{"id":22674755,"url":"https://github.com/bitnom/post-search-privacy","last_synced_at":"2025-07-02T08:10:19.993Z","repository":{"id":105070847,"uuid":"339647324","full_name":"bitnom/POST-Search-Privacy","owner":"bitnom","description":"Chrome extension automatically replacing insecure GET requests of any search provider with secure/private POST requests.","archived":false,"fork":false,"pushed_at":"2021-03-05T03:44:45.000Z","size":4628,"stargazers_count":6,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-12T13:57:56.933Z","etag":null,"topics":["chrome-extension","javascript","privacy","privacy-centric","search-engine"],"latest_commit_sha":null,"homepage":"https://chrome.google.com/webstore/detail/post-search-privacy/jhpgcbhpnhkgpkmahfefpidpmbdcplnd?pli=1","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitnom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-17T07:47:19.000Z","updated_at":"2024-05-05T15:07:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"4ffd54c8-8691-41fa-8c7a-228a1053ce38","html_url":"https://github.com/bitnom/POST-Search-Privacy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bitnom/POST-Search-Privacy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FPOST-Search-Privacy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FPOST-Search-Privacy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FPOST-Search-Privacy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FPOST-Search-Privacy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitnom","download_url":"https://codeload.github.com/bitnom/POST-Search-Privacy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitnom%2FPOST-Search-Privacy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263099735,"owners_count":23413631,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chrome-extension","javascript","privacy","privacy-centric","search-engine"],"created_at":"2024-12-09T17:18:03.375Z","updated_at":"2025-07-02T08:10:19.982Z","avatar_url":"https://github.com/bitnom.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# POST Search Privacy [Chrome extension]\n\nChrome extension which replaces insecure GET requests (Like `https://search.com/?query=cat+memes`) of search providers with secure POST requests.\n\n**Version:** 1.0.2\n\n**Install via Chrome Web Store:** https://u.nu/gvxy0\n\n### Supported Search Engines\n\n- Startpage\n- DuckDuckGo\n\n[Tried to](https://github.com/TensorTom/POST-Search-Privacy/tree/qwant) add the [qwant](https://www.qwant.com/) privacy-centric search-engine but they don't support HTTP POST. Imagine my surprise.\n\n## Changelog\n\n### 1.0.2\n\n- Removed build cache from vcs with BFG for (#2)[https://github.com/TensorTom/POST-Search-Privacy/issues/2]\n- Moved Web Store art to art.zip \u0026 moved art.zip to root for (#3)https://github.com/TensorTom/POST-Search-Privacy/issues/3\n- Minor refactoring.\n\n### 1.0.1\n\n- Fixed [the bug](https://github.com/TensorTom/POST-Search-Privacy/issues/1) which was breaking Startpage searches from the address bar.\n- [Added](https://github.com/TensorTom/POST-Search-Privacy/commit/89ef531922034bf83e1f29e5051a3484ffb4b595) dark theme styles to the search loading page so that it looks nicer.\n- Made some improvements ([675c642](https://github.com/TensorTom/POST-Search-Privacy/commit/675c642f205f3fddf7968579be1940ceb9f138ca) \u0026 [ebe3cbb](https://github.com/TensorTom/POST-Search-Privacy/commit/ebe3cbb9bd0ad7e56ebf404aa5dd56b4a157ce45)) to the [README.md](https://github.com/TensorTom/POST-Search-Privacy/blob/master/README.md) file.\n- [Created](https://github.com/TensorTom/POST-Search-Privacy/commit/2c97460576cc8ea7da6e983a3421cfb8cdfe695c) Chrome Web Store tile images.\n\n### 1.0.0\n\n- Initial release version.\n\n## ToDo\n\n- The Chrome Web Store tile image sources were accidentally included in the 1.0.1 distribution .zip file. Once the store approves `1.0.1`, let's remove those files and bump the version to either `1.0.2` or `1.0.1b`.\n- Are there other search engines we could add? Let's find out.\n- Make the style \u0026 text of the loading page configurable.\n- Reduce the URL matching rules if more concise are possible by the spec.\n- Investigate possibility of changing the HTTP header to POST (Without using [search.html](https://github.com/TensorTom/POST-Search-Privacy/blob/master/src/search.html)) in order to reduce search latency/wait time.\n- Add setting to concatenate user's Startpage \"Save your settings without a cookie\" string.\n\n## Motivation\n\nThis is a pretty simple yet longstanding problem. We all know that if we visit a site with `https://` in the link, it means our web browser has an encrypted (SSL) connection to the web-site. This is great for securely submitting passwords and other personal data. The problem is, the characters that comprise the URL in a GET request are not private at all.\n\n- POST requests aren't cached by the browser or search history (GET requests are).\n- POST requests on an `https` site are hidden from your ISP (GET requests are not).\n\n### GET \u0026 POST Requests?\n\nLet's say Alice visits `https://acmebank.com` where she logs into her bank account. To login, she submits a form on the bank's web-site containing her username and password. When she clicks the login/submit button, her username and password are sent securely to `acmebank.com` because:\n\n-   Login forms traditionally use the HTTP (Over HTTPS) method called POST.\n-   POST requests (Forms) are transmitted to the website via HTTP headers. If the URL starts with `https://`, the POST request is encrypted. No outside entities (Her ISP, governments, etc.) can directly spy on what Alice submitted. If it had instead been a GET request, Alice would see something like this in her address bar after clicking submit: `https://acmebank.com/login/?user=alice\u0026password=monkey123`.\n\n### Search Engines Use GET? WHY!\n\nIt doesn't make much sense, does it? Go to just about any search engine, even the privacy-centric ones (DuckDuckGo, Startpage, etc.), and search for `test123`. You'll see that the address in the address-bar now contains your search query (Like `https://www.startpage.com/do/search?query=test123` ). Congrats. You now have zero privacy of your search habits.\n\n### The Conspiracy\n\nI'd take the odds of a conspiracy here. You have a superior programming method which all web developers know to use by default, yet magically:\n\n- All major search engines, including  the privacy-centric ones (DuckDuckGo \u0026 Startpage) use GET requests by default.\n- No major web browser, including the privacy-centric one (Brave), supports POST requests for search providers.\n\nIt's not like they don't support POST. Both DuckDuckGo and Startpage both support it but it's off by default and not supported by browser search providers. The NSA and British intelligence have clearly infiltrated our search infrastructure.\n\nHail Hydra (Or don't and use this extension)\n\n### The Simple Solution\n\nThe extension monitors your searches in the background. If it sees a GET request being used to search a popular search-engine, it converts it to POST on-the-fly. The extension doesn't keep any records of your search history and can't transmit it anywhere except securely to the engine your searching. Alice's ISP, government, etc. will only see that she visited `https://www.startpage.com/do/search`. Her search query `test123` (And all future searches) is now transmitted securely and privately.\n\nFor we who install extensions, problem solved. What about everyone else? Well, there have been massive feature request threads going back several years. I participated in some of them. Here we sit.\n\n## How To Contribute\n\nIf you have an idea, feel free to pitch in.\n\n- Create a new branch with a descriptive name. Don't be afraid to use a sentence. Example:\n\n```\nGH-1_-_StartPage_search_not_working_from_address_bar\n```\n\n- Reference issue numbers in your commit messages. Example (For issue #1):\n\n```\n#1 - Added missing startpage endpoints. Removed redundant function.`\n```\n\n- Bump the version number appropriately.\n- Update the Changelog of [README.md](https://github.com/TensorTom/POST-Search-Privacy/blob/master/README.md) to document what you changed.\n- Build the source using:\n\n`yarn build`\n\n- Then, merge your new branch with the `master` branch and submit your PR.\n\n## License: MIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitnom%2Fpost-search-privacy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitnom%2Fpost-search-privacy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitnom%2Fpost-search-privacy/lists"}