Your Connection is Secure with DuckDuckGo Smarter Encryption

Filed under DuckDuckGo News on
  • Smarter Encryption is a key component of our mobile app (DuckDuckGo Privacy Browser) and desktop browser extension (DuckDuckGo Privacy Essentials).
  • With Smarter Encryption, over 80% of clicks to websites from DuckDuckGo Search use encrypted connections.
  • Pinterest is using Smarter Encryption to increase encryption in Pin links by 33%.
  • Smarter Encryption code is open source.

When you're browsing the Internet, one 's' can make a lot of difference for your privacy. If the web address you are visiting starts with 'http://', that means the Internet connection to the website is unencrypted, and everything you do or see on that website is vulnerable to onlookers, from the specific page you are on to any information you submit about yourself.

On the other hand, if the web address starts with 'https://' (with an s at the end), that means the Internet connection to the website is encrypted, and anyone trying to spy on you can see nothing except the domain you're going to. Everything else — like your search terms, the exact page you visit, and anything you type in — will just look like gobbledegook to anyone snooping on your Internet activity.

Screenshot showing what part of a URL is and isn't encrypted with HTTPS.

So, that one letter is actually a very powerful tool in protecting your privacy online. We at DuckDuckGo wanted to make sure Internet users make the most use of this encryption as possible, so we created DuckDuckGo Smarter Encryption. When enabled, this technology will make most typical Internet browsing connections encrypted, and therefore private from potential eavesdroppers.

For example, when using DuckDuckGo Smarter Encryption, 81% of clicks to websites from DuckDuckGo Search results use encrypted connections. This gives you peace of mind that no matter where the Internet takes you, DuckDuckGo is helping you keep your private information just that, private.

Our friends at Pinterest agree too: today they have announced that they are using DuckDuckGo Smarter Encryption to protect their users from hidden privacy threats outside of their website. By using our technology, they have increased the encryption in their Pin links by 33%, with 80% of Pin links now encrypted and therefore secure (up from 60%).

DuckDuckGo Smarter Encryption is available for free as part of our mobile app (DuckDuckGo Privacy Browser for iOS and Android) and desktop browser extension (DuckDuckGo Privacy Essentials for Firefox and Chrome) that enable you to seamlessly search and browse privately on all of your devices. They contain what we call the "privacy essentials" — tracker blocking, private search, and upgraded encryption — all in one package.

More technical information including how Smarter Encryption works and how it compares to similar solutions is available below. Today we're also open sourcing the code behind this technology.

Too many people believe that you simply can't expect privacy on the Internet. We disagree and have made it our mission to set a new standard of trust online with easy tools like this so you can get privacy, simplified.

So, how does DuckDuckGo Smarter Encryption work?

At the center of DuckDuckGo Smarter Encryption is a large list of websites that we know have encrypted (HTTPS) versions of their websites, which we use to ensure that you only interact with these encrypted versions. We automatically generate this list by continually crawling the web.

Digging in, there are two primary scenarios where this helps you stay more private. First, many websites offer both an encrypted (HTTPS) and an unencrypted (HTTP) version of their website, but unfortunately do not route you their encrypted version automatically. DuckDuckGo Smarter Encryption takes care of this scenario.

Second, even if a website offers HTTPS and does automatically navigate you there when you go to one of their web addresses, that first attempt you make is still unencrypted, leaking your browsing behavior. This is especially pernicious on social media where a lot of news links are posted as unencrypted links, exposing the details of what you're reading in that first HTTP request. DuckDuckGo Smarter Encryption takes care of this scenario too (for websites on our list) by adding an 's' to unencrypted http:// web addresses, making them https:// web addresses and therefore encrypted.

(We have a detailed post on how encryption works technically here.)

Why DuckDuckGo Smarter Encryption vs. other solutions?

Using DuckDuckGo Smarter Encryption means that more of your browsing will use encrypted connections (HTTPS), shielding your personal information from prying eyes.

In addition to our Smarter Encryption list, there are two other lists that indicate whether a connection to a website can use HTTPS: Chromium's HSTS Preload List and EFF's HTTPS Everywhere. Building on EFF's pioneering work, DuckDuckGo Smarter Encryption is significantly more comprehensive than alternatives because we automatically generate our list by crawling websites vs. adding them manually. We also have an automatic process to maintain the list by re-crawling websites so that we can consistently ensure that users don't face any breakage when websites change.

When you type in web addresses into your web browser or click on links in social media, you want as many of the resulting Internet connections to be encrypted from the start as possible. So, you want the largest possible list, such that the greatest percentage of websites are covered.

Chart showing a comparison of HTTPS list coverage.

List | Entries | Traffic Coverage |
--- | --- | --- | --- |
Chromium HSTS Preload | 85,000 | 12%
EFF HTTPS Everywhere | 125,000 | 27%
DuckDuckGo Smarter Encryption | 12,000,000 | 81%

In the table above, Entries refers to the approximate number of entries in each list. Traffic Coverage is based on a large collection of anonymous click traffic we see on DuckDuckGo Search, which we use as proxy for type-in browser traffic and social media clicks. Assuming all of these Internet connections were attempted to be made unencrypted, we counted the % of them that could be made encrypted by each list.

Of course, each traffic coverage situation where these lists could be applied will yield different results, in part depending on how many links were initially already encrypted. For example, as noted above when applied to Pinterest's Pin links, DuckDuckGo Smarter Encryption results in a similar total traffic coverage of 80% encryption across all Pin links, increasing their encryption by 33% (up from 60%).

In any case, the larger list means that in almost any situation, more of your traffic will be encrypted. And, at least in our large sample, all of the hosts that HSTS Preload and HTTPS Everywhere upgraded, were also upgraded by Smarter Encryption, plus a whole lot more. We plan to work with the EFF to try to make available our entries into their extension.

How do you check if a site is OK to include in the list?

We do not want to include any sites that could break your browsing experience. To ensure that, we:

  • Pick a variety of URLs (web addresses) from across a site, using links from the homepage and from our search results;
  • Ensure all of those URLs upgrade to HTTPS successfully while not allowing insecure connections in sub-requests (like images, a.k.a. "mixed content");
  • For sites available both over HTTP and HTTPS, check that each URL passes a visual comparison test to make sure they are the same;
  • Consistently recheck sites as their encryption policies and certificates can change over time; and
  • Monitor and react to any broken-site feedback requests from our apps and extensions, used by many millions of people worldwide.

We check expiring certificates for validity on a daily basis, and regularly conduct a full evaluation of each site, typically every two weeks. In these wider crawls, we also include new sites for consideration based on DuckDuckGo Search traffic.

Is DuckDuckGo Smarter Encryption open source?

The code we use to make DuckDuckGo Smarter Encryption is now open source and available on Github under the Apache 2.0 License. We welcome feedback and hope you find it useful. The list we use (as a result of running this code) is also publicly available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0. International license. If you'd like to license the list for commercial use, please reach out.


For more privacy advice follow us on Twitter, and stay protected and informed with our privacy newsletters.

Your Connection is Secure with DuckDuckGo Smarter Encryption
Share this