For a project of ours (project TLSiP) we need to evaluate a specific subset from the top one million most popular websites. This subset basically allows you to browse the webpages privately and securely, but they are not enforcing it. To improve the overall usage of secure and private communication we want to change that by creating rules for a particular browser extension: HTTPSEverywhere by the EFF and the Tor project.
Simple as that: if you have a few minutes, load the page and look at some websites whether or not they seem equal to you.
Every time you hit "compare" one of our rules is picked at random. The website for this rule is opened twice, once over regular HTTP (to the left) and once over HTTPS (to the right). If they seem equal to you, you can help us to validate our findings by pressing the green "equal" button. If they are not, please press "not equal".
Any web browser should do the job, we tested it on Chrome and Firefox. Please share with us your findings and/or problems by using other browsers.
HTTPS is a standard for secure communication and implemented in all browsers. If you surf the web and see a padlock somewhere, communication is encrypted and you can be sure you are talking to the correct server. Some recent publications on the security of HTTPS can be found here, here or here.
HTTPSEverywhere is a browser extension for Firefox, Chrome and Opera that can upgrade unencrypted communications to encrypted and secured ones. It uses a manually crafted set of rules to do so. You should install and use it!
If in doubt whether or not the two pages are equal, press "not-equal". At any time you can simply close all three browser windows and start over by surfing to tlscompare.org
If the structure and the visual impression are the same, this is good enough. Small portions can be different, like ads or other dynamic content.
If you use the regular interface, please press "non-equal" - a rule for HTTPSEverywhere would not make sense, however we will manually review these borderline cases specifically
Sometimes webpages have to be fetched from the other side of the world, this can take some seconds. If nothing happens for more than 10 seconds, please press "not-equal".
If both windows stay empty for more then 10 seconds, please press "not equal". We will have another look at them.
If you see an error message from Cloudflare, this means most likely that the server is currently not available. It's safe to press "not equal", and we'll have a look at it.
This page only makes sense if you have an appropriate display with a large-enough resolution. It doesn't work on smartphones and tablets.
The screen is too small.
The websites are a random subset of popular websites on the Internet. This includes porn. Viewer discretion is advised, this page is NSFW.
Beside the information your browser sends to us by default (UserAgent, operating system, IP adress) we store an encrypted cookie on your side to count the number of solved requests. You can delete this cookie in your browser preferences or by using the private mode of your browser.
Aside from that we do not use any form of tracking- or analytics service, i.e. no Google Analytics or any other third-party tracking.
The expert mode is for people that have experience with TLS and HTTPS. This allows us for collecting finer grained answers (like timeouts, certificate errors, ...)
By default the most interesting ruleset for us is selected, namely those pages that are somewhere close to being equal but our algorithms weren't sure (named "Generaded rules close to threshold"). The other sets are the current rules of HTTPSEverywhere named "existing rules", which all should be valid and euqal. The third set is "Generated valid rules", which are our contribution back to HTTPSEverywhere and which is by far the biggest dataset needing manual verification.
The more, the merrier! We are working on integrating Facebook and Twitter so that you can share this site with your social peers. Stay tuned for updates.
Please see the contact page.