Fyi
-- Weitergeleitete Nachricht --
Von: Erik Moeller e...@wikimedia.org
Datum: 31.08.2013 07:17
Betreff: [Wikimedia-l] Wikimedia and the politics of encryption
An: Wikimedia Mailing List wikimedi...@lists.wikimedia.org
Hi folks,
As many of you know, this week we enabled HTTPS for logged-in users of
Wikimedia projects. See:
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/
We have geographically exempted users geo-located to China or Iran
from this [1], because these countries mostly block HTTPS traffic and
requiring HTTPS for logged-in users would make it impossible for users
in these countries to log in.
Long term, we’d like to increase HTTPS coverage further, initially by
marking the HTTPS versions of our pages as canonical, which would
cause search engines to refer to them instead of the unencrypted
content. This would make issues with countries that block HTTPS
traffic even more complex to deal with.
HTTPS for editors is important because it is otherwise trivial to
sniff account credentials, especially when users use unencrypted
connections such as open wireless networks. This could potentially
enable an attacker to gain access to an account with significant
privileges, such as checkuser credentials. Beyond that, HTTPS makes it
harder for attackers (individuals, organizations, governments) to
monitor user behavior of readers and editors. It’s not perfect by any
means, but it’s a step towards more privacy and security.
There are many sites on the web now that use HTTPS for all
transactions. For example, Twitter and Facebook use HTTPS by default.
Both sites are also completely blocked in mainland China. [2]
Disabling HTTPS-by-default in regions where HTTPS is blocked for
political reasons of course also exposes affected users to monitoring
and credentials-theft -- which is likely part of the political
motivation for blocking it in the first place. Therefore, our current
exemption is an explicit choice to _not_ give users a degree of
security that we give to everyone else, for the simple reason that
their government would otherwise completely limit their access.
If they know how to make HTTPS work in their region, these users will
still be able to use it by explicitly visiting the HTTPS URLs or use
an extension such as HTTPSEverywhere to enforce HTTPS usage.
In the long term, the Wikimedia movement is faced with a choice, which
is inherently political: Should we indefinitely sustain security
exceptions for regions that prevent the use of encryption, or should
we shift to an alternative strategy? How do we answer that question?
We can, of course, ask users in the affected countries. Given that
this may lead to degradation or loss of access, users are likely to be
opposed, and indeed, when plans to expand HTTPS usage were announced,
a group of Chinese Wikipedians published an open letter asking for
exemptions to be implemented:
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86%E7%99%BB%E5%BD%95/openletter
This was a big part of what drove the decision to implement exemptions.
The bigger consideration here, however, is whether any such
accommodation achieves positive or negative long term effects. The
argument against it goes like this: If we accommodate the PRC’s or
Iran’s censorship practices, we are complicit in their attempts to
monitor and control their citizenry. If a privileged user’s
credentials (e.g. Checkuser) are misused by the government through
monitoring of unencrypted traffic, for example, this is an action that
would not have been possible without our exemption. This could
potentially expose even users not in the affected country to risks.
Moreover, Wikimedia is not just any website -- it’s a top 5 web
property, and the only non-profit organization among the top sites.
Our actions can have signalling effects on the rest of the web. By
exempting China and Iran from standard security measures, we are
treating them as part of the global web community. It could be argued
that it’s time to draw a line in the sand - if you’re prohibiting the
use of encryption, you’re effectively not part of the web. You’re
subverting basic web technologies.
Drawing this hard line clearly has negative near term effects on the
citizenry of affected countries. But the more the rest of the world
comes together in saying What you are doing is wrong. Stop it. - the
harder it will be for outlier countries to continue doing it. Another
way to pose the question is: Would we be implementing these exemptions
if China had blocked HTTPS traffic well after we switched to HTTPS?
Moreover, we’re not helpless against censorship. There _are_ effective
tools that can be used to circumvent attempts to censor and control
the Internet. Perhaps it is time for WMF to ally with the
organizations that develop and promote such tools, rather than looking
for ways to guarantee basic site operation in hostile environments
even at the expense of