cross-posted from: https://lemmy.today/post/35487250
I’m looking at self-hosting SearXNG. I have an old Win 11 machine and figure this might be the only way it can be useful.
Two questions I haven’t seen answered so far:
I would be hosting on my own home network, which is on a VPN 24/7, but for added privacy my devices are sometimes on VPN connections to other IPs. So I need to know the external IP of the instance to be able to find it. Are there any added measures I should put in place to prevent randoms looking at IPs or port scanning from finding the instance and going to town?
If this is on my home network anyway, are there any risks of data leaking or triangulation of, say, referrals or image searches that would just point back to my home network?
My threat model is for big tech to leave me alone, so it’s not exactly huge stakes, but I also don’t want to bother self-hosting if added complexity makes it not worth it.
No problem!
I completely know what you mean, it took a lot of research before I felt comfortable enough trusting a public instance enough to use.
So that solution would still decrease their ability to fingerprint you by a lot, but really the big problem would all the people/scripts randomly hammering your ip. They wouldn’t get past your password. But it being public and discoverable would meant you’d constantly be getting hit with a bunch of automation scanning your ports. And the security risk isn’t the concern, it’s more the heavy traffic slowing down your connect from them. It sounds like you’d be fine from a security stand point. But you’d have to put up something to block the traffic.
You could always self host, use that when you’re at home or connected to home through VPN and use it for more personal searches, and then use public instances when you’re connected to other vpns for more general or vague searches. Mixing and matching like that will at least add some noise and make you less identifiable. Kind of best of both worlds.
As a semi-simple compromise it would be cool if there was some way to have the cycling between different Searx instances be done automatically. E.g. either as a browser feature/browser extension, or as some private self-hosted interface to which I send my requests and which then selects the server at random from some subset of the list on searx.space. Or, while a bit hacky, the easiest way could be to do this on the DNS level. Should be doable with just one or two existing tools, with standard tools even.