On Jan 19, 2017 14:09, "Dan Andreescu" dandreescu@wikimedia.org wrote:
figures out a way to counter-act the public opinion that Wikipedia traffic is monitored by the government. Ops goes to such lengths to make sure that's not possible, they should get credit for that (and apparently the blog posts about the https switch are not enough).
I hope they don't go too far with that, AFAIK we're still quite vulnerable to traffic analysis by a passive listener. (no MITM, and notwithstanding any vulnerability mentioned elsewhere on this thread (because we're not using quic?))
and we leak SNI too.
see threads:
Zack started a few different threads on ~ 2013-08-16: https://lists.wikimedia.org/pipermail/wikitech-l/2013-August/071262.html
"take two" (2014-06-05): https://lists.wikimedia.org/pipermail/wikitech-l/2014-June/076876.html
On a technical note: we should revisit the idea of backfilling old data into AQS so people can do this type of research project on top of the pageview API,
I would use it. :-)
-Jeremy