Hi all, I wanted to share a clarifying email from Ryan Lane in WMF Ops. He's working through the challenges of HTTPS from the Foundation's end.
Please see below for more details: -Matthew On Fri, Jun 7, 2013 at 2:31 PM, Ryan Lane <rl...@wikimedia.org> wrote: > How does it impact people? Short answer: it shouldn't. Long answer: It may > make the site slightly slower due to increased network latency, and it is > slightly more computationally expensive, which may make the site slower on > computers that are underpowered. > > How does it impact the WMF? It depends. For enabling it for logged-in > users, or for those that use HTTPS-anywhere? It doesn't affect us, because > that's the state we're in right now. For making HTTPS the default for > anonymous users? We need to change how our infrastructure works. We may > need to buy additional hardware. We definitely need to do some engineering > work. > > How does it impact the government's ability to apply censorship? Short > answer: it doesn't. It affects their ability to eavesdrop on people. Long > answer: It depends on how sophisticated the government's censorship program > is. In some countries the government's censorship program can be totally > bypassed using HTTPS. China's program is very sophisticated. The best HTTPS > is going to help the Chinese is to give them a reasonable amount of > protection against eavesdropping. It's still possible for China to > eavesdrop, even when users are using HTTPS, if China has subverted any of > the Certificate Authorities trusted by our browsers. > > Are there negative sides of each choice? Yes. Not providing HTTPS means > that users will always be subject to eavesdropping, which in very > authoritative countries could mean they are imprisoned or killed for > reading or editing Wikipedia, depending on what they are reading or > editing. Realistically not making HTTPS the default is similar to not > providing it for all intents and purposes. Search engines will bring people > to the HTTP version of the site, not the HTTPS version so the vast majority > of users will still be able to be eavesdropped on. Making HTTPS the default > also has negatives. A very small minority of users don't have HTTPS > support, or their computers are so old that it makes the site unusably > slow. That's a *very* small percentage of users, though. Additionally, it > makes the site slower for everyone, which may cause a decrease in viewers > and/or editors. > > This is likely the most non-technical way I can explain things. I hope it > helps! > On Fri, Jun 7, 2013 at 11:39 AM, Benjamin Chen <bencmqw...@gmail.com> wrote: > On 8 Jun, 2013, at 12:24 AM, Matthew Roth <mr...@wikimedia.org> wrote: > > > We have had contact with the authors of the blog and they have said they > > will publish our response to their article, though I'm not sure when or > in > > what format. > > Great. That's really fast response. > > On the issue itself, we haven't seen any large scale blocks for years > (around the time since last time Jimbo visited some Chinese official more > than 4 or 5 years ago I think). > > The secure.wikimedia domain was blocked long ago, but they waited till now > to block HTTPS, after 3 years? (I can't remember when it was enabled). I > wonder how long it took for them to realise. > > It is suggested that this could be a long term block similar to how > secure.wikimedia was blocked - for HTTPS they have no control over content, > so they are simply blocking it all. For HTTP they are still performing deep > package inspection (means content censoring), so since they can filter what > the Chinese people can see, it's likely that they'll leave HTTP alone. > > > Regards, > > Benjamin Chen / [[User:Bencmq]] > _______________________________________________ > Wikimedia-l mailing list > Wikimediafirstname.lastname@example.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l > -- Matthew Roth Global Communications Manager Wikimedia Foundation +1.415.839.6885 ext 6635 www.wikimediafoundation.org *http://blog.wikimedia.org/* _______________________________________________ Wikimedia-l mailing list Wikimediaemail@example.com Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l