Great to hear!

I have one caveat with it though - if I understand it correctly, it is
currently in a man-in-the-middle position between the visitor and WMF,
as it provides its own self-signed https certificate and performs
various URL rewriting on the traffic to change the URLs to the onion

Isn't it more secure, then, to just use Tor to access the main
(clearnet) Wikipedia, since it enforces correct HTTPS?

Using Tor <-> clearnet WMF (HTTPS) still provides:
1) censorship circumvention;
2) location anonymity;
3) opaque encryption between the visitor and the WMF;

The #3 is missing if the onion service is not operated by the WMF

Please correct me if I'm wrong.

I do think it's very good that such effort is taking place - but we need
to make sure there's no weak points security-wise that aren't
communicated prominently enough to the users.

Yury. writes:
> Date: Fri, 24 Nov 2017 09:35:24 +0100
> From: Dariusz Jemielniak <>
> To: Wikimedia Mailing List <>
> Subject: Re: [Wikimedia-l] Experimental onion service for all
>       Wikimedia projects set up by Alec Muffett
> Message-ID:
>       <>
> Content-Type: text/plain; charset="UTF-8"
> Excellent! Still, as I argued before, I believe that a solution we could
> use is defaulting to Tor channeling in our mobile app. Facebook offers it
> as an option in partnership with Orbot - I believe we should do the same,
> but default to it (so that people cannot be held responsible for making a
> choice). For unlogged Wikipedia reading this solution is practically
> transparent for users.
> I've recently contacted the WMF with Orbot people and hope that at least we
> can evaluate this approach as a possibility.
> best,
> Dariusz Jemielniak "pundit"

Wikimedia-l mailing list, guidelines at: and
New messages to:

Reply via email to