On Thu, Aug 1, 2013 at 6:44 AM, Tim Starling <tstarl...@wikimedia.org> wrote: > On 01/08/13 14:15, Anthony wrote: >> On Wed, Jul 31, 2013 at 9:27 PM, Ryan Lane <rl...@wikimedia.org> wrote: >> >>> I would be fired and jailed before I knowingly let that occur. If this was >>> the case I'd very surely not be working for Wikimedia Foundation. >>> >> >> Key word there being "knowingly". > > I don't know why the NSA would sneak around in our data centres > mirroring our ethernet ports if they already have almost all of our > access logs by capturing unencrypted traffic as it passes through > XKeyscore nodes. > > I think you should save the conspiracy theories until after we switch > anons to HTTPS, that's when they will have an incentive.
tim, and ryan, that is not 100% true. since at least 2010 we know from articles like these: * http://www.wired.com/threatlevel/2010/03/packet-forensics/ * https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl that man-in-the middle attacks are possible with and without HTTPS at XKeyscore nodes. the basic problem is, that wikipedia contents is stored in the U.S., and the site is using certificates issued in the U.S. the same country and legislation the NSA is located. this means the certificates can be compromised and users would not (easily) notice it. the best sign against snooping internet traffic would be if wikipedia will change the hosting to a different country, and use a different countries ssl certificate. you can bet, that the perceived impact on the U.S. business will be so huge that this intolerable practice will stop, at source, at NSA. btw, ryan, you talked about firing and jailing - if you did not know that or if you knew it and ignored it, you should be fired or not work at WMF ;) it is _you_ who need to warn about the location beeing vulnerable, and it is _you_ who decide to use vulnerable digicert certificates. but you of course will not be jailed - this seems to happen to people revealing that xkeyscore exists ... rupert. _______________________________________________ Wikimedia-l mailing list Wikimediaemail@example.com Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>