@eff When a db of 10 million hosts is SHA-1 hashed, the 1st four can map to 64k choices. Perhaps that's sufficient with 10M sites for DDG to not have much certainty on which site we're visiting. But this assumes we accept this figure of 10 million HTTPS sites that are malconfigured to not redirect from HTTP to HTTPS. That's a bit hard to swallow. Are these 10M sites published anywhere?