🆕 Software Suggestion | lazyweb.ai #2360
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2360
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basic Information
Name: lazyweb.ai (redditor lazy-jem)
Category: Search engine
URL: lazyweb.ai
Description
Hi, I'm sorry. I posted earlier tonight seeking feedback about our alpha version of a new search engine app. It isn't a commercial app yet, so it wasn't intended as promotion, but the post was removed by /u/trai_dep with the following note:
I'm sorry I didn't appreciate that I should have cleared a post seeking feedback like this with the mods first. We aren't ready to promote it yet, as it isn't a commercial release. I thought the community would find it interesting and have useful feedback on how we could make what we're making more privacy-focused. We are mission driven and it wasn't our intention to be self promotional here as we are not at that stage.
With 129 upvotes and 28 comments in the first few hours, it did seem interesting to the community, and I'm sorry we misunderstood about doing this the right way, and would very much like to work with you to correct the mistake. A search engine is obviously not typical privacy software, as it isn't run directly by the user. I built this out of frustration with ad-tech and privacy invasion. So it is a personal project that I though other folks might find interesting.
Why I am making the suggestion
Here are some comments from the post:
Made a search web app that's anonymous, ad-free and non-tracking. It lets you read web content in a clean reader view anonymously through a proxy that strips ad-tech and tracking. Looking for feedback on our approach to privacy in the new alpha test version we just released.
It's called LazyWeb. It uses a chat interface and gives you control of how you view search results. The chat interface means that searches stay within the anonymous chat session rather than going through the browser history.
The alpha version is open to anyone to try here - https://lazyweb.ai
We're a small bootstrapped two-person team. I'm the technical co-founder. We'd be grateful for thoughts, suggestions, and feedback on how we're approaching privacy.
LazyWeb doesn't log searches, and it blocks tracking and ad-tech. We only collect and retain sufficient data to improve the service we provide and help our customers use the service effectively, or in future if customers want to create an account or be remembered between devices and sessions.
We use limited in-app analytics solely to help improve the application for people using it. The metrics are anonymous, reported in aggregate, and it do not contain any personal data or searches. They are not shared with anyone. You can disable all in-app analytics on the settings page.
One of the big challenge building a private, anonymous search engine is that nothing is logged, so we can't see what people search, or when things go wrong searching. So the only way to keep the results improving and fix problems is to get lots of feedback from people who are subject matter experts. Technical searches need a lot of work and we'd love any feedback on the search results in specialized areas (like privacy and security).
My connection with the software
Author
@jedwhite you mention that metrics are anonymous, so could you specify what exactly falls under 'metrics' for you and how do you ensure the anonymity hereof?
Let alone my opinion, if you enable metrics by default, you are not offering a non-tracking product.
What is the GEO IP service for and are IP's shared with third parties for this? Doesn't sound very privacy friendly.
I also cannot find any real privacy policy, which you are required to have by the GDPR. I think this should be closed and maybe you could open a new issue when you have figured things out.
Thank you for taking the time to respond and for your feedback.
I think there may be some confusion about the request. I posted here at the suggestion of /u/trai_dep from the subreddit. We are not asking to be listed as suggested software or be recommended, and we are a long way from that point. The purpose of the subreddit post was explicitly to ask for help from the community to seek feedback on our approach at a very early stage, and to figure things out to do better.
As noted, the web app is an alpha test of a prototype and proof-of-concept only, and not a commercial service. We are not promoting it for commercial or production use, and searches are currently limited to en-US only.
I'm grateful for you taking to time to comment here, and this is exactly the type of feedback that we were seeking by posting on the subreddit. We definitely aren't asking for a recommendation or anything of the kind at this point, but we would like to work with you to be able to discuss with other people interested in privacy how we can build a better alternative to Google, DDG, Bing, Brave etc.
Thanks for the chance to answer some of your questions too. While it is an early prototype, we have a plain language privacy policy here (https://lazyweb.ai/privacy/). It is one of the things we are seeking feedback on at an early stage. Our informal legal advice is that it does meet the GDPR requirements broadly given we do not store any personal information but that we need to add more detail (especially how we collect the in-app analytics and storage).
With the GEOIP:
We don't log or store IP addresses. It's used to lookup your approximate location (nearest city) for location searches only, then discarded. It is never passed to third-parties. We only use a GPS or detailed location for searches with a user's express permission, and then only to approximate the area (nearest city). Your GPS location details are not stored or passed to any third-parties. We're using the maxmind database. We don't log or store IP addresses or any other geolocation data. For the analytics, we collect the city location name, and then summarise the number of users for each city by day. We don't log or store searches including searches that incorporate location elements. IP and actual geo coordinates are not passed with searches, and retrieved only by the browser client side. So the geo lookup API is isolated from searches and not sent to the search back end. That's why we lookup geo data on the client as a separate process, and pass location city name with search requests, rather than doing it server side from the search engine.
Originally, we completely disabled location until enabled. But people trying the app told us that was a terrible experience, because there is an expectation when someone asks the time, or weather, or the best coffee shop that the results will be at least nearby to them without them having to explictly enable location (we recognize that is a paradox). So we're trying to determine what the best trade-off is. Currently, we determine the broad city location from a separate independent client-side lookup, and a user can enable GPS (but it is still approximated to the closest city - just more accurately as IP/maxmind can be wildly inaccurate), and only the location city name is used for search localization. As far as we are aware, other major commercial search engines use IP geocoordinates with full fidelity server-side by default for location, so we think this is a better approach. But it is definitely one of the things we're seeking ideas and feedback on.
With the in-app analytics, there is no personal information passed (no IP, no geocoords, no search request content). We record signals on the broad search intent (for example, a programming search intent or food place search intent) grouped into about 60 intent categories. No search terms are passed. And we record the types of actions performed (again only by broad category - for example "external link clicked" but not what any links clicked were. We don't record referrer or any other information. We don't record what items people read or navigate to. This data is reduced to summary figures by hour and day, and the original events discarded. There is a session client identifier. We don't pass user agent strings, usernames, or any PII. We pass whether it is a first time session or returning session, mobile or desktop, and top-level browser name and OS type (again by category, not user agent string). It's worth noting that searches are not even passed to the web browser history, as they remain within the chat session, and that is destroyed with each page load. So they are even masked from Google's typical Chrome-level tracking. We have tried to find the best way to approach understanding how to improve the app while keeping use anonymous, and it is one of the areas we are hoping to get feedback on and improve.
Again, we aren't claiming to have solved this or that we have arrived at the right approach, but we are trying to talk with potential future users who care about privacy to work out how to build a good approach.
Thanks again for your feedback and questions, and I hope that's helpful.
@jedwhite thank you for clarification. Obviously you will need to get legal advice (which I cannot give you), but the thing you call a privacy policy does not seem to meet the requirements as defined in the GDPR.
The things you mention about metrics would need to be audited, more then often I have found systems like these not to be implemented accurately and find options remaining to recombine data and being rather pseudonym instead of anonymous. Sessions are connect to a user and therefor likely a pseudonym.
I don't think software suggestion as in your title is the right category. If you are looking for feedback this is likely not the right place to ask for help. Just to be clear, I like that people start up projects like this, but I see it as my task here to be hesitant and conservative against any new listings that yet not make the difference ;)
I'm going to close this because of the privacy policy issue - but I'll reopen it if/when that is fixed.