Google Search SearXNG is a free, open source metasearch engine forked from the original SearX project in 2021 and now maintained by a global community of 277 contributors. Unlike traditional search engines, SearXNG does not operate its own search index — instead, it aggregates results from dozens of upstream engines while stripping identifying information from every request. There is no company behind SearXNG, no central server, and no data collection. It is distributed under the AGPL-3.0 license, which ensures that anyone operating a public instance must share their modifications.
The privacy architecture is zero-knowledge by design. A default SearXNG installation collects no user data, stores no search queries, logs no IP addresses, and sends no telemetry. Each search request is forwarded to upstream engines with a randomly generated browser profile, and tracking elements are stripped from returned results. Users who self-host gain complete control over their data jurisdiction and can route queries through Tor for additional anonymity. For those who prefer not to self-host, over a hundred public instances are listed at searx.space, though the project transparently warns that public instance users must trust the operator.
The project originated as SearX, created by Hungarian developer Adam Tauber in 2013 and funded in part by NLnet Foundation through the EU’s NGI0 Discovery Fund. After disagreements over project direction, primary maintainer Alexandre Flament forked the project in 2021 as SearXNG, which has since become the sole actively maintained version. The original SearX repository was archived in September 2023.
Key Features
- Zero Data Collection: No search queries stored, no IP addresses logged, no user profiles created by default
- Metasearch Aggregation: Queries dozens of upstream search engines simultaneously and merges results
- Self-Hostable: Official Docker image with documented 5-minute setup via Docker Compose
- Tracking Removal: Strips tracking elements from search results and blocks ads from upstream engines
- Tor Compatible: Can route all search queries through Tor for IP anonymization
- Random Browser Profiles: Generates a unique browser fingerprint for every request to upstream engines
- Highly Configurable: Over 70 search engines configurable via
settings.yml, with per-engine enable/disable - No Account Required: Full functionality without registration, login, or cookies
Privacy Highlights
SearXNG implements privacy at the architectural level rather than through policy promises. When a user submits a search query, SearXNG forwards it to configured upstream search engines after removing all identifying information — IP addresses, cookies, and browser fingerprints are stripped and replaced with randomized values. The response from upstream engines is processed to remove tracking elements, advertisements, and any third-party content before being presented to the user. No data from this process is stored on the SearXNG instance by default.
The project’s documentation is explicit about its privacy protections: private data is removed from outgoing requests, nothing from third-party services is forwarded through results, cookies are not sent to external search engines, and no ads or tracking content is served. For users seeking maximum assurance, the project recommends self-hosting and provides comprehensive documentation for doing so.
The AGPL-3.0 license provides an additional privacy guarantee: any operator running a modified version of SearXNG must make their source code available. This means public instance operators cannot silently add tracking code without making those modifications publicly accessible, creating a transparency mechanism enforced by the license itself.
Privacy Breakdown
Data Residency (Score: 100, self-hosted — Confidence: Medium)
Pros:
- No central servers, no telemetry, no phoning home to any SearXNG infrastructure.
- Self-hosted instances give the operator complete control over data jurisdiction.
- Default configuration stores zero user data — nothing to reside anywhere.
Cons:
- Search queries are forwarded to upstream search engines (Google, Bing, DuckDuckGo, etc.), though identifying info is stripped before transmission.
- Public instances are hosted globally with no jurisdiction guarantee — users must trust the operator.
- Score of 100 reflects EU self-hosting; public instances would score lower depending on operator and hosting location.
Open Source (Score: 95 — Confidence: High)
Pros:
- Fully open source under AGPL-3.0, the strongest copyleft license ensuring all network-deployed modifications must be shared (source: github.com/searxng/searxng).
- 24,400 GitHub stars, 277 contributors, 9,190 commits. Updated daily with rolling releases.
- Received EU funding through NLnet Foundation / NGI0 Discovery Fund (grant agreement No 825322).
- Translations hosted on Codeberg (translate.codeberg.org/projects/searxng).
Cons:
- No publicly documented independent security audit (source: github.com/searxng/searxng/security).
- No formal bug bounty program. Basic responsible disclosure policy via security@searxng.org.
- 5 points deducted for lack of third-party audit despite otherwise exemplary openness.
Privacy Policy (Score: 82 — Confidence: Medium)
Pros:
- Privacy-by-design architecture: no data collection, no profiling, no tracking by default.
- Documentation explicitly states the engine “doesn’t generate a profile about you” and “never shares anything with a third-party” (source: docs.searxng.org/user/about.html).
- Public instance guidelines strictly prohibit tracking users with analytics or tracking software.
Cons:
- No formal built-in privacy policy page — open GitHub issue #1285 requesting one, not yet implemented.
- Project documentation explicitly warns: users of public instances “have to trust the administrator… the user does not know whether their requests are being logged” (source: docs.searxng.org/own-instance.html).
- No legal entity accountable for privacy commitments — it is a community volunteer project.
Trackers (Score: 98 — Confidence: High)
Pros:
- Zero trackers, zero analytics, zero advertisements in a default installation.
- Actively strips tracking elements from upstream search results before presenting them to users.
- No cookies sent to external search engines. Random browser profile generated for every request.
- Can be configured to route queries through Tor or a proxy for IP anonymization.
Cons:
- Some public instance operators have been found adding analytics (e.g., Google Analytics, Matomo) in violation of project principles (source: searxng/searx-space issue #97).
- The searx.space directory tests instances for compliance but enforcement is imperfect.
- 2 points deducted for the public instance ecosystem risk.
Terms of Service (Score: 75 — Confidence: Medium)
Pros:
- AGPL-3.0 license grants maximum user freedom — use, modify, distribute, inspect.
- No arbitration clauses, no liability waivers, no data ownership claims on user content.
- No registration required. No account means no termination concerns.
Cons:
- No formal Terms of Service for the software or the project.
- No legal entity to hold accountable for service quality or privacy failures.
- Public instance operators may impose their own ToS — no standardization or oversight.
- No user guarantees, service level agreements, or dispute resolution framework.
Controversies
The most significant event in SearXNG’s history was the 2021 fork from the original SearX project. Primary maintainer Alexandre Flament (dalf) forked the codebase after disagreements with original creator Adam Tauber (asciimoo) over the project’s direction, particularly regarding engine metrics, a JavaScript-dependent UI, and development pace. Remaining SearX maintainers characterized some SearXNG features as insufficiently privacy-respecting, though SearXNG contributors disputed this claim. [1] The original SearX repository was archived in September 2023 [2], and Privacy Guides replaced their SearX recommendation with SearXNG. [3]
The project’s own documentation transparently acknowledges a fundamental trust problem with public instances: there is no technical mechanism to verify that an operator is not logging queries. [4] Some public instance operators have been found adding analytics tools in violation of project principles, and community enforcement through the searx.space directory remains imperfect. [5]
In late 2025, reports emerged that Microsoft was blocking or throttling SearXNG instances from accessing Bing results, reflecting ongoing tension between metasearch engines and major search providers whose indexes they aggregate. [6]
