Using GET rather than POST

[Old Forum guest] anonymous
Created: 4 years and 9 months ago
Any reason why you use GET rather than POST?

Just wondering..

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


crazedpsyc
GET makes it easy to see where you are (you can see the query),and easy to copy/paste the URL to share a search. There is no reason not to use GET, either.
posted by crazedpsyc 4 years and 9 months ago Link
anonymous
POST offers additional privacy by keeping your search terms out of the logs of webmasters of sites that you reach from the search.

The default is GET which means the URL is visible in the command line and this is what the website you are going to will see and log, so not that private really.

I think the default should be POST.
Since DuckDuckGo keeps reverting to GET as the default, when cookies are removed.

Also it would be good if there were some easy directions on how to make the DuckDuckGo search function added to the Firefox seach engines drop down in Firefox use POST rather than the default GET. That is it does not seem to pick up the same settings as those set in the Browser.
posted by <hidden> • 4 years and 6 months ago Link
crazedpsyc
We add a redirect to prevent search term leakage, rather than using POST which is annoying when you want to share a search.
We do not currently have a POST searchplugin for firefox, because there is no valid reason for anyone to use one (as far as we know).
posted by crazedpsyc 4 years and 6 months ago Link
anonymous
Old post I know, but let me get this straight... You're saying I should not mind using GET at work, so everything I search for is captured and logged?

You're not preventing anything from leaking when the first search ALWAYS includes the search terms, and POST can only be forced (by cookied option) once already on the DDG site. The first search ALWAYS includes the search terms, like:

https://duckduckgo.com/?q=hello+there

Once in awhile I log into Splunk at work and look at what people are searching for. I hate when people use IxQuick, POST, and SSL ... I can't tell what they're searching for. So thank you, DDG. You make life more fun by advertising what people are searching for.
posted by <hidden> • 2 years and 8 months ago Link
anonymous
I never used Splunk, can you associate a search with a IP?

On a sidenote POST can be set without cookies, using the URL parameter "kg=p" .
posted by <hidden> • 2 years and 8 months ago Link
anonymous
Splunk records whatever gets sent there. Yes we store IP, and also AD user name. I also exaggerated before; I don't actually go out of my way to look at what people are doing online. But I have inadvertently noticed it.

My issue is that any time I invoke DDG from Firefox using the search bar or the address bar, the URL of the first search always includes the terms being searched. (So, adding a parameter would not help.) When I use IxQuick the same way, the URL has no search terms in it. The only way I can use DDG without this issue is to navigate to the DDG page first, which I'm not going to do.
posted by <hidden> • 2 years and 8 months ago Link
anonymous
Sorry but I don't understand, is Splunk something like a web anaylitics installed on server? You can store the users' IP that connect there but you shouldn't be able to associate an IP to a search because DDG anonymizes it. Or maybe you're speaking about something LAN-side?
posted by <hidden> • 2 years and 8 months ago Link
anonymous
Splunk is basically a gigantic database of anything you send to it. Server logs, network logs, web logs, literally anything you want stored in a central repository for collection and analysis. I mentioned it in the context of an enterprise.

All web requests that are done at my workplace are logged and while of course encrypted traffic is off the grid, all URLs and the IP addresses that requested them are logged. So if I use DDG at work, the way I mention, my search terms, my IP address, and my AD user name are right there for anyone with Splunk access.

Of course, at home, this doesn't apply. At home, I still don't want to use GET because I don't need my ISP or whoever seeing what I'm accessing. Yes, I do use VPN, but that's beside the point.
posted by <hidden> • 2 years and 8 months ago Link
x.15a2
I did a tiny bit of messing with this in FF 38. You can add a searchplugin xml in the searchplugins folder of your FF profile and force it to POST. Here's a quick example, which I created as duckduckgopost.xml:
Code:
<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>DuckDuckGo POST</os:ShortName>
<os:Description>Search DuckDuckGo (Post)</os:Description>
<os:InputEncoding>UTF-8</os:InputEncoding>
<os:Url type="text/html" method="POST" template="https://duckduckgo.com/" resultDomain="duckduckgo.com">
  <os:Param name="q" value="{searchTerms}"/>
</SearchPlugin>


No guarantees, but you get the idea. You can mess with the values to suit your needs. I noticed that your sample search (above) triggers and IA, which shows up in the URL, so you may want to disable IAs as well.

I hope this helps.
posted by x.15a2 Community Leader2 years and 8 months ago Link
anonymous
Thanks. It's easy to create such a plugin with the "Add to Search Bar" Firefox extension also, but I intentionally didn't mention this because users should not have to do this, and because self-created plugins don't update automatically as may be desired.

This also leaves unexplained why DDG seems to refuse to offer POST by default via plugin, and is even seen to argue against it. Doesn't exactly build trust, AFAIC.
posted by <hidden> • 2 years and 8 months ago Link
anonymous
Normal users go on settings and set POST there. Simple as that.
If you don't even want to go on DDG homepage, that's not a DDG problem.
posted by <hidden> • 2 years and 8 months ago Link
buckeye
he\she is not looking for an answer or a solution - he\she is only complaining and trying to make a point
posted by buckeye 2 years and 8 months ago Link
This comment has been removed for violation of our forum rules.
posted by <hidden> • 2 years and 7 months ago
isegurola
safe use is much ma post, I always tend to use this option
posted by isegurola 2 years and 8 months ago Link