HTTPS Everywhere to use DuckDuckGo's Smarter Encryption before reaching End of Life
HTTPS Everywhere by the EFF will switch from using its own rulesets to using rulesets provided by DuckDuckGo's Smarter Encryption technology exclusively.
The browser extension was released in 2010 to switch to encrypted (HTTPS) connections if possible. The extension would try to upgrade connections when users entered domain names, used HTTP, or clicked on HTTP links in the browser.
The main idea behind the extension was to improve security by upgrading connections to HTTPS. A list with rulesets was used by the extension up until now for the purpose.
A blog post on the EFF's Deeplinks site reveals that HTTPS Everywhere will switch to the rulesets of DuckDuckGo's Smart Encryption feature before it will reach End of Life eventually.
Smarter Encryption uses an automated approach for building its rulesets, and that sets it apart from the HTTPS Everywhere way of manually adding rules. Since it covers more sites, it will upgrade more connections to HTTPS when used.
The EFF published a plan to phase out HTTPS Everywhere rulesets. The main takeaway is that its rulesets will be retired in late 2021 to give partners and downstream channels enough adjusting time. DuckDuckGo's rulesets are supported in the latest version already.
More serious than the switching to the different rulesets is that the EFF has plans to retire HTTPS Everywhere eventually. A date has not been determined yet according to the makers, but it won't be announced before the old rulesets are retired.
Why is HTTPS Everywhere being retired?
The web is moving towards HTTPS-only rapidly, but this is only part off the reason. The main arguments for the decision are the following ones:
- DuckDuckGo's Smarter Encryption supports more domains than the HTTPS Everywhere model.
- Firefox supports an HTTPS-Only mode.
- Chrome starts to redirects requests to HTTPS first when typed in the address bar.
- Mixed content is blocked in major browsers.
- The use of different domains for HTTPS content is used less and less on the web.
- Chrome's Manifest V3 has a rulesets cap, and the EFF does not want to "create confusion for users on "who to choose" when it comes to getting the best coverage.
- Users may switch to DuckDuckGo's Privacy Essentials or a browser that supports HTTPS-Only mode once HTTPS Everywhere is retired.
HTTPS Everywhere remains available throughout 2021 at the very least. While the old ruleset will be turned off eventually, it will be replaced by another that may do its job even better. Eventually, HTTPS Everywhere will be retired. Users may switch to Firefox's excellent HTTPS-Only mode then, which tries HTTPS first always but comes with prompts to downgrade the connection if HTTPS is not working, or DuckDuckGo's Privacy Essentials extension.
Now You: do you use HTTPS Everywhere?Advertisement