Latest Comments

75 Total
a reply to a comment on the General Rambling Image searching? 4 years and 5 months ago
You mind find it easier to use !ii which searches for images on startpage.com, which is another privacy focused search engine.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Fix Ability to Parse URL Parameters without Javascript (/html/) 4 years and 5 months ago
No worries :-) I've only casually brought it up in the IRC channel. This is the first of my "officially" reporting on it.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Images on Tor hidden service Not Loaded through Tor hidden service 4 years and 5 months ago
I think that might have just been their local settings that were preventing them from connecting to your server, especially since, in the default set up for Tor/Vidalia the port is 9150 instead of 9050.

Let Me DuckDuckGo That For You
a comment on the General Rambling Images on Tor hidden service Not Loaded through Tor hidden service 4 years and 5 months ago
1.) Pull up http://3g2upl4pq6kufc4m.onion/ (with JavaScript disabled) or http://3g2upl4pq6kufc4m.onion/html/
2.) Search for "George Carlin" or any term that pulls an image into a Zero Click Box from Wikipedia.
3.) Right click on the image and click "Copy Image Location"
4.) Paste into new tab. Notice it points back to https://i.duckduckgo.com/i/b9d73096.jpg (for the George Carlin example)

The expected behaviour is that on the .onion address the image should be loaded from the .onion address and not the duckduckgo.com address. The current behaviour is doing two things that are a problem:

a) leaking the knowledge of access to duckduckgo through an exit node
b) this can be used by a rogue exit node to determine what someone searched for, especially if they strip the SSL (since the .onion address is not loaded over SSL, which means the user would never see any SSL errors if an exit node were to do this)

EDIT: If you load http://3g2upl4pq6kufc4m.onion/ with JavaScript enabled and do a search for "George Carlin" you get a slide show of images from Amazon that do load through the .onion address: http://3g2upl4pq6kufc4m.onion/?q=George+Carlin

EDIT2: Just realized that if you search for something on the .onion with JavaScript enabled the .ico files from the results are loaded through duckduckgo.com and not the .onion address. This is noticable with Request Policy in Firefox.

To summarize there are 2 problems here:

1.) On http://3g2upl4pq6kufc4m.onion/html/ images loaded into the Zero Click Box are not loaded from a .onion address.
2.) On http://3g2upl4pq6kufc4m.onion/?q=George+Carlin .ico images loaded next to each result are not loaded from the .onion address, along with the images on the right side of the page and the .ico in the zero-click box.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling DDG, Tor 4 years and 5 months ago
It is pointless to use SSL to a Tor hidden service because the connection is encrypted end-to-end since it never leaves the Tor network. If you use SSL from you to a Tor hidden service you are doubly encrypted the traffic.

However, it does seem you can access their hidden service via SSL: https://3g2upl4pq6kufc4m.onion/

Let Me DuckDuckGo That For You
a comment on the General Rambling Fix Ability to Parse URL Parameters without Javascript (/html/) 4 years and 5 months ago
Here is an interesting bug:

1.) Disable Javascript
2.) Open this link in a tab: https://duckduckgo.com/html/?kp=-1
3.) Search for a single word that is an expletive, such as "shit".
4.) Observe "No results."

If you have javascript enabled this works. However, other privacy conscious sites allow URL parameters to be used when javascript is disabled, for example StartPage.com. A test case for their site can used by replacing the above URL with: https://startpage.com/do/mypage.pl?prf=642deb23826e55edf502e69ef1ae2376

Also, because I learned in the IRC channel, if you access https://duckduckgo.com/ with javascript disabled and you complete a search it is forward to /html/ you will get the same behaviour as above if you remove "/html/" from the duckduckgo.com URL.

EDIT1: I found this duplicate post too, describing this problem in less detail.

EDIT2: I found another bug;

1.) Load up, https://duckduckgo.com/html/
2.) Search for: oh baby !safeoff
2a.) You can search for anything, but add "!safeoff"
3.) You'll be sent to: https://duckduckgo.com/?q=oh%20baby&kp=-1&kl=us-en with the following text: This page requires Javascript. Get the non-JS version <a href="https://duckduckgo.com/html/?q=oh%20baby">here</a>.

This would be very useful for those who are security and privacy conscious.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling DuckDuckGo Tor Hidden Service Down? 5 years and 15 days ago
Awesome, thank you very much!

Let Me DuckDuckGo That For You
a comment on the General Rambling DuckDuckGo Tor Hidden Service Down? 5 years and 15 days ago
It appears the DuckDuckGo Tor Hidden Service, http://3g2upl4pq6kufc4m.onion/ has been down since about late last week. Has this been turned off, or will this be back up and running again?

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Not indexing my site 5 years and 20 days ago
I am prompted with a password login for your site on Google Docs.

http://docs.joeworkman.net/ -> https://www.google.com/a/joeworkman.net/ -> https://www.google.com/a/joeworkman.net/ServiceLogin?service=writely&passive=1209600&continue=https://docs.google.com/a/joeworkman.net/%23&followup=https://docs.google.com/a/joeworkman.net/&ltmpl=homepage

At a quick glance that looks like the redirect process for the site, which eventually lands at a Google Doc login stating:

"Sign in to your account at Joeworkman.net"

Does this sound like what you are expecting people to be prompted with? Assuming no, and that you want the main domain of your site available on DuckDuckGo, it appears it already is: https://duckduckgo.com/?q=joeworkman.net

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Switch from MapQuest to OpenStreetMaps 5 years and 20 days ago
Fascinating, I didn't notice that slight detail. I was a tad confused as to what MapQuest was actually doing differently with the open.mapquest.com address. Thanks for the clarification. :-)

Let Me DuckDuckGo That For You
« 1 2 3 4 5 6 7 8 »