top | item 26205372

(no title)

I use DDG daily but there's one thing that grinds my gears, and undermines their privacy by default statement.

They leak the searches in the URL like this https://duckduckgo.com/?q=this+is+not+private+at+all&ia=web

discuss

How is that a leak ? The URL is only sent to ddg server, encrypted using TLS so no eavesdropper can read it. It also stays in your browser history and let you use the back button.

scaladev|5 years ago

Enable POST requests at https://duckduckgo.com/settings#privacy

kemayo|5 years ago

That seems like a reasonable trade-off. It's https so it's not visible to people snooping on you, and it being GET means that browser history and sharing links to searches works.

Plus, they do have an option to go POST-only, so if you don't like their already-very-private default you can change it.

time0ut|5 years ago

Just curious, but what threat model are you thinking of here?

unknown|5 years ago

[deleted]