On Tue, Jul 9, 2013 at 4:07 PM, James Salsman jsalsman@gmail.com wrote:
Would publicizing these free and open secure alternatives to commercial applications known to be under surveillance -- https://prism-break.org/ -- be sufficiently aligned with out values?
Our values? ... Our practise. No.
SSL is mandatory to avoid surveillance, but TOR is also quite important.
The very first entry on prism-break is TOR, which is blocked on Wikimedia projects for editing, by explicit blocks and by the TorBlock extension, which is enabled on all wikis, even Chinese Wikipedia.
https://www.mediawiki.org/wiki/Extension:TorBlock https://zh.wikipedia.org/wiki/Special:Version
The mobile functionality is very unfriendly for privacy.
Loading a non-mobile HTTPS url (e.g. https://en.wikipedia.org/wiki/1984), redirects the reader to the mobile HTTP page. If they clicked on a https link believing that their browsing pattern was not able to be monitored, their reading patterns are in clear text on the internet without them being informed of this. The EFF is pushing solutions to send readers from HTTP to HTTPS sites, and WMF is sending readers from HTTPS to HTTP - transparently.
https://bugzilla.wikimedia.org/show_bug.cgi?id=35215 (reported March 2012, last comment from WMF tech team in April 2013 indicates this may not be fixed soon)
Admins can bypass the Tor block, however logging in on Mobile is not easy. In the mobile search type in special:userlogin. The login screen appears, and the 'sign in' button replies to the user that there was a cookie error.
https://bugzilla.wikimedia.org/show_bug.cgi?id=31045 (reported 2011; closed as INVALID the same day)
When using the Orweb browser (part of the tor solution for Android), trying to log in is even more difficult as you cant go to the Desktop site without tying in a long url that bypasses the mobile site.
https://bugzilla.wikimedia.org/show_bug.cgi?id=51277 (reported by me today)
-- John Vandenberg