On Fri, Aug 23, 2013 at 3:13 PM, Tyler Romeo <[email protected]> wrote:
> On Fri, Aug 23, 2013 at 5:33 PM, Risker <[email protected]> wrote: > > > As I said, Marc, there's already an offline discussion happening looking > > for ways to effectively manage this without outright banning editors from > > those geographical regions from serving Wikimedia communities. A > decision > > to prevent users from certain countries or with certain technical > > challenges from holding these permissions is as much a policy issue as it > > is a security issue (it's also a cross-wiki one), so that aspect needs to > > be considered from a broad community perspective. > > > > It's statements like these that make me question whether the WMF actually > cares about its users' privacy in the first place. There's some big talk on > this list about "subverting the NSA" and making sure that users are secure > within their accounts when using Wikipedia. But if you're not willing to > actually do something about privacy, then it's just talk. > > It is completely unacceptable for checkusers in China to be logging in over > an insecure connection. The Chinese government directly monitors these > connections and can easily harvest these passwords en masse. I truly > sympathize with Chinese Wikipedians who aspire to hold checkuser positions, > but putting at risk the IP address information of every user on Wikipedia > just for the sake of one person who wants to volunteer in a certain > capacity is completely unacceptable. > > If a technical solution can be found that facilitates affected users being > > able to securely use the tools, then the policy discussion would focus on > > whether we require those editors to use the technical solution, instead > of > > recommending outright bans to granting advanced permissions to those > > affected by HTTPS issues. Solutions are already being considered and > > examined for this; granted, the discussion is occurring off-wiki so you > > wouldn't have been aware. > > > There is no technical solution, as has been discussed previously. The China > firewall blocks all HTTPS connections. There is no legal method of getting > around this. The only solution that would preserve both accessibility and > security would be if Wikipedia implemented its own application level TLS > protocol, which would be an absurd undertaking, and would probably just > result in the Chinese government blocking Wikipedia completely anyway. > > You're going to have to choose: risk everybody's privacy or deny checkuser > opportunities to people in China. > > Well, it's also possible that you're just not having clever enough ideas, eh? ;) - Ryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
