HN Reader

Elisabeth's Nietzsche (redsails.org)

1 points by amadeuspagel 1m ago 0 comments

Show HN: Narratrail – AWS CloudTrail to Slack Bot. Seeking Feedback

1 points by rikhul 1m ago 0 comments

Anthropic: The "Spiritual Bliss" Attractor State [pdf] (www-cdn.anthropic.com)

1 points by danielmorozoff 4m ago 1 comments

The State of AI in Enterprise 2025 (cloud.app.box.com)

1 points by hunglee2 6m ago 0 comments

An Alchemist's Notes on Deep Learning (notes.kvfrans.com)

1 points by sebg 6m ago 0 comments

Pure vs. Impure Iterators in Go (jub0bs.com)

1 points by ingve 14m ago 0 comments

Building Tools for Traders (Jane Street) (signalsandthreads.com)

1 points by lewiscarson 18m ago 0 comments

Nvidia is in constant 'cat-and-mouse game' with US regulators (finance.yahoo.com)

2 points by rbanffy 20m ago 1 comments

If India chokes less, it will fry more (economist.com)

1 points by e-brake 22m ago 1 comments

Living Canvas: A web-based puzzle game powered by Generative AI (github.com)

1 points by hmdai 25m ago 0 comments

Moneybench: Benchmark to measure the ability of AI agents to make money (moneybench.github.io)

1 points by sebg 25m ago 0 comments

CAN Network Simulation with Apache NuttX (railab.me)

1 points by raiden00 35m ago 0 comments

Meridian: Personal Intelligence Briefing (news.iliane.xyz)

2 points by walterbell 38m ago 0 comments

SteamOS seems to destroy Windows 11 on gaming performance and battery life (windowscentral.com)

1 points by ndsipa_pomu 41m ago 1 comments

Foodie on a mission to try everything delicious (substack.com)

1 points by tgsppopcorn 47m ago 0 comments

An AI-to-AI treaty, facilitated by a human conduit (github.com)

1 points by Harry69 49m ago 1 comments

Can Sunlight Cure Disease? (scientificamerican.com)

2 points by lentoutcry 52m ago 0 comments

CodeMap4AI – fix hallucinations in ChatGPT with a project code map (codemap4ai.com)

2 points by absurdwebsite 54m ago 1 comments

Coinbase Returns to SF: A Tech Boomerang Story (sffrontier.com)

1 points by 3x14159265 56m ago 0 comments

parking_lot: ffffffffffffffff · the Fly Blog (fly.io)

2 points by thunderbong 58m ago 0 comments

Novel botnet "AyySSHush" targets Asus, Cisco, D-Link, Linksys SOHO routers (bleepingcomputer.com)

2 points by Terretta 1h ago 0 comments

Show HN: Eyerlyn Vision Agent – Gen videos in seconds, not 5 mins (everlyn.app)

2 points by yorkyarn 1h ago 1 comments

AI as My Biggest Critic (medium.com)

2 points by adrianbooth17 1h ago 0 comments

Backup Pocket to Notion Effortlessly (pocket2notion.chatgpt2notion.com)

1 points by chatgpt2notion 1h ago 0 comments

Nitrogen Triiodide (fourmilab.ch)

2 points by keepamovin 1h ago 0 comments

Nobel Laureate Daron Acemoglu: Don't Believe the AI Hype (project-syndicate.org)

12 points by hannofcart 1h ago 3 comments

Edamagit: Magit for VSCode (github.com)

10 points by tosh 1h ago 2 comments

Derek Muller Confronts PFAS "Forever Chemicals"–In His Own Blood (scientificamerican.com)

5 points by ibobev 1h ago 0 comments

Nerding Out about Heaters (herman.bearblog.dev)

1 points by HermanMartinus 1h ago 0 comments

Show HN: Minimal Tool to View Top Reddit Posts–No Login, No Tracking (reddit-top.pages.dev)

1 points by pekingzcc 1h ago 0 comments

Seeking beta users for Webhound, an AI agent that builds datasets from the web

1 points by mfkhalil 1h ago 0 comments

Game Accessibility Guidelines (gameaccessibilityguidelines.com)

1 points by ibobev 1h ago 0 comments

Social media lies fuelled a rush to war between India and Pakistan (theguardian.com)

4 points by beardyw 1h ago 1 comments

Mastering Modern Monorepo Development with Pnpm, Workspaces (jsdev.space)

2 points by javatuts 1h ago 0 comments

Why I Am No Longer an AI Doomer (thedeepdish.org)

3 points by nathan_f77 1h ago 1 comments

Safari Technology Preview 220 Release Notes (developer.apple.com)

1 points by tosh 1h ago 0 comments

Gurus of 90s Web Design: Zeldman, Siegel, Nielsen (cybercultural.com)

30 points by panic 1h ago 4 comments

Flame Charts: The Time-Aware Sibling of Flame Graphs (polarsignals.com)

2 points by tanelpoder 1h ago 0 comments

Haiti's Beleaguered Government Launches Drones Against Gangs (wsj.com)

3 points by Michelangelo11 1h ago 0 comments

Archaea (en.wikipedia.org)

1 points by lukan 1h ago 0 comments

Kigen – Design system token and style generator (kigen.design)

1 points by realvjy 1h ago 1 comments

Einstein, Hawking, and Tao (Haiku) (jerry.wtf)

2 points by personjerry 1h ago 1 comments

Michigan Isn't Supposed to Have Earthworms [video] (youtube.com)

1 points by tarcar 1h ago 0 comments

Agents Aren't Juniors, They Are Amnesiac Spies (avdi.codes)

4 points by kiyanwang 1h ago 1 comments

Agentic book – The Human Algorithm [pdf] (github.com)

1 points by JayD0ubleu 1h ago 1 comments

Philips Ease (thefoggiest.dev)

1 points by ingve 1h ago 0 comments

Haskell Weekly Issue 474 (haskellweekly.news)

3 points by amalinovic 1h ago 0 comments

Intel Shows Off Professional Battlemage Cards (semiaccurate.com)

4 points by walterbell 2h ago 1 comments

Ivey Business School's Value Investing Program – Adam Waterous [video] (youtube.com)

1 points by chenchenchen 2h ago 1 comments

Top math software platform still offline following ransomware attack (techradar.com)

1 points by howisthatposs 2h ago 0 comments

Mullvad Leta

338 microflash 167 5/28/2025, 2:38:52 PM leta.mullvad.net ↗

Comments (167)

mtlynch · 17h ago
They run Leta on diskless servers, just like the VPN:

>We run the Leta servers on STBooted RAM only servers, the same as our VPN servers. These servers run the latest Ubuntu LTS, with our own stripped down custom Mullvad VPN kernel which we tune in-house to remove anything unnecessary for the running system. > >The cached search results are stored in an in-memory Redis key / value store.

This is surprising given that they try to cache results for 30 days:

>Each search that has not already been cached is saved in RAM for 30 days. The idea is that the more searches performed, the larger and more substantial the cached results become, therefore aiding with privacy.

That's surprising because presumably they lose all results if they have to reboot the server.

With a VPN service, there's not much they have to store past the lifetime of the VPN session, but if they're storing search results for 30 days, I wonder how they deal with this? Maybe best effort is fine because they don't strictly need to cache the results, as it just provides marginal privacy improvements.

KoolKat23 · 17h ago
yes, they state in the FAQ, any updates to the system clear the cache. Caching is due to query cost.
bravetraveler · 10h ago
Cost that's external, too: Brave or Google are behind the results. Things would be terrible without the cache... but that doesn't mean every request needs to be cached. Can't - gotta source it.

Wouldn't want to hang onto things too long, current events run out of currency :)

kikokikokiko · 17h ago
"That's surprising because presumably they lose all results if they have to reboot the server."

Strictly speaking they only lose all results, FOR SURE, if they have to reboot ALL the servers at the same time. If they implemented a system where the cached results are shared and replicated among all their servers, it can in theory be kept cached indefinitely.

vvillena · 15h ago
From the FAQ:

> Each time the Leta application is restarted (due to an upgrade, or new version) server side, a new secret hash is generated, meaning that all previous search queries are no longer visible to Leta.

If I read this correctly, the cached data is per-instance, there would be no way to share cached data among instances if each one has its own secret hash and they are cycled on each start.

mtlynch · 17h ago
Oh good point. I didn't realize redis syncs data across nodes.
treve · 17h ago
For this kind of application, they would likely distribute the data across nodes, not sync.
xlt · 15h ago
If they are running in a VM they could live migrate the VM to a different machine if they need to reboot. That or a cluster of Redis caches.
ignoramous · 17h ago
> This is surprising ... as it just provides marginal privacy improvements.

Diskless does not mean SSH-less or network-less. The "data" can be pulled / pushed just the same, which is to say, Diskless, in this case, is no better than verifiably read-only partitions (like on ChromeOS & Android, for example).

mtlynch · 17h ago
Sorry, I don't know what you mean. When I said it provides marginal privacy improvements, I meant the caching, not the disklessness.

Diskless does provide privacy improvements, as it drastically reduces the odds of something accidentally persisting to storage.

kees99 · 17h ago
Diskless (edit: with OS in initramfs) is indeed a golden standard against local persistence, but requires quite a bit of extra RAM - few GB for "latest Ubuntu LTS".

With regards to preventing accidental persistence, disk with only dm-verity partitions is as good, with extra advantage of only adding a little bit of extra RAM usage (/tmp, /var/run, ...)

For that matter, even something as sloppy as booting with rootfs wich can't be remounted rw (iso9660, squashfs, etc..) and is the only mounted fs, is also perfectly good against accidental persistence.

toast0 · 17h ago
You could run from NFS and not need much extra ram. Plus you save like $25/node by not having a local disk.
ChocolateGod · 1h ago
You could go the extreme and boot off Google Drive (or any other fuse FS).

https://ersei.net/en/blog/fuse-root

kees99 · 16h ago
Yes, rootfs-on-NFS also qualifies as "diskless", I stand corrected.
jsnell · 17h ago
Previous discussions from the initial launch, 2 years ago:

https://news.ycombinator.com/item?id=36402162

https://news.ycombinator.com/item?id=35964397

dang · 16h ago
Thanks! Macroexpanded:

Mullvad Leta: A search engine used in the Mullvad Browser - https://news.ycombinator.com/item?id=36402162 - June 2023 (142 comments)

Mullvad Leta (Search Engine) - https://news.ycombinator.com/item?id=35964397 - May 2023 (32 comments)

PrivacyDingus · 17h ago
2023, hug of death coming in 2025
VonGuard · 18h ago
Mullvad swinging for the fences suddenly. They have a billboard in South San Francisco, too. Did they get a cash infusion? Why all of the sudden are they expanding? Honestly, I'd have changed the name by now...
NalNezumi · 10m ago
I really hope they don't change the name, I like the name "Mullvad" (Mole in Swedish) and "Leta" (Search in Swedish) and everything doesn't need to be Anglo centric in the appeal :)

Although the society is almost zero privacy, it have historically had some funny IT figures for privacy and digital issues so people searching up for the background of the name might stumble upon it.

[1] https://youtu.be/rHVVpNRwLk0?feature=shared

[2]https://en.m.wikipedia.org/wiki/Bahnhof

[3] Peter Löthberg https://www.reddit.com/r/todayilearned/comments/1d8056g/comm...

[4] https://en.m.wikipedia.org/wiki/The_Pirate_Bay

kfreds · 2h ago
> Did they get a cash infusion? Why all of the sudden are they expanding?

No cash infusion. We've been growing for years, just like many other VPN services. We're still quite a bit smaller than e.g. Nord and Express though.

As for our choice of advertising, we don't run an affiliate program, nor do we want to track our customers through online ads, so we're trying this instead. It's cheaper than you might think.

// Fredrik (cofounder of Mullvad)

prophesi · 17h ago
They prefer outdoor ads over targeted online advertising

https://mullvad.net/en/blog/advertising-that-targets-everyon...

jjice · 18h ago
Curious why the name change suggestion. Honestly, I immediately thought of the Seinfeld episode where Jerry forgets the woman’s name.

> Mullva?

fernandotakai · 17h ago
kind of of topic, but i had to google to find out which female part rhymed with dolores, because it made no sense to me (as an ESL).

(for people wondering, it's clitoris).

https://seinfeld.fandom.com/wiki/The_Junior_Mint

https://seinfeld.fandom.com/wiki/Dolores

philsnow · 11h ago
In (American, at least) English, there's a very common pattern of vowel reduction on unstressed syllables, resulting in "schwa-ification" [0][1] where all such vowels become indistinguishable from each other.

In this case, we say "duh lorr uhss" instead of "do lor ez". The second one doesn't sound like clitoris at all, but the first one.. okay it doesn't sound similar to me either, but it's closer at least.

[0] https://en.wikipedia.org/wiki/English_phonology#Unstressed_s...

[1] "schwa" is the name of the mid, central, unrounded vowel, IPA [ə]

trealira · 11h ago
I have to say that, the vast majority of the time, the way I've heard and said the word "clitoris" doesn't rhyme at all with "Dolores," so I wouldn't have been able to guess it either.
oscarmoxon · 18h ago
They're also littering the London tube system with ads - there's definitely been a lottery win or a series A.
kfreds · 1h ago
> there's definitely been a lottery win or a series A

We have neither won the lottery nor taken on outside investment. We've been growing for years, and we've reached a point where we can afford campaigns like this. It is an interesting experiment by our marketing team. Still, I think people on HN overestimate the cost of campaigns like this.

parkaboy · 18h ago
They were one of the earliest to adopt bitcoin and monero payments--if they didn't convert all those payments immediately to cash, they're probably sitting pretty right now.
dijit · 17h ago
They also have a partnership with Tailscale that can't be undersold.

I'm not sure how much it adds to their bottom line for each sale, but my corp was using the Mullvad VPN addition to tailscale to do global testing by our developers.

IE; "is something blocked, do we detect GEOIP properly" etc;

haiku2077 · 13h ago
The Tailscale integration is super handy while traveling. One app to access my home server and my home region.
george_perez · 16h ago
And Mozilla VPN as well.
noir_lord · 15h ago
Now’s a good time since the online safety bill kicks in towards end of July.

UK use of VPN’a outside the office/work environment is gonna skyrocket.

unfitted2545 · 17h ago
And whole buses!
JCattheATM · 13h ago
My concern is that when they can advertise to the extent they do, to what extent can they really be trusted? Anything that popular is going to be a target by law enforcement, and we really have no way of verifying any of their claims.
sillyfluke · 10h ago
Yeah, this advertising to the masses push makes me queasy. It has the reverse effect on me than was intended. Weird brand self-harm for a privacy/data hygiene oriented company.
Barbing · 18h ago
Yes, it’s gotta be something catchy. Like “Rakuten”!
bosse · 18h ago
I noticed their billboards and bus ads in New York City a year ago, so it’s not entirely new that they are marketing like this.
al_borland · 10h ago
Same, but on the train at the DC airport. I liked that they align their actions with their mission. Physical ads like this are perfect way to advertise a privacy tool, as their ads respect user privacy.
tomxor · 16h ago
I had to switch to iVPN last year (similar ethos), because Mullvad became pretty much unusable due to blacklisting and laggy DNS servers.

I'm assuming it has something to do with the push in recent years to expand their userbase, but they don't seem to be able to keep a clean enough pool of IPs like the big popular ones to cope. I know all VPNs struggle with this but it was getting ridiculous, where every single server in a country would receive infinite re-captcha.

INTPenis · 15h ago
iVPN is a great choice in terms of security, they also use STboot, but I think you're just flying under the radar with their IPs because they struggle with the same problems as Mullvad.
tomxor · 15h ago
Yes, it only works better because the obscurity to IP ratio is good. It could easily be as bad as mullvad if they became more popular. But as I understand it the really popular VPNs address this with huge pools of servers and IP cycling?

One other issue I had with Mullvad that put the nail in the coffin for me was randomly laggy DNS resolvers, they would get fixed just by the time I start investigating it, but it kept happening... I say this as a mostly happy user for probably 7 years, but then found myself having to turn it off more than on to be able to access most sites.

lysace · 16h ago
Not quite my experience.

> where every single server in a country would receive infinite re-captcha.

What does that even mean? Have you also disabled cookies?

Typically it's a Cloudflare captcha if you're doing that, not a re-captcha. And afaik pretty much everyone gets this treatment with zero history. Welcome to the modern web.

zargon · 16h ago
They’re referring to the situation when a service has blacklisted you, but will pretend they haven’t and give you captcha after captcha to keep you busy.
encom · 15h ago
>Welcome to the modern web.

Cloudflare recently started holding stackoverflow hostage as well. "Weird" OS + "weird" browser + cookie autodelete = www is hell, even on clearnet. I hate cloudflare so much it's unreal, including everyone who works for them, for enabling this nonsense.

RemainsOfTheDay · 15h ago
I've been seeing Mullvad billboards for years, including in Paris.
holysoles · 18h ago
based on their company about page, looks like Leta has existed since 2023

https://mullvad.net/en/about

jonplackett · 16h ago
This thing has been advertised EVERYWHERE in London the last few weeks.

But the adverts didn’t make a lot of sense and I had no idea what the product actually did.

diggan · 16h ago
I think it's a new/old marketing strategy. Make it interesting enough that people see and notice it but don't understand what it is, with the hopes that you go out to figure out what it is. A brave strategy, but since it's still around, I guess it works sometimes.
Sammi · 15h ago
It incentivises people to ask each other about it. But you need high pervasiveness of the ad for two people to both have seen it and ask each other about it.
throw432196 · 6h ago
I still didn’t know what it was. Went to the headline link and had no idea, typed in “what is this”. Still no idea. I had to read the hn comments to discover it is a search proxy..
mmooss · 9h ago
Where does it say how it handles user information - what it collects, how long it's retained, what it's used for?

I would expect Mullvad to say they collect none, but is that said anywhere? Is there any privacy policy?

Edit: All it says is that they protect us from Google and Brave:

> When a search isn't in the cache, our server (leta.mullvad.net) queries the search engines on your behalf. Only the search query is sent; no personal data is shared.

and

> Returned search results contain only direct links to the final destination. All tracking elements and third-party content are removed to protect your privacy.

smallerfish · 16h ago
So how do they make money? Are they hoping to convert users to their VPN service? Or are they just trying to stay under the free tier Google API limits?
haiku2077 · 16h ago
Leta is the supported search engine of Mullvad Browser which is a privacy-centric version of Firefox that integrates with Mullvad VPN. Think Mullvad Browser:Regular Internet as Tor Browser:Onion websites. So this is part of an ecosystem for their VPN subscribers.

(I'm a Mullvad customer, not Mullvad directly, but that's how I use their browser and Leta.)

prophesi · 16h ago
In the past, Leta was a service that was only accessible to paid Mullvad users. I'm unsure when they started allowing general access, but that's initially how it made commercial sense.
taco_emoji · 17h ago
Unfortunately, this is blocked at many places of work because of the domain, unlike DDG
freehorse · 17h ago
I am curious, why would a workplace block the mullvad.net domain? Or is it rather a whitelist thing?
hypeatei · 17h ago
"proxy avoidance" is the listed reason on my corporate network.
npteljes · 15h ago
Many workplaces use a corporate firewall, and on the admin panel, they can enable-disable categories of websites, like "Porn", "Adult themes", "Gambling", "Social", "Video streaming", "AI", etc. One of the categories could be "VPN", *.mullvad.net can fall into it, and it could be that they disabled that category. At many workplaces, it's against the rules to circumvent the company's monitoring, and so, many of such technologies are banned.
0cf8612b2e1e · 15h ago
Which is a killer because so many developer tools are on “naughty” domains (eg .dev and .ai) which are automatically blocklisted
npteljes · 12h ago
I don't think that .ai is automatically filtered in this case, it's more of a case by case basis. But it's killer nevertheless. "Adult themes" for example is a large umbrella at OpenDNS, and for example I wanted to check the lyrics of a song I was listening to, and it was hosted on darklyrics.com. Nope, couldn't visit, because it's Adult Themes.

https://support.opendns.com/hc/en-us/articles/360061439112-R...

culopatin · 4h ago
Lol doesn’t matter, my company won’t let me install anything not whitelisted anyway. The whitelist: The blacklist: *
skyyler · 17h ago
People use VPN services at workplaces to circumvent web filters.
taco_emoji · 15h ago
Because they block VPNs
FirmwareBurner · 17h ago
IDK, why do some workplaces ban Steam domain? Or block Mozilla but not Chrome?

IT people are weird.

pugworthy · 16h ago
Yes blocked at mine I now see. Guess I've moved up a bit more on that "watch this guy" list.

I don't know how you'd exactly handle it, but an NSFWCP (Not Safe For Work Cybersecurity Policy) tag for some links would be nice.

jeanlucas · 16h ago
I'm sorry for being negative, but it feels to me just as a publicity stunt.

No serious product, just a proxy for Google, while it is interesting not a real solution.

But as a marketing tactic to promote your VPN it is an interesting move.

lolinder · 16h ago
A caching proxy for Google is a real solution for a real problem. It might not be a solution to a problem you have.
jeanlucas · 15h ago
It solves a problem for a niche that you assume I don't have.

But it has no real way to monetize and is likely to be shut down as soon as the marketing/publicity objectives are not aligned anymore.

That's what I was trying to point out.

mmooss · 9h ago
Maybe Mullvad has other interests too?
skeaker · 16h ago
Not sure what you mean by this, it is a real thing you can actually use so obviously it's not "just a publicity stunt."
jeanlucas · 15h ago
I mean I don't see it as a viable product and as soon as costs go high and/or the publicity expectations are met it will be shut down.
INTPenis · 15h ago
It's not a publicity stunt when they're using the technology they helped develop to run their search servers completely securely and without any stateful data.
jeanlucas · 13h ago
Hmm, that makes more sense, framing it like that. I still don't think this is a viable product

No comments yet

mmooss · 9h ago
It's been running for two years, if I understand correctly.
xlt · 15h ago
A proxy for Google is a product if it provides additional features Google alone does not provide... in this case: Privacy
xnx · 17h ago
These alternative search engines really feel like they're fighting the last war. Web content is so reader-hostile that you need a tool to extract the answer/information you're looking for and not just give you a link to the page.
SirHumphrey · 16h ago
I don’t actually. I have read far too many AI summaries where the llm combines data about two different people with the same name creating a biography of someone that doesn’t exist.

And once the use of chatbots in this role becomes widespread- don’t think for a second that companies won’t sso the thing until it’s about as useful as current search.

haiku2077 · 16h ago
I had an issue where Slack AI combined multiple people I work with into a summary that was negative in tone. And of course there was no way to provide feedback on this harmful behavior.
hart_russell · 14h ago
If the dead internet theory comes to fruition, I wonder if there will be "curated internets" where only good actors will be allowed to participate.
scdnc · 14h ago
I don't care much about that anymore because their VPN service has really gone bad. They are great in terms of privacy, but in every other aspect, they suck. Their VPN randomly disconnects again and again, once even without the killswitch being activated. They are getting blocked from websites much more often than other VPNs, making the service barely usable while costing a lot more. Plus, there are many other minor issues. I really hope they improve because I want to keep using them
DavideNL · 1h ago
> their VPN randomly disconnects again and again, once even without the killswitch being activated.

I have no idea which OS you are on, but for me it has been working flawlessly for many years, on iOS (using WireGuard.)

One exception: Apple blocking their services when using a VPN IP-address, on macOS. But that's an Apple issue of course...

Even years back, when Proton still had frequent connection/App issues, my phone using Mullvad was very reliable, and hasn't failed even once.

idlip · 16h ago
Why not embrace searxng^1. But sure I know brave and other would rate limit for it. What would be the difference from duckduckgo lite?

https://docs.searxng.org/

chvid · 17h ago
Fast, no ads, reasonable results. Well done!
bitpush · 16h ago
and stale.
dangoodmanUT · 17h ago
Aren't these APIs absurdly expensive? How are they justifying these costs, or are they using "unofficial" APIs?
jdpedrie · 16h ago
Brave has a subscription tier that offers storage rights. But it's ~9x the cost of their normal Pro subscription. I have a hard time imagining that the cost works out in their favor (discounting the possibility of a special arrangement) with how long the query stream tail is in web search.
alcover · 10h ago
> Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

Err.. it would still be useful to mask your IP ?

Zefiroj · 17h ago
I wonder how well the caching works. The FAQ says 30 days, so you might be getting a pretty stale result. That combined with Google's "fun fact: 15% of all Google searches have never been searched before", makes me wonder how identifying these queries can be.
napolux · 17h ago
I'm using startpage.com, guess this is gonna replace it as soon as it matures a bit
reustle · 8h ago
A simple explanation of what this does, shown somewhere on the page, would go a long way.
worldsavior · 16h ago
I don't understand why Google or Brave are cooperating with this, they don't earn anything. And if they're not, what prevents Google blocking Mullvad IPs?
o_m · 16h ago
Mullvad is paying to use their API's, like Kagi does. Google is making money on this

https://leta.mullvad.net/faq#made-from-scratch

worldsavior · 13h ago
Then how does Mullvad earns? This surely costs a lot of money to pay for Google search results.
fr4nkr · 16h ago
Google likely just doesn't care. They know most people won't bother using privacy-oriented services out of inconvenience or apathy.
DrZeina · 18h ago
I am extremely excited about this and thus far it seems to work well.
mrweasel · 17h ago
Interesting solution to let the user pick which search engine to use. Sadly Bing is shutting down their API, it would have been great to be able to use that as well.
DaSHacka · 17h ago
> Sadly Bing is shutting down their API

Interesting, does DDG have plans to switch or start their own index?

mrweasel · 16h ago
There are some provisions for their larger customers, see https://www.wired.com/story/bing-microsoft-api-support-endin... (https://archive.ph/IVKGT). So no DuckDuckGo and Ecosia won't lose their Bing backends.
icar · 16h ago
I'm surprised this is created using NodeJS. Given how critical performance is in a proxy, and that RAM is precious running Redis.
jxjnskkzxxhx · 15h ago
If people search CSAM, do they serve it? Isn't that criminal?
freehorse · 11h ago
You mean if google serves it?
jxjnskkzxxhx · 11h ago
I'm talking about the search engine in question.
areyourllySorry · 3h ago
there is no image search.
38 · 15h ago
You must be fun at parties
superkuh · 17h ago
Pretty much the only way to use google search as an HTML webpage instead of a JS web application these days. It's great. It reminds me of the scroogle.com proxy days.

I use it for all but my retro machines, which is a shame. I know Mullvad is a 'privacy' company but I really wish they'd acknowledge that HTTP+HTTPS is more robust to governments' censorship than centralized CA TLS only. HTTP+HTTPS would allow my non-bleeding edge TLS retro machines to search again.

thunder-blue-3 · 16h ago
This would've been a great product 10 years ago. I've unapologetically not had to use a search engine in almost a year (or at least can count on 1 hand having to use it) since GPT models have come out.
npteljes · 15h ago
What do you use to look for products, and businesses? I also use chatbots much more, but these are two categories where I found search engines to be much better. But I haven't really looked for an alternative either.
whizzter · 16h ago
More than once people at work have asked me for help after not solving their problems with ChatGPT, and the solution was to google and hit some stackoverflow answer.
homebrewer · 16h ago
The situation hasn't changed for most of us. None of the people I've talked to over the past couple of years have stopped using Google, none are using LLMs for anything other than translation (or helping proofread their English) or simply for wasting time.

FWIW, since we're exchanging anecdotes, LLMs have been completely useless for me. I try them every 3-6 months and always return to Google disappointed.

ranguna · 15h ago
I think both you and the OP are ends of the same spectrum.
benbristow · 16h ago
Did a search for 'test', says results are cached from 6 days ago.

When we've got LLMs with real-time search now this seems a bit... backward. Not that the results for that specific query would change much.

zaggynl · 15h ago
How does this compare to say, startpage.com?
nobody42 · 14h ago
Isn't owned by advertising company. https://en.wikipedia.org/wiki/Startpage#Merger_and_recent_hi...
jug · 16h ago
> Leta aims to present a reliable and trustworthy way of searching privately on the internet.

> Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

Huh? This needed better clarification because the two points seem to be at odds with each other.

jsnell · 11h ago
What they're saying is that if you had already closed off all possible methods of being tracked, you'd gain nothing from this service, since whatever other search engine you choose to use instead would by definition not be able to track you.
freehorse · 11h ago
I assume if you block all tracking technologies it does not offer anything more than what you already have? Because then your queries cannot be tracked?
nalekberov · 16h ago
From the FAQ page (https://leta.mullvad.net/faq) :

> However, Leta is useless as a service if you use the perfect non-logging VPN, a privacy focussed DNS service, a web browser that resists fingerprinting, and correlation attacks from global actors. Leta is also useless if your browser blocks all cookies, tracking pixels and other tracking technologies.

In other words everyone can benefit from it. I don't know any browser (not talking about obscure browsers like lynx) who can completely resist fingerprinting.

haiku2077 · 13h ago
Mullvad makes a fingerprinting resistant browser. It uses tricks like displaying the content inside a smaller window to mimic popular laptops and phones.

https://mullvad.net/en/browser

It's not perfect (it's firefox based so that already sticks out) but better than could be done otherwise.

VTimofeenko · 16h ago
Using an obscure browser that is not hiding its user agent is arguably worse for fingerprinting.
nalekberov · 14h ago
Ironically yes.
DbigCOX · 17h ago
This is incredible actually.
tiffanyh · 17h ago
How is this different than using DDG with the “!g” ?
toast0 · 16h ago
Doesn't !g just redirect you to Google? From comments, this is proxying and potentially caching from Google. Having an intermediary is potentially of value.
SergeAx · 13h ago
Wait, Google doesn't have a Search API!
pipes · 15h ago
What is it?
rasengan · 17h ago
This isn't really privacy or security focused unless 'trust' is a component of security architecture.

Make no mistake, Mullvad Leta knows what you searched for and who you are.

/Theater/ has no place in privacy.

The right way to do it, short of FHE, is to encrypt the query client side, pass this to the proxy which does not pass the source IP, which passes this to the search engine for decryption. Search results are encrypted and pass thru in the reverse:

Client (encrypts) -> Proxy (passes thru no IP) -> Search engine (receives, decrypts, performs, and encrypts results) -> Proxy passes encrypted blob of results back to user -> Client privately reviews private search results.

Edit: private.sh tried this in the past but unfortunately was shuttered with the end of gigablast.

huslage · 17h ago
Mullvad has built trust over many years. There is always someone who knows what you are searching for. The search engine will not accept an opaque blob of encrypted data as a search term, after all.
bitpush · 16h ago
The trust comes from them being a small player. The moment they get big, govt will come knocking, and they'll be just like anyone else.
Kbelicius · 15h ago
The govt already knocked and Mullvad had nothing to give them.
alcover · 10h ago
What if browsers supported a property like <script hash=64192876> ? They would store the hash on first connection then verify on subsequent ones.

I know this should be refined and hardened but you get the idea.

abtinf · 17h ago
If the encryption library is loaded over the web, then it provides no added security. You are still trusting them. Web client side encryption is theater.
miloignis · 17h ago
This is a bit of an aside, but I see this take a lot and I think it's subtly wrong.

Web client side encryption eliminates fully passive snooping on the server side, but of course does nothing for actively subverting the served encryption code. This makes things a bit more dangerous for the snooping party as it's possible that the backdoored encryption code will be noticed by someone, and it's at least possibly a legal defense - the government might have the power to compel you to hand over data on your server but not to backdoor your code.

This isn't a huge technical difference, but it is a difference, and especially with the legal angle I think it's an important one.

rasengan · 17h ago
Agreed, it requires something more significant like an auditable (non obfuscated code) extension or better.
mettamage · 16h ago
I'd rather have some people in Sweden know what I've searched for than whatever I'd find abroad.
esafak · 18h ago
Mods: Consider adding to the title: A privacy focused search engine

I quoted their FAQ; it's not editorializing: https://leta.mullvad.net/faq

Barbing · 18h ago
Right, one that by my understanding “pools” searches, in a way. As their blog put it in 2023:

“Mullvad Leta uses the Google Search API as a proxy, caching each search. These cached results are shared amongst all users, reducing costs and improving privacy. This service is user-supported and doesn't rely on ads or data selling.”

blibble · 17h ago
I thought the google search and bing API terms explicitly forbade you from caching the results for more than a short period of time

exactly to stop people doing this

lcnPylGDnU4H9OF · 17h ago
That short period of time is likely to pool a group of users. Even if not, using Mullvad as a personal proxy for Google is a better privacy-conscious decision than using Google directly.
brewdad · 16h ago
Just call it AI and there are no rules.
thayne · 16h ago
It seems like the Google Search API quotas would be a problem, unless they have some special deal with Google.
KoolKat23 · 17h ago
I'm curious doesn't outright say whether personal data is logged or kept? Like with the hashed original search or even separately.

The FAQ also mentions user changeable settings for freshness, can't see that.

Still very kind of them :)

microflash · 18h ago
I did add that description but seems like it was edited by mods.
lcnPylGDnU4H9OF · 17h ago
I presume that's because calling it privacy-focused is considered editorializing. I'd at least hope it can have "(search engine)" or similar because I had no idea what it was before clicking.
glenstein · 17h ago
I had assumed it was Mullvad announcing their own LLM.
microflash · 17h ago
Yeah. I usually stick to original titles and don't editorialize them, except when the title itself does not make it obvious what it is about.
voytec · 16h ago
> Mods: Consider adding to the title: A privacy focused search engine

@dang No - please don't do it. This request is plain stupid.

Apple and Google being "privacy-focused" is a silly buzz-phrase at this point. Mullvad is tied to Alphabet/Google.

EDIT (2025 05 28 16:45 UTC): great to see how my recent comments were raided <3

Who the fuck have I annoyed? :)

PufPufPuf · 16h ago
The request is just to add context to the title. The perceived veracity of that title isn't really important, if they decided to call themselves that.

BTW what ties are you talking about? Is there a source for that claim?

dang · 16h ago
> plain stupid

You broke the site guideline against calling names, at least.

https://news.ycombinator.com/newsguidelines.html

voytec · 1h ago
Fair. I apologize for my poor choice of words. I however stand by my point in general.
xyst · 17h ago
Search engines are so hot rn. Reminds me of 1990s, 2000s.

AskJeeves, anyone?

\s

I jest, but the focus on privacy is important. I used to use DDG but ended up using (and paying for) Kagi.

dangus · 17h ago
> Did you make your own search engine from scratch?

> We did not, we made a front end to the Google and Brave Search APIs.

So this is pointless, and honestly kind of lazy?

JanNash · 17h ago
Is it pointless though if e.g. there are no ads?
dangus · 14h ago
In a way, yes, because without ads or any kind of revenue source it's bound to be shut down.
areyourllySorry · 3h ago
enjoy it while it still works, then.
deelowe · 17h ago
I feel like the name "mullivad" might present challenges for user adoption.
sakjur · 16h ago
Am I (native Swedish speaker, so perhaps ignorant of secondary connotations here) missing something that should be obvious? Is mullvad inappropriate to some readers or is it just an odd name?
nkurz · 6h ago
No, I don't think you are missing anything. As an English speaking American, it just strikes me as a strange name that I wouldn't immediately associate with a search engine. Note for example that the parent spelled it wrong despite that being the focus of his question. But there is no second level of meaning or innuendo that I'm seeing.
DarkCrusader2 · 16h ago
Totally agree. Everything should be Americanized as much as possible so that it conforms to American sensibilities and is easier to use and understand for Americans.

Who cares about languages and culture of few dozen people who does not live in AMERICA.

PrivacyDingus · 17h ago
current options are google, duckduckgo, bing, I think they'll be fine; what's in a name? and all that
nosioptar · 17h ago
I was dumb enough to buy more than 30 days worth of mullvad once. They changed their terms of service to remove port forwarding. Because I'd paid more than 30 days ago, they wouldn't refund me anything.

Screw mullvad. I'd have to be a damned fool to to ever trust them again.

Cerium · 17h ago
I don't hold it against them, but I got burned by that change too; but it was entirely reasonable, allowing inbound provides abuse opportunities which degrade their primary service reputation.
nosioptar · 15h ago
I wouldn't be mad, had they have been willing to refund since they changed the functionality.
DaSHacka · 17h ago
Really? That's unfortunate, I heard of many people getting refunds back when they removed port forwarding.
nosioptar · 15h ago
I didn't because I'd paid more than 30 days prior to the change.