Switch from POST to GET for DDG Searches
As documented in a recent Tor-usability paper ("Peeling the Onion’s User Experience Layer,” by Gallagher et al. 2018)
“I did run into a quirk, and I do not know if this was due to Tor or DuckDuckGo. I use StackOverFlow to get help on coding problems and whenever I clicked back it took me to the main page of Tor and not to the list of search events. This was very frustrating because I had to retype my query and look for it again.” – (P6, F, 22, write-up)
This issue has the potential to seriously impact usability, because when following links in search, a significant percent of linked websites block Tor users. When a user encounters a page which blocks them, they will probably try to return to the search results to try another website. Crucially, the back button not returning to the search results breaks this workflow.
As discussed on the tbb-dev mailing list, this is due to DuckDuckGo being configured to issue searches using POST instead of GET. Thankfully, this is an easy fix, which requires just a couple small changes to two files:
-
tor-browser.git/browser/components/search/extensions/ddg/manifest.json(for the search bar) -
torbutton.git/chrome/content/aboutTor/aboutTor.xhtml(for search on the homepage)
I've tested these changes in a local build of Tor Browser, and they have the desired effect of enabling the back-button to work.
NOTE: Tor Browser on Android seems to already use GET, so this is not a problem there.
To reproduce this issue
- Open a new window
- Search using either the URL bar or the “Search with DDG” field. On the page with search results, note that the page’s URL doesn’t contain the search query in the URL parameters.
- Click on a link in the search results
- Click the back button
- Actual behavior: you are returned to a blank search page
- Expected behavior: you are returned to your search results