John at Darkstar wrote: > We need tools to track user behavior inside Wikipedia. As it is now we > know nearly nothing at all about user behavior and nearly all people > saying anything about users at Wikipedia makes gross estimates and wild > guesses. > > User privacy on Wikipedia is is close to a public hoax, pages are > transfered unencrypted and with user names in clear text. Anyone with > access to a public hub is able to intercept and identify users, in > addition to _all_ websites that are referenced during an edit on > Wikipedia through correlation of logs. > > Compared to this the whole previous discussion about the Iranian steward > is somewhat strange, if not completely ridiculous. > > Get real, the whole system and access to it is completely open! > > John >
As you say, there is no possibility of absolute privacy from anyone with access to the traffic stream, since the Internet was never engineered to give this kind of privacy. Wikipedia as "completely open" as any other non-https website -- and, even with https, as with any other website with publicly visible transactions, for anyone with access to the traffic stream, simple traffic analysis is generally enough to correlate user identities to IPs. A combination of http and Tor is probably as good as it gets in attempting to avoid this, but even this has its limitations. But it is simply unreasonable to equate this with no privacy at all. Most possible eavesdroppers do _not_ have access to the entire traffic stream, and those who do have access to traffic generally only have access to part of the traffic stream, and even then, most of them can't be bothered to eavesdrop, or are discouraged from doing so by privacy laws. Given this, it is quite reasonable to take appropriate technical measures that attempt to keep as much of that remaining privacy as secure as possible. -- Neil _______________________________________________ foundation-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
