undefined | Better HN

0 pointsaxod15y ago0 comments

BTW, DDG still leaks search terms:

  * Disable javascript
  * Do a search
  * Click on an https result

Your search terms are sent to the website as referrer.

  Referer	https://duckduckgo.com/html?q=https

If you're going to claim to be whiter than white, you better cover all bases.

0 comments

3 comments · 1 top-level

epi0Bauqu15y ago· 2 in thread

If there is leak I'm of course happy to fix it. Ahh, this is a bug I just committed yesterday fixing something else for someone. Will fix right away -- the html version is supposed to be using POST by default.

Edit: fixed. The non-JS versions are somewhat new and there are a lot more bugs floating around them. Please report whenever you see something awry.

gregable15y ago

I just tried this right now from the http: version and it still has the same problem.

epi0Bauqu15y ago

I don't understand this at all because for the non-JS version you should never be on https. If you go the http homepage, the default form submit is POST and HTTPS. JS changes the action, so if you have JS off it should submit to the non-JS vesion (via HTTPS and POST). Also, the non-JS plugins are also HTTPS. Please email me to sort out what is going on: http://duckduckgo.com/feedback.html

1 more reply

j / k navigate · click thread line to collapse