ipduh privacy and the https search fix





If apropos gets a query not related to inter-networking technology stuff like ip , dns , etc
sends it to a custom google

The ipduh custom google search is using google APIs and javascript pulled from google.
By mistake the google javascript URI was using always HTTP even when someone was using ipduh over HTTPS --my bad. I am sorry.

Due to my mistake, javascript run by your browser and some ipduh queries were traveling the internets in plaintext even when you were visiting ipduh over HTTPS. My mistake is fixed now and the google javascript is being always downloaded from a TLS encrypted URL.

If you are concerned about your privacy you should at least visit ipduh over HTTPS.
It is safe to trust and install the ipduh Certificate Authority if you trust me. I am certainly less evil and more skilled than many managers of CAs installed in your browser or your OS by default.

However,there is not an established trust path to ipduh and someone in between you and an ipduh server may serve you another ipduh server cerificate or CA certificate the very first time.

If you want to be sure that you installed the original ipduh CA certificate verify the certificate's fingerprint at https://github.com/ipduh/ipduhca.
My github CA repository provides only a way to verify the certificate fingerprint through an established trust path and has nothing to do with my TLS.

Provided that you trust me and that you installed the original ipduh server certificate or CA certificate in your browser, the authentication of ipduh and the encryption between ipduh and you is the same with the authentication and encryption provided by keys signed by Certificate Authorities like Comodo, Thawte etc.
Authenticating the ipduh servers is just a little tougher the very first time.

Many computer users think that by installing and using this or the other browser plugin they will protect their privacy --which is false.
Every time you install a browser-plugin you run yet more brilliant xor stupid and good xor evil code that expands the attack surface on your system and your privacy and adds features or bugs or backdoors.
Actually, privacy-wise disabling javascript is OK, installing random plugins that run tones of "obfuscated" javascript or compiled closed code that you have no clue of what it really does in your browser is usually not.
Also, every time that you do not look like an average human using an average system you stick out and many of your plugins are visible if you are running javascript.

You may disable cookies and even javascript for ipduh. This way you will evade some of the ipduh analytics and the google ads and still get a somewhat usable site. ( ipduh analytics have absolutely nothing to do with google analytics )
I do my best to provide a service that does not depend on javascript and I tried from the beginning to accommodate scripts and automated tools provided they do not abuse my service.

At least in Mozilla based browsers you do not need special browser plugins in order to disable cookies or javascript. Try it out. You will soon realize that most of the web is broken.

Plugins like flash, java, quicktime, itunes, silverlight, adobe reader, windows media player may be more dangerous than javascript plugins.

When it comes to modern web browsers I consider Chrome and Mozilla based browsers put together by companies or groups I "trust" (Google,Mozilla,Debian) much more secure than Opera, Microsoft Internet Explorer and the rest. However, Chrome and Mozilla based browsers ( Firefox , Seamonkey , Iceweasel etc ) are ridiculously complex pieces of software used by millions if not billions of humans. There you have both opportunity and motivation for profit, control, power. Hence, all modern browsers are insecure. Put together a basic text HTTP(s) client if you are really paranoid.

Certain three letter agencies may have exploits or backdoors that compromise your browser and your privacy ( accessing your system ,even gaining administrator privileges, and certainly seeing 'your' first public IP address ) even if you do not run javascript or plugins.

Back to logging at ipduh.
Most ipduh usage analytics are based on connection logs from layer 3 up to HTTP(S). I am not using google analytics or any other third party web analytics service.
( I am using google analytics at alog though :) )
At ipduh I am the only one who looks at logs and only when something bad happens.

Many incompetent or devious folks are in the business of talking privacy or selling privacy. If you are concerned about your privacy you should take the matter in your hands and not leave to me or anyone else. Use a common up-to-date browser put together by someone you 'trust' that does not stick out and use a combination of privacy tools like Tor or some sort of VPN which is used by many users and not just you.

A VPN, a proxy or an intermediate 'dark net' like Tor or I2P may harm your system or compromise even more your privacy if it is misused by you or purposely configured by its operators to do so.

Combine and alternate privacy tools and test settings and tools in many ways. An easy privacy test is the ipduh anonymity checker.







ipduh https search fix and privacy stuff ...