Update DuckDuckGo
In Tails, DuckDuckGo comes as default in Iceweasel and you’ve also added DuckDuckGo (SSL). But since we use HTTPS Everywhere these two search plugins works the same.
This is fixed in devel branch already. Thank you for the heads up anyway!
I recommend you to delete them both but add these two search plugins:
https://dl.dropbox.com/u/57167529/searchplugins.zip
- DuckDuckGo (Onion): http://3g2upl4pq6kufc4m.onion/html/
- DuckDuckGo (SSL): https://www.duckduckgo.com/html/
The hidden service (onion) will be much more secure than the other.
Please elaborate why it would be much more secure.
There will be no exit nodes used, so no man-in-the-middle attack, the search queries or the connection cannot be assigned to any IP (exit nodes). And we no more have to trust them since Tor hidden services guarantee that. So yes, it’s not much more secure but better.
AFAIK impersonating a Tor hidden service is possible, given the relatively small (80 bits if I remember clearly) amount of identifying information conveyed by its hostname. Hence, it’s not clear to me that the .onion provides better protection against MitM than the (itself quite flawed) CA cartel way. Feel free to prove me wrong, though :)
If we’re using DuckDuckGo instead of Google, what’s more is to use DuckDuckGo Onion instead of DuckDuckGo. The only disadvantage is the speed.
Also another explanation would be if they created a hidden service there should be a good reason for that.
None that I was able to find an explanation to on their website. Anyway, we generally do not make decisions about Tails based on things like "there should be a good reason".
Both of them are the non-JS version of DuckDuckGo (/html/) so works when javascript is disabled (default won’t). Different from default, they’re using method="POST" and there are no queries shown in the url which is better for privacy.
The
feature/better_duckduckgo
branch installs the official SSL, non-JS, Lite, POST version search plugin.Merged into devel branch.
done in Tails 0.11.
Why not installing the HTML version? The Lite version is designed for mobile and HTML is the "Light" version for PC and visually looks better. All other features stays same.
I agree and I made the switch in Git. Thanks for suggesting.
Related issues
- Related to #13599 (closed)
Original created by @tails on 6059 (Redmine)