starred/whoogle-search
1
0
Fork 0
mirror of https://github.com/benbusby/whoogle-search.git synced 2026-04-25 12:15:50 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[GH-ISSUE #297] [QUESTION] Heroku privacy #203

New issue
Closed
opened 2026-02-25 20:35:09 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 20:35:09 +03:00
Owner
Copy link

Originally created by @milachevalier on GitHub (Apr 24, 2021).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/297

I maybe completely out of my depth here but I was wondering what the privacy implications are when using whoogle on an instance like heroku. Now I understand that obviously Google's tracking capabilities are pretty limited when you use whoogle on a remote server along with a vpn but about the vps? What can heroku see? The heroku logs show a lot of entries when you pull up a search, most of it seems like random strings but sometimes the actual search terms show up in the logs - I'm assuming that is the difference between GET vs POST queries?

I guess what I'm asking is should i be concerned about heroku keeping these logs? If the logs get leaked, will my entire search history be open for everyone to see or is it encrypted to some extent?

Originally created by @milachevalier on GitHub (Apr 24, 2021). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/297 I maybe completely out of my depth here but I was wondering what the privacy implications are when using whoogle on an instance like heroku. Now I understand that obviously Google's tracking capabilities are pretty limited when you use whoogle on a remote server along with a vpn but about the vps? What can heroku see? The heroku logs show a lot of entries when you pull up a search, most of it seems like random strings but sometimes the actual search terms show up in the logs - I'm assuming that is the difference between GET vs POST queries? I guess what I'm asking is should i be concerned about heroku keeping these logs? If the logs get leaked, will my entire search history be open for everyone to see or is it encrypted to some extent?
kerem 2026-02-25 20:35:09 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-02-25 20:35:09 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Apr 26, 2021):

This was mostly covered over in this discussion: https://github.com/benbusby/whoogle-search/discussions/163#discussioncomment-268050

The tl;dr is basically: yes, if you're concerned about Heroku logs being viewable by Heroku themselves (or anyone really), then you should only search using POST requests, which are enabled by default in Firefox and on the page search elements themselves (i.e. the input bar on the home page and result page).

POST request data is not captured in Heroku logs, and subsequent page results and resources are encrypted (even though they are performed with GET). POST searches are the default that the Whoogle opensearch template attempts to use, but this doesn't work for Chromium based browsers or mobile browsers. An unfortunate limitation that will likely never be addressed by those developers (not that I'm blaming them, it's a very tiny use case).

<!-- gh-comment-id:826899610 --> @benbusby commented on GitHub (Apr 26, 2021): This was mostly covered over in this discussion: https://github.com/benbusby/whoogle-search/discussions/163#discussioncomment-268050 The tl;dr is basically: yes, if you're concerned about Heroku logs being viewable by Heroku themselves (or anyone really), then you should only search using POST requests, which are enabled by default in Firefox and on the page search elements themselves (i.e. the input bar on the home page and result page). POST request data is not captured in Heroku logs, and subsequent page results and resources are encrypted (even though they are performed with GET). POST searches are the default that the Whoogle opensearch template attempts to use, but this doesn't work for Chromium based browsers or mobile browsers. An unfortunate limitation that will likely never be addressed by those developers (not that I'm blaming them, it's a very tiny use case).
kerem commented 2026-02-25 20:35:09 +03:00
Author
Owner
Copy link

@milachevalier commented on GitHub (Apr 27, 2021):

I swear I actually looked to see if the question was asked and answered before, sorry I missed this and thank you very much for answering it again.

I do have a couple of follow up queries though;

POST request data is not captured in Heroku logs

So does that mean Heroku or any similar host is unable to decipher what the POST queries are? Or it just does not appear in logs? Are POST queries by design sort of encrypted that only google can see them and not Heroku on any level?

GET queries

So when the search term appears in the logs, that would be a GET request right?

I have noticed that when performing a search, if you click on the "Showing results for" or 'Search instead for" links on top of a results page, it redirects to a GET request within whoogle which appears in the logs.

Say for example if you search for Don Trump it will display the links for Showing results for Donald trump and Search instead for Don Trump and when you click on either of those, the subsequent searches will be made using a GET request and the search terms will be visible in the logs. Same with clicking on any related google search links in the snippets. Is that by design/ a limitation?

Thanks again!

<!-- gh-comment-id:827248736 --> @milachevalier commented on GitHub (Apr 27, 2021): I swear I actually looked to see if the question was asked and answered before, sorry I missed this and thank you very much for answering it again. I do have a couple of follow up queries though; > POST request data is not captured in Heroku logs So does that mean Heroku or any similar host is unable to decipher what the POST queries are? Or it just does not appear in logs? Are POST queries by design sort of encrypted that only google can see them and not Heroku on any level? > GET queries So when the search term appears in the logs, that would be a GET request right? I have noticed that when performing a search, if you click on the "Showing results for" or 'Search instead for" links on top of a results page, it redirects to a GET request within whoogle which appears in the logs. Say for example if you search for Don Trump it will display the links for Showing results for _Donald trump_ and Search instead for _Don Trump_ and when you click on either of those, the subsequent searches will be made using a GET request and the search terms will be visible in the logs. Same with clicking on any related google search links in the snippets. Is that by design/ a limitation? Thanks again!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/pip/python-dotenv-1.2.2
v1.2.4
v1.2.3
v1.2.2
v1.2.1-test
v1.1.2
v1.1.1-beta
v1.1.0
v1.1.0-beta
v1.0.0-beta
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.2
v0.3.1
v0.3.0
v0.2.1
0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
Fixed (Pending PR Merge)

   
Stale

   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
keep-open

   
needs more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
theme

   
unfortunate
No labels
Fixed (Pending PR Merge)
Stale
bug
enhancement
enhancement
good first issue
help wanted
keep-open
needs more info
pull-request
question
theme
unfortunate
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#203
No description provided.