The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/ have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
On 12 June 2015 at 21:22, Juliet Barbara jbarbara@wikimedia.org wrote:
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
Excellent news!
So how are we dealing with the Iran and China issue?
- d.
On 12 June 2015 at 22:08, David Gerard dgerard@gmail.com wrote:
Excellent news!
So how are we dealing with the Iran and China issue?
Well the introduction appears to have been timed for one of those periods where we are completely blocked in china anyway.
Have I understood it correctly, that Wikipedia Zero traffic is free only while through http, and not https?
China and Iran blocks https (and WMF thinks https is more secure than http when it can be EASILY blocked lol) so people in these countries used wikipedia on http, so some here think that these countries are spying on them by forcing them to use http, but that https block in this countries was NOT to target wikipedia, it was to target social networking sites and american based email sites like yahoo and gmail etc..but now by moving to HTTPS, we have now become a target for those countries......well done..and to add to that, people who used wikipedia in those countries to find the "truth" about whats happening in their country and other regions can no longer do so since its blocked..Well Done again WMF..I asked a few devs on IRC and on the associated VP thread why this was done and the answer seems to be a simple way of saying "To protect Americans" .......didn't know Soviet USA was that bad....really a pathetic move by WMF when this was previously discussed before and thrown out for the sam reasons I mentioned above..
Someone has to be fired for this.
On 6/14/15, Vira Motorko vira.motorko@gmail.com wrote:
Have I understood it correctly, that Wikipedia Zero traffic is free only while through http, and not https?
-- *--* *Vira Motorko* PR manager, Wikimedia Ukraine https://ua.wikimedia.org/ +380667740499
Are you saving your documents in free formats? ;) Help save natural resources – please think twice before printing this e-mail or any attachments.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 14 June 2015 at 05:21, Comet styles cometstyles@gmail.com wrote:
China and Iran blocks https (and WMF thinks https is more secure than http when it can be EASILY blocked lol)
China is currently blocking HTTP and has done so quite frequently. The ability to block is largely unrelated to security.
so people in these countries used wikipedia on http, so some here think that these countries are spying on them by forcing them to use http, but that https block in this countries was NOT to target wikipedia, it was to target social networking sites and american based email sites like yahoo and gmail etc..but now by moving to HTTPS, we have now become a target for those countries......well done..
That doesn't make sense. HTTPs doesn't hide the domain. The country can still tell that someone is visiting wikipedia rather than say facebook. What becomes more difficult is telling what a person is viewing on wikipedia.
and to add to that, people who used wikipedia in those countries to find the "truth" about whats happening in their country and other regions can no longer do so since its blocked..Well Done again WMF..
Well actually no they couldn't if they had a government with active blocking measures. With HTTP traffic governments and ISPs can (and did) block individual pages that they don't like.
Someone has to be fired for this.
That would seem to be something of an over reaction even if you disagree with the decision.
But won't the people in Iran or China would be able to access the Wikimedia sites through http instead of https? And what about accessing through https within Wikipedia Zero? Is cost-free access available through https?
On Sun, Jun 14, 2015 at 12:54 PM, geni geniice@gmail.com wrote:
On 14 June 2015 at 05:21, Comet styles cometstyles@gmail.com wrote:
China and Iran blocks https (and WMF thinks https is more secure than http when it can be EASILY blocked lol)
China is currently blocking HTTP and has done so quite frequently. The ability to block is largely unrelated to security.
so people in these countries used wikipedia on http, so some here think that these countries are spying on them by forcing them to use http, but that https block in this countries was NOT to target wikipedia, it was to target social networking sites and american based email sites like yahoo and gmail etc..but now by moving to HTTPS, we have now become a target for those countries......well done..
That doesn't make sense. HTTPs doesn't hide the domain. The country can still tell that someone is visiting wikipedia rather than say facebook. What becomes more difficult is telling what a person is viewing on wikipedia.
and to add to that, people who used wikipedia in those countries to find the "truth" about whats happening in their country and other regions can no longer do so since its blocked..Well Done again WMF..
Well actually no they couldn't if they had a government with active blocking measures. With HTTP traffic governments and ISPs can (and did) block individual pages that they don't like.
Someone has to be fired for this.
That would seem to be something of an over reaction even if you disagree with the decision.
-- geni _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hi all,
Our understanding is that there is currently no country where only HTTPS access to Wikipedia is blocked. In Iran https://en.wikipedia.org/wiki/Censorship_of_Wikipedia#Iran, the government appears to have been blocking select Wikipedia articles at different times.[1] The Great Firewall of China https://en.wikipedia.org/wiki/Censorship_of_Wikipedia#China has also been blocking select articles on Chinese and English Wikipedia.[2] While it previously blocked all HTTPS access to Chinese Wikipedia, that block has more recently been extended to HTTP access as well. The transition to HTTPS by default therefore shouldn't block anyone's access to all of Wikipedia due to censorship. Rather it should help prevent censorship of select Wikipedia articles, which we know is a problem in different parts of the world.
I should also mention that while we try to be as transparent as possible in all our work (including holding community consultations around all major legal policies and providing frequent updates on our work), there are very limited situations where public discussions could actually hurt free access to Wikipedia. If you have thoughts about the evolving censorship landscape, feel free to email me directly, if possible via encrypted email.
With respect to Wikipedia Zero, we have been working with mobile carriers for over a year to make sure that they are able to provide access free of data charges over HTTPS. For many carriers, this required them to adjust the technical implementation of how they waive data charges. We are now finally ready to transition Wikipedia Zero access to HTTPS by default.
Best, Yana
[1] https://en.wikipedia.org/wiki/Censorship_of_Wikipedia#Iran [2] https://en.wikipedia.org/wiki/Censorship_of_Wikipedia#China
On Sun, Jun 14, 2015 at 6:27 AM, Tanweer Morshed wiki.tanweer@gmail.com wrote:
But won't the people in Iran or China would be able to access the Wikimedia sites through http instead of https? And what about accessing through https within Wikipedia Zero? Is cost-free access available through https?
On Sun, Jun 14, 2015 at 12:54 PM, geni geniice@gmail.com wrote:
On 14 June 2015 at 05:21, Comet styles cometstyles@gmail.com wrote:
China and Iran blocks https (and WMF thinks https is more secure than http when it can be EASILY blocked lol)
China is currently blocking HTTP and has done so quite frequently. The ability to block is largely unrelated to security.
so people in these countries used wikipedia on http, so some here think that these countries are spying on them by forcing them to use http, but that https block in this countries was NOT to target wikipedia, it was to target social networking sites and american based email sites like yahoo and gmail etc..but now by moving to HTTPS, we have now become a target for those countries......well done..
That doesn't make sense. HTTPs doesn't hide the domain. The country can still tell that someone is visiting wikipedia rather than say facebook. What becomes more difficult is telling what a person is viewing on wikipedia.
and to add to that, people who used wikipedia in those countries to find the "truth" about whats happening in their country and other regions can no longer do so since its blocked..Well Done again WMF..
Well actually no they couldn't if they had a government with active blocking measures. With HTTP traffic governments and ISPs can (and did) block individual pages that they don't like.
Someone has to be fired for this.
That would seem to be something of an over reaction even if you disagree with the decision.
-- geni _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Regards, Tanweer Morshed _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org https://meta.wikimedia.org/wiki/Mailing_lists/GuidelinesWikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Sun, Jun 14, 2015 at 8:56 PM, Yana Welinder yana@wikimedia.org wrote:
I should also mention that while we try to be as transparent as possible in all our work (including holding community consultations around all major legal policies and providing frequent updates on our work), there are very limited situations where public discussions could actually hurt free access to Wikipedia. If you have thoughts about the evolving censorship landscape, feel free to email me directly, if possible via encrypted email.
Would you mind clarifying which encryption method? S/MIME? PGP?
I was actually going to reply, because what you said puzzled me, but this is the only PGP key I could find for you on the public keyservers:
pub 4096R/FFF81E5E 2015-06-01 *** KEY REVOKED *** [not verified] Yana Welinder ywelinder@wikimedia.org
Austin
Hi Austin,
Thanks for letting me know. I use PGP, but there's something wrong with my key right now. I'll look into it and get back to you.
Thanks, Yana
On Sun, Jun 14, 2015 at 11:22 PM, Austin Hair adhair@gmail.com wrote:
On Sun, Jun 14, 2015 at 8:56 PM, Yana Welinder yana@wikimedia.org wrote:
I should also mention that while we try to be as transparent as possible
in
all our work (including holding community consultations around all major legal policies and providing frequent updates on our work), there are
very
limited situations where public discussions could actually hurt free
access
to Wikipedia. If you have thoughts about the evolving censorship
landscape,
feel free to email me directly, if possible via encrypted email.
Would you mind clarifying which encryption method? S/MIME? PGP?
I was actually going to reply, because what you said puzzled me, but this is the only PGP key I could find for you on the public keyservers:
pub 4096R/FFF81E5E 2015-06-01 *** KEY REVOKED *** [not verified] Yana Welinder ywelinder@wikimedia.org
Austin
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org https://meta.wikimedia.org/wiki/Mailing_lists/GuidelinesWikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara jbarbara@wikimedia.org a écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-wikimedia-foundation-wikis/, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/ have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ]
Great job. :) Thanks for informing [PS. to members, you may read the WP:VPT https://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28technical%29#HTTPS_by_default discussion too]
On 13 June 2015 at 03:05, Habib M'henni habib.mhenni@gmail.com wrote:
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara jbarbara@wikimedia.org a écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years <
https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users <
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ] _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Congrats, you just made internet shitty for all 3rd world countries and did you people even bother to find out how it will affect users in China or Iran where HTTPS is BANNED?.
On 6/13/15, Tito Dutta trulytito@gmail.com wrote:
Great job. :) Thanks for informing [PS. to members, you may read the WP:VPT https://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28technical%29#HTTPS_by_default discussion too]
On 13 June 2015 at 03:05, Habib M'henni habib.mhenni@gmail.com wrote:
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara jbarbara@wikimedia.org a écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years <
https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users <
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ] _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Comets, I can answer that. From the dev who switched HTTPS on during prime usage times, complained about working 60+ hours this week, then left for the day.
I get the impression that the WMF doesn't give a shit about those users who choose to opt-out of HTTPS for one reason or another. It's basically your now screwed, it works for us so figure it out without us.
On Friday, June 12, 2015, Comet styles cometstyles@gmail.com wrote:
Congrats, you just made internet shitty for all 3rd world countries and did you people even bother to find out how it will affect users in China or Iran where HTTPS is BANNED?.
On 6/13/15, Tito Dutta <trulytito@gmail.com javascript:;> wrote:
Great job. :) Thanks for informing [PS. to members, you may read the WP:VPT <
https://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28technical%29#HTTPS_b...
discussion too]
On 13 June 2015 at 03:05, Habib M'henni <habib.mhenni@gmail.com
javascript:;> wrote:
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara <jbarbara@wikimedia.org
javascript:;> a
écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/
AND
BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years <
https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed
to
our sites from major search engines. Additionally, all logged in users <
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push <
https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/%3E
for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org javascript:; I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:;
?subject=unsubscribe>
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ] _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:;
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:;
?subject=unsubscribe>
-- Cometstyles
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org javascript:; ?subject=unsubscribe>
This reminds me of the VE rollout debacle
On Friday, June 12, 2015, John phoenixoverride@gmail.com wrote:
Comets, I can answer that. From the dev who switched HTTPS on during prime usage times, complained about working 60+ hours this week, then left for the day.
I get the impression that the WMF doesn't give a shit about those users who choose to opt-out of HTTPS for one reason or another. It's basically your now screwed, it works for us so figure it out without us.
On Friday, June 12, 2015, Comet styles <cometstyles@gmail.com javascript:_e(%7B%7D,'cvml','cometstyles@gmail.com');> wrote:
Congrats, you just made internet shitty for all 3rd world countries and did you people even bother to find out how it will affect users in China or Iran where HTTPS is BANNED?.
On 6/13/15, Tito Dutta trulytito@gmail.com wrote:
Great job. :) Thanks for informing [PS. to members, you may read the WP:VPT <
https://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28technical%29#HTTPS_b...
discussion too]
On 13 June 2015 at 03:05, Habib M'henni habib.mhenni@gmail.com wrote:
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara jbarbara@wikimedia.org
a
écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/
AND
BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored.
At
the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to
all
users. In fact, for the past four years <
https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed
to
our sites from major search engines. Additionally, all logged in users <
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push <
https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/%3E
for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the
world.
Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS
affects
all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing
a
more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and
we
expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ] _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Cometstyles
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org https://meta.wikimedia.org/wiki/Mailing_lists/GuidelinesWikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Uh, I’m from a Third World country, and while I know the Internet here in the Philippines is shitty, I don’t think the WMF can be blamed for that. I’ve been using HTTPS for quite a while now and for the most part, it works normally.
Let’s try to avoid overly generalizing the developing world here. However, I too would like to hear something from the WMF as to how they will deal with the situation in countries where HTTPS is actively being blocked.
Josh
Wiadomość napisana przez Comet styles cometstyles@gmail.com w dniu 13 cze 2015, o godz. 06:34:
Congrats, you just made internet shitty for all 3rd world countries and did you people even bother to find out how it will affect users in China or Iran where HTTPS is BANNED?.
On 6/13/15, Tito Dutta trulytito@gmail.com wrote:
Great job. :) Thanks for informing [PS. to members, you may read the WP:VPT https://en.wikipedia.org/wiki/Wikipedia:Village_pump_%28technical%29#HTTPS_by_default discussion too]
On 13 June 2015 at 03:05, Habib M'henni habib.mhenni@gmail.com wrote:
This is really fantastic.
Thanks,
Habib
Le 12 juin 2015 21:22:26 CET, Juliet Barbara jbarbara@wikimedia.org a écrit :
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here:
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years <
https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
, Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users <
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
..................................................... Habib M'henni Ingénieur civil et technologue à l'Iset de Nabeul Membre fondateur de CLibre et Wikimedia TN User Group http://about.me/habibmhenni http://blog.habibmhenni.tn Téléphone : +216 52232190 [K9.Andro ] _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Cometstyles
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
JAMES JOSHUA G. LIM Bachelor of Arts in Political Science Class of 2013, Ateneo de Manila University Quezon City, Metro Manila, Philippines
jamesjoshualim@yahoo.com mailto:jamesjoshualim@yahoo.com | +63 (915) 321-7582 Facebook/Twitter: akiestar | Wikimedia: Sky Harbor http://about.me/josh.lim http://about.me/josh.lim
Hi Juliet,
Your blog post states "this change could affect access for some Wikimedia traffic in certain parts of the world" - which makes some alarm bells go off.
Could you clarify in what kind of cases it would 'affect' and in what way? It's quite different whether a few dozen people have to wait for their connection a few ms longer, or whether whole countries are basically locked out because they can't (or won't) access through https.
Also, it is unclear to me whether it is 'https by default but you can still access through https' or 'https or nothing'. The blogpost is not clear to me on this, but maybe I'm overlooking something, or not well versed enough in the concept.
Hope you can clarify. Thanks!
Lodewijk
On Fri, Jun 12, 2015 at 10:22 PM, Juliet Barbara jbarbara@wikimedia.org wrote:
The Wikimedia Foundation is pleased to announce that we have begun the transition of the Wikimedia projects and sites to the secure HTTPS protocol. You may have seen our blog post from this morning; it has also been posted to relevant Village Pumps (Technical).
This post is available online here: https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Securing access to Wikimedia sites with HTTPS
BY YANA WELINDER https://blog.wikimedia.org/author/ywelinder/, VICTORIA BARANETSKY https://blog.wikimedia.org/author/victoria-baranetsky/ AND BRANDON BLACK https://blog.wikimedia.org/author/brandon-black/ ON JUNE 12TH
To be truly free, access to knowledge must be secure and uncensored. At the Wikimedia Foundation, we believe that you should be able to use Wikipedia and the Wikimedia sites without sacrificing privacy or safety.
Today, we’re happy to announce that we are in the process of implementing HTTPS https://en.wikipedia.org/wiki/HTTPS to encrypt all Wikimedia traffic. We will also use HTTP Strict Transport Security https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security (HSTS) to protect against efforts to ‘break’ HTTPS and intercept traffic. With this change, the nearly half a billion people who rely on Wikipedia and its sister projects every month will be able to share in the world’s knowledge more securely.
The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.
HTTPS is not new to Wikimedia sites. Since 2011, we have been working on establishing the infrastructure and technical requirements, and understanding the policy and community implications of HTTPS for all Wikimedia traffic, with the ultimate goal of making it available to all users. In fact, for the past four years < https://blog.wikimedia.org/2011/10/03/native-https-support-enabled-for-all-w...
,
Wikimedia users could access our sites with HTTPS manually, through HTTPS Everywhere https://www.eff.org/https-everywhere, and when directed to our sites from major search engines. Additionally, all logged in users < https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
have been accessing via HTTPS since 2013.
Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push https://blog.wikimedia.org/2013/08/01/future-https-wikimedia-projects/ for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams.
We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment.
The technical challenges of migrating to HTTPS
HTTPS migration for one of the world’s most popular websites can be complicated. For us, this process began years ago and involved teams from across the Wikimedia Foundation. Our engineering team has been driving this transition, working hard to improve our sites’ HTTPS performance, prepare our infrastructure to handle the transition, and ultimately manage the implementation.
Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware. Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.
HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure. We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.
Throughout this process, we have carefully considered how HTTPS affects all of our users. People around the world access Wikimedia sites from a diversity of devices, with varying levels of connectivity and freedom of information. Although we have optimized the experience as much as possible with this challenge in mind, this change could affect access for some Wikimedia traffic in certain parts of the world.
In the last year leading up to this roll-out, we’ve ramped up our testing and optimization efforts to make sure our sites and infrastructure can support this migration. Our focus is now on completing the implementation of HTTPS and HSTS for all Wikimedia sites. We look forward to sharing a more detailed account of this unique engineering accomplishment once we’re through the full transition.
Today, we are happy to start the final steps of this transition, and we expect completion within a couple of weeks.
Yana Welinder https://wikimediafoundation.org/wiki/User:YWelinder_(WMF), Senior Legal Counsel, Wikimedia Foundation
Victoria Baranetsky https://wikimediafoundation.org/wiki/User:VBaranetsky_(WMF), Legal Counsel, Wikimedia Foundation
Brandon Black https://en.wikipedia.org/wiki/User:BBlack_(WMF), Operations Engineer, Wikimedia Foundation
-- *Juliet Barbara* Senior Communications Manager I Wikimedia Foundation 149 New Montgomery Street I San Francisco, CA 94105 jbarbara@wikimedia.org I +1 (512) 750-5677
Please note: all replies sent to this mailing list will be immediately directed to Wikimedia-l, the public mailing list of the Wikimedia community. For more information about Wikimedia-l: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ WikimediaAnnounce-l mailing list WikimediaAnnounce-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikimediaannounce-l
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
wikimedia-l@lists.wikimedia.org