subject:"Re\: \[Wikimediaindia\-l\] Wikimedia sites \& HTTPS by default \(was \"Ads Injected into Wikipedia\?\"\)"

Re: [Wikimediaindia-l] Wikimedia sites & HTTPS by default (was "Ads Injected into Wikipedia?")

2012-05-09 Thread Srikanth Ramakrishnan

John,
I've seen some differences in https vs https, namely:
* The ads, I haven't seen them on https, but only on http.
* Blocking Wikipedia/Commons, https is difficult to block.
I suggest everyone start using https.
On Wed, May 9, 2012 at 4:00 PM, John Vandenberg  wrote:

> I'm quite sure that browser addons can inject Ads into https, if they
> want to.  so https is not the answer to this problem.   do you have
> evidence otherwise?
>
> On Wed, May 9, 2012 at 1:05 PM, Sumana Harihareswara
>  wrote:
> >> Anirudh Bhati wrote:
> >>> On Mon, May 7, 2012 at 12:56 PM, Debanjan Bandyopadhyay <
> debast...@gmail.com
> >>> wrote:
> >>> Ok then can we not make the default version the https one like say
> google
> >>> does.
> >>
> >> This will not be a permanent solution, I'm afraid.
> >
> > Encrypting your browser traffic does quite durably protect you against
> > the kind of injection attacks we're discussing (the injection of
> > advertisements).  I personally use the HTTPS Everywhere plugin
> > (available for Chrome and Firefox) to ensure that I always browse
> > Wikimedia and many other sites under SSL protection (that is, via HTTPS).
> >
> > https://www.eff.org/https-everywhere
> >
> > I'm not suggesting that we set out to persuade millions of people to
> > switch to open source browsers and install this extension, but if you're
> > already using Firefox or Chrome, I recommend HTTPS Everywhere for your
> > own peace of mind.
> >
> > The most recent discussion, among Wikimedia developers, of whether to
> > switch to HTTPS-by-default for all connections:
> >
> >
> http://lists.wikimedia.org/pipermail/wikitech-l/2012-April/thread.html#59551
> >
> > In it, Ryan Lane from Wikimedia operations says that there are practical
> > reasons that "we have no plans for anonymous HTTPS by default, but will
> > eventually default to HTTPS for logged-in users":
> >
> > http://lists.wikimedia.org/pipermail/wikitech-l/2012-April/059580.html
> >
> > --
> > Sumana Harihareswara
> > Engineering Community Manager
> > Wikimedia Foundation
> >
> > ___
> > Wikimediaindia-l mailing list
> > Wikimediaindia-l@lists.wikimedia.org
> > To unsubscribe from the list / change mailing preferences visit
> https://lists.wikimedia.org/mailman/listinfo/wikimediaindia-l
>
>
>
> --
> John Vandenberg
>
> ___
> Wikimediaindia-l mailing list
> Wikimediaindia-l@lists.wikimedia.org
> To unsubscribe from the list / change mailing preferences visit
> https://lists.wikimedia.org/mailman/listinfo/wikimediaindia-l
>



-- 
Regards,
Srikanth Ramakrishnan.
___
Wikimediaindia-l mailing list
Wikimediaindia-l@lists.wikimedia.org
To unsubscribe from the list / change mailing preferences visit 
https://lists.wikimedia.org/mailman/listinfo/wikimediaindia-l

Re: [Wikimediaindia-l] Wikimedia sites & HTTPS by default (was "Ads Injected into Wikipedia?")

2012-05-09 Thread John Vandenberg

I'm quite sure that browser addons can inject Ads into https, if they
want to.  so https is not the answer to this problem.   do you have
evidence otherwise?

On Wed, May 9, 2012 at 1:05 PM, Sumana Harihareswara
 wrote:
>> Anirudh Bhati wrote:
>>> On Mon, May 7, 2012 at 12:56 PM, Debanjan Bandyopadhyay >> wrote:
>>> Ok then can we not make the default version the https one like say google
>>> does.
>>
>> This will not be a permanent solution, I'm afraid.
>
> Encrypting your browser traffic does quite durably protect you against
> the kind of injection attacks we're discussing (the injection of
> advertisements).  I personally use the HTTPS Everywhere plugin
> (available for Chrome and Firefox) to ensure that I always browse
> Wikimedia and many other sites under SSL protection (that is, via HTTPS).
>
> https://www.eff.org/https-everywhere
>
> I'm not suggesting that we set out to persuade millions of people to
> switch to open source browsers and install this extension, but if you're
> already using Firefox or Chrome, I recommend HTTPS Everywhere for your
> own peace of mind.
>
> The most recent discussion, among Wikimedia developers, of whether to
> switch to HTTPS-by-default for all connections:
>
> http://lists.wikimedia.org/pipermail/wikitech-l/2012-April/thread.html#59551
>
> In it, Ryan Lane from Wikimedia operations says that there are practical
> reasons that "we have no plans for anonymous HTTPS by default, but will
> eventually default to HTTPS for logged-in users":
>
> http://lists.wikimedia.org/pipermail/wikitech-l/2012-April/059580.html
>
> --
> Sumana Harihareswara
> Engineering Community Manager
> Wikimedia Foundation
>
> ___
> Wikimediaindia-l mailing list
> Wikimediaindia-l@lists.wikimedia.org
> To unsubscribe from the list / change mailing preferences visit 
> https://lists.wikimedia.org/mailman/listinfo/wikimediaindia-l



-- 
John Vandenberg

___
Wikimediaindia-l mailing list
Wikimediaindia-l@lists.wikimedia.org
To unsubscribe from the list / change mailing preferences visit 
https://lists.wikimedia.org/mailman/listinfo/wikimediaindia-l

Re: [Wikimediaindia-l] Wikimedia sites & HTTPS by default (was "Ads Injected into Wikipedia?")

Re: [Wikimediaindia-l] Wikimedia sites & HTTPS by default (was "Ads Injected into Wikipedia?")

2 matches

Site Navigation

Mail list logo

Footer information