Why HTTPS and not good old HTTP?

[Old Forum david-sharp] anonymous
Created: 6 years and 10 months ago
I'm a new and enthusiastic user of DDG, although I confess I don't understand all the technical jargon you use to explain its workings.
However I have one practical problem. For obvious reasons, I have always set my browsers to alert me whenever I visit a secure (HTTPS) page, and also whenever I leave one.
This means that every time I enter a search into DDG, I have to click on "OK" as if I was consulting my bank account, and then again on "OK" once the results come up. Given the number of times I and most other people use a search engine every day, that is totally out of the question.

As far as I can tell, Firefox doesn't allow me to make an exception to the "alert me" rule (and even if it did, I suspect most users wouldn't know how to activate it).

For the moment, thanks to my burning desire to stop giving the likes of Google a free peek into my personal data, I have simple disactivated the "Alert me" option in Firefox so as to be able to use DDG. But that is clearly not satisfactory.

Any solutions?

David Sharp, Paris, France

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.

HTTPS prevents unauthorised people (third parties, snoopers etc) to view your communication with a web server. You should always prefer https wherever available. Even google search supports https.

As for the problem with the alerts, let it stay disabled. Instead whenever you are on a secure (https) page, your browsers, have certain colour codes to indicate that. For example firefox shows blue colour in the url bar, for secure pages. So rely on that instead of the alert.
posted by [Old Forum guest] • 6 years and 10 months ago Link
Hey David,
You can make your homepage: http://www.duckduckgo.com/

Once you browse to http://www.duckduckgo.com/ you will not be alerted to switching between a secured connection.
While on this page, you can now add this HTTP only page to your FireFox search bar in the top right corner by clicking the small down arrow in the empty search box and select "Add 'DuckDuckGo'"
posted by [Old Forum guest] • 6 years and 10 months ago Link
I agree, disable the alert. It conditions you to click "OK" too much. They're pretty much useless and incredibly annoying to use on the dynamic, public Internet. I'm sure it's probably useful in "controlled" environments like company intranets though, where not much ever changes.

I have the alert for mixed content enabled though. Tells you if an HTTPS site contains non-HTTPS data on it. Usually images or other resources from external sites. That particular alert is definitely worth keeping enabled.

Using the colored address bar as a signal is OK for the most part, except you won't know if a submission form on an otherwise SSL wrapped page is actually submitted over SSL. Lots of servers will still send the form data over HTTP.

There was a Firefox extension a few years back (probably more of them now) that would show you the URL in your statusbar and stuff for buttons/forms by hovering your mouse over them, as if they were normal Hyperlinks. Don't use it myself (or even recall the name!) but, it might be something you could consider investigating further if it's a concern of yours.

posted by [Old Forum guest] • 6 years and 10 months ago Link
Is there no http-only DDG option now?  I used to be able to use the "lite" version with Dillo browser but now it redirests to https...
posted by [Old Forum guest] • 5 years and 11 months ago Link
There is an HTTPS off option you can use via URL parameters that shouldn't force the redirect -- https://duckduckgo.com/params.html

Does Dillo not support https? We could also exempt certain user agents via regex in nginx to that https redirect.
posted by yegg Staff5 years and 11 months ago Link
I was playing around with old Mosaic (Fedora provides a package) and was trying to get to an http version of duckduckgo.com (I tried ddg.gg, duckduckgo.com, http://ddg.gg/lite http://www.duckduckgo.com/lite, etc) I also tried using the params ?https=-1 to no avail. Would the user agent for mosaic be able to be exempted as well? Or is there a specific URL I can type in that will not be upgraded to https? Otherwise, your search engine is great! Keep up your great work! :-)
posted by pronet 2 years and 1 month ago Link
posted by x.15a2 Community Leader2 years and 1 month ago Link
Frankly, I'm shocked anyone wants http. What kinda weird planet do they live on?
posted by [Old Forum guest] • 5 years and 11 months ago Link