Blog Games Projects
Dominic Szablewski, @phoboslab
— Monday, July 7th 2008

QuickSearch.js – Shortwave for the Paranoid

Shaun Inman just released Shortwave, an “extensible quick-search and shortcut system”. It is quiet similar to YubNub or my PL Cmdline in that you use keywords to trigger different search engines.

The problem with all of these tools is the lack of an anonymity. As soon as you want to define your own commands, you’ll have to create an account (YubNub or PL Cmdline), or even upload a file somewhere on your webspace and tell the app the location of this file every time you search for something (Shortwave). So in theory, every search you do through one of these tools can be logged by the website and traced back to you.

I never put a second thought in how to fix this privacy issue, until I realized that Shortwave makes use of a Javascript bookmarklet. So why not move all the functionality on the client sides bookmarklet, instead of passing all commands and search terms through a website? Shaun Inman thought he knew why not:

All searches pass through the Shortwave domain for one very simple, evil-free reason: if all the triggers and destination urls were embedded in the JavaScript bookmark that bookmark would need to be updated every time a new trigger was added–in every browser and on every computer that uses it. That would be an absolute syncing nightmare.

However, you don’t need to put all commnads into the bookmarklet – instead, just let the bookmarklet load an external Javascript file that you put on your website – just like a waves.txt for Shortwave. Sadly my comment in Shaun’s blog stating this idea was quickly deleted (along with my other comment about an XSS vulnerability on the Shortwave site). So here’s my implementation of a Client Side Shortwave I will just call quicksearch.js for the lack of creativity.

You can create your own quicksearch.js with all the commands you want, upload it anywhere and enter the URL of your uploaded quicksearch.js in the following form to create your bookmarklet.

If you don’t need any additional commands, you can also just use the quicksearch.js from my Server.

Your Bookmarklet: QuickSearch

Again, all the forwarding to the destination URL happens on the client side in the quicksearch.js Javascript. Search terms are not passed through any other website, thus making quicksearch.js completely private.

© 2024 Dominic Szablewski – Imprint – powered by Pagenode (4ms) – made with <3