The score is not readable by a screen reader. It should be labeled so that people know what the score of the website is.

httpsWhitelist.js fetches open issues and pull requests from https://api.github.com/repos/EFForg/https-everywhere/issues to build a https upgrade whitelist. As closed issues/pull requests are not fetched and the https-everywhere ruleset seems not to be included, a domain could be upgraded to https even if an exclusion exists in the https-everyhwere ruleset.

Example domain: breitbandmessung.de
Closed Ruleset Issue: #9841
Ruleset excludes the URIs /test, /images, /api, /public from https upgrade
DDG content-blocking https list includes the example domain: https://duckduckgo.com/contentblocking.js?l=https2

How is the DDG content-blocking https list generated (and can a pull request be stated to restore functionality for the example domain)?
Is it possible to include the https-everywhere ruleset for exclusion-pattern handling?

Please add coin mining protection to duckduckgo privavy extension. I'm not quite sure if it alrready does block miners, but didn't so far see anything which would show that it does, so I suppose at the moment it doesn't. And yep, I know there are extensions for that but would be nice to have one extension which would include all must to have privacy and safety enhancements.

I'm not quite sure is this because of using DuckDuckGo Privacy Extension (DDGPE), or what, but I have now faced couble of times issues when login to gmail.

Basicly page doesn't load right and at the bottom theres information that some features could not be load and suggestion to use basic html version instead. Both of times after I go and disable DDGPE and reload page, everything is working fine again.

Strange thing is, that if I go and enable DDGPE again and reload the page (gmail) it's still working. Also after re-enabled I can use gmail without any issues many times after that, at least at same browser session. So this doesn't happen everytime, but seems to be easy to reproduce.

Browser: Vivaldi 1.14.1077.45 with chrome extension.

Haven't yet notice same bahavior with Firefox, but on the other hand I have now used mainly Vivaldi.

While using DDG in the Firefox address bar, I regularly mis-type while entering the bang. For example,

some search term !g

accidentally becomes

some search term !gh

By the time I've realised the mistake, I've been transported to GitHub. At this point I have to hit back, re-enter the entire search query in the search bar and press ENTER again.

It would be useful to be able to correct the mistake with a special search query, for example:

!!g

This would replay the last search, but against the corrected search provider.

Perhaps there is already a better workaround for this situation? If not, what do people think about this feature? Would there be an appetite for a PR adding this functionality?

Hey,
can you provide some information about how to translate this addon? And maybe set up a webbased translation system like https://weblate.org/ (They offer free hosting for foss)

The primary complaint about this extension on the Chrome webstore 'reviews' seems to be related to this extension forcing the user to use DDG as the default search engine in the address bar. The other feature (privacy protection, letter grading for privacy, blocking, etc.) seem to be most welcome, so these two features should be disentangled.

I received a popup asking if I would like to restore my previous search setting, but after clicking 'no' I'm no longer able to restore my previous default search settings through the extension 'options' without disabling it entirely.

Either:

1. Don't alter the default address bar search settings, or
2. Allow the user to restore their previous setting (either through the extension 'options' or the standard Chrome settings).

Hey, I'm running the Safari extension, but my console is getting polluted with lines from the extension "MAYBE BLOCK: file". This is coming from content-script.js.

Is there a way to disable these? I need it clear for dev.

Hello, I see here that latest version is 2018-3-2 (And for safari is February version).
I'm using Safari and the extension installed from safari gallery extension but the version is 2018.1.30, and I can't understand where to find latest version. Can you help me? Thanks :-)

DuckDuckGo Privacy Essentials adds DuckDuckGo as default search engine but a lot of users don't want the rest of the features.

Usefulness:

• Firefox Sync -- The default search engine preferences is not saved so you have to manually configure this.
• DuckDuckGo is the default search engine in the web browser GNU IceCat (which will be based on Firefox 57 in a few months) -- it could use the requested add-on instead of maintaining the source code.

Examples of existing add-ons that change the default search engine:

• Bing Search Engine
• StartPage.com — Private Search Engine
• Yahoo Search Addon

Investigate why enhancement from D to B is not being read properly. VoiceOver is not pronouncing "TO" properly.

I've been experiencing a strange bug in Safari, but only when this extension is enabled. As I type a certain phrase ("mysql returns"), the address bar is cleared and seems to reset to the address of the current page. I can reliably reproduce this, even after restarting Safari and disabling & re-enabling the extension. I think it has something to do with the speed of my typing the phrase, which suggests to me that it's an issue with asynchronous code.

After trying it on a new tab page and on google.com, when I type that phrase and the behavior is triggered, I'm actually taken to the page shown in the video (on the PHP documentation site).

Here's a video showing the problem.

Extension version 2018.1.9, Safari 11.0.2, macOS 10.13.2, Late 2012 Mac mini. I'd be happy to provide more information if anyone wants to look into this bug further.

Hi,

I've noticed a performance issue with this extension in Firefox.
(Firefox 60b3, macos high sierra)

When it's enabled and I start Firefox it freezes the window for 2-3 seconds.
I've noticed that the same happens when I'm in "Addons" and toggle the extension (enable/disable).
It seems that when it's initialised - it's doing some heavy stuff...

Hello,

add a https test function (like smart https which tries in https and generates a list of sites that have passed the https test (with a checkbox for eventual authorization for the app went back up this list to duckduck)).

In addition, it would be great if you could add the request 'upgrade insecure request' to force https sites to send their link or external pictures in https (with a checkbox for disable the function in case it breaks a page).

My name is Tom and I develop https://www.etesync.com .
I recently got a complaint by a user saying that the main EteSync website is showing as B in this extension, even though it does no user tracking, and is very privacy friendly (and oriented). The reason for that was the lack of a ToS;DR entry. I think this is a bit extreme to mark a site as non-privacy friendly based on a database that includes less than 0.0000001% of the websites in existence.
I think this should be softened to show A, and maybe ones with great ToS show A+.
EteSync is a service, so obviously it should be on ToS;DR. But what about my personal blog? I don't have any trackers there, and I'll never be on ToS;DR, will I always be penalised?
EteSync has since been added (about a week ago, see etesync/etesync-web#7), though this change is still doesn't show in the extension, which was updated after. Are you taking the old ToS;DR db or using the new one?
Another issue I came across (I'm not sure how this will behave, but sounds like it would be a problem) is related URLs. If my service's main website is www.etesync.com, what will happen with client.etesync.com, and other subdomains? Is there a hard-coded list? Because I didn't see one in ToS;DR. Could be a concern if a company is offering different services under different terms.

In essence, I'd like to ask you to soften the impact of a lack of ToS;DR until all of the issues above are solved. At the moment, as a user, I just can't trust the rating (unless it's a big negative one), and as a developer, I'm feeling the impact of these issues.

I understand and applaud what you are trying to do, but I think that without the above, it's causing more harm than good, and probably will reduce user's trust in the long term.

When '11 Trackers Blocked' is clicked the focus doesn't shift to the new screen. It still remains in the previous screen so it reads hidden elements.

I think the extension should show this to make sure it's not simply weak.

This optionally could affect the privacy grade.

In Chrome 66.0.3350.0, the Extension Options and Manage Whitelist links attempt to open chrome-extension://<ID>/html/options.html in a new tab, which immediately closes because it is invalid. Based on other extensions, it looks like the proper equivalent is chrome://extensions/?options=<ID>.

Search button doesn't have a label.

Hamburger menu doesn't have a label.

'Site Privacy Protection' should be labeled properly as a toggle button. https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques/Using_the_button_role#Toggle_buttons

As the title, I am developing a privacy concerned analytics service.
I plan to gather data completely anonymous, I am wondering what I need to do for it to avoid to be blocked but this awesome extension.

Using it, it seems that block every request to hosts different from the site's one.

I would like to be able to reproduce the builds of the extension. Can you please mark all releases as tags before uploading them to the extension site?

This way people would also be able to compile the extension by themselves if they want to.

Although in Preferences it says "An extension, DuckDuckGo Privacy Essentials, defined the default search engine" and in a new tab I can see "Search with DuckDuckgo...", all the searches are still done in Google.

I'm using Firefox 60.0.2 (64-bit) and running Xubuntu 18.04 (if that helps). I've reinstalled 3 times and cleaned firefox's cache every time.
Thanks.

The extension size could be reduced by putting the PNGs through an image optimiser, and removing unnecessary font types in the CSS.

Thanks to Eric Lawrence for the tip.

I've noticed a few sites breaking and realized that they're Squarespace sites and they only break when I have the DDG extension enabled.

Example: http://rickpinchera.com/animation/

The console shows a bunch of requests blocked due to CORS headers missing.

Screen reader is reading a hidden part of the screen. When moving to this view the other screen should not be focusable. Try setting visibility: hidden after the animation. If not, try tabindex="-1" as well.

I tried to install the add-on for Firefox but I got this:

This add-on requires a newer version of Firefox (at least version 57.0). You are using Firefox 52.0.

But my system has a higher version installed:

firefox --version
Mozilla Firefox 57.0.4

I'm running Archlinux.

'11 Trackers Blocked' is a link. It should be a button.

Hi,

IMHO the website ratings are not fair:

• A site with no trackers at all is rated B.
• A site with plenty blocked trackers is rated B, too.

Hi, could you invite me to the duckduckgo GitHub organization?

'Forced Encryption' probably shouldn't be h2 reading it using a screen reader doesn't sound right. It's not the start of a section.

Information about your system

• Extension Version: 2018.1.25
• Browser and Version: Safari 11.0.3
• Operating System: MacOS 10.13.3 High Sierra

What does not work?

When I click on "more options" (Hamburger Menu), I cannot find a link to this repository.

What is the expected behavior?

Please add a link to this repository in the "more options" menu and/or in the settings menu.

I'm using the DDG Privacy Essentials extension and it appears to add 'Ask Dax' into the right-click context menu on pages.

1. Selecting 'Ask Dax' doesn't appear to do anything
2. I would like to see a setting somewhere to remove this context menu item

I'm using version 2018.1.9 on Safari 11.0.3 (13604.5.6).

Right arrow is just announced as 'link'. This should probably be a 'button' element and it should be labeled properly such as 'More details on vox.com'.

Allow greater control by giving us the ability to add filters like we can in uBlock and other such software.

Edit -> Preferences -> Search reads:

Default Search Engine
Choose the default search engine to use in the address bar and search bar.
An extension, DuckDuckGo Privacy Essentials, has set your default search engine.

Can you please mention the above note https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-for-firefox/ that currently reads:

Search Privately — You share your most personal information with your search engine, like your financial, medical, and political questions. What you search for is your own business, which is why DuckDuckGo search doesn't track you. Ever.

According to https://docs.microsoft.com/en-us/microsoft-edge/extensions/guides/porting-chrome-extensions, extension code that's written for Chrome should be easily portable to Microsoft Edge. This is further supported by the fact that Edge implements the WebExtension framework, the same API used by the newest Firefox versions. Could this extension be ported to Edge?

If you click on the extension while on a page or anywhere, the extension thinks you're in a new tab which leads me to believe it's not working at all.

UI doesn't scale properly.

It's more semantic to use <dl> element instead of <ol>. The list container element (ul, ol, dl, [role="list"], [role="group"]) must also include a label that describes the purpose or contents of the list. Otherwise the screen reader just says "list." What kind of list is it?

"Tracker Networks Top Offenders" semantically comes before the details of the site. I suspect this part is not as important so it might be better to move the markup below .site-info.

This extension causes some tabs to crash when using in combination with Ublocks origin and after browsing a bit an error appeared related to the adblocker beside this extension in chrome://extensions.
I will update this issue with the error message when it gets displayed again since I disabled/enabled it.

It would be neat to have the popup's icon not only show the letter grade, but also a color (like in Terms of Service; Did not read). It would stand out. Since it is placed in a different place than the other extension (one in the search box itself and the other with the other extensions) having both at the same time should not be too confusing. That would be a great feature that I would really appreciate (if it is approved I might even want to try doing it).

As a Firefox user on desktop and mobile, I would really like to be able to install the extension on Firefox mobile.

I do not intend to use the DuckDuckGo browser on mobile. I'm already using Firefox Focus most of the time, and Firefox Mobile the rest of the time (using sync features).

What's the issue?
The toolbar button for the extension in Safari used to look adequately sized and changed hue depending on the grade assigned to the website. For the past 2 or 3 versions (the last version that I could find that still looks correctly is 2018.2.7) the button has no longer changed hue, instead always looking the same shade of gray, and the aspect ratio is completely wrong in comparison to other safari extensions and stock toolbar buttons (the grade is too large for the button).

Attached you'll find four screenshots illustrating the problem, comparing not only the size but how the hues used to change. I'm filling this as a bug since I assume not fitting with the design language even though it previously did, and loosing functionality is probably a bug.
In both cases, old and new, the DuckDuckGo logo that appears when a website is not graded, or when on the new tab bar, looks correctly in both size and hue.

DuckDuckGo Logo
(This one looks the same in all versions)

Old Look
(Notice the change in hue, and the correct size in comparison to uBlock Origin and the stock buttons)

New Look
(Notice no change in hue and disproportionate size of the grade)

I have DuckDuckGo set as my default search, so I have two menu items "Search DuckDuckGo for" in context menu. It would be useful to have ability to disable extension in context menu.

DNS is leaking information about what sites are visited, and it isn't protected by HTTPS-everywhere.

It would be nice to have the plugin force the browser to use one of the encrypted DNS-successor protocols (DNS over TLS or DNS over HTTPS). If the DNS server indicated by the operating system doesn't support any of the encrypted protocols, the plugin could either fallback to standard DNS with the same server, or use a public, privacy respecting, encrypted DNS service. Cloudflare, Google and Quad9 are possible candidates for this.

Which website is broken? (copy and paste the URL):

iPlayer playback pages do not play content when the user has the safari plugin installed.

The play button displays a continuous spinner and the user is unable to click it to play content An example of a page that is broken is - https://www.bbc.co.uk/iplayer/episode/b0b09dss/stephen-the-murder-that-changed-a-nation-series-1-1-the-loss-of-joy

Describe the issue. (What's breaking on the page? Attach a screenshot if possible):

When the page loads we fetch a script to allow us to bucket users into A/B tests.

For cases where a privacy plugin is installed we simply catch errors and continue to load the player and other page content. For some reason the request never fulfills or fails and after 30 seconds times out with the plugin enabled on Safari.

Go to iPlayer playback pages do not play content when the user has the safari plugin installed. The play button displays a continuous spinner and the user is unable to click it to play content An example of a page that is broken is - https://www.bbc.co.uk/iplayer/episode/b0b09dss/stephen-the-murder-that-changed-a-nation-series-1-1-the-loss-of-joy
Observe that the spinner continously spins

When disabling the DuckDuckGo add-on in Safari, the spinner turns to a play button and users can play content.

Page with the extension disabled showing the request for the file:

Page with the extension enabled showing the request is never made:

1. Which website is broken? (copy and paste the URL):
   http://node2.online.sberbank.ru/PhizIC/private/accounts.do

2. Describe the issue. (What's breaking on the page? Attach a screenshot
   if possible):

The problem is I can't pass Sberbank-online login/password screen:

• Go to Sberbank-online: https://online.sberbank.ru/CSAFront/index.do
• Enter actual login/password (must be client of Sberbank-online of course)
• Got following error:

The connection has timed out
The server at node2.online.sberbank.ru is taking too long to respond.

• If I only disable DuckDuckGo add-on, the site works fine

Please help, it's essential site for many Russian users

As title says, nothing more to it.

It'd just be great to know what changes are being made without having to read the commits.

WebCookies is a website privacy scanner that I've been developing since 2012 and it has now accumulated information on over 6m URLs - their cookies, beacones, trackers, finerprinting techniques etc. There's publicy available API for retrieving a synthetic Privacy Impact Score which is reflects the amount and severity of user tracking on each website and I believe it would be easily consumable by DuckDuckGo extension, as well as other services you would like. An example:

https://webcookies.org/api2/privacy-impact-score/2821702


{
    "url": "https://ipsec.pl/",
    "id": 2821702,
    "report_url": "https://webcookies.org/cookies/ipsec.pl/2821702",
    "privacy_impact_score": 10,
    "privacy_impact_score_letter": "B",
    "privacy_impact_color": "success",
    "privacy_impact_score_reverse": 90,
    "num_cookies": 4,
    "num_cookies_session": 2,
    "num_cookies_third": 2,
    "num_cookies_persist": 2,
    "num_localstorage": 2,
    "num_sessionstorage": 0,
    "num_flash_remote": 0,
    "num_flash_local": 0,
    "num_canvas_trackers": 0
}