> Anirudh Bhati wrote:
>> On Mon, May 7, 2012 at 12:56 PM, Debanjan Bandyopadhyay <debast...@gmail.com
>> Ok then can we not make the default version the https one like say google
> This will not be a permanent solution, I'm afraid.
Encrypting your browser traffic does quite durably protect you against
the kind of injection attacks we're discussing (the injection of
advertisements). I personally use the HTTPS Everywhere plugin
(available for Chrome and Firefox) to ensure that I always browse
Wikimedia and many other sites under SSL protection (that is, via HTTPS).
I'm not suggesting that we set out to persuade millions of people to
switch to open source browsers and install this extension, but if you're
already using Firefox or Chrome, I recommend HTTPS Everywhere for your
own peace of mind.
The most recent discussion, among Wikimedia developers, of whether to
switch to HTTPS-by-default for all connections:
In it, Ryan Lane from Wikimedia operations says that there are practical
reasons that "we have no plans for anonymous HTTPS by default, but will
eventually default to HTTPS for logged-in users":
Engineering Community Manager
Wikimediaindia-l mailing list
To unsubscribe from the list / change mailing preferences visit