Please FIX Search Term LEAKAGE

msyano msyano
Created: 4 years and 10 months ago
I have reported this at least three (3!) times via the feedback forum on the main DuckDuckGo site but I'm starting to get the impression that no body really cares about search terms leaking to sites. I first started reporting this back in the middle of September.

If you do a search for any term and then append "!" or "!ducky" to the end the server that you end up at HAS your search terms.

For example:

Visiting https://duckduckgo.com/?q=michael+yanovi...

Will result in this on my server:
[19/Nov/2013:18:26:34 +0000] "GET / HTTP/1.1" 200 5999 "https://duckduckgo.com/?q=michael+yanovi..."

This is unacceptable for a site that claims to be concerned about privacy.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


x.15a2
Per https://duckduckgo.com/bang.html , this is correct operation.

Quote:
We call these commands !bangs, and this syntax works for 100s of sites:

Most big sites work, e.g. !youtube (see full list below)

Most generic keywords work too, e.g. !images

There are also shorter versions, e.g. !g (google) !i (images) !yt (youtube)

!ducky or '! ' or '\' will take you to the first result.

!safeoff will run a search with safe search off. [\quote]


x-15a2 <br>[http://backspinforums.com/images/ddguserbar-NSA.png]
posted by x.15a2 Community Leader4 years and 10 months ago Link
msyano
So you aren't going to bother sanitizing the search terms when using !ducky? This is a !band that uses DuckDuckGo, not a third party search service.
posted by msyano 4 years and 10 months ago Link
ScreapDK
Aahh, I see the problem here... : )

A (possible) solution:
Would the problem be solved, if the "I'm feeling ducky!"-bangs would send to a given site through the r.duckduckgo.com-redirect?

Like this:
https://r.duckduckgo.com/l/?kh=-1&uddg=h...
posted by ScreapDK Community Leader4 years and 10 months ago Link
msyano
From what I understand, that should fix the problem. I am not a developer but I believe links that one clicks on a typical results page are directed through that link.
posted by msyano 4 years and 10 months ago Link
yegg
I will look into this issue this morning.
posted by yegg Staff4 years and 10 months ago Link
yegg
This should now be fixed -- confirm?
posted by yegg Staff4 years and 10 months ago Link
msyano
Hi yegg, thanks for taking a look at this!

It is fixed when searching via: https://duckduckgo.com/?q=michael+yanovi...

However, when searching on the Tor hidden service it is "sort of" fixed...

http://3g2upl4pq6kufc4m.onion/?q=michael...

yields...

https://duckduckgo.com/l/?kh=-1&uddg=htt...

which isn't on the Tor hidden service anymore, preferably when using the Tor hidden service one should never be accessing DuckDuckGo via the non-Tor address (duckduckgo.com). (However in the current operation of using the Tor hidden service it is now preventing search term leakage when using the ! (aka: !ducky) bang.
posted by msyano 4 years and 10 months ago Link
yegg
Should be fixed now -- confirm?
posted by yegg Staff4 years and 10 months ago Link
msyano
Yes, this is now working. Thank you!! :-)
posted by msyano 4 years and 9 months ago Link