anonymous
Turning off auto-suggest does stop the per-keystroke GET operations. The search term is passed to DDG via POST, securely. But then DDG returns a page which causes all sorts of GET fetches from my browser containing the search term. Here they are:

Code:
https://duckduckgo.com/ (POST query)
...
https://duckduckgo.com/g1105.js
https://duckduckgo.com/d.js?q=hello&t=D&l=us-en&p=1&s=0
https://duckduckgo.com/y.js?s=1&q=hello&l=us-en
https://duckduckgo.com/y.js?x=1&q=hello&l=us-en&safe=1
...
https://duckduckgo.com/m.js?q=hello&t=D&cb=ddg_spice_amazon
https://duckduckgo.com/js/spice/dictionary/definition/hello
https://icons.duckduckgo.com/ip/www.hellomagazine.com.ico
https://icons.duckduckgo.com/ip/hello.com.ico
...
https://duckduckgo.com/js/spice/dictionary/hyphenation/hello
https://duckduckgo.com/js/spice/dictionary/pronunciation/hello

...


The bottom ones there are icons for websites returned in the search results - giving away my search results. I have to use settings - result - Site Icons - Off too. But when I do that, I still get:

Code:
https://duckduckgo.com/d.js?q=hello&t=D&l=us-en&p=1&s=0
https://duckduckgo.com/y.js?s=1&q=hello&l=us-en
https://duckduckgo.com/y.js?x=1&q=hello&l=us-en&safe=1
https://duckduckgo.com/js/spice/dictionary/definition/hello


That looks to me to be a serious security issue. Has nobody at DDG has considered the effect all these extra features will have on data privacy? It's all right saying DDG doesn't track us, but what of everyone else?
posted by <hidden> • 4 years and 5 months ago Link