October 13, 2010 | By Seth Schoen

Search Engines Protect Privacy with Outbound HTTPS Links

One great trend for Internet users' privacy and security has been that search engines — among other popular sites — are making their services available in a secure HTTPS form.

But users can still run into a privacy problem when they click on search results: the destination page could be unencrypted, potentially revealing lots of information to eavesdroppers about a user's interests and activities. For instance, suppose you search for [coronary artery disease] on a search engine, and you click on the search engine's outbound result link to Wikipedia's page at http://en.wikipedia.org/wiki/Coronary_artery_disease. Even if your connection to the search engine was protected by HTTPS, your connection to Wikipedia won't be!

But it could have been protected — after all, Wikipedia has a partially HTTPS-protected version at the alternative address https://secure.wikimedia.org/wikipedia/en/wiki/Coronary_artery_disease. The search engine would just have to know to send you to that link instead of the insecure link. (Or you could use EFF's HTTPS Everywhere software to rewrite the link inside your browser; but currently it's only available for Firefox and doesn't come with browsers by default.) Wouldn't it be great if search engines results preferred the secure form of web sites?

This week the developer of the search engine Duck Duck Go let us know that Duck Duck Go is doing exactly that, using EFF's HTTPS Everywhere rules to automatically generate secure outbound links where possible. (For example, Duck Duck Go is rewriting not only links to Wikipedia but also links to sites like Twitter and Facebook into HTTPS.)

This is a great step toward making HTTPS use much more routine and ubiquitous. We were also thrilled to discover that StartPage, a pioneer in search privacy, is also generating secure outbound Wikipedia links. Hopefully more search engines will adopt this practice soon!


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

MPAA seeks website blocking with one court order to bind every Internet company. https://eff.org/r.unil #SOPApower

Aug 3 @ 3:43pm

BREAKING: Sen. McConnell just filed cloture on CISA. That means he wants to move it this week. Take action now https://stopcyberspying.com

Aug 3 @ 3:13pm

EFF to Appeals Court: Mississippi AG's subpoena to Google threatens
online speech and innovation https://eff.org/r.lrnv

Aug 3 @ 2:55pm
JavaScript license information