Why is Qwant blocked by Safe Search?

nextdns / metadata

This repository contains the data behind our Security, Privacy and Parental Control features.

https://nextdns.io

637 stars 138 forks source link

Why is Qwant blocked by Safe Search? #529

Closed gracjankn closed 3 years ago

gracjankn commented 3 years ago

Currently, enabling Safe Search completely blocks the privacy-focused search engine Qwant. Can you whitelist it or is this caused by a technical limitation because you can't force Safe Search filter for it?

crssi commented 3 years ago

SafeSearch Filter explicit results on all major search engines, including images and videos. This will also block access to search engines not supporting this feature.

AFAIK Qwant doesn't support safe search.

gracjankn commented 3 years ago

It does. I don't know how you enforce it through DNS, so I don't know if it's possible for you to implement, but if you open Qwant, click Settings there's a setting called Filter Mature Content with three possible states: None, Moderate and Strict.

gracjankn commented 3 years ago

When you're changing the settings, you see the URL changing underneath them. This one changes parameter &s= between 0–2.

crssi commented 3 years ago

DNS doesn't know about parameters... only host. As I said, Qwant doesn't support that, not at least I would know. Qwant should listen on a different IP for safebrowsing.

See more about here:

https://docs.umbrella.com/umbrella-user-guide/docs/enforce-safesearch-for-dns-policies
https://support.opendns.com/hc/en-us/articles/227986807-How-to-Enforcing-Google-SafeSearch-YouTube-and-Bing
https://blog.technitium.com/2020/07/how-to-enforce-google-safe-search-and.html?m=1

Cheers

crssi commented 3 years ago

This one made me thinking https://community.cleanbrowsing.org/topic/forcing-qwant-safesearch/

Try this:

Enable Safe Search in Parental Control
In the Allowlist add qwant.com
In the Settings/Rewrites add new rewrite: api.qwant.com → safeapi.qwant.com

Let us know if that works. 😉

Cheers

crssi commented 3 years ago

^^ I have replaced the rewrite destination at the step 3 into a much better option, that is from 194.187.168.114 to safeapi.qwant.com.

romaincointepas commented 3 years ago

We know enforce Qwant safesearch at the DNS level, removed from safesearch-not-supported in https://github.com/nextdns/metadata/commit/a9020bdfa28a16fcd3e401b29bf13745314a37c8. You may need to toggle SafeSearch off and on again to get this change right now.

Thanks @crssi for figuring this out!

crssi commented 3 years ago

Welcome 😀

I guess that workaround will not be needed, since you will cover this now natively?

Cheers

romaincointepas commented 3 years ago

@crssi it's in production now, just disable/enable SafeSearch on NextDNS to activate it if you don't want to wait a few hours.