this post was submitted on 04 Mar 2025
290 points (99.0% liked)

Privacy Guides

17950 readers
840 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
290
Mullvad's privacy-focused search engine Leta is now free for all users | Leta acts as a proxy for Google and Brave search results (leta.mullvad.net)
submitted 1 day ago by ForgottenFlux to c/[email protected]
40 comments fedilink hide all child comments
 

At launch, access to Mullvad Leta was restricted to users with a paid Mullvad VPN account, but it is now free and open to all.

Mullvad Leta has been audited by Assured.

Just a heads up, some of the details in the FAQ and Terms of Service seem a bit outdated and might not be accurate anymore.

Some relevant information from their FAQ section is as follows:

What can I do with Leta?

Leta is a search engine. You can use it to return search results from many locations. We provide text search results, currently we do not offer image, news or any other types of search result. Leta acts as a proxy to Google and Brave search results. You can select which backend search engine you wish to use from the homepage of Leta.

Can I use Leta as my default search engine?

Yes, so long as your browser supports changing default search engines.

Navigate to https://leta.mullvad.net in your browser and right-click on the URL bar.

From there you should see Add “Mullvad Leta“ with the Mullvad VPN logo to the left.

If you do not see this, you can attempt to add a custom search engine to your browser with:

You can select which backend engine to use as follows:

Did you make your own search engine from scratch?

We did not, we made a front end to the Google and Brave Search APIs.

Our search engine performs the searches on behalf of our users. This means that rather than using Google or Brave Search directly, our Leta server makes the requests.

Searching by proxy in other words.

What is the point of Leta?

Leta aims to present a reliable and trustworthy way of searching privately on the internet.

However, Leta is useless as a service if you use the perfect non-logging VPN, a privacy focussed DNS service, a web browser that resists fingerprinting, and correlation attacks from global actors. Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

For most people Leta can be useful, as the above conditions cannot ever truly be met by systems that are available today.

What is a cached search?

We store every search in a RAM based cache storage (Redis), which is removed after it reaches over 30 days in age.

Cached searches are fetched from this storage, which means we return a result that can be from 0 to 30 days old. It may be the case that no other user has searched for something during the time that you search, which means you would be shown a stale result.

What happens to everything I search for?

Your searches are performed by proxy, it is the Leta server that makes calls to the Google or Brave Search API.

Each search that has not already been cached is saved in RAM for 30 days. The idea is that the more searches performed, the larger and more substantial the cached results become, therefore aiding with privacy.

All searches will be stored hashed with a secret in a cache. When you perform a search the cache will be checked first, before determining whether a direct call to Google or Brave Search should be made. Each time the Leta application is restarted (due to an upgrade, or new version) server side, a new secret hash is generated, meaning that all previous search queries are no longer visible to Leta

What could potentially be a unique search would become something that many other users would also search for.

What is running on the server side?

We run the Leta servers on STBooted RAM only servers, the same as our VPN servers. These servers run the latest Ubuntu LTS, with our own stripped down custom Mullvad VPN kernel which we tune in-house to remove anything unnecessary for the running system.

The cached search results are stored in an in-memory Redis key / value store.

The Leta service is a NodeJS based application that proxies requests to Google or Brave Search, or returns them from cache.

We gather metrics relating to the number of cached searches, vs direct searches, solely to understand the value of our service.

Additionally we gather information about CPU usage, RAM usage and other such information to keep the service running smoothly.

top 40 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 19 hours ago* (last edited 15 hours ago)

It's amazing how fast it is, even for uncached queries. For cached ones, it retrieves results before I can even mentally register that I pressed Enter.

[–] [email protected] 2 points 19 hours ago* (last edited 19 hours ago)

i prefer sticking with hearchco

[–] [email protected] 31 points 1 day ago (1 children)

That's nice, but I feel we need engines with independent indexes and crawlers more than another metasearch engine that just acts as a private middleman to big tech corps.

[–] dukethorion 3 points 13 hours ago

Who will do that, for free, for no benefit?

[–] [email protected] 7 points 1 day ago (1 children)

I've been using SearXNG and its predecessor for years and I have no reason to change that. Highly recommend you check it out.

[–] doodledup 1 points 1 day ago (2 children)

It's not private though unless you host it on a VPS.

[–] Imhotep 2 points 1 day ago (1 children)

How would a VPS make it private? honest question, I have a VPS I could use but I always figured it would be linked to one IP, and I would be the only one using it. Doesn't make much difference compared to home

If I were to share it with a lot of people that would be different I suppose

[–] doodledup 2 points 1 day ago

A VPS is used by thousands of users. There is a good chance somebody else hosts a meta search engine aswell. You're being anonymised by being one of many. It's admittedly not as good as using DDG (much larger crowd) but definitely better than selfhosting at home.

[–] [email protected] 1 points 1 day ago (1 children)

Doesn't that apply to any search engine?

[–] doodledup 1 points 1 day ago (2 children)

No. DDG and Mullvad are private search engines as they strip out your trackable metadata and don't pass on your IP address. If you selfhost your own metasearch engine on your own network you're not hiding any of that.

[–] [email protected] 1 points 14 hours ago

DDG and Mullvad are private search engines as they strip out your trackable metadata and don’t pass on your IP address.

Is that so? How do you know?

[–] [email protected] 2 points 1 day ago (1 children)

You are correct about the IP address (searxng uses the IP of the instance) but aren't metadata stripped or am I reading this wrong? https://docs.searxng.org/own-instance.html#how-does-searxng-protect-privacy

[–] doodledup 2 points 1 day ago

You're correct that it strips out most of it. But time of search, content of search, IP, ISP and location is more than sufficient for tracking you and building a profile.

[–] [email protected] 28 points 1 day ago (2 children)

The decision to cache results is interesting. (When I searched "Mullvad Leta," this critique of it popped up.) As far as I can tell, though, this is a really promising looking search engine.

Unlike DuckDuckGo and so many other engines, you don't have to rely on Bing's results (they usually work for me, but I've heard complaints. And getting pointed at the same news aggregators can be annoying.)

Unlike Brave, the results arrive quickly. Presumably, it also won't hit me with captchas like Brave has in the past.

Unlike Kagi, I don't have to worry about signing in with an email address and unknowingly funding Brave, Yandex, or whoever they contracted with. (Vladimir Prelovac hid the source data out of what appears to be spite.)

Unlike Google... Do I even need to elaborate? It's Mullvad. They have a reputation for being the best, not the worst.

Here's to hoping competitors follow suit.

[–] WhatAmLemmy 4 points 1 day ago* (last edited 1 day ago)

Unlike DuckDuckGo and so many other engines, you don't have to rely on Bing's results (they usually work for me, but I've heard complaints)

I've found this is no longer true. For the last 6-12 months when I drop a !g to check Google, the results are equally insufficient. The only time Google provides better results anymore is with site:reddit.com, which is expected due to the exclusivity deal.

[–] doodledup -1 points 1 day ago

30 days caching is a bad idea in a fast changing internet on hot topics.

[–] Imhotep 3 points 1 day ago* (last edited 21 hours ago) (1 children)

I'm trying to add it on Android

~~this doesn't work
https://leta.mullvad.net/search?q=%s~~

edit: this works
https://leta.mullvad.net/?q=%s

[–] [email protected] 2 points 1 day ago (1 children)

I deleted the 25 at the end of the string and it seems to be working fine for me. (Firefox on Android)

[–] Imhotep 2 points 21 hours ago

thanks. I was trying to make it the default in Fennec. see my edit

[–] [email protected] 7 points 1 day ago (2 children)

Duckduckgo is similar, but returning Bing results, right? And google results suck these days.

[–] Squizzy 8 points 1 day ago

DDG came out as a non bubble results search engine. It is absolutely a bubble result now. If I search a short nonsensical few letters, I will get random results of doctors, agencies and companies in my small Irish town. If you turn off location it just either does nothing or sprinkles in a couple other results into the hyper focused ones. They became part of the problem they were trying to solve.

[–] [email protected] 0 points 21 hours ago

Startpage is solid

[–] [email protected] 7 points 1 day ago

Think the only criticism they might face is a having an all your eggs in one basket situation (VPN, browser and now even a search engine). But honestly this is a welcome addition to search engines imo.

[–] [email protected] 4 points 1 day ago* (last edited 1 day ago) (2 children)

I didn't understand why they say it's useless to use if you have fingerprinting protection and don't save cookies? Can someone please explain?

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

what they basically say is that (and this is only valid for people using tor or mullvad browser with stock settings) if everyone has the same fingerprint, and if you dont sign in to anything else, they basically look same to the websites, so you dont have to use some privacy frontend, it is ot adding in any benefit. However, these conditions deffenitely are not that easy to meet for day to day use.

[–] [email protected] -1 points 1 day ago* (last edited 1 day ago)

I think they are saying that if you do everthingg in that list, meaning perfectly secure everything yourself, that it’s a useless service because that’s the list of things it does. It seems to be written by a sarcastic asshole.

[–] [email protected] 5 points 1 day ago (1 children)

How is this different from Startpage?

[–] [email protected] 27 points 1 day ago (3 children)

Startpage was bought by a shady company a while back. Mullvad has been a trustworthy company so far. I've been a long-time startpage user and I'm glad there's a better alternative.

[–] [email protected] 1 points 21 hours ago

Not particularly shady

[–] [email protected] 7 points 1 day ago (1 children)

I'm in exactly the same situation. I've noticed worse and worse ads on Startpage, and they seem to find new ways around uBO so it's a constant battle. Not to mention the news tab on Startpage forcing me to view almost everything via MSN, making it useless.

Sear XNG instances work great, when they're up, but turns out there are no very reliable public instances (which, to be clear, is totally understandable ... but often I find myself searching things in a pinch, and I don't want "how to stop the bleeding" with no results on searx.tiekoetter.com to be the last thing my loved ones find on my phonescreen).

I'm totally giving this one a shot for a while.

[–] [email protected] 3 points 1 day ago (2 children)

What's the deal with SearXNG instances being down? Is it resource constraints, or are the big search engines rate limiting them?

[–] [email protected] 1 points 14 hours ago (1 children)

I'm not entirely sure, but even the best ones seem to have like a 66% chance of actually working when you need it.

[–] [email protected] 2 points 11 hours ago (1 children)

Hmm now I want to spin up an instance and add a bunch of logging and traces and stuff.

I might do it over the weekend if I have time.

[–] [email protected] 1 points 17 minutes ago

I'd be curious to know what you learn. I wouldn't be surprised if they're being rate limited. It seems like the big guys always try to hurt anything that's not monetizable in any way they can.

[–] [email protected] 5 points 21 hours ago

They've not been good for like 5 years but I don't know why.

[–] [email protected] 2 points 1 day ago

Word. That’s good to know. I’ll give it a shot.

[–] [email protected] 1 points 1 day ago

Thank you. This may well be the search engine I have been waiting for.

[–] [email protected] 2 points 1 day ago

They need some theme options, that blue on blue isn't the most pleasant.

[–] doodledup 0 points 1 day ago (1 children)

Caching search results sounds like a bad idea. The relevance of hot topics on the internet changes really fast.

[–] [email protected] 2 points 1 day ago

Hot topics likely would have new and unique search terms, but maybe looking up the very latest news is just not this system's strength. Thankfully there's more out there than the last 30 days' news.