Package: surfraw Version: 2.2.9-1 Severity: normal
Hi! All elvi point to http URLs, and at most sometimes allow an option to use "experimental" SSL support with an old URL, such as wikipedia: https://secure.wikimedia.org/wikipedia/$LANG/w/index.php?search=%s&go=Go instead of https://$LANG.wikipedia.org/wiki/%s I've checked ~10 at random, all of them not only support https as the primary URL but even redirect http to https. Thus, giving the query over http is strictly harmful: it allows an attacker to spy on and/or redirect your queries, slows down the connection (there's the redirect first) and gives no benefit in case either your browser or the server has SSL problems, as the redirect will block access to http anyway. So, please switch all sites to https.
