Please stop logging IP addresses with searx /e/ spot

As stated in https://searchengine.party/, /e/ default search engine based on searx (https://spot.ecloud.global/) is logging its users IP addresses when other searx instances like the ones of Snopyta, NixNet and Disroot do not log IP addresses. If thoses instances manage to not log any IP address, what is /e/ excuse to do so when it pretends to be dedicated to users privacy?

Please, stop logging your users IP addresses with /e/ spot searx instance.

7 Likes

Caring for users privacy and not sharing / selling data to third parties is very different from providing an illegal service for everyone to do whatever they want with.
I don’t think what you’re asking would be possible under french regulations either from a company or a non profit org.

2 Likes

Are you sure about that? Anyway, it’s not our fault if /e/ is based in a state with a more authoritarian legislation than Netherlands (Disroot and Startpage), Germany (Snopyta), Switzerland (Swisscows), Czech Republic (Seznam), UK (Mojeek) and apparently even usa since NixNet and Duckduckgo are based there and don’t log IP addresses.

Keeping a log of your users IP addresses makes it harder to have credibility when your reason to exist is based on privacy, especially when others don’t log them. If it’s really a french legal obligation, then maybe /e/ should consider to move to a state with a legislation more respectful of its citizens privacy and freedom.

4 Likes

I’m waiting for an official answer from an e team member.

1 Like

Raise it as an issue on Gitlab with the details so someone can be assigned to work on it. If there is a government requirement there will not be much we can do about it but that needs to be confirmed first.

1 Like

Which is this default search engine @Popescu - the one that is the in-built browser on the eOS ?

euhm… I advice you to not trust startpage anymore. I’ve changed to DuckDuckGo on all my devices because of the article I link here

1 Like

Did I recommend the use of Startpage or say that I trust it though? No, I was only using it as an example to show that in many countries there is no such legal obligation to log users IP addresses.
Thank you for your advice though, I will then advise you to be cautious with Duckduckgo as well : https://lemmy.ml/post/31321

Yes, it’s the one I’ve cited in my original post.

Thank you for your answer but I thought that the goal of this forum was for the users to have the possibility to exchange with e team members and to communicate about such problems, for example.
Using a developper platform for this kind of issues is not a user friendly approach and clearly not “mom and dad approved”. I really advise you to have a better communication inside e team to make it possible for the members in charge to be informed about such issues by the members present here in this forum.

1 Like

If the intention is to resolve this issue then a developer has to look at it. Discussing it endlessly will not resolve the issue in the code …if it exists.

1 Like

Hello,
my understanding is that for the time being, hosted service providers of many EU countries have to keep all connection logs (IP address, etc.).
In France, retention period = one year.
But, at EU level, things are not that clear. On October 6, after a 4 years debate, Court of Justice of EU stated that it was against “the generalized and undifferentiated transmission or storage of data” (logs). There is a fight on this topic at the moment:

Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, Poland, Portugal, Slovenia, Spain, Sweden, United Kingdom? might have to change their ways because EU laws prevail on national ones.
It’s not yet settled I am afraid.

2 Likes

Thank you for your answer but still, services in the cited countries do not log IP addresses as of now so there is no european reason for /e/ to do so until this authoritarian project is actually settled.

1 Like

I’m afraid you misunderstood my comment. I only recommend that you establish a real communication inside your team so that simple end users don’t have to bother creating accounts both on this forum and on a developper platform that is everything but user friendly at the same time only because you are incapable of communicating internally about issues. You cannot expect from common end users to go on such platforms to contact your developpers themselves. In projects of this dimension, this is the task of members in charge of communication with end users like on this forum.

That being said, logging users IP addresses does most probably not come from a simple “issue in the code” but from a deliberate decision from people in charge of this project. So I’m not sure that this matter should necessarily be addressed to a simple developper in the first place.

2 Likes

If the understanding is that issues in /e/'s Gitlab are handled by developers directly then it is wrong. Issues which impact privacy or have similar wide spread impact are

  • first checked if valid by the developer
  • if found valid then discussed by the senior management
  • finally based on the conclusion of the discussion the code changes if any are made by the developer or reasons why the issue cannot be resolved are updated in the bug status.
    In such cases we are bound by rules of Governments in this case France and go by those rules.

If this is intended at me personally then let me assure you that I had shard this issue with the team and the response was to add it to the gitlab. If there are any further inputs from the team I shall share the same on this thread.
A single identity for gitlab and the forum is not planned for now.

3 Likes

Of course my comment wasn’t intended at you personally (you’re doing a lot for the community on this forum and are being very responsive) but at the whole /e/ team. I find it truly incredible that when sharing such an issue with the team you’ve been answered that they would do nothing about it unless it was added on the gitlab. Such a level of bureaucracy and ineffectivenes is troubling.
If an issue on gitlab is necessary then a member of your team should add it himself instead of doing nothing about it. I have no gitlab account and I won’t be making one only to add this issue when the team has already been informed of the problem.

1 Like

Raising a bug is a simple project management process to track an issue and is not a sign of bureaucracy or inefficiency. Anyway no need to raise it now.
I have raised this with the team and the Spot team will be removing any IP logging code if it exists.
All that I can say is if it happened it must be in inadvertently and not with any malicious intent. We have a privacy policy which discusses collection of such data as well.
We welcome users to point out any such mistakes on our part and we will fix it where possible.

9 Likes

Indeed, raising a bug isn’t but requiring an end user to raise an issue on a developper platform when it is already know to the team clearly is a sign of bureaucracy and inefficiency.

Thank you very much for handling this issue, I really appreciate your reactiveness. I bet it wasn’t malicious anyway I find it problematic when other Searx instances don’t log IP addresses. And it would be too bad because /e/ Searx instance is very nice, I really like its default search engines selection (althouh it would be nice to have google results through Startpage). It is enjoyable that a real effort has been made to its default appearance that is awful in other Searx instances. So thank you to the team for offering that.

I’m gald to see that this issue is being handled and looking forward to hear about the conclusion.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.