Re: [Wikimedia-l] Block evasion might be a federal offense
On Wed, Aug 21, 2013 at 10:09 AM, Peter Gervai grin...@gmail.com wrote: On Wed, Aug 21, 2013 at 9:37 AM, Martijn Hoekstra martijnhoeks...@gmail.com wrote: On Aug 21, 2013 8:56 AM, Peter Gervai grin...@gmail.com wrote: The account and/or underlying IP is blocked. That is the technical impediment. The action that is now a federal offense, it seems, is to defy the warning, by circumventing the block by changing IP and/or account to do what you were told not to do on the warning. Technicalities aside if I follow you right then it is a federal offense to edit Wikipedia when you were told not to (eg. banned but _not_ blocked). If that's the case the IP part of the discussion is mainly irrelevant as one does not have to evade a block to violate the ban. [insert IANAL disclaimer here] No, the linked case (and I apologize for posting a feedly link[0], it links to an ars article, I was on my phone at the time, but the link is good) demonstrates that if there is a ban to violate, the technical evasion of the block becomes a crime. Evading a block without an indication to stop seems to be not a violation, nor is editing in defiance of a ban while no block is present. It is quite possible that a final warning could be considered a ban, but that's straying a bit from the original case. [0] the target for the original link was http://arstechnica.com/tech-policy/2013/08/changing-ip-address-to-access-public-website-ruled-violation-of-us-law/ The central issue though, that it seems block evasion is a federal offense, is not affected by the difficulty in proving evidence for it. It is the question whether the evasion is a crime that bothers me. [insert meetoo here] g ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
First of all, I'm sorry If my tone was not appropriate (keep in mind I'm not a native speaker). 2013/8/21 Terry Chay tc...@wikimedia.org On Aug 21, 2013, at 1:39 AM, Pierre-Selim pierre-se...@huard.info wrote: Just a question: Why imposing HTTPS ? Really, it will be damaging The reason why is outlined in Ryan's blog post as well as his previous post and the Wikipedia entry on https linked from that post. The short answer is the current state is known to present a number of privacy and security vulnerabilities further emphasized by the now-known existence of software designed to deliberaty target these vulnerabilities in Wikipedia specifically. https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ I just think the user should be informed of this and should have the choice (so the user can make an enlightened choice). And that is mostly my point. All the explanation you have given are good, and the work of the WMF is good IMO.. Thank you for all the time you spent on this feature, however I'm not convinced at all. Luckily, the standard for the Movement is consensus, not catering to every extremist view with 100% buy-in. The latter standard is impossible as people would be affected either way. The technical component is informing the decision and helps to hash out some of the details, but this is a case where parts of the Vision are being compromised today, and a different (hopefully better) compromise is being reached through this rollout. Off course, I was just giving my opinion, I'm one user and do not represent more than that. We will see how it works out, and I would be happy to owe you a drink if everything goes smooth. Take care, terry Thank you for your answer and have a nice roll out. 2013/8/21 Ryan Lane rl...@wikimedia.org On Wed, Aug 21, 2013 at 4:38 AM, Brion Vibber bvib...@wikimedia.org wrote: On Tue, Aug 20, 2013 at 1:33 PM, Nathan nawr...@gmail.com wrote: Hi, context please? Continuation of this thread from wikitech-l: http://lists.wikimedia.org/pipermail/wikitech-l/2013-August/thread.html#71285 tl;dr summary: * ops plans to switch logins to HTTPS * switching all logins to HTTPS is known to break access for logged-in users in countries where Wikimedia's HTTPS servers are blocked by government censorship * there are some plans to mitigate this by excluding some languages from the requirement * this is controversial for several reasons, one of which is that it will break access for users in those countries on language projects that are not excepted (eg English Wikipedia in mainland China) The last point isn't accurate. The original plan was to exempt certain languages from the login redirection, and those projects would be home wikis. When someone logged-in there, they'd also be logged-in everywhere else via central auth. The current plan is to disable the HTTPS redirect using geolocation for countries that have a 5% error rate for HTTPS requests. This discussion is technical, so I'm going to move back to wikitech-l, now. - Ryan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- Pierre-Selim ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe -- Pierre-Selim ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] [Wikitech-l] HTTPS for logged in users on Wednesday August 21st
Hi, tl;dr I do not really enjoy the way the mandatory-for-editors HTTPS was introduced, mainly for time frame and communications (still) reasons, although I’m globally really enthousiastic about a better security and particularly the activation of HTTPS. Generally speaking I do _hope_ in the future WMF will give more time and more discussion space to handle major changes. end tl;dr History: (I concede I may lack some readings, but I think I have the big picture) After the PRISM scandal in June (2.5 months ago) everybody condemned that program and the Internet security became a major concern for Internet users. HTTPS is in important means to improve the security (although concerns about the protocol and the way it is implemented appear) and since it was a matter of time before it could be globally activated the blog post published on August 1st announced HTTPS will be activated for logged-in users 20 days after, with solutions about the blocked China HTTPS to be found [1], after a discussion on wikitech-l [2]. Some Chinese editors made petitions [3] (starting on 08/08) and Iranian users raised a similar problem [4] (on 14/08). In parallel these last two weeks there were discussions on wikitech-l about some way to opt-out by user and/or geographically. And in parallel the last two weeks there were discussions on wikitech-l whether some opt-out mechanism should be implemented with two opposed points of view: 1/ this security about the protection of the password must be for everyone else it is unuseful (which is true in a perfect world), no matter if China and other HTTPS-unlucky people cannot login (and hence must edit under IP or not edit); 2/ although security is very important, not to allow HTTP logins in China (and other HTTPS-unlucky people) will destroy etablished parts of the community and should be avoided, so implementation of work-arounds is needed. And this last discussion had not to be on wikitech-l because it is political, and was only a few raised elsewhere (where HTTPS is technical and should be discussed on wikitech-l.) Finally some work-arounds were implemented; first it was a list of wikis where HTTP login will be allowed (this decision became public on Monday [5]) and yesterday (sic) it was announced a geolocalised solution [6]. Secondly there will be a preference for the users, although until yesterday it was not clear for everybody how exactly it was implemented. In parallel the central notice was set up two days ago with an English-only page, pywikipediabot was announced to be ready some hours ago. And in some hours there should be the deployment target. [1] http://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ [2] http://lists.wikimedia.org/pipermail/wikitech-l/2013-July/070981.html [3] http://meta.wikimedia.org/wiki/Requests_for_comment/Petition_of_HTTPS_default [4] https://bugzilla.wikimedia.org/show_bug.cgi?id=52846 [5] https://meta.wikimedia.org/wiki/HTTPS?diff=5731209oldid=5728786 [6] http://lists.wikimedia.org/pipermail/wikitech-l/2013-August/071348.html Conclusion: I know the fact we now know we are spied is disturbing, but… Why the hell HTTPS is so truly *urgent* we cannot spent more than three weeks (at all) to think about the problem, investigate related problems (including political and communitical here), think about solutions and user interfaces/interactions, implement solutions, widely avertize the problem and solutions, and peacefully deploy the patches? I would have loved some RFC and some discussion elsewhere than on wikitech-l with structured problems and solutions, and more time allowed for discussing all that with the community -- because I guess it was widely discussed internally in technical and operations teams, but the community discovered these plans and had to report potential problems in a time frame of 3 weeks. More generally speaking, I would love the WMF share more their internal plans long before rollout -- even if I concede writing and discussion is more time-consuming than oral speak and introduce latencies -- and probably in some digest and expanded forms (I know there are already both, it’s probably to be improved and perhaps more targeted to avoid everyone’s burnout). And perhaps slow the rhythm of the technical changes to have a more stable environment (I understand this is personal and there are other PoV). Thanks, ~ Seb35 Le Wed, 21 Aug 2013 11:37:35 +0200, Pierre-Selim pierre-se...@huard.info a écrit: First of all, I'm sorry If my tone was not appropriate (keep in mind I'm not a native speaker). 2013/8/21 Terry Chay tc...@wikimedia.org On Aug 21, 2013, at 1:39 AM, Pierre-Selim pierre-se...@huard.info wrote: Just a question: Why imposing HTTPS ? Really, it will be damaging The reason why is outlined in Ryan's blog post as well as his previous post and the Wikipedia entry on https linked from that post. The short answer is the current state is known to present a number of privacy and security
[Wikimedia-l] Breaking bots // HTTPS for logged in users on Wednesday August 21st
On 21 August 2013 07:49, Terry Chay tc...@wikimedia.org wrote: ... Luckily, the standard for the Movement is consensus, not catering to every extremist view with 100% buy-in. As a Commons user responsible for over 2.5 million edits, I would hope that the WMF do not label or quickly dismiss me as an extremist if I raise some questions about this notification. I am concerned about how many valuable bot activities a mandated move to https might break. Some will be fixed by operators such as myself changing account preferences to force an opt-out or re-writing code, however many useful bot activities have semi-retired operators, particularly on Commons, and some are bound to just never be fixed and their value will be lost. In planning this change, has some support effort been allocated to fixing or re-hosting the bots that break (such as taking the option of 'remotely' setting community-identified useful bots to opt-out of https, at least for a test period, rather than forcing an opt-in) and has there been a survey of this impact? Though I agree we don't expect 100% buy-in, as an active volunteer, batch uploader and bot writer, I would have expected to have been given a friendly, non-confrontational and relaxed opportunity to raise and consider these issues in a RFC or other consensus building discussion on my home project and engage in discussion there, rather than, apparently, no buy-in needed from us unpaid volunteers and content creators. Thanks, Fae -- fae...@gmail.com http://j.mp/faewm ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] Breaking bots // HTTPS for logged in users on Wednesday August 21st
Fae, 21/08/2013 16:08: On 21 August 2013 07:49, Terry Chay tc...@wikimedia.org wrote: ... Luckily, the standard for the Movement is consensus, not catering to every extremist view with 100% buy-in. As a Commons user responsible for over 2.5 million edits, I would hope that the WMF do not label or quickly dismiss me as an extremist if I raise some questions about this notification. I am concerned about how many valuable bot activities a mandated move to https might break. [...] Do we have a list? Which have you encountered? Nemo ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] Block evasion might be a federal offense
On Wed, Aug 21, 2013 at 4:09 AM, Peter Gervai grin...@gmail.com wrote: On Wed, Aug 21, 2013 at 9:37 AM, Martijn Hoekstra martijnhoeks...@gmail.com wrote: On Aug 21, 2013 8:56 AM, Peter Gervai grin...@gmail.com wrote: The account and/or underlying IP is blocked. That is the technical impediment. The action that is now a federal offense, it seems, is to defy the warning, by circumventing the block by changing IP and/or account to do what you were told not to do on the warning. Technicalities aside if I follow you right then it is a federal offense to edit Wikipedia when you were told not to (eg. banned but _not_ blocked). If that's the case the IP part of the discussion is mainly irrelevant as one does not have to evade a block to violate the ban. The central issue though, that it seems block evasion is a federal offense, is not affected by the difficulty in proving evidence for it. It is the question whether the evasion is a crime that bothers me. [insert meetoo here] g This is actually incorrect, as were some of your comments about the irrelevance of IP blocks in your prior post. Have a look at some of the links I posted earlier in the thread, I think the issues should become more clear. To FT2's comments - it's not actually true that the IP ban, or a cease and desist, have to be specific to a person. In fact in the linked case, they are blanket to a company. I see no particular reason why the same reasoning can't be applied to a school, or a church. A geographic area is probably harder to support. Additionally, we generally give warnings, and block accounts. For the most egregious harassment, the only instances I can see this ever coming into play for Wikimedia, virtually every perpetrator has a long history of blocked user accounts. I think that makes the debate over the personally identifying nature of IPs irrelevant for this discussion. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] Block evasion might be a federal offense
On Wed, Aug 21, 2013 at 4:09 AM, Peter Gervai grin...@gmail.com wrote: On Wed, Aug 21, 2013 at 9:37 AM, Martijn Hoekstra martijnhoeks...@gmail.com wrote: On Aug 21, 2013 8:56 AM, Peter Gervai grin...@gmail.com wrote: The account and/or underlying IP is blocked. That is the technical impediment. The action that is now a federal offense, it seems, is to defy the warning, by circumventing the block by changing IP and/or account to do what you were told not to do on the warning. Technicalities aside if I follow you right then it is a federal offense to edit Wikipedia when you were told not to (eg. banned but _not_ blocked). If that's the case the IP part of the discussion is mainly irrelevant as one does not have to evade a block to violate the ban. The central issue though, that it seems block evasion is a federal offense, is not affected by the difficulty in proving evidence for it. It is the question whether the evasion is a crime that bothers me. [insert meetoo here] g This is actually incorrect, as were some of your comments about the irrelevance of IP blocks in your prior post. Have a look at some of the links I posted earlier in the thread, I think the issues should become more clear. To FT2's comments - it's not actually true that the IP ban, or a cease and desist, have to be specific to a person. In fact in the linked case, they are blanket to a company. I see no particular reason why the same reasoning can't be applied to a school, or a church. A geographic area is probably harder to support. Additionally, we generally give warnings, and block accounts. For the most egregious harassment, the only instances I can see this ever coming into play for Wikimedia, virtually every perpetrator has a long history of blocked user accounts. I think that makes the debate over the personally identifying nature of IPs irrelevant for this discussion. Although I don't think it rose to the level that a federal court would take it seriously the Scientology socks are an example. There, ips were usually irrelevant as was the individual identity of users; although we knew a few. Fred ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
[Wikimedia-l] A Survey on Science Reporting
If you write or add to articles based on journal articles you might complete this survey: https://lsucommunications.qualtrics.com/SE/?SID=SV_0PTVlA7OUCLqkyV Fred ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
[Wikimedia-l] HTTPS for logged-in users delayed. New date: August 28
This is a forward from the wikitech-ambassadors list. https://meta.wikimedia.org/wiki/HTTPS is now updated with the new date. Original Message Subject: [Wikitech-ambassadors] Fwd: HTTPS for logged in users delayed. New date: August 28 Date: Wed, 21 Aug 2013 11:30:51 -0700 From: Rob Lanphier ro...@wikimedia.org Reply-To: Coordination of technology deployments across languages/projects wikitech-ambassad...@lists.wikimedia.org To: Coordination of technology deployments across languages/projects wikitech-ambassad...@lists.wikimedia.org Hi everyone, After assessing the current readiness (or lack thereof) of our HTTPS code, we've decided to postpone the deployment for a week. We have a number of things that we'd like to get cleaner resolution on: * Use of GeoIP vs enabling on per wiki basis * Use of a preference vs login form checkbox vs hidden option vs sensible default * How interactions with login.wikimedia.org will work * Validation of our HTTPS test methodology The new plan is to deploy on Wednesday, August 28 between 20:00 UTC and 23:00 UTC. Prior to that, we plan on having a very limited deployment to our test wikis, and we're also planning to deploy to mediawiki.org. Assuming this is sorted out and we have made our test deployments by end of day Monday, August 26, we should have time to validate our assumptions and give people time to see the new system in action. More info is (or will be) available here: https://meta.wikimedia.org/wiki/HTTPS (or here if you prefer: http://meta.wikimedia.org/wiki/HTTPS ) Thanks everyone for your patience. Rob ___ Wikitech-ambassadors mailing list wikitech-ambassad...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-ambassadors ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
Re: [Wikimedia-l] Fwd: Mapping the SOPA-PIPA Debate: Social Mobilization and the Networked Public Sphere
Samuel Klein, 26/07/2013 00:46: The Berkman Center just came out with a report on the public discussions surrounding the SOPA-PIPA actions; drawing on the Media Cloud work by Yochai Benkler and others. It provides context for the discussions on the English Wikipedia, and captures the differences between the grassroots and top-down decisions by different organizations and media channels who took part in the blackout. An interactive time-visual shows how the conversation was driven at different times by different communities: http://cyber.law.harvard.edu/research/mediacloud/2013/mapping_sopa_pipa/# Interesting, even in the day of the blackout reddit was linked almost as much as Wikipedia. Nemo ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe
[Wikimedia-l] Join the GAC! Deadline extended by one week
Hi, folks. Due to some last-minute interest, I've extended the deadline to Aug 27th. So you are still welcome to join the Wikimedia Foundation's Grant Advisory Committee, and help review and advise on all grant proposals in the Project and Event Grants program[1]. Take a look and sign up! https://meta.wikimedia.org/wiki/Grant_Advisory_Committee/Candidates (please also relay to your local/language lists.) Cheers, Asaf [1] the new name of the artist formerly known as the Wikimedia Grants Program. -- Asaf Bartov Wikimedia Foundation http://www.wikimediafoundation.org Imagine a world in which every single human being can freely share in the sum of all knowledge. Help us make it a reality! https://donate.wikimedia.org ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe