[HTTPS-Everywhere] The DuckDuckGo search engine supplying HTTPS links
Seth Schoen
schoen at eff.org
Fri May 3 09:29:10 PDT 2013
Greg Lindahl writes:
> On Thu, May 02, 2013 at 03:11:48PM -0700, Seth David Schoen wrote:
>
> > I think DuckDuckGo was using our rulesets at one time. Perhaps they also
> > have another source of rulesets or heuristics that they could share.
>
> The one we like is "homepages which redir to https". However, it's
> kind of annoying: you'd be amazed how many websites remove the redir
> because their https webpages have become broken. It was annoying
> enough that we stopped using the rule. Ymmv.
I wouldn't be amazed, because of the number of previously awesome
HTTPS Everywhere rulesets that I've had to set to default_off at
some later date.
A basic Drupal or other LAMP site that hosts its own static files
on the same server generally works automatically in HTTPS once
HTTPS is configured on the server -- so many sites probably get
decent HTTPS support site-wide without even intending it. If they
then move the static content to a different server or subscribe
to a CDN without explicitly asking for sitewide HTTPS support,
things are very likely to break.
We have a project to help webmasters learn about how our rules
affect their sites:
https://www.eff.org/https-everywhere/atlas
A next step which I haven't yet pursued is to e-mail all these
webmasters with this link, so they know that other people are
attempting to use their sites in HTTPS. I think something that
would be good to send at the same time would be a comprehensive
document about why this is a good thing for the site and its
users (so that accidentally-HTTPS sites can understand that it's
worth working to keep this functionality).
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list