[Wikimedia-l] New Wikiclubs in Tavush province

2019-07-22 Thread Wikimedia Armenia Board
Dear all, I am glad to inform you that a memorandum has been signed between Wikimedia Armenia Scientific-Educational NGO and Tavush Province Administration of the Republic of Armenia, according to which the latter is obliged to 1. Support the establishment and regular work of Wikiclubs

Re: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan

2019-07-22 Thread Steinsplitter Wiki
That's shocking... >> I think this has serious implications for Wikipedia & Wikimedia, as not >> only they would be easily able to see which articles people read, but >> also steal login credentials, depseudonymize people and even hijack >> admin accounts. Yes, they can de-crypt the traffic.

Re: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan

2019-07-22 Thread Yuri Astrakhan
I don't think browser vendors will block the ability to install a custom root certificate because some corp clients may use it for exactly the same reason -- creating an HTTPS proxy with fake certs in order to analyze internal traffic (in the name of monitoring/security). Browser vendors could

[Wikimedia-l] An update on the ECHR filing to lift the Wikipedia block in Turkey

2019-07-22 Thread Gregory Varnum
Hello! I am writing to provide an update on the status of the petition that the Wikimedia Foundation filed with the European Court of Human Rights (ECHR) in May to lift the more than two-year block of Wikipedia in Turkey.[1] As you may know, many petitions brought before the ECHR are not granted

Re: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan

2019-07-22 Thread George Herbert
Browser vendors could revoke the root that Kazakh authorities are using for the scheme. On Mon, Jul 22, 2019 at 5:35 AM Yuri Astrakhan wrote: > I don't think browser vendors will block the ability to install a custom > root certificate because some corp clients may use it for exactly the same >

Re: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan

2019-07-22 Thread rupert THURNER
displaying a warning that there is a MITM which reads all passwords and banking information sounds nice, yuri. there even seems to be ways to detect this client-server side: https://www.reddit.com/r/javascript/comments/7ldypq/is_it_possible_to_detect_mitm_by_javascript_in_a/ - you mean something