A HUGE SECURITY BUG

[Old Forum guest] anonymous
Created: 1 year, 2 months, and 6 days ago
i just noticed that when i send a a search query the URL isnt encrypted!
this is a huge flaw in security and privacy that means that if someone is sniffin my network he can know what im searching! its a real issue that has to be taken care of fast.

the query i sent (both via address bar and via searchBox (both using Firefox(18.0.2) only):
https://duckduckgo.com/?q=%D7%9E%D7%A9%D7%90%D7%99%D7%AA+%D7%92%D7%96+%D7%A0%D7%90%D7%A6%D7%99%D7%AA

if you decode the URL you get the same search query , thats bad guys.

my suggestion is to make a plugin that encrypts it with a key that only duckdudckgo.com servers can decrypt that way its one way encryption and effectively closing the https (ssl) security hole.

also, it doesnt mean that the q get have to be gone, you can change it to like e(for encrypted) or just make a prefix for all encrypted querys.

if you didnt understood anything or have any questions ot need any help at anysubject, umlal@hushmail.com

You must be logged in to comment. Please, Log in or Register.
crazedpsyc
I think you are completely misunderstanding how this works. When you use SSL, your entire request is encrypted. The only thing a sniffer could see is the source and destination addresses.
The "encoding" in that query string you pasted is standard URL encoding, which just takes care of transferring the non-latin characters.
posted by crazedpsyc Admin1 year, 2 months, and 6 days ago Link