Startpage and Ixquick track your useragent

[Old Forum wazaaaaa] anonymous
Created: 4 years and 7 months ago

"Startpage, the world's most private search engine"

...or maybe not? Despite their "no logs, Nada, Zilch, Zero" policy, I've found something contradictory to say the least.

Try to change the HTTP useragent header/string of your own browser to an empty one or replace it with a single random letter such as a space, and then perform any search with Startpage or Ixquick

The result is this error message:

"You may be using a privacy-oriented browser extension that conflicts with Startpage. Please disable this extension and try your search again. If this does not help, please contact us at (212) 447-1100 (USA) or autoquery @"

Why the search engine doesn't let me perform searches if my UA is empty, and why is it checking what my UA is in the first place? Needless to say that DuckDuckGo doesn't have such limitation.

I've asked for an explanation through email, but no answer was given to me in more than a week.

Hey DDG, now you can use this info to shit on Startpage's face every time someone tries to say that it's better than The Duck. Lol.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.

Nice find!
posted by [Old Forum guest] • 4 years and 7 months ago Link
posted by [Old Forum guest] • 4 years and 6 months ago Link
Im using Ubuntu and noticed 2 times while using now ubuntu-reletad answer ranked at the top when im not searched after soemthing ubuntu-reletad. wondering if this is reproducible or just coincidence.
i know google is using my user-agent (see search url at and maybe startpage uses my user-agengt while searching (for better results?)

posted by [Old Forum guest] • 4 years and 6 months ago Link
Please note that modifying your useragent, especially to something that makes no sense, harms your anonymity and your privacy.

Suppose Windows 7 64 bit with IE9 is the most common combination. If you use Fedora 12 with Firefox 20 and change your useragent to "No, No, No" you will stick out. The only thing you may want to change your useragent to is the one the IE9 sends in combination with Window 7 64 bit, so you are 'hiding' in a much larger group of people. And the useragent is actually valid.
posted by [Old Forum bastik] • 4 years and 6 months ago Link
As bastik pointed out, modifying your User Agent to empty can make you even less anonymous and makes your connection look even more like a bot that that could be malicious. If you are going to spoof your User Agent, I would recommend using what the Tor Browser Bundle defaults to for a user agent:

Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0


Also this doesn't mean that Startpage logs the user agent. It just means that do a live check on their site against the User Agent.

Let Me DuckDuckGo That For You
posted by msyano 4 years and 5 months ago Link
As long as we're flinging feces over something that only affects you if you can't trust the search provider in the first place: when I access DuckDuckGo (or any related sites, like – though not this forum) with my default-setting Tor Browser, I get an alert about canvas.

This website ( attempted to access image data on a canvas. Since canvas image data can be used to discover information about your computer, blank image data was returned this time.

Here's what Tor Project has to say on canvases.
After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today. Initial studies show that the Canvas can provide an easy-access fingerprinting target: The adversary simply renders WebGL, font, and named color data to a Canvas element, extracts the image buffer, and computes a hash of that image data. Subtle differences in the video card, font packs, and even font and graphics library versions allow the adversary to produce a stable, simple, high-entropy fingerprint of a computer. In fact, the hash of the rendered image can be used almost identically to a tracking cookie by the web server.

To reduce the threat from this vector, we have patched Firefox to prompt before returning valid image data to the Canvas APIs. If the user hasn't previously allowed the site in the URL bar to access Canvas image data, pure white image data is returned to the Javascript APIs.

posted by [Old Forum guest] • 4 years and 3 months ago Link
The issue that you are discussing has been discussed thoroughly here:

You may find it refreshing that the devs (including Gabriel Weinberg) have responded to this issue, giving full details as to why TOR throws this message.

Forum Moderator
posted by x.15a2 Community Leader4 years and 3 months ago Link
If you use you can avoid the canvas from being accessed.

Let Me DuckDuckGo That For You
posted by msyano 4 years and 3 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 3 years and 8 months ago
Startpage is still better than duck because Startpage was founded before duckduckgo. "We had privacy before privacy was cool" quotes startpage

I am not afflicted with Surfboard Holding BV(owner of Ixquick who owns Startpage) in any way.
posted by <hidden> • 2 years and 9 months ago Link
that's funny

by your reasoning lycos is better than google because lycos is older and dogpile is better than lycos because dogpile is older - i get it - we should all be using dogpile

thanks for the tip
posted by buckeye 2 years and 9 months ago Link