What is this?

For a project of ours (project TLSiP) we need to evaluate a specific subset from the top one million most popular websites. This subset basically allows you to browse the webpages privately and securely, but they are not enforcing it. To improve the overall usage of secure and private communication we want to change that by creating rules for a particular browser extension: HTTPSEverywhere by the EFF and the Tor project.

How can I help?

Simple as that: if you have a few minutes, load the page and look at some websites whether or not they seem equal to you.

Every time you hit "compare" one of our rules is picked at random. The website for this rule is opened twice, once over regular HTTP (to the left) and once over HTTPS (to the right). If they seem equal to you, you can help us to validate our findings by pressing the green "equal" button. If they are not, please press "not equal".

What do I need?

Any web browser should do the job, we tested it on Chrome and Firefox. Please share with us your findings and/or problems by using other browsers.

What is HTTPS and HTTPSEverywhere?

HTTPS is a standard for secure communication and implemented in all browsers. If you surf the web and see a padlock somewhere, communication is encrypted and you can be sure you are talking to the correct server. Some recent publications on the security of HTTPS can be found here, here or here.

HTTPSEverywhere is a browser extension for Firefox, Chrome and Opera that can upgrade unencrypted communications to encrypted and secured ones. It uses a manually crafted set of rules to do so. You should install and use it!

I am not sure what to answer.

If in doubt whether or not the two pages are equal, press "not-equal". At any time you can simply close all three browser windows and start over by surfing to tlscompare.org

The two pages seem similar, but different at the same time. How narrow do you define "equal"?

If the structure and the visual impression are the same, this is good enough. Small portions can be different, like ads or other dynamic content.

One of the pages is redirected (either HTTPS to HTTP, or the other way round). How to answer?

If you use the regular interface, please press "non-equal" - a rule for HTTPSEverywhere would not make sense, however we will manually review these borderline cases specifically

Why is it so slow?

Sometimes webpages have to be fetched from the other side of the world, this can take some seconds. If nothing happens for more than 10 seconds, please press "not-equal".

I see the pop-ups, but the pages won't load.

If both windows stay empty for more then 10 seconds, please press "not equal". We will have another look at them.

Why do I get an error message from Cloudflare?

If you see an error message from Cloudflare, this means most likely that the server is currently not available. It's safe to press "not equal", and we'll have a look at it.

Why does it say "Please use a large screen device".

This page only makes sense if you have an appropriate display with a large-enough resolution. It doesn't work on smartphones and tablets.

Why is there no mobile version?

The screen is too small.

Why is there Porn?

The websites are a random subset of popular websites on the Internet. This includes porn. Viewer discretion is advised, this page is NSFW.

What information do you collect about me?

Beside the information your browser sends to us by default (UserAgent, operating system, IP adress) we store an encrypted cookie on your side to count the number of solved requests. You can delete this cookie in your browser preferences or by using the private mode of your browser.

Aside from that we do not use any form of tracking- or analytics service, i.e. no Google Analytics or any other third-party tracking.

What's the expert mode?

The expert mode is for people that have experience with TLS and HTTPS. This allows us for collecting finer grained answers (like timeouts, certificate errors, ...)

What are the different rulesets?

By default the most interesting ruleset for us is selected, namely those pages that are somewhere close to being equal but our algorithms weren't sure (named "Generaded rules close to threshold"). The other sets are the current rules of HTTPSEverywhere named "existing rules", which all should be valid and euqal. The third set is "Generated valid rules", which are our contribution back to HTTPSEverywhere and which is by far the biggest dataset needing manual verification.

I'd like to tell my friends about this. How do I do this?

The more, the merrier! We are working on integrating Facebook and Twitter so that you can share this site with your social peers. Stay tuned for updates.

My question was not answered - how can I reach you?

Please see the contact page.