[squeezingswirls]

I use DDG daily but there's one thing that grinds my gears, and undermines their privacy by default statement.

They leak the searches in the URL like this https://duckduckgo.com/?q=this+is+not+private+at+all&ia=web

[WayToDoor]

How is that a leak ? The URL is only sent to ddg server, encrypted using TLS so no eavesdropper can read it. It also stays in your browser history and let you use the back button.

[scaladev]

Enable POST requests at https://duckduckgo.com/settings#privacy

[kemayo]

That seems like a reasonable trade-off. It's https so it's not visible to people snooping on you, and it being GET means that browser history and sharing links to searches works.

Plus, they do have an option to go POST-only, so if you don't like their already-very-private default you can change it.

[time0ut]

Just curious, but what threat model are you thinking of here?