorsed by privacy experts β Edward Snowden recommends it
Cons
β Completely dependent on Google β No independence if Google changes
β Tiny market share β Niche product, limited resources
β Slower than direct Google β Added proxy layer = latency
β Limited feature set β Minimal instant answers compared to DDG
β Less aggressive crawler β Supplementary indexing only
β Owned by System1 β US company owns the parent (though Dutch HQ adds protection)
Technical Depth
The premise server setup is where the magic happens. Unlike traditional architectures, the servers are:
- Physically locked in cabinets
- Managed only by non-US staff (avoiding US legal jurisdiction)
- Isolated from cloud providers (avoids Patriot Act issues)
- Running their own anonymization pipeline
This is more robust than DDG's approach because there's no direct connection between your query and Google's servers.
3. Brave Search
Location: San Francisco, California, USA
Founded: June 2022 (beta), fully released
Parent Company: Brave Software, Inc.
Current Status: Growing, recently hit 100% independence
Brave Search is the young gun with serious ambitions. This is what a true independent index looks like.
The Independence Factor
Here's what makes Brave radical: it's building its own web index from scratch.
| Aspect | Brave | DuckDuckGo | StartPage |
|---|---|---|---|
| Search Index | Own independent index | Bing (80%+) + own crawler | |
| Dependence | Minimal Big Tech | High (Microsoft) | High (Google) |
| Index Size | 93% of results from own index | Supplementary | 0% |
| Crawling | Brave owns the crawler | DuckDuckBot supplement | No crawling |
This is huge. Brave doesn't have to negotiate with Microsoft or Google. They built their own.
How It Works
- Web Crawling: Brave's crawler indexes the entire web
- Independent Storage: Results stored in Brave's servers
- Community Feedback: Users can upvote/downvote to improve results
- Goggles: Custom ranking filters users create
- No Bing/Google: Zero reliance on Big Tech indexes
Privacy By Design
Brave Search doesn't track because it wasn't built to track:
- No User Profiles: Engine designed from ground-up for privacy
- No Cookies: Zero tracking cookies by default
- No Browsing Data: Device info not collected
- No IP Logging: IP addresses not stored
- Optional Web Discovery Project: Users can opt-in to help improve results (anonymously)
Innovative Features
Goggles: This is brilliant. You create custom ranking rules:
Example Goggle:
Boost scientific papers
Hide social media
Prioritize academic sources
Downrank clickbait
Others share their Goggles, creating community-curated search experiences.
Discussions: See real discussions about topics (Reddit threads, forums) integrated into results.
AI Summarizer: Generates concise answers with cited sources (not hallucination-prone like competitors).
Pros
β
True independence β Own index, no Big Tech dependencies
β
Private by architecture β Not bolted on as afterthought
β
Goggles feature β Community-driven ranking customization
β
Growing rapidly β 100M+ monthly active users (Brave browser)
β
Excellent privacy defaults β Zero tracking, zero profiling
β
Web Discovery Project optional β Can contribute anonymously
β
US-based but transparent β Open about design principles
β
Premium option β Ad-free for supporters
Cons
β Young search engine β Still refining result quality
β Different results than Google β Learning curve for power users
β Smaller index β 93% own index still maturing
β Brave browser required for best integration β Works standalone but better with ecosystem
β US jurisdiction β No GDPR-level protection (though privacy-first design)
The Blockchain Angle
Brave is built by people who understand decentralization. Their philosophy of "no Big Tech dependency" aligns with blockchain thinking. They're even working on integrating Web3 concepts into search (cryptocurrency tipping, decentralized indexing discussions).
4. Swisscows
Location: Egnach, Switzerland
Founded: Originally as web directory in 2002, evolved to search engine
Data Center: Swiss Alps
Unique Selling Point: Family-friendly + Swiss data protection
Swisscows is the extreme privacy option. They don't mess around.
The Switzerland Advantage
Switzerland has:
- Federal Data Protection Act β Stricter than GDPR in some ways
- "Bunker" Data Center β Swiss Alps location, highest security
- No US Jurisdiction β Patriot Act doesn't apply
- Strong banking privacy traditions β Culture of secrecy
Swisscows headquarters is in Egnach, serving this exact jurisdiction.
Technical Stack
Own Servers: Swisscows has its own infrastructure (unlike most competitors):
- Located in Switzerland only
- Not using cloud providers (avoids Patriot Act)
- Only Swiss staff can access servers
- Queries anonymized after 7 days
Search Index: Originally powered by Bing, but recently partnered with Brave to develop independent European index. This is strategic.
Privacy Features (Standard)
- No data collection on free version
- IP address removal
- No user profiling
- No cookies for tracking
- Semantic search (intelligent understanding)
Swisscows Pro (Premium)
For absolute paranoia (in the good way):
| Feature | What It Does |
|---|---|
| Zero Data Storage | Literally no data saved about you, ever |
| 100% Anonymous | Complete anonymity, even from Swisscows |
| Ad-Free | No advertising revenue model needed |
| Custom Results | You curate which sources appear |
| Swiss Servers Only | No data leaves Switzerland |
Family-Friendly Feature
Swisscows filters pornographic and violent content by default:
This is useful for:
Schools wanting safe search
Parents protecting kids
Organizations with content policies
Some see this as censorship, others appreciate it.
Pros
β
Strictest privacy jurisdiction β Swiss law is gold standard
β
Own servers β No cloud, no Patriot Act risk
β
Bunker data center β Physically secure infrastructure
β
No US parent company β Completely independent
β
Partner with Brave β Contributing to European index independence
β
Family-friendly filtering β Good for institutions
β
Very transparent β Clear about what they do/don't collect
β
Semantic search β Intelligent query understanding
Cons
β Tiny market share β ~0.001% usage
β Limited result quality β Smaller index means gaps
β Expensive premium β Around β¬89/month or β¬899/year
β Content filtering controversial β Some see it as censorship
β Newer to independence β Recently partnered with Brave for index
β Language limitations β Better for European languages
β Poor search features β Minimal instant answers or tools
5. Qwant
Location: Paris, France
Founded: February 2013
Founders: Jean-Manuel Rozan, Γric LΓ©andri, Patrick Constant
Government Support: Backed by French state investment
Market Share: ~0.5% (mostly in Europe)
Qwant is France's answer to Google dominance β and it's complicated.
The French National Project
Qwant received backing from French government and Caisse des dΓ©pΓ΄ts (French investment bank) because of geopolitical concerns about US tech dominance. This is interesting from a sovereignty perspective.
How It Works
Qwant uses Microsoft Bing as primary index with its own improvements:
- Fetches Google results for some queries
- Has own index but it's supplementary
- Uses Wikipedia for knowledge panels
- Integrates APIs from TripAdvisor, DeepL, YouTube, Twitter, Facebook
The results are similar to Bing because that's the underlying technology.
Privacy Model (Mostly)
Here's where it gets murky:
What Qwant Claims:
- No tracking cookies
- No personalized ads
- No user profiling
- Queries anonymized
What Actually Happens:
- Sends data to Microsoft Bing Ads for ad targeting
- IP address is masked (last octet removed) but not fully anonymized
- User-Agent and search keywords sent to Microsoft
- Data retained up to 18 months (not "never stored")
- This wasn't disclosed until mid-2021, causing privacy backlash
This is the fundamental weakness. They claim privacy but still feed Microsoft your behavioral data for ad targeting. It's better than Google, but not actually private.
Unique Features
Junior Mode: Filtered version for kids (similar to Swisscows)
Collections: Save and organize search results like Pinterest
Qwant News: Aggregated news with diverse sources (actually good feature)
Translation Integration: Built-in DeepL translator for results
Pros
β
EU/France jurisdiction β GDPR protected
β
Government investment β Funding stability
β
No personalized ads β Ad model isn't behavior-targeted
β
Decent search quality β Bing is solid index
β
News aggregation β Good for current events
β
Junior mode β Family-friendly filtering
β
Fast interface β Minimalist design
Cons
β Misleading privacy claims β Says "private" but feeds Microsoft data
β Bing dependent β No independence from Microsoft
β Data retention β 18 months storage contradicts privacy narrative
β Limited features β Fewer tools than Google/DDG
β Tiny market share β Limited resources for improvement
β French government ties β Some see as political tool
β IP masking not anonymization β Last octet removed β private
β Unreliable history β Financial struggles, multiple pivots
The Real Problem
Qwant markets itself as private but fundamentally isn't. The Bing Ads data sharing was buried in their privacy policy. For crypto people doing sensitive research, this is a no-go. You're still being profiled, just not visibly personalized.
6. Ecosia
Location: Berlin, Germany
Founded: December 2009
Founders: Christian Kroll, Achim Steiner (UN figure)
Business Model: Non-profit, B Corp certified
Market Share: ~0.04%
Ecosia is unique because it's not primarily about privacy β it's about environmental impact. But it's worth understanding because the trade-offs are interesting.
The Mission
Ecosia uses search revenue to plant trees. 50% of profit goes to reforestation projects:
- 45+ million trees planted (as of 2024)
- Partnerships with The Nature Conservancy, IUCN
- Multiple continents: Brazil, Indonesia, Ethiopia, Peru, India
- Verified impact tracking
This is legitimate environmental work, not greenwashing.
How It Works (Technically)
Ecosia uses Bing index (like DuckDuckGo and Qwant):
- Powered by Microsoft Bing results
- Own supplementary crawler (Ecosiabot)
- Generates revenue through Bing partner ads
- Takes ~β¬0.50 per search to tree planting
The economics: You search β Bing shows ads β Ecosia gets commission β ~50% goes to trees
Privacy Features
Here's the reality check:
What Ecosia Does Right:
- No persistent user tracking
- No search history storage
- HTTPS encryption
- No third-party profiling cookies
- GDPR compliant (EU based)
Where Privacy Falls Short:
- IP address logging β Stored for debugging, cleared after 7 days
- Bing data sharing β Microsoft sees your searches (anonymized but still shared)
- Analytics cookies β Matomo analytics (privacy-focused but still collects)
- Limited anonymization β Not like StartPage's full proxy approach
Ecosia is more private than Google but less private than DuckDuckGo/StartPage.
Environmental Breakdown
| Initiative | Details |
|---|---|
| Tree Planting | 45M+ trees in 70+ countries |
| Carbon Negative | Offsets more CO2 than servers emit |
| B Corp Certified | Independent third-party verified |
| Transparent Reporting | Monthly impact dashboard public |
| Partnership Model | Works with local organizations |
The tree count is audited. They show exact locations, coordinates, photos. This is serious environmental work.
Pros
β
Environmental impact verified β Real trees, real numbers
β
Decent privacy β Better than Google, not as strict as DDG
β
B Corp certified β Independent auditing of social mission
β
Reasonable search quality β Bing index is solid
β
Transparent financials β Public impact reports
β
EU jurisdiction β GDPR protection
β
Growing adoption β ~15M monthly active users
β
Mission-driven team β Passionate about environment
Cons
β Privacy not primary focus β IP logging, Bing data sharing
β Bing dependent β No search independence
β Effectiveness questioned β Tree planting ROI debated
β Limited instant answers β Fewer tools than Google/DDG
β Smaller index β Result quality gaps on niche queries
β Free version slower β Premium for faster results (weird model)
β Can't verify tree quality β Planting numbers public, survival rates less so
β Ad-supported β Still needs advertising revenue
The Trade-Off Philosophy
Ecosia explicitly says: "Choose environmental impact over maximum privacy"
This is honest. If your primary concern is privacy, use DuckDuckGo or StartPage. If you want to offset carbon while searching reasonably privately, Ecosia makes sense.
Comparison Matrix
| Engine | Privacy Tier | Independence | Speed | Search Quality | Jurisdiction | Best For |
|---|---|---|---|---|---|---|
| DuckDuckGo | Excellent | Medium (Bing+own) | Fast | Very Good | USA | General use, ecosystem |
| StartPage | Extreme | Low (Google proxy) | Medium | Excellent | Netherlands | Google quality + privacy |
| Brave | Excellent | High (own index) | Fast | Good/Improving | USA | Independence-focused |
| Swisscows | Extreme | High (own infra) | Fast | Fair | Switzerland | Absolute privacy, bunker |
| Qwant | Fair (misleading) | Low (Bing) | Fast | Good | France | EU users, news |
| Ecosia | Good | Low (Bing) | Medium | Good | Germany | Environmental impact |
Summary
Online Privacy is not like a road from Point A to B. It's a rather a multi-layer process, that if taken seriously and applied correctly, can benefit you and your environment by liberating you from big-tech, government surveillance.
This is a way I would envision privacy. Btw, the Penguin is probably the Linux one :D
I hope you enjoyed this article and you learnt something from it. I honestly have spent hours on reading, fact checking, researching, comprehending and editing the text so that not only me but also you could understand it.
Be ready for Part 2 ! Where I will present couple of alternatives for Mail Providers and Messengers for you, so that you can switch from the big-tech ones to more private ones.
Top comments (0)