SearXNG

SearXNG is the self-hosted privacy metasearch engine — an open-source fork of the original searx that aggregates results from 245+ upstream search engines (Google, Bing, DuckDuckGo, Brave, Marginalia, Mojeek, plus dozens of specialised verticals like Wikipedia, GitHub, Stack Overflow, arXiv, PubMed, Lemmy, Mastodon, etc.) without ever revealing the individual user to any upstream. Listed at Grade A · editor's pick because it is the gold-standard "you own the search frontend" architecture and one of the few privacy-respecting search options that's both free and fully under user control.

Background. SearXNG forked from the original `searx` project around 2021 when the upstream project went into maintenance mode; the SearXNG fork picked up active development, added support for many more engines, and ships rolling releases (current `2026.5.23+` at the time of this review). Source code at github.com/searxng/searxng under the open-source AGPL-3 license. Driven by an open community, no commercial entity behind it. Public-instance discovery at searx.space — a community-maintained list of ~70 well-maintained public instances, each rated on uptime + features + Tor reachability. Bundled-in inclusion: SearXNG ships pre-installed in Tails Linux, and is the default search engine for many privacy-focused custom distributions.

What you trust (two deployment modes). Self-hosted: you run the SearXNG instance yourself (Docker container, Python install, or systemd service), the instance proxies queries to upstream engines using its IP address (not yours), and no one — not the upstream engines, not SearXNG, not the wider internet — sees the link between you and your search history. This is the strongest privacy posture available in any search architecture. Public instance: you use someone else's SearXNG instance from searx.space. The upstream engines still don't see you, but the *operator of that public instance* sees every query you make from their server logs (unless they explicitly disable logging — which most do, but not all). You trade self-host operational complexity for trust in an unknown third party.

Operational specs. Engine count: 245+ upstream sources across general web, images, videos, files, science papers (arXiv, PubMed, Crossref, Semantic Scholar), code (GitHub, GitLab, Sourcehut), forums (Lemmy, Discourse, Matrix Rooms Search), social (Mastodon, Mwmbl), shopping/Linux-package-search/etc. Locales: 58 translations of the UI. Tor support: instances can be configured to route upstream queries through Tor (slower but adds an extra anonymity layer). No-JS support: works without JavaScript; minimal cookie usage (preferences only, optional). Plugins: built-in calculators, hash converters, unit converters, time-zone tools, hostnames-rewriting, infinite-scroll, Tor-check, and a plugin development framework for adding your own. API: programmatic access for custom integrations (LLM RAG, command-line tools, browser extensions). Installation: Docker one-liner, OS package, or step-by-step Python install — documented at docs.searxng.org.

Philosophy. SearXNG's editorial differentiator is the "separate the search-frontend from the search-backend" architecture. Traditional search engines combine the indexing + ranking + frontend into one operator who sees everything you query. SearXNG fragments that: each upstream engine does what it does best (indexing + ranking), but the frontend (which sees the user) is owned by someone the user already trusts (themselves, in the self-host case). The privacy property emerges from the architecture rather than from operator promises. Combine this with the open-source codebase, the optional Tor routing, and the community-curated instance list — and you have the closest thing to "search infrastructure as a public utility" the privacy community has built.

Grade rationale. Grade A and editor's pick reflect: open-source AGPL-3 codebase with active community development; self-host architecture that structurally minimises trust assumptions; 245+ upstream engine integrations including major web + specialised verticals; bundled inclusion in Tails Linux (operator validation at the Tor-Project-adjacent tier); 58 UI translations; no-JS support; community-maintained public instance directory at searx.space with uptime/features tracking; Tor-routing optional for self-hosters; no commercial monetisation pressure on the project. Last verified 2026-05-12.

Useful when. You're a self-hosting privacy enthusiast and want search to be one more service in your homelab. You're a developer building an AI / RAG system and want a search backend you can hit programmatically without paying per-query API fees to Google/Bing. You want the best of multiple search engines fused into a single result page (search-engine portfolio diversification). You don't trust any single commercial search operator — including Kagi — and prefer the "you own the frontend" architecture instead. You're running Tails and want privacy-respecting search by default.

Caveats. Self-hosted is the strong-privacy mode — using a public instance means trusting that instance's operator. Public-instance operators *can* see queries; verify the instance's privacy policy + uptime/transparency at searx.space before relying on it. Rate-limiting / blocking by upstreams — Google in particular sometimes throttles or blocks SearXNG instances that issue too many queries from a single IP. Self-hosting on a residential IP, rotating through engines, or routing queries through Tor mitigates this; high-traffic instances on commercial IPs often hit caps. Operational complexity — self-hosting is a real ongoing commitment: you maintain the Docker image, monitor upstream-engine breakage, patch the SearXNG binary as engines change their HTML. Not zero-effort. No native ranking — SearXNG aggregates results but doesn't apply its own intelligence layer; the ranking quality is whatever the upstream engines provide, weighted by the user-configurable engine weights. If you want Kagi-style custom ranking + Lens-style filters, Kagi has more polish for that use case. Public-instance quality varies — some instances are well-maintained and Tor-friendly; others are sketchy or run by operators with unknown motives. searx.space + reading the instance's about-page is essential before trusting any public deployment.