DuckDuckGo launches Smarter Encryption feature in its extensions and apps
Privacy-focused search engine DuckDuckGo announced the launch of a new feature today that it calls Smarter Encryption.
Smarter Encryption is designed to upgrade requests to HTTP sites automatically to HTTPS if the site in question supports HTTPS and if it is on DuckDuckGo's list of sites that can be upgraded.
The majority of Internet sites use HTTPS already but there are still sites out there that use HTTP only or support both HTTP and HTTPS. The latter can be accessed using both protocols and Internet users either have to make sure to access the HTTPS version of these sites or to use extensions like HTTPS Everywhere to connect to HTTPS versions.
Search engine DuckDuckGo added a similar technology in its official browser extensions and mobile applications recently. Smarter Encryption will upgrade HTTP requests to HTTPS automatically based on the two criteria described above.
The company behind the search engine has created a list with over 10 million sites that it will upgrade if users of its extensions or apps try to access them using HTTP.
Information about the most popular sites that can be upgraded are stored on the local device but the majority of sites are stored on DuckDuckGo servers.
Requests are designed with privacy in mind and the company notes that all if its privacy protections and policies apply to Smarter Encryption as well.
The following happens when a user tries to access a site that uses HTTP:
- The local list is checked; if the site is on the list it will be upgraded immediately and the process is done.
- If the site is not on the local list, a SHA-1 hash is generated.
- The first four characters of the hash are sent anonymously to a DuckDuckGo server. The request is anonymous, IP addresses or personal data is not logged.
- The server returns all hashes that match the query.
- The full hash is checked against the list locally to determine whether that site can be upgraded to HTTPS.
- If it is on the list, the request is upgraded to HTTPS. Otherwise, the HTTP connection is established.
Connections that use HTTPS are encrypted which means that the privacy and security of users is protected when it is used.
One of the main differences between DuckDuckgo's implementation and solutions such as HTTPS Everywhere is that Smarter Encryption does not use a list that is maintained manually. The use of automation, courtesy of the company's web crawler who picks up information about HTTPS supporting sites while it does its job, explains the larger number of supported sites that is on the list.
The new Smarter Encryption feature is already available in the latest versions of DuckDuckGo's browser extensions and mobile applications.