We present the first extensive measurement of the privacy properties of the advertising systems used by privacy-focused search engines. We propose an automated methodology to study the impact of clicking on search ads on three popular private search engines which have advertising-based business models: StartPage, Qwant, and DuckDuckGo, and we compare them to two dominant data-harvesting ones: Google and Bing. We investigate the possibility of third parties tracking users when clicking on ads by analyzing first-party storage, redirection domain paths, and requests sent before, when, and after the clicks. Our results show that privacy-focused search engines fail to protect users' privacy when clicking ads. Users' requests are sent through redirectors on 4% of ad clicks on Bing, 86% of ad clicks on Qwant, and 100% of ad clicks on Google, DuckDuckGo, and StartPage. Even worse, advertising systems collude with advertisers across all search engines by passing unique IDs to advertisers in most ad clicks. These IDs allow redirectors to aggregate users' activity on ads' destination websites in addition to the activity they record when users are redirected through them. Overall, we observe that both privacy-focused and traditional search engines engage in privacy-harming behaviors allowing cross-site tracking, even in privacy-enhanced browsers.

翻译：我们首次对注重隐私的搜索引擎所采用的广告系统的隐私属性进行了大规模测量。我们提出了一种自动化方法，以研究点击广告对三种采用广告商业模式的流行隐私保护搜索引擎（StartPage、Qwant和DuckDuckGo）的影响，并将其与两种主导数据收集型搜索引擎（Google和Bing）进行比较。通过分析首次存储、重定向域名路径及点击前、点击时和点击后发送的请求，我们探究了用户在点击广告时被第三方追踪的可能性。结果表明，注重隐私的搜索引擎在用户点击广告时未能有效保护用户隐私。在Bing的4%广告点击、Qwant的86%广告点击以及Google、DuckDuckGo和StartPage的全部广告点击中，用户请求均通过重定向器发送。更糟糕的是，几乎所有搜索引擎的广告系统都与广告商合谋，在大多数广告点击中向广告商传递唯一标识符。这些标识符除了记录用户被重定向时的活动外，还允许重定向器聚合用户在广告目标网站上的活动。总体而言，我们观察到，无论是注重隐私的搜索引擎还是传统搜索引擎，都存在损害隐私的行为，允许跨站追踪，即使在隐私增强型浏览器中亦如此。