DuckDuckGo Smarter Encryption Enforces HTTPS Routing via @martinibuster
1Reported today on Search Engine Journal
For the full article visit: http://bit.ly/32UIwtq
DuckDuckGo Smarter Encryption Enforces HTTPS Routing
DuckDuckGo announced Smarter Encryption, an effort to restrict users to HTTPS connections. The system uses a whitelist of encrypted sites in order to route users to the encrypted versions of those URLs.
What is DuckDuckGo Smarter Encryption
Smarter Encryption is essentially a white list of websites that are verified to be secure. A white list is the opposite of a black list. So rather than creating a list of sites to exclude (black list), Duck Duck Go is using the white list approach of creating a list of approved sites to include.
This is how Duck Duck Go described their white list:
"At the center of DuckDuckGo Smarter Encryption is a large list of websites that we know have encrypted (HTTPS) versions of their websites, which we use to ensure that you only interact with these encrypted versions."
This is a method for ensuring that users are on the secure HTTPS protocol when it is available.
How is the Smarter Encryption List Created?
Duck Duck Go crawls the Internet and notes which sites are or are not encrypted. Duck Duck Go checks websites that serve both an insecure HTTP and a secure HTTPS version to verify if the URL upgrades to HTTPS.
Duck Duck Go tests URLs across the site to ensure that the site is indeed secure and that it is not serving mixed secure/insecure content. Sites that serve insecure content will not be allowed into the list of secure sites.
Smarter Encryption Actively Routes Traffic
DDG Smarter Encryption will automatically route users to secure versions of web pages for sites that are on the white list and serve both secure and insecure versions.
Normally, when someone creates a link using an insecure HTTP protocol when linking to an HTTPS site, the website host will redirect the user to the secur