October 13, 2010 | By Seth Schoen

Search Engines Protect Privacy with Outbound HTTPS Links

One great trend for Internet users' privacy and security has been that search engines — among other popular sites — are making their services available in a secure HTTPS form.

But users can still run into a privacy problem when they click on search results: the destination page could be unencrypted, potentially revealing lots of information to eavesdroppers about a user's interests and activities. For instance, suppose you search for [coronary artery disease] on a search engine, and you click on the search engine's outbound result link to Wikipedia's page at http://en.wikipedia.org/wiki/Coronary_artery_disease. Even if your connection to the search engine was protected by HTTPS, your connection to Wikipedia won't be!

But it could have been protected — after all, Wikipedia has a partially HTTPS-protected version at the alternative address https://secure.wikimedia.org/wikipedia/en/wiki/Coronary_artery_disease. The search engine would just have to know to send you to that link instead of the insecure link. (Or you could use EFF's HTTPS Everywhere software to rewrite the link inside your browser; but currently it's only available for Firefox and doesn't come with browsers by default.) Wouldn't it be great if search engines results preferred the secure form of web sites?

This week the developer of the search engine Duck Duck Go let us know that Duck Duck Go is doing exactly that, using EFF's HTTPS Everywhere rules to automatically generate secure outbound links where possible. (For example, Duck Duck Go is rewriting not only links to Wikipedia but also links to sites like Twitter and Facebook into HTTPS.)

This is a great step toward making HTTPS use much more routine and ubiquitous. We were also thrilled to discover that StartPage, a pioneer in search privacy, is also generating secure outbound Wikipedia links. Hopefully more search engines will adopt this practice soon!


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Privacy is a human right: Data retention violates that right | @AmerQuarterly https://eff.org/r.irnm

Aug 29 @ 11:12am

Court buys government's shell game blocking Klayman case plaintiffs from challenging NSA spying: https://eff.org/r.8hi0

Aug 29 @ 9:25am

How China is strong-arming coders to abandon their open source projects: https://eff.org/r.wso1

Aug 28 @ 4:20pm
JavaScript license information