Private.sh Privacy Search Engine first look
Private.sh is a new search engine that was officially unveiled in November 2019. The search engine is maintained by Private Internet Access, a provider of VPN solutions and other tools, and Gigablast, a company that maintains an index of Internet pages.
Private.sh promises better privacy than other search solutions by encrypting searches on the user's system and by using secure proxies to hide user IP addresses.
The search term is encrypted automatically when users type search terms into the search field on the private.sh website and hit the search button. The request is then tunneled through a secure proxy maintained by Private Internet Access and submitted to Gigablast.
There, it is processed, encrypted using a temporary key, and send back the same way it came.
The announcement of the new service on the Private Internet Access website provides additional information on how this works:
When you enter a search term into Private.sh, the search term gets encrypted on the client side (on your computer or device) using GigaBlast’s public key, which only they can decrypt. In effect, this ensures that Private.sh never sees the search term.
After the search term is encrypted, it is passed to the GigaBlast search engine through a Private.sh proxy so GigaBlast doesn’t see your IP address, browser fingerprints, or anything that would allow for your privacy to be broken or a user profile to be created. This means that neither Private.sh or GigaBlast is able to build a user profile on you or store your search history.
Finally, the search results are encrypted by GigaBlast using your temporary public key and are returned to you through the Private.sh proxy. The results then get decrypted and rendered locally on your device using Javascript with a temporary private key that only exists on your device. This client-side keypair is changed for every search request.
The search engine itself provides a search field on the start page and options to filter by Web/News or by country. Not all countries are supported but several dozens are including the United States and other English speaking countries, France, Germany or Spain. Most Asian countries don't seem to be supported though.
Results were returned quickly during tests regardless of query or filter.
The search engine shows a text banner for Private Internet Access in a sidebar but has no other ads or unwanted content. A quick check of the network connections shows that it only connects to its own domain plus the subdomain search.private.sh.
Results are quite okay considering that the company that operates the search engine and the index does not have the resources at its disposal that Google or Microsoft have.
Private.sh Browser Extensions
Today, browser extensions for Google Chrome (and other Chromium-based web browsers) and Firefox were released. These are available on the official add-on stores and as standalone versions that users may download from the site directly.
The extensions add another layer of security to the search experience according to the announcement:
Using Private.sh’s extension adds an additional layer of security to your Private Search experience. When visiting our website, the code used to encrypt your search term comes from the website even though it executes client side in your browser through Javascript. When using the Private.sh Google Chrome Extension or Firefox Add-On, all the code not only runs locally on your machine. Once the Private.sh extension code is on your machine, it is all but impossible to tamper with unless an attacker has read/write access to your computer.
Closing Words
Private.sh makes a good first impression. The search engine loads quickly, results are displayed fast thanks to the bare-bones nature of the search results page's design, and results appear to be quite good as well (based on limited testing though). The promise that searches and user IPs are protected needs to be verified by a third-party though.
The search engine supports a limited number of countries and languages, and search options. It lacks media searching for one, and there are not any options to filter search results by time or extend the protection the proxy offers by letting users open results using it (like Startpage does).
All in all, not a bad start and certainly something that privacy-conscious users may want to keep an eye on.
The website doesn’t work anymore. But I cannot find any news commenting about it. Why?
I would recommend YaCy for a truly private experience, nothing beats self hosted in my opinion.
Isn’t PIA the same company that now either works with or is controlled by Israel? And had so much backlash against them after attaching themselves to Israel, which is known for and caught using technology to spy on everyone else? Yeah, no thanks…if they have anything to do with Israel, back away…slowly.
I use elgoog.im for my private searches.
About 23 corporations run all VPN-services world wide. How many of them are safe ? I wouldn’t touch this searchengine. It is located within the UK. UK has no privacy at all anymore.
You are wrong.
Private Internet Access (London Trust Media) and Gigablast are both located in the USA.
I bet you’re wrong about other things too.
A number of options listed and explained @ https://www.privacytools.io/
Includes ghacks user script, for example.
Many ways to “harden” FF by going through the various settings.
Epic Privacy Browser, I think, is the closest one can get to privacy per se.
Tor, perhaps. A VPN not necessarily according to Privacy Tools.
Tails, maybe?
I did a test search for Rate Your Music. Now, logically, I should have gotten the main home page as the first search result, like any other competent search engine. Not only was it not the first result (it was some random user profile), it didn’t even appear on the first page.
Same thing for Twitter, Twitter’s Twitter was the first result, the Twitter home page was third.
And also the same for TVTropes, where random tropes appeared in the search results, with the home page nowhere to be found.
I know this is in its infancy, but to screw up basic search queries is inexcusable.
Right?? Privacy is obviously super-important and blah blah blah, but if you can’t use the SEARCH part of a search engine, what exactly is the point?
Sounds like snakeoil for me, because… you see, 2 companies joining to earn nothing?
I’ll absolutely be trying this out. I’m happy to see more alternatives come online!
Private.sh reads like a middleman or (front end depending on where one starts looking) for Gigablast. Gigablast is kind of a mystery, a good reputation but no privacy statement on their site or much useful info at all. Private.sh may generate some sales for PIA to users desiring more privacy.
PIA is US and Israel based. PIA is probably the most storied VPN out there; not a Hola for sure but never ending controversies regarding ownership, data collection, forum biases, etc. A lot of the raging is total BS but it continues to cloud the truth. Not a service those interested in a low anxiety VPN would use.
Private.sh seems like just another “private” search engine, something popping up like mushrooms after rain these days. The concept of a private browser extension escapes me; not even close to possible with chromia. Privacy belongs outside a browser.
Does actual “privacy” exist? Unlikely.
Privacy is just another one of the growing list of words that describe concepts that don’t exist in reality. Words like ‘perfect’, ‘free’, ‘safe’, etc…
If you send out a ‘request’ from your computer onto the ‘interweb’ and expect the ‘response’ to find it’s way back to your computer, how can you expect privacy or anonymity? Throw in all the encryption(s) and whatever, if the data finds its way back to you specifically, it’s traceable. A ‘broadcast’ response to multiple recipients would be more beneficial.
Confidentiality is the word that should be used and what people should expect.
(If you truly need to keep your searches private, you shouldn’t be using a public entity.)
So you think privacy, perfect, free, and safe are just concepts that don’t exist in reality.
I think you’re crazy.
TIP: You should try to perfect your agenda better with reality.
> When you enter a search term into Private.sh, the search term gets encrypted on the client side (on your computer or device) using GigaBlast’s public key, which only they can decrypt. In effect, this ensures that Private.sh never sees the search term.
That’s a good idea all meta-search engines should ideally use to guarantee actual privacy, not just “we anonymously target ads on your searches” “privacy” like Startpage, Duckduckgo and Qwant. More private search engines like Searx that are not considering the users as the product could implement such a thing but for that they would need an agreement with the real search engines they are a proxy for.
So although if it works as advertised it’s more private than what exists, this still requires to trust that the private.sh javascript code is every time what it pretends to be, the usual security problem inherent to any browser cryptography. And that private.sh won’t actually give our IP address to Gigablast with the search term, and that Gigablast won’t give back the search terms to private.sh, both impossible to verify.
But that’s nitpicking, why bother if anyway it’s still more private than what exists ? The link given by Anonymous about Kape Technology suggests to avoid it.
> Kape Technologies was originally found under the name of Crossrider in 2011 developing advertising apps until they changed their name in 2018. However, their software was treated as malware by companies such as Malwarebytes and Symantec begging one to ask, how can such a company despite rebranding itself change the shoddy culture that it had?
> The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA “
At that level, we shouldn’t even trust that they can’t break their own cryptography.
The problem gets worse when they offer more than website code but more privileged extension code.
So the idea is good, now we just need decent human beings to implement it, not samples of the worst oppressive scum the planet is bearing.
For Chrome users I get a 404. There is standalone code and signature file at https://private.sh/extension.html but I assume Google pulled it from their store, so I personally will not try to circumvent their decision.
not support ipv6…
PIA was recently acquired by Kape Technologies:
https://www.hackread.com/private-internet-access-pia-vpn-sold-israel-privacy-concerns/
@Anonymous: thanks for that link !
I’m glad someone actually pointed this out. A search engine + browser add-on ultimately monitored and likely controlled by the Israeli Intelligence services does not, to my mind, constitute a “privacy-respecting” technology. (Sarcasm quite intentional.)
@Sunil: +10
Martin, Do you know or the .sh stands for Sint Helena?
And do you also know or Sint Helena (Like Switzerland) (Or the country there by law located – established) has a law that they not have to hand over, there company (how securely there disguising there database results, is not the most important mater) products findings and fruits to any government?
lol St.Helena is British and there is no privacy in any Five-Eyes country. Ed Snowden described it very clearly.
.sh is just a TLD.
So Ed Snowden said “there is NO privacy in any Five-Eyes country”?
He didn’t say that, and that’s not true, lol.
I did not know that. Thanks!
Testing private.sh without its Firefox/Chrome extension :
Fast indeed. 10 results/page (not settable), more results scroll nicely (no new tab).
To add private.sh to the browser’s search engines,
Results with thumbnails (default) :
Homepage : https://private.sh/
Search query : https://private.sh/#&q=={searchTerms}
Results without thumbnails :
Homepage : https://private.sh/#si=0
Search query : https://private.sh/#si=0&q=={searchTerms}
That’s for private.sh’ search environment.
About the results : I’ll have to compare with other search engines
About the extra-layer of privacy brought by the browser extension : ‘Private.sh – Private Search’ version 0.1.6.4 Firefox extension weighs 3.27 MB, is stated on AMO as experimental at this time and may fulfill a user’s aim for an ultimate privacy experience in web/news search. I’ll try it but I doubt I keep the extension, perhaps because for now I don’t fully conceptualize the advantages, likely due to my non-techie’s ignorance.
The search results vary from fine to seemingly rubbish. But regardless, no date filtering makes it useless to me. No image or video search isn’t as big a problem I can swap to something else for that as it’s less frequent. It is quite fast though.
@anyone:
The lack of date filtering is a serious problem for me as well.
The Firefox xpi is there. I no longer use FF so, not tested.
Attempting to download the Chrome Private.sh website results in a Chrome message, as follows
Package is Invalid: ‘CRX_REQUIRED_PROOF_MISSING’.
Using the Chrome store link on the website results in Error 404.
A search of the Chrome store results in no match.
Looks very much like the Chrome extension was pulled.
Another IMO *huge* missing feature is an advanced search page. This is exactly the same reason I’ve avoided using Bing Search so much over the years.