Over the last few months the HTTPS Everywhere project has been deciding what to do with the new landscape of HTTPS in major browsers. Encrypted web traffic has increased in the last few years and major browsers have made strides in seeing that HTTPS becomes the default. This project has shepherded a decade of encrypted web traffic and we look onward to setting our efforts protecting people when new developments occur in the future. That said we’d like to announce that we have partnered with the DuckDuckGo team to utilize their Smarter Encryption rulesets into the HTTPS Everywhere web extension.

This is happening for several reasons:

  • Firefox has an HTTPS-Only Mode now.
  • Chrome doesn’t have HTTPS by default, but is slowly moving towards that goal with now directing to HTTPS in the navigation bar first before going to HTTP.
  • DuckDuckGo’s Smarter Encryption covers more domains than our current model.
  • Browsers and websites are moving away from issues that created a need for more granular ruleset maintenance.
    • Mixed content is now blocked in major browsers
    • Different domains for secure connection are now an older habit (i.e. secure.google.com), further removing the need for granular maintenance on HTTPS Everywhere rulesets
    • Chrome’s Manifest V3 declarativeNetRequest API will force the web extensions to have a ruleset cap. Instead of competing with other extensions like DuckDuckGo, if the user prefers to use HTTPS Everywhere or DuckDuckGo's Privacy Essentials, they will receive virtually the same coverage. We don’t want to create confusion for users on “who to choose” when it comes to getting the best coverage.
    • As HTTPS Everywhere goes into “maintenance mode”, users will have the opportunity to move to DuckDuckGo’s Privacy Essentials or use a browser that has HTTPS by default.

More info on DuckDuckGo’s Smarter Encryption here: https://spreadprivacy.com/duckduckgo-smarter-encryption/

Phases for HTTPS Everywhere’s Rulesets

  • DuckDuckGo Update Channel with Smarter Encryption Rulesets [April 15, 2021].
  • Still accept HTTPS Everywhere Ruleset changes in Github Repo until the end of May, 2021.
  • Still host HTTPS Everywhere Rulesets until various partners and downstream channels that use our current rulesets, make needed changes and decisions.
  • Sunset HTTPS Everywhere Rulesets [Late 2021]

Afterwards, this will start the HTTPS Everywhere web extension EoL (End of Life) stage, which will be determined later after completing the sunset of HTTPS Everywhere Rulesets. By adding the DuckDuckGo Smarter Encryption Update Channel we can give everyone time to adjust and plan.

Thank you for contributing and using this project through the years. We hope you can celebrate with us the monumental effort HTTPS Everywhere has accomplished.