We present the first extensive measurement of the privacy properties of the
advertising systems used by privacy-focused search engines. We propose an
automated methodology to study the impact of clicking on search ads on three
popular private search engines which have advertising-based business models:
StartPage, Qwant, and DuckDuckGo, and we compare them to two dominant
data-harvesting ones: Google and Bing. We investigate the possibility of third
parties tracking users when clicking on ads by analyzing first-party storage,
redirection domain paths, and requests sent before, when, and after the clicks.
Our results show that privacy-focused search engines fail to protect users'
privacy when clicking ads. Users' requests are sent through redirectors on 4%
of ad clicks on Bing, 86% of ad clicks on Qwant, and 100% of ad clicks on
Google, DuckDuckGo, and StartPage. Even worse, advertising systems collude with
advertisers across all search engines by passing unique IDs to advertisers in
most ad clicks. These IDs allow redirectors to aggregate users' activity on
ads' destination websites in addition to the activity they record when users
are redirected through them. Overall, we observe that both privacy-focused and
traditional search engines engage in privacy-harming behaviors allowing
cross-site tracking, even in privacy-enhanced browsers