https everywhere?

<hidden> anonymous
Created: 3 years and 2 months ago • Updated: 3 years and 2 months ago
Hello. I have a question about this "https everywhere" extension in DuckDuckGo. As far as I know, using https version of the site provides me with more security and privacy (even though there is some lack of speed) while browsing it. The majority of sites I use have "" form in the address bar, but some sites have "" form, which means (if I am not wrong) that they are using http version. When I try to type manually the https version, it just redirects me again to "". So I wonder: are those sites actually use https, but just don't visualise it in address bar? ; or maybe if they don't, the DuckDuckGo creates some sort of secure https channel to this site, so even if I use http version of site, all the exchange of information between me and this site gets encrypted while transfered?
Thank you in advance to all those who responded.

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.

Not all web sites are secure (https), so if you type https:// for a non-secure site, you might be redirected to the http:// or you might receive an untrusted connection error.

For more information regarding secure connections, you might want to read the December 18 blog post.

posted by x.15a2 Community Leader3 years and 2 months ago Link
O.K. I think I get it. So the only way to have a secure connection with the site which don't supports https secure protocol, is to connect with this site authorities and ask them about modernising their site, right?
posted by <hidden> • 3 years and 2 months ago Link
Yup, unless you want to use Tor. However, Tor would still have an unencrypted stretch between the exit node and the end server so though it couldn't be traced to you by IP, any other information transmitted would be insecure.
posted by MyUser 3 years and 2 months ago Link
Thanks for help.
posted by <hidden> • 3 years and 2 months ago Link
All sites are not secure by default. In order to make them secure, they must purchase a dedicated IP and SSL for their site. Which costs money. Not to mention that HTTPS makes the site runs slower. So it's not an issue of "modernizing" their site. In reality, HTTPS should only be used for sites that offer services in which the exchange of the information needs to be protected or encrypted. Such as purchases, credit card info, etc, etc...
posted by <hidden> • 3 years and 2 months ago Link