Search Engine DuckDuckGo Implements Smarter Encryption

Privacy orientated search engine, DuckDuckGo, is implementing Smarter Encryption. The system encourages users to use HTTPS versions of websites.

HTTPS encryption is becoming increasingly important for your average website. Now, one search engine is encouraging users to use the HTTPS version of website by using something called Smarter Encryption. DuckDuckGo, a privacy oriented search engine, is announcing the implementation of Smarter Encryption.

In short, the engine will look at every website it indexes and locates the HTTPS version of the site. From there, it verifies that the HTTPS is actually secure as opposed to what is known as “mixed content” HTTPS.

For websites that offer mixed content, this happens when elements are not being transmitted over HTTPS. An example of this is that a website offers the whole website as HTTPS. Unfortunately, pictures are embedded in straight HTTP. So, a logo might be coded as “img src=http://www.example.com/images/logo.png”. The rest of the page might be secure, but the logo is being sent over the connection unencrypted. While eavesdroppers might not be able to see what else you did with the connection, it’s theoretically possible that they can see that you obtained the logo from that particular website. So, they know that you likely visited that website at the very least.

For it’s part, DuckDuckGo posted, in part, the following:

Using DuckDuckGo Smarter Encryption means that more of your browsing will use encrypted connections (HTTPS), shielding your personal information from prying eyes.

In addition to our Smarter Encryption list, there are two other lists that indicate whether a connection to a website can use HTTPS: Chromium’s HSTS Preload List and EFF’s HTTPS Everywhere. Building on EFF’s pioneering work, DuckDuckGo Smarter Encryption is significantly more comprehensive than alternatives because we automatically generate our list by crawling websites vs. adding them manually. We also have an automatic process to maintain the list by re-crawling websites so that we can consistently ensure that users don’t face any breakage when websites change.

When you type in web addresses into your web browser or click on links in social media, you want as many of the resulting Internet connections to be encrypted from the start as possible. So, you want the largest possible list, such that the greatest percentage of websites are covered.

We here at Freezenet have implemented HTTPS back in February of 2018, so for those wondering, yes, Freezenet does offer HTTPS.

Back in December of 2017, Firefox began moving to label websites without HTTPS encryption as not secure. In July of 2018, Chrome followed suit by marking websites without HTTPS as not secure. All this was pretty big news at the time because, before that, web browsers generally showed HTTPS websites with a green lock. The general thinking is that the website offered a little bit extra in offering HTTPS. Otherwise, if a website was offered in plain HTTP, it’s no big deal. After all, as long as you aren’t purchasing something with a credit card over the Internet, who really cares? That type of thinking has changed in the last two years where websites were frowned upon for not offering HTTPS for any reason.

In 2014, the offering of HTTPS became a ranking factor in Google search results. Getting a good ranking in Google search results is huge for webmasters. If someone types in some keywords in a search engine, the closer to the top your website is, the more likely people will click on your page. So, that became a pretty big motivational factor to get webmasters to adopt HTTPS as well.

From a web designer perspective, the idea of implementing HTTPS might seem like a bit of work, but a good idea. Unfortunately, implementation also comes with a price tag for a lot of solutions that are available today. For a while, a big problem with implementing HTTPS encryption is the fact that it does cost money. When you are on a shoestring budget where you may or may not be making enough money to pay for server and domain name costs, some webmasters can be motivated to view HTTPS as something that can be sacrificed until revenue gets going.

Fortunately, digital rights organizations, among others, came up with a solution to this problem by creating what is known as Let’s Encrypt. Let’s Encrypt, broadly speaking, is a free version of HTTPS. The only caveat to this is that you have to renew the certificate more often. Some web hosts out there (such as Dreamhost) will help by renewing this automatically.

Some view Let’s Encrypt as less ideal. Many advocate using a commercial version of HTTPS like Comodo especially if you are more into e-commerce. If you aren’t into e-commerce and are running, say, a Blog or a web forum, then, generally speaking, a Let’s Encrypt certificate is fine assuming that you can’t afford the more commercial version of HTTPS.

So, with all that said, for web developers, this latest development is likely more incentive to use HTTPS in the first place. The number of reasons for avoiding implementing this is becoming increasingly small at this point. At the end of the day, this is adding more security for users. That is a hard thing to argue against.

(Via Search Engine World)

Drew Wilson on Twitter: @icecube85 and Facebook.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.