TL;DR: there is no reason to believe Ixquick/StartPage.com discloses user IP addresses to Google.
Sometimes a question pops up (for instance here, here, here and here) about 1) how the privacy-oriented search engine Ixquick/StartPage.com (wikipedia) shows localized Google search results and AdWords to its users, and 2) how it is possible that Google CAPTCHAs are never shown. I could not find answers in the Ixquick/StartPage.com FAQs or support forums. Because some Reddit commenters wondered whether Ixquick/StartPage.com discloses IP addresses to Google, I asked Ixquick/StartPage.com, and received answers that — as expected — provide more plausible explanations. The questions and answers are posted below, as well as on Reddit, with the intent to counter some unnecessary FUD.
First, here’s my question to Ixquick/StartPage.com about how localized search results are shown (summarized from two mails):
How does StartPage show localized Google search results & AdWords? When using an English browser and searching for “computers” from a Dutch IP address, StartPage shows Dutch AdWords and search results. When doing the same from a German IP address, German results are shown. Does StartPage map the user IP to a country, and use that in the query that Startpage sends to Google’s servers? Does it work exactly like this?
- step 1: perform geolookup of user IP to retrieve country code
- step 2: send country code to Google in the “gl” parameter (in addition to the search phrase etc.)
The answer from Ixquick/StartPage.com’s support desk:
The two steps you’ve outlined are exactly correct:
- step 1: perform geolookup of user IP to retrieve country code
- step 2: send country code to Google in the “gl” parameter (in addition to the search phrase etc.)
Indeed, showing localized Google search results does not require Ixquick/StartPage.com to disclose the IP addresses of users to Google. Ixquick/StartPage.com explicitly states that users’ IP addresses are not shared with Google.
Second, here’s my question to Ixquick/StartPage.com about the absence of Google CAPTCHAs:
How can it be that users of Ixquick/StartPage are never (?) shown a Google CAPTCHA, even though Ixquick/StartPage’s servers send, on a daily basis, lots of queries to Google from a limited set of IP addresses? Is this an agreement between Ixquick/StartPage and Google, in which Google agreed to, for instance, whitelist those IP addresses to exempt them from the CAPTCHA?
Answer from Ixquick/StartPage.com:
StartPage has a contract with Google that allows us to use their official “Syndicated Web Search” feed. We have to pay them to get those results.
Indeed, preventing the Google CAPTCHA does not require Ixquick/StartPage.com to disclose the IP addresses of users to Google; a paid contract takes care of that.
According to a StartPage.com Knowledge Base article from 2013, 99% of the money they earn comes from the ads they show on results pages. Those ads are included via Ixquick/StartPage.com’s own servers, not from third-party domains. It is not until you click an AdWord — and thus help Ixquick/StartPage.com survive as a free, privacy-enhancing way to access Google search (and search results, if you use Ixquick/StartPage.com’s awesome proxy service) — or a search result, that your browser communicates with other parties.
In general, if you don’t want to expose your IP address and/or browser fingerprint to a website, access the website from the Tor Browser, and use Tor Browser properly. StartPage.com is nowadays included as a preset search engine in Tor Browser, and StartPage.com’s “compatibility” with Tor (“we don’t block Tor”, I suppose) is mentioned in a StartPage.com Knowledge Base article from 2014. Don’t forget about the possibility of vulnerabilities in Tor Browser itself: set the new security level setting to “high” to mitigate some of that risk, and lower it only whilst being fully aware that doing so increases risk, especially when allowing JavaScript and canvas fingerprinting. You won’t see localized information unless the Tor exit node happens to be in your country, or when you use a non-English version of Tor Browser and disagree to the following question that is asked at first use (translated from the Dutch version):
To increase your privacy, Torbutton can request web pages in the English language. This can mean that web pages you want to read in your own language are shown in English. Do you want to request web pages in English for better privacy?
Normally, Tor Browser sends the following header to websites to indicate the desired language (tested w/Tor Browser 4.5.2; “q” essentially denotes the preference order; see RFC2616 (HTTP/1.1) Section 14.4 for details):
Accept-Language:en-us,en;q=0.5
If you disagree to the prompt, the Dutch version of Tor Browser sends the following header:
Accept-Language:nl,en-US;q=0.7,en;q=0.3
Generally speaking, the latter will decrease your anonymity, because you are likely to blend in with a smaller crowd — and possibly a far smaller crowd if your particular non-default language setting in Tor Browser (such as Dutch) is used nearly exclusively by relatively small populations (such as the Dutch and the Belgians). Note that, similarly, setting Tor’s security level to “high” also results in a smaller crowd, specifically in the eyes of websites that run tests (through JavaScript, CSS, etc.) to determine and record the browser configuration, including (un)availability of properties and functions.
EOF