[HTTPS-Everywhere] The DuckDuckGo search engine supplying HTTPS links

[Seth Schoen]

Greg Lindahl writes:

> On Thu, May 02, 2013 at 03:11:48PM -0700, Seth David Schoen wrote:
> 
> > I think DuckDuckGo was using our rulesets at one time.  Perhaps they also
> > have another source of rulesets or heuristics that they could share.
> 
> The one we like is "homepages which redir to https". However, it's
> kind of annoying: you'd be amazed how many websites remove the redir
> because their https webpages have become broken. It was annoying
> enough that we stopped using the rule. Ymmv.

I wouldn't be amazed, because of the number of previously awesome
HTTPS Everywhere rulesets that I've had to set to default_off at
some later date.

A basic Drupal or other LAMP site that hosts its own static files
on the same server generally works automatically in HTTPS once
HTTPS is configured on the server -- so many sites probably get
decent HTTPS support site-wide without even intending it.  If they
then move the static content to a different server or subscribe
to a CDN without explicitly asking for sitewide HTTPS support,
things are very likely to break.

We have a project to help webmasters learn about how our rules
affect their sites:

https://www.eff.org/https-everywhere/atlas

A next step which I haven't yet pursued is to e-mail all these
webmasters with this link, so they know that other people are
attempting to use their sites in HTTPS.  I think something that
would be good to send at the same time would be a comprehensive
document about why this is a good thing for the site and its
users (so that accidentally-HTTPS sites can understand that it's
worth working to keep this functionality).

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107