EFF’s browser extension HTTPS Everywhere just got even better! We’ve partnered with DuckDuckGo to incorporate its Smarter Encryption rulesets into HTTPSE, giving users greater coverage for connecting to safer, encrypted versions of the websites they visit. https://www.eff.org/press/releases/eff-partners-duckduckgo-enhance-secure-browsing-and-protect-user-information-web
@eff Yikes! So what you're saying is previously the db was included in HTTPS Everywhere, and now everyone will have to connect to #DuckDuckGo via #Microsoft Azure to run DDG #javascript that discloses to DDG the a hash of the host we're visiting, even when the browsing isn't from a search page. Would this change have anything to do with DDG donating 6 figs annually to #EFF?
@eff When a db of 10 million hosts is SHA-1 hashed, the 1st four can map to 64k choices. Perhaps that's sufficient with 10M sites for DDG to not have much certainty on which site we're visiting. But this assumes we accept this figure of 10 million HTTPS sites that are malconfigured to not redirect from HTTP to HTTPS. That's a bit hard to swallow. Are these 10M sites published anywhere?
@eff I would much rather store locally a list of 10M IP addresses (that's easier to manage & faster to search than domain names), than to connect to #Microsoft every time an URL omits the "S". And I must say, for #DDG to call this mechanism "Smarter Encryption" is deceiving intellectual dishonesty. They know they didn't improve encryption, they just detected some malconfig'd sites.
@eff the whole point to the #HTTPSEverywhere db is to skip the lag of attempting a fetch that will potentially fail. This new version will require people to fetch the javascript file, execute it, then do another network fetch to check the site. How is that better than a browser that just tries HTTPS outright and reverts to http when it fails?