October 13, 2010 | By Seth Schoen

Search Engines Protect Privacy with Outbound HTTPS Links

One great trend for Internet users' privacy and security has been that search engines — among other popular sites — are making their services available in a secure HTTPS form.

But users can still run into a privacy problem when they click on search results: the destination page could be unencrypted, potentially revealing lots of information to eavesdroppers about a user's interests and activities. For instance, suppose you search for [coronary artery disease] on a search engine, and you click on the search engine's outbound result link to Wikipedia's page at http://en.wikipedia.org/wiki/Coronary_artery_disease. Even if your connection to the search engine was protected by HTTPS, your connection to Wikipedia won't be!

But it could have been protected — after all, Wikipedia has a partially HTTPS-protected version at the alternative address https://secure.wikimedia.org/wikipedia/en/wiki/Coronary_artery_disease. The search engine would just have to know to send you to that link instead of the insecure link. (Or you could use EFF's HTTPS Everywhere software to rewrite the link inside your browser; but currently it's only available for Firefox and doesn't come with browsers by default.) Wouldn't it be great if search engines results preferred the secure form of web sites?

This week the developer of the search engine Duck Duck Go let us know that Duck Duck Go is doing exactly that, using EFF's HTTPS Everywhere rules to automatically generate secure outbound links where possible. (For example, Duck Duck Go is rewriting not only links to Wikipedia but also links to sites like Twitter and Facebook into HTTPS.)

This is a great step toward making HTTPS use much more routine and ubiquitous. We were also thrilled to discover that StartPage, a pioneer in search privacy, is also generating secure outbound Wikipedia links. Hopefully more search engines will adopt this practice soon!


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Hundreds attend EFA launch events in 9 cities across the U.S. this month: https://www.eff.org/deeplinks...

Apr 30 @ 7:12pm

Voicemail-to-text services have been around since at least 2001. Why was a patent for them issued in 2006? https://www.eff.org/deeplinks...

Apr 30 @ 9:12am

Learn about Rule 41, the scary new route the government could use to hack your computer: https://www.eff.org/deeplinks...

Apr 30 @ 8:48am
JavaScript license information