Hi folks,
As many of you know, this week we enabled HTTPS for logged-in users of Wikimedia projects. See:
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
We have geographically exempted users geo-located to China or Iran from this [1], because these countries mostly block HTTPS traffic and requiring HTTPS for logged-in users would make it impossible for users in these countries to log in.
Long term, we’d like to increase HTTPS coverage further, initially by marking the HTTPS versions of our pages as "canonical", which would cause search engines to refer to them instead of the unencrypted content. This would make issues with countries that block HTTPS traffic even more complex to deal with.
HTTPS for editors is important because it is otherwise trivial to sniff account credentials, especially when users use unencrypted connections such as open wireless networks. This could potentially enable an attacker to gain access to an account with significant privileges, such as checkuser credentials. Beyond that, HTTPS makes it harder for attackers (individuals, organizations, governments) to monitor user behavior of readers and editors. It’s not perfect by any means, but it’s a step towards more privacy and security.
There are many sites on the web now that use HTTPS for all transactions. For example, Twitter and Facebook use HTTPS by default. Both sites are also completely blocked in mainland China. [2]
Disabling HTTPS-by-default in regions where HTTPS is blocked for political reasons of course also exposes affected users to monitoring and credentials-theft -- which is likely part of the political motivation for blocking it in the first place. Therefore, our current exemption is an explicit choice to _not_ give users a degree of security that we give to everyone else, for the simple reason that their government would otherwise completely limit their access.
If they know how to make HTTPS work in their region, these users will still be able to use it by explicitly visiting the HTTPS URLs or use an extension such as HTTPSEverywhere to enforce HTTPS usage.
In the long term, the Wikimedia movement is faced with a choice, which is inherently political: Should we indefinitely sustain security exceptions for regions that prevent the use of encryption, or should we shift to an alternative strategy? How do we answer that question?
We can, of course, ask users in the affected countries. Given that this may lead to degradation or loss of access, users are likely to be opposed, and indeed, when plans to expand HTTPS usage were announced, a group of Chinese Wikipedians published an open letter asking for exemptions to be implemented:
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86...
This was a big part of what drove the decision to implement exemptions.
The bigger consideration here, however, is whether any such accommodation achieves positive or negative long term effects. The argument against it goes like this: If we accommodate the PRC’s or Iran’s censorship practices, we are complicit in their attempts to monitor and control their citizenry. If a privileged user’s credentials (e.g. Checkuser) are misused by the government through monitoring of unencrypted traffic, for example, this is an action that would not have been possible without our exemption. This could potentially expose even users not in the affected country to risks.
Moreover, Wikimedia is not just any website -- it’s a top 5 web property, and the only non-profit organization among the top sites. Our actions can have signalling effects on the rest of the web. By exempting China and Iran from standard security measures, we are treating them as part of the global web community. It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
Drawing this hard line clearly has negative near term effects on the citizenry of affected countries. But the more the rest of the world comes together in saying "What you are doing is wrong. Stop it." - the harder it will be for outlier countries to continue doing it. Another way to pose the question is: Would we be implementing these exemptions if China had blocked HTTPS traffic well after we switched to HTTPS?
Moreover, we’re not helpless against censorship. There _are_ effective tools that can be used to circumvent attempts to censor and control the Internet. Perhaps it is time for WMF to ally with the organizations that develop and promote such tools, rather than looking for ways to guarantee basic site operation in hostile environments even at the expense of user privacy.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward. I think we’re doing the right thing by initially implementing these exemptions -- but I do think this decision needs to finally rest with the Board of the Wikimedia Foundation, based on community input, taking the tradeoffs into account.
My own stance, which I will continue to argue for (and which is my view as an individual -- there are many divergent opinions on this even inside WMF), is clear: I think we should set a deadline for the current approach, and shift to HTTPS for all traffic, for all sites, for all users, by default, after that deadline passes. This will force us to take the consequences of that shift seriously, and to explore alternatives to designing our technical policies around the practices of regimes that undermine web security in order to better censor and monitor their citizens.
All best,
Erik
[1] For the curious, the list of blacklisted countries is defined in the configuration array 'wmgHTTPSBlacklistCountries’ in https://noc.wikimedia.org/conf/InitialiseSettings.php.txt .
[2] A reasonably up-to-date list is being maintained at https://en.wikipedia.org/wiki/List_of_websites_blocked_in_China
Le 31/08/2013 07:17, Erik Moeller a écrit :
We can, of course, ask users in the affected countries. Given that this may lead to degradation or loss of access, users are likely to be opposed, and indeed, when plans to expand HTTPS usage were announced, a group of Chinese Wikipedians published an open letter asking for exemptions to be implemented:
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86...
This was a big part of what drove the decision to implement exemptions.
This attitude seems to be, on a first look, the most logical and respectful one.
But, I want to be remember, that the risk perception is often not proportional *at all* to the risk itself. In daily life, many risks are suppressed because the imagination of a constant threat would paralyse all activities. So, this feedback from the Chinese community should be handled carefully.
I tend myself to think that deploying HTTPS everywhere and force its usage is the best long term approach.
However, this is without any doubt, a difficult dilemma.
Emmanuel
I think that we should make a policy of https by default and grandfather-in (https://en.wikipedia.org/wiki/Grandfather_clause) exceptions to Iran and PRC, reason being that
1. We should not exclude whole groups of existing Wikipedians simply because of the government they happen to live within the jurisdiction of.
2. Any time anyone else says "wait well *they* have no https! What gives? Why can't we have that?" We could cite the grandfathered-in nature of the rule, and how we want to grant access to as many people as possible.
We could also say that grandfathered-in places would lose their status permanently should the community of Wikipedians in such places decide to change the http/https status.
On Aug 31, 2013, at 1:07 AM, Emmanuel Engelhart kelson@kiwix.org wrote:
Le 31/08/2013 07:17, Erik Moeller a écrit :
We can, of course, ask users in the affected countries. Given that this may lead to degradation or loss of access, users are likely to be opposed, and indeed, when plans to expand HTTPS usage were announced, a group of Chinese Wikipedians published an open letter asking for exemptions to be implemented:
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86...
This was a big part of what drove the decision to implement exemptions.
This attitude seems to be, on a first look, the most logical and respectful one.
But, I want to be remember, that the risk perception is often not proportional *at all* to the risk itself. In daily life, many risks are suppressed because the imagination of a constant threat would paralyse all activities. So, this feedback from the Chinese community should be handled carefully.
I tend myself to think that deploying HTTPS everywhere and force its usage is the best long term approach.
However, this is without any doubt, a difficult dilemma.
Emmanuel
Kiwix - Wikipedia Offline & more
- Web: http://www.kiwix.org
- Twitter: https://twitter.com/KiwixOffline
- more: http://www.kiwix.org/wiki/Communication
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
There are three groups to consider, readers, contributors without and contributors with specific rights that allow them access to data which is not publicly visible anyway:
For readers: Readers will not have reduced access to knowledge. I think that runs against our mission. There are a number of possible reactions: 1) nothing, and the readers cannot access this knowledge anymore 2) readers move to alternatives like Baidu Knows 3) an HTTP proxy will be set up by a third party, giving access to readers without the supervision and guidance of the WMF, and potentially with technical and even more serious security issues What is the advantage for readers to not have access to the HTTP version?
For contributors without specific rights: 1) what they do is publicly visible anyway, and logged. What is in danger is the connection between them and their login. Would HTTPS help with that? 2) most of these contributors do not touch sensitive issues. Why block them out? For what advantage?
For contributors with specific rights: 1) HTTPS only. Putting the contributors themselves in risk is bad enough, but compromising further contributors is not acceptable. 2) How many would be affected by this anyway? I would be pleasantly surprised if it is more than a handful.
I think this is an important and hard discussion, and I hope for wide participation. Thank you Erik, for starting it.
Cheers, Denny
2013/8/31 Erik Moeller erik@wikimedia.org
Hi folks,
As many of you know, this week we enabled HTTPS for logged-in users of Wikimedia projects. See:
https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedi...
We have geographically exempted users geo-located to China or Iran from this [1], because these countries mostly block HTTPS traffic and requiring HTTPS for logged-in users would make it impossible for users in these countries to log in.
Long term, we’d like to increase HTTPS coverage further, initially by marking the HTTPS versions of our pages as "canonical", which would cause search engines to refer to them instead of the unencrypted content. This would make issues with countries that block HTTPS traffic even more complex to deal with.
HTTPS for editors is important because it is otherwise trivial to sniff account credentials, especially when users use unencrypted connections such as open wireless networks. This could potentially enable an attacker to gain access to an account with significant privileges, such as checkuser credentials. Beyond that, HTTPS makes it harder for attackers (individuals, organizations, governments) to monitor user behavior of readers and editors. It’s not perfect by any means, but it’s a step towards more privacy and security.
There are many sites on the web now that use HTTPS for all transactions. For example, Twitter and Facebook use HTTPS by default. Both sites are also completely blocked in mainland China. [2]
Disabling HTTPS-by-default in regions where HTTPS is blocked for political reasons of course also exposes affected users to monitoring and credentials-theft -- which is likely part of the political motivation for blocking it in the first place. Therefore, our current exemption is an explicit choice to _not_ give users a degree of security that we give to everyone else, for the simple reason that their government would otherwise completely limit their access.
If they know how to make HTTPS work in their region, these users will still be able to use it by explicitly visiting the HTTPS URLs or use an extension such as HTTPSEverywhere to enforce HTTPS usage.
In the long term, the Wikimedia movement is faced with a choice, which is inherently political: Should we indefinitely sustain security exceptions for regions that prevent the use of encryption, or should we shift to an alternative strategy? How do we answer that question?
We can, of course, ask users in the affected countries. Given that this may lead to degradation or loss of access, users are likely to be opposed, and indeed, when plans to expand HTTPS usage were announced, a group of Chinese Wikipedians published an open letter asking for exemptions to be implemented:
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86...
This was a big part of what drove the decision to implement exemptions.
The bigger consideration here, however, is whether any such accommodation achieves positive or negative long term effects. The argument against it goes like this: If we accommodate the PRC’s or Iran’s censorship practices, we are complicit in their attempts to monitor and control their citizenry. If a privileged user’s credentials (e.g. Checkuser) are misused by the government through monitoring of unencrypted traffic, for example, this is an action that would not have been possible without our exemption. This could potentially expose even users not in the affected country to risks.
Moreover, Wikimedia is not just any website -- it’s a top 5 web property, and the only non-profit organization among the top sites. Our actions can have signalling effects on the rest of the web. By exempting China and Iran from standard security measures, we are treating them as part of the global web community. It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
Drawing this hard line clearly has negative near term effects on the citizenry of affected countries. But the more the rest of the world comes together in saying "What you are doing is wrong. Stop it." - the harder it will be for outlier countries to continue doing it. Another way to pose the question is: Would we be implementing these exemptions if China had blocked HTTPS traffic well after we switched to HTTPS?
Moreover, we’re not helpless against censorship. There _are_ effective tools that can be used to circumvent attempts to censor and control the Internet. Perhaps it is time for WMF to ally with the organizations that develop and promote such tools, rather than looking for ways to guarantee basic site operation in hostile environments even at the expense of user privacy.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward. I think we’re doing the right thing by initially implementing these exemptions -- but I do think this decision needs to finally rest with the Board of the Wikimedia Foundation, based on community input, taking the tradeoffs into account.
My own stance, which I will continue to argue for (and which is my view as an individual -- there are many divergent opinions on this even inside WMF), is clear: I think we should set a deadline for the current approach, and shift to HTTPS for all traffic, for all sites, for all users, by default, after that deadline passes. This will force us to take the consequences of that shift seriously, and to explore alternatives to designing our technical policies around the practices of regimes that undermine web security in order to better censor and monitor their citizens.
All best,
Erik
[1] For the curious, the list of blacklisted countries is defined in the configuration array 'wmgHTTPSBlacklistCountries’ in https://noc.wikimedia.org/conf/InitialiseSettings.php.txt .
[2] A reasonably up-to-date list is being maintained at https://en.wikipedia.org/wiki/List_of_websites_blocked_in_China
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Erik Moeller wrote:
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward. I think we’re doing the right thing by initially implementing these exemptions -- but I do think this decision needs to finally rest with the Board of the Wikimedia Foundation, based on community input, taking the tradeoffs into account.
Thanks for writing out these thoughts. A broad request for comments and input seems reasonable, though there seems to be quite a bit of work needed to get ready to begin such a discussion.
My own stance, which I will continue to argue for (and which is my view as an individual -- there are many divergent opinions on this even inside WMF), is clear: I think we should set a deadline for the current approach, and shift to HTTPS for all traffic, for all sites, for all users, by default, after that deadline passes. This will force us to take the consequences of that shift seriously, and to explore alternatives to designing our technical policies around the practices of regimes that undermine web security in order to better censor and monitor their citizens.
I think it would help the conversation to have more data. Everybody knows that there are over a billion people in China. However, how many people globally can't use HTTPS (for whatever reason)? What is that breakdown by country? How many users have opted out of HTTPS via user preference?
There's merit to the idea of ignoring user-hostile countries such as Iran and China and cutting them off: certainly it's a mess of their own making. But it seems to me that this idea is orthogonal to the idea that Wikimedia needs to make a political point, engage in political advocacy, or take a stand. Wikimedia is in the business of spreading free educational content. It seems to me that getting involved in politics leads down a perilous path that could ultimately destroy Wikimedia.
Of course, we've already decided to act by specifically exempting certain countries from the new HTTPS requirement. But there might be a strong contingent of users in the community that feels we should stop exempting countries (i.e., treat everybody the same), but also _not_ be involved in attempting to subvert whichever government monitoring we feel is most egregious. While we can pretend as though it's only China and Iran, many countries are spying on their own people at various levels.
And it becomes a question of cost versus benefit, much like everything else that Wikimedia decides to work on. There's a very public trail of any edits that you make. What information, exactly, are we trying to prevent governments from getting ahold of? I think a stronger, clearer case for what benefits Wikimedia will see would help justify (or help eliminate) some of the proposed costs.
Both the community and the Board need to think about these questions and their answers and ultimately address how to move forward.
MZMcBride
On 09/02/2013 12:08 PM, MZMcBride wrote:
What information, exactly, are we trying to prevent governments from getting ahold of?
There are three such things, in (my personal) order of importance:
1) credentials, especially those of editors that have rights allowing further privacy encroachments (i.e., checkuser, oversight, even sysop to some degree);
2) association between user account and person (this one is /especially/ difficult to hide to a determined attacker that can do whole-network monitoring); and
3) what users are interested in (reading), whether logged in or not.
But I should also add that governments are most certainly not the only entity we are trying to protect against; anyone in a position of authority - or who would like to position themselves as such - are potential attackers that might like to collect information to use against their targets. This means employers, schools, parents, and multitude others.
Governments seem the most salient mostly because they have the capacity to do so on a massive scale; but to me scenarios like a fellow student doing a tcpdump in the lab to find "dirt" to use against someone is at least as important to protect against.
All of those three points are greatly countered with *uniform* encryption at the network level (ranging from "solved" for the amateur attackers to "vastly increased cost and complexity of mass monitoring" for the bigger ones).
-- Marc
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local censorship and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their staff. We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Hoi,
HEAR HEAR !!
Thanks, Gerard
On 3 September 2013 00:17, Tim Starling tstarling@wikimedia.org wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local censorship and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their staff. We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that itâs time to draw a line in the sand - if youâre prohibiting the use of encryption, youâre effectively not part of the web. Youâre subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local censorship and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their staff. We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Fred
There are many very sane comments in this thread. I agree with most of them -
- Network encryption is important as one aspect; - "Local" threats and "digging dirt" are an important realistic threat (far more people are of interest to *THEIR OWN COMMUNITIES* vs nationally, or open to so many types of harm - defamation, humiliation, "Lulz"); - Moving to https and forcing a serious look at technical implications and needed workarounds is a strong argument; - Asking those affected is a strong argument; - We are a global presence, so our stance, its strength, its "rightness", and the signal we send, are crucial.
With all respect to local editors, whose position I wish were better, there is more at stake in Chinese and other affected Wikipedias, than China. There are questions of internet/freedom/privacy-related beliefs, policies, and directions -- what one might describe as the battleground for "privacy of thought vs. state right to monitor thought". That is what it comes to, whether now, or in 5 or 15 years.
I'm reminded of public reaction years back, to Google, when as a condition of entry to China it agreed to filter its results. Part of the logic was "better partial information and presence than none". Did it help Google's efforts in China? It was seen by many outside as a betrayal. Google had to leave eventually. Are there lessons we should consider from others who have tried different approaches in these countries?
I see no reason to believe that state oversight and interception will be benevolent institutions - and would disregard assurances that they are designed as such. History teaches over and again that fallibility and expansion of power is the more usual rule, and good intentions easily turn to dark uses. To take a simple scenario and how we are affected, if passage of time and public indifference endorses states being "usually" able to watch what one studies and writes on, how long before immigration, access to medical or welfare services, legal rights, marginalization, 'staged' crimes, targeting, accusations of sedition or "anti-state activity", and so on, become informed by (among other things) a standard government lookup by state authorities and law enforcement, of one's Wikipedia (or other online) accesses, and negative interpretations of what those may "mean"? Self censorship is a grave possibility, and will encroach from the edges.
To give specific examples, take a Western visitor to Russia who once 8 years ago edited a Wikipedia article adding a note on homosexuality policy in a school or a legal case in a county. There is no expectation that a state body would not save all data they can and even in US law a URL is probably metadata and has no right of privacy. When immigration routinely obtains visitors' names 72 hours in advance (as some countries expect and others may demand as a norm) won't they at some time turn around and ask as part of that process, what is known of possible visitors, and annotate their immigration records with "Edits pro-jewish topics" or "Seems to support homosexuality"? Perhaps editors on contentious topics (drugs, abortion, religion) will have these noted by immigration and less ethical law enforcement bodies seeking visitors to target, if editing or reading patterns become easily accessible. The same goes double for editors attempting to uphold NPOV in countries where this is a risk, and the act of simply toning down articles that contain inappropriately POV tone in locally controversial articles may put one at risk.
Twitter and Facebook may show ones daily life, but Wikipedia editing and page reads show what one sees as areas of interest to inform others, and areas to be informed oneself. There are workarounds but we can't simply say "people should know" or "if they are at risk they shouldn't edit". That's not sustainable.
While this isn't explicitly "known" to happen yet in the US or UK, I suggest that it's likely to be a logical step round the corner, worldwide, where state bodies seek to know in advance more about individuals, and individuals screen and self-censor in response. We need that not to become a habit, or NPOV can be kissed goodbye.
The profound and poignant comment appeared in one media report a month ago, that people like Merkel do act as strong advocates of privacy precisely because - *unlike* US and UK citizens - they have actually lived under the Stasi. They know what a file on every person, or state access to innermost and private thoughts "for the common good" truly means for a country. We probably do need to do what we can to afford a safe ecosphere, as our whole endeavor depends on it and we have the position to make that point. It may be difficult, but we probably have a good call for discussing the possible need to support the ball rolling.
FT2
On Mon, Sep 2, 2013 at 11:23 PM, Fred Bauder fredbaud@fairpoint.net wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local censorship and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their staff. We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On Tue, Sep 3, 2013 at 12:23 AM, Fred Bauder fredbaud@fairpoint.net wrote:
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Indeed, I believe it may even be outright life threatening to have strong connection to WMF China operation.
And as a sidenote it's the same in the US and the world in general (and I do not know about the US but isn't it so that WMF can be forced not to tell about data extraction). And let's face it: https is like a 5 mm diameter wire lock against a skilled bike thief. It is there but will not stop skilled adversaries. But, obviously, that'd be also classified, so I haven't mentioned it. Google it around.
g
Hoi,
Fred, what is different in your scenario from what happens in the USA ?
Thanks, GerardM
On 3 September 2013 00:23, Fred Bauder fredbaud@fairpoint.net wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that it’s time to draw a line in the sand - if you’re prohibiting the use of encryption, you’re effectively not part of the web. You’re subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request for comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local censorship and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their staff. We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Any censor from the United States or European governments that works directly with us (I have no personal knowledge of this, I just know it has to be) is concerned with classified information, not someone's opinions or factual information about historical events or political personalities.
Detailed information about construction of advanced nuclear weapons or the details of military or intelligence operations cannot be on Wikipedia just as child pornography cannot be; on the other hand, a distorted, or devastatingly accurate picture, of the Iraq War, or Obama, can be.
So, while the details of material removed for legitimate security reasons cannot be published; in China the identity and any personal information we have gathered such as the ip address of an editor and the content of their edits to the Tiananmen Square protests of 1989 article would be of interest to the security apparatus and classified. Any local employee or volunteer of ours who shared that information with others even within our organization could be prosecuted. It is quite impossible to work with the Chinese government in the manner suggested and maintain a scintilla of integrity. A request by them to remove details about their advanced nuclear weapons or specific details of their military deployments would, of course, be legitimate.
The Chinese government has legitimate reason to avoid extensive public attention to past errors and disasters; one has only to look at the history of the Soviet Union to observe the effect of focusing on past outrages on public morale, but that is their burden to bear not ours to share.
Fred
Hoi,
Fred, what is different in your scenario from what happens in the USA ?
Thanks, GerardM
On 3 September 2013 00:23, Fred Bauder fredbaud@fairpoint.net wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that itââ¬â¢s time to draw a line in the sand - if youââ¬â¢re
prohibiting
the use of encryption, youââ¬â¢re effectively not part of the web.
Youââ¬â¢re
subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request
for
comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local
censorship
and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their
staff.
We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Fred,
Sorry, there is no us. As far as the United States is concerned they allowed themselves to spy on any person who is not one of US to be speid on. Given that our movement is a global movement, the fact that it is based in the US is incidental. Thanks, GerardM
On 3 September 2013 14:36, Fred Bauder fredbaud@fairpoint.net wrote:
Any censor from the United States or European governments that works directly with us (I have no personal knowledge of this, I just know it has to be) is concerned with classified information, not someone's opinions or factual information about historical events or political personalities.
Detailed information about construction of advanced nuclear weapons or the details of military or intelligence operations cannot be on Wikipedia just as child pornography cannot be; on the other hand, a distorted, or devastatingly accurate picture, of the Iraq War, or Obama, can be.
So, while the details of material removed for legitimate security reasons cannot be published; in China the identity and any personal information we have gathered such as the ip address of an editor and the content of their edits to the Tiananmen Square protests of 1989 article would be of interest to the security apparatus and classified. Any local employee or volunteer of ours who shared that information with others even within our organization could be prosecuted. It is quite impossible to work with the Chinese government in the manner suggested and maintain a scintilla of integrity. A request by them to remove details about their advanced nuclear weapons or specific details of their military deployments would, of course, be legitimate.
The Chinese government has legitimate reason to avoid extensive public attention to past errors and disasters; one has only to look at the history of the Soviet Union to observe the effect of focusing on past outrages on public morale, but that is their burden to bear not ours to share.
Fred
Hoi,
Fred, what is different in your scenario from what happens in the USA ?
Thanks, GerardM
On 3 September 2013 00:23, Fred Bauder fredbaud@fairpoint.net wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that it’s time to draw a line in the sand - if you’re
prohibiting
the use of encryption, you’re effectively not part of the web.
You’re
subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of censorship.
So, what to do? My main suggestion is to organize a broad request
for
comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption and would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local
censorship
and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being in the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their
staff.
We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a crime. Not a problem for us, but a big problem for staff on the ground in China.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
And from that assertion what practical action or policy should follow?
Fred
Fred,
Sorry, there is no us. As far as the United States is concerned they allowed themselves to spy on any person who is not one of US to be speid on. Given that our movement is a global movement, the fact that it is based in the US is incidental. Thanks, GerardM
On 3 September 2013 14:36, Fred Bauder fredbaud@fairpoint.net wrote:
Any censor from the United States or European governments that works directly with us (I have no personal knowledge of this, I just know it has to be) is concerned with classified information, not someone's opinions or factual information about historical events or political personalities.
Detailed information about construction of advanced nuclear weapons or the details of military or intelligence operations cannot be on Wikipedia just as child pornography cannot be; on the other hand, a distorted, or devastatingly accurate picture, of the Iraq War, or Obama, can be.
So, while the details of material removed for legitimate security reasons cannot be published; in China the identity and any personal information we have gathered such as the ip address of an editor and the content of their edits to the Tiananmen Square protests of 1989 article would be of interest to the security apparatus and classified. Any local employee or volunteer of ours who shared that information with others even within our organization could be prosecuted. It is quite impossible to work with the Chinese government in the manner suggested and maintain a scintilla of integrity. A request by them to remove details about their advanced nuclear weapons or specific details of their military deployments would, of course, be legitimate.
The Chinese government has legitimate reason to avoid extensive public attention to past errors and disasters; one has only to look at the history of the Soviet Union to observe the effect of focusing on past outrages on public morale, but that is their burden to bear not ours to share.
Fred
Hoi,
Fred, what is different in your scenario from what happens in the USA
?
Thanks, GerardM
On 3 September 2013 00:23, Fred Bauder fredbaud@fairpoint.net
wrote:
On 31/08/13 15:17, Erik Moeller wrote:
It could be argued that itâââ‰â¢s time to draw a line in the sand - if
youâââ‰â¢re
prohibiting
the use of encryption, youâââ‰â¢re effectively not part
of the web.
Youâââ‰â¢re
subverting basic web technologies.
China is not prohibiting encryption. They're prohibiting specific instances of encryption which facilitate circumvention of
censorship.
So, what to do? My main suggestion is to organize a broad request
for
comments and input on possible paths forward.
OK, well there's one fairly obvious solution which hasn't been proposed or discussed. It would allow the end-to-end encryption
and
would allow us to stay as popular in China as we are now.
We could open a data centre in China, send frontend requests from clients in China to that data centre, and comply with local
censorship
and surveillance as required to continue such operation.
It would be kind of like the cooperation we give to the US
government
at the moment, except specific to readers in China instead of
imposed
on everyone in the world.
It would allow WMF to monitor censorship and surveillance by being
in
the request loop. It would give WMF greater influence over local policy, because our staff would be in direct contact with their
staff.
We would be able to deliver clear error messages in place of
censored
content, instead of a connection reset.
-- Tim Starling
Their orders would be classified; disclosure of them would be a
crime.
Not a problem for us, but a big problem for staff on the ground in China.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 09/03/2013 08:36 AM, Fred Bauder wrote:
Any censor from the United States or European governments that works directly with us (I have no personal knowledge of this, I just know it has to be) is concerned with classified information, not someone's opinions or factual information about historical events or political personalities.
You have an optimism and faith in your government(s) that is, sadly, not justified by history (past and recent). The blanket "classified" (or, more recently "national security") has and is being used to cover up "embarrassing" more often than not.
-- Marc
On 09/03/2013 08:36 AM, Fred Bauder wrote:
Any censor from the United States or European governments that works directly with us (I have no personal knowledge of this, I just know it has to be) is concerned with classified information, not someone's opinions or factual information about historical events or political personalities.
You have an optimism and faith in your government(s) that is, sadly, not justified by history (past and recent). The blanket "classified" (or, more recently "national security") has and is being used to cover up "embarrassing" more often than not.
-- Marc
There is legitimate classified material just as there is child pornography. Abusive nonsense does not make that fact go away. Someone, actually, many someones, need to be trusted.
Fred
On 09/03/2013 09:45 AM, Fred Bauder wrote:
Abusive nonsense does not make that fact go away. Someone, actually, many someones, need to be trusted.
Доверяй, но проверяй.
I agree with your assessment of the risks of working with the PRC, I simply think that if you think that those risks do not exist in our "Western" countries, you are ignoring history.
The only thing that protects us is transparency and visibility, and maintaining those requires constant vigilance, not blind trust.
-- Marc
P.S.: I mean, the two things that protect us are transparency, visibility and vigilance. Wait. AMONGST the things that protect us are...
On 9/3/13 4:28 PM, Marc A. Pelletier wrote:
On 09/03/2013 09:45 AM, Fred Bauder wrote:
Abusive nonsense does not make that fact go away. Someone, actually, many someones, need to be trusted.
Доверяй, но проверяй.
I agree with your assessment of the risks of working with the PRC, I simply think that if you think that those risks do not exist in our "Western" countries, you are ignoring history.
I certainly agree with learning from history, but when it comes to censoring encyclopedias or similar reference works, are there good examples that might more concretely narrow down the specific type of thing we ought to be learning from history?
The best example of which I'm aware is the 1979 attempt by the U.S. Department of Energy to stop the publication of a reconstruction of the Teller-Ulam hydrogen bomb design. But that attempt ended up being unsuccessful, and encyclopedias (including Wikipedia) include that information. Are there more successful attempts?
-Mark
On 09/03/2013 12:33 PM, Delirium wrote:
I certainly agree with learning from history, but when it comes to censoring encyclopedias or similar reference works, are there good examples that might more concretely narrow down the specific type of thing we ought to be learning from history?
Not that I know of, but that's because the model of what an encyclopedia /is/ has changed a great deal -- they used to be centralized distribution of knowledge and subject to an unknown number of pressure points (including, most dangerously, self-censorship).
Wikipedia, and the Net in general, have changed the landscape substantially and -- accordingly -- the attack vectors. I don't think we have much left to fear from attempts to repress individual bits of data so much as attempts to change the landscape back to top-down control (through legislation, disinformation, and so on).
Certainly, the Défence Nationale's attempt to rubber hose information out of the French Wikipedia is a recent and very visible failed attempt. I've no doubt that for every very visible and embarrassing failure like that one, there are a dozen that fly under the radar.
Are there more successful attempts?
It would be difficult to enumerate successful attempts since, by definition, they would have been successful at not being known. :-) I don't disagree that it would be very difficult, perhaps even nearly impossible, to completely censor information in this day and age and under our current political climate -- but that is exactly *because* we reflexively fight authority figures attempting to control information not because there is no longer a desire or attempts to do so have gotten less frequent.
Gilmore was already noting in in 1993 while the 'net was still the province of the elite geekdom; there is no reason to believe this has gotten better since (and lots of reasons why it could have gotten worse).
-- Marc
Are there more successful attempts?
It would be difficult to enumerate successful attempts since, by definition, they would have been successful at not being known. :-) -- Marc
I once suppressed information about a troop movement underway in Iraq after a request. Troop movements are explicitly mentioned in the Espionage Act.
Such requests, and other requests regarding obviously illegal material, should go to legal at wikimedia.org or emergency at wikimedia.org at the Foundation rather than to User:Oversight, by the way. There is a whole bunch of people on the oversight committee none of whom are known to have security clearances.
Fred
I guess emergencies should not go to legal as there may be a considerable delay.
Fred
Are there more successful attempts?
It would be difficult to enumerate successful attempts since, by definition, they would have been successful at not being known. :-) -- Marc
I once suppressed information about a troop movement underway in Iraq after a request. Troop movements are explicitly mentioned in the Espionage Act.
Such requests, and other requests regarding obviously illegal material, should go to legal at wikimedia.org or emergency at wikimedia.org at the Foundation rather than to User:Oversight, by the way. There is a whole bunch of people on the oversight committee none of whom are known to have security clearances.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hi Fred,
Emergencies should go to emergency@wikimedia.org. Any other concerns should be directed to legal@wikimedia.org.
Please note that emergency@ should only be used for actual emergencies (i.e. immediate threats to life, limb, or property).
Thanks!
-Michelle
On Tue, Sep 3, 2013 at 10:48 AM, Fred Bauder fredbaud@fairpoint.net wrote:
I guess emergencies should not go to legal as there may be a considerable delay.
Fred
Are there more successful attempts?
It would be difficult to enumerate successful attempts since, by definition, they would have been successful at not being known. :-) -- Marc
I once suppressed information about a troop movement underway in Iraq after a request. Troop movements are explicitly mentioned in the Espionage Act.
Such requests, and other requests regarding obviously illegal material, should go to legal at wikimedia.org or emergency at wikimedia.org at the Foundation rather than to User:Oversight, by the way. There is a whole bunch of people on the oversight committee none of whom are known to have security clearances.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
On Sep 3, 2013, at 1:44 PM, "Fred Bauder" fredbaud@fairpoint.net wrote:
Are there more successful attempts?
It would be difficult to enumerate successful attempts since, by definition, they would have been successful at not being known. :-) -- Marc
I once suppressed information about a troop movement underway in Iraq after a request. Troop movements are explicitly mentioned in the Espionage Act.
Such requests, and other requests regarding obviously illegal material, should go to legal at wikimedia.org or emergency at wikimedia.org at the Foundation rather than to User:Oversight, by the way. There is a whole bunch of people on the oversight committee none of whom are known to have security clearances.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about a major matter has ever been made through any channel. In a way, that is kind of a dumb move.
Fred
The thing is, it's kind of a crapshoot anyways. You might see something that you think might be classified and report it; but, unless you actually have the corresponding clearance yourself, you have no way of knowing for certain whether the material is in fact classified in the first place. Conversely, anyone who does have that information is unlikely to confirm it one way or the other, for obvious reasons.
To make things even more convoluted, reporting certain kinds of material to the WMF could itself potentially be considered illegal in some circumstances, since not everyone at the WMF is considered a "US person" for ITAR purposes.
Kirill
On Sep 3, 2013, at 2:34 PM, "Fred Bauder" fredbaud@fairpoint.net wrote:
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about a major matter has ever been made through any channel. In a way, that is kind of a dumb move.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
This part of the discussion has strayed a bit far from the politics of encryption. ;-)
Not that it doesn't have value, but if I can bring it back on-topic for a moment…
The gist of the HTTPS issues is that it's simply not an engineering discussion, it's a political one. The abuses recently revealed in the United States is either orthogonal to the issue of the politics of encryption (in that HTTPS encryption in China, Iran, and the future is in discussion), or is the direct salient (in that it is a prime motivator for accelerating HTTPS rollout which has triggered this issue).
I, for one, would like to see the discussion of what to do. I'm of the believe that there is no simple engineering decision without introducing practical, political, legal, and moral complications. I suspect that even the more clever or complex ones also introduce these issues. It's important to outline what our choices are and the consequences of those choices, and derive consensus on what the right choice is going forward, as it is clear what we have now[1] is a temporary band-aid.[2]
I'm less sanguine about Erik's suggestion that creating a deadline to HTTP-canonical will actually get us to an adequate resolution. The reason is simply—whatever I think of Google personally—I feel Google has a highly-capable, highly-motivated, engineering-driven staff, and they were unable to come up with a workable solution. Unlike Google, we have a clear sense about what motivates us[3], so we need to figure out how best to get there/interpret it.
[1]: http://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia... [2]: Maybe start an RfC or other wiki page on Meta with a summary of the discussion so far? [3]: http://wikimediafoundation.org/wiki/Vision
Take care,
terry
On Sep 3, 2013, at 11:50 AM, Kirill Lokshin kirill.lokshin@gmail.com wrote:
The thing is, it's kind of a crapshoot anyways. You might see something that you think might be classified and report it; but, unless you actually have the corresponding clearance yourself, you have no way of knowing for certain whether the material is in fact classified in the first place. Conversely, anyone who does have that information is unlikely to confirm it one way or the other, for obvious reasons.
To make things even more convoluted, reporting certain kinds of material to the WMF could itself potentially be considered illegal in some circumstances, since not everyone at the WMF is considered a "US person" for ITAR purposes.
Kirill
On Sep 3, 2013, at 2:34 PM, "Fred Bauder" fredbaud@fairpoint.net wrote:
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about a major matter has ever been made through any channel. In a way, that is kind of a dumb move.
Fred
On 04/09/13 05:38, Terry Chay wrote:
This part of the discussion has strayed a bit far from the politics of encryption. ;-)
Not that it doesn't have value, but if I can bring it back on-topic for a moment…
The gist of the HTTPS issues is that it's simply not an engineering discussion, it's a political one.
Yes, obviously, hence the subject line.
It's important to outline what our choices are and the consequences of those choices, and derive consensus on what the right choice is going forward, as it is clear what we have now[1] is a temporary band-aid.[2]
I don't think it is clear. We have a variety of options open to us, on a spectrum of appeasement versus protest. From the former to the latter, we have:
1. Make ourselves subject to Chinese law and do what they tell us to (i.e. open a datacentre in China). 2. Use a technical setup which implicitly cooperates with their existing system for censorship of foreign content (i.e. use unencrypted HTTP). 3. Use a technical setup which is inherently incompatible with the existing system of censorship, thus forcing the Chinese government to block us (i.e. use HTTPS).
I don't see option 2 as a band-aid, I see it as a moderate path between appeasement and protest, which allows us to remain popular in China without explicitly supporting censorship, with minimal risk to our staff. Of course, it has its down sides.
None of the three options are without risk to our users. Probably the most risky for our users is option 3, which encourages users to circumvent censorship, in violation of Chinese law. It turns our users into activists.
There's nothing inherently wrong with activism, but I think we have an ethical responsibility to be fully aware of the risks we are encouraging our users to take, and also to understand the benefits which are likely to come from successful activism, so that we can decide whether the action we are inciting is rational and prudent.
-- Tim Starling
Tim sets out some excellent points; in particular it's a good reminder that there is a continuum of options.
I've tended to advocate on the protest side of things, but I would like to posit another option: we don't have to operate *everything* under the auspices of Wikimedia Foundation, Inc (a Florida not-for-profit corporation).
Our organizational goal is not "make Wikipedia.org a popular web site in all countries", it's to make knowledge available to everyone in their own language.
I would love to see Wikipedia content made available in China on Chinese infrastructure operated by a Chinese organization, with total ability to determine their own security and censorship policies.
"But that's what Baidu did and we hate them!" you say?
We could work *with* such an organization to coordinate, share content, etc, without compromising basic web security for our sites or giving up our liberal content policies on Wikipedia "proper".
I know this runs counter to our group tendency to centralization but we should remember that Open Content is *meant* to be distributed and redistributable. Centralization is often convenient but shouldn't be mandatory.
-- brion On Sep 3, 2013 8:22 PM, "Tim Starling" tstarling@wikimedia.org wrote:
On 04/09/13 05:38, Terry Chay wrote:
This part of the discussion has strayed a bit far from the politics of encryption. ;-)
Not that it doesn't have value, but if I can bring it back on-topic for a moment…
The gist of the HTTPS issues is that it's simply not an engineering discussion, it's a political one.
Yes, obviously, hence the subject line.
It's important to outline what our choices are and the consequences of those choices, and derive consensus on what the right choice is going forward, as it is clear what we have now[1] is a temporary band-aid.[2]
I don't think it is clear. We have a variety of options open to us, on a spectrum of appeasement versus protest. From the former to the latter, we have:
- Make ourselves subject to Chinese law and do what they tell us to
(i.e. open a datacentre in China). 2. Use a technical setup which implicitly cooperates with their existing system for censorship of foreign content (i.e. use unencrypted HTTP). 3. Use a technical setup which is inherently incompatible with the existing system of censorship, thus forcing the Chinese government to block us (i.e. use HTTPS).
I don't see option 2 as a band-aid, I see it as a moderate path between appeasement and protest, which allows us to remain popular in China without explicitly supporting censorship, with minimal risk to our staff. Of course, it has its down sides.
None of the three options are without risk to our users. Probably the most risky for our users is option 3, which encourages users to circumvent censorship, in violation of Chinese law. It turns our users into activists.
There's nothing inherently wrong with activism, but I think we have an ethical responsibility to be fully aware of the risks we are encouraging our users to take, and also to understand the benefits which are likely to come from successful activism, so that we can decide whether the action we are inciting is rational and prudent.
-- Tim Starling
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 4 September 2013 15:46, Brion Vibber bvibber@wikimedia.org wrote:
"But that's what Baidu did and we hate them!" you say?
AIUI our quibble with Baidu was that they didn't respect the licenses. A suitable license on the content and it'd all be fine. Did we ever get anywhere with that?
- d.
David Gerard, 04/09/2013 16:52:
On 4 September 2013 15:46, Brion Vibber bvibber@wikimedia.org wrote:
"But that's what Baidu did and we hate them!" you say?
AIUI our quibble with Baidu was that they didn't respect the licenses. A suitable license on the content and it'd all be fine. Did we ever get anywhere with that?
The recent comparisons between Baidu and Wikipedia which popped up around Wikimania pointed out that Baidu is mainly a parking lot of copyright violations and self-promotion copied from all over the web, so I doubt they'd be able to use or apply any licensing scheme even if they wanted.
Nemo
On Wed, Sep 4, 2013 at 7:46 AM, Brion Vibber bvibber@wikimedia.org wrote:
I would love to see Wikipedia content made available in China on Chinese infrastructure operated by a Chinese organization, with total ability to determine their own security and censorship policies.
"But that's what Baidu did and we hate them!" you say?
We could work *with* such an organization to coordinate, share content, etc, without compromising basic web security for our sites or giving up our liberal content policies on Wikipedia "proper".
I don't buy the argument. Last time I checked, Hudong (now just "Baike") and Baidu Baike were the main wiki-like encyclopedias operating out of and serving mainland China. Both use non-free licensing terms, and both are subject to local censorship policies and practices. That may include turning over contributors if they post content that's deemed to be problematic by local authorities.
At least on the surface, the projects are successful, with millions of articles and lots of traffic. I have no idea what the quality of the content is, but looking at an article like DNA, I'm guessing it provides useful value to its readers:
http://www.baike.com/wiki/DNA&prd=button_doc_jinru
Where they are failing to do so, they can improve, if necessary by copying Wikipedia content. But the one thing that they _cannot_ provide, and that a neutral encyclopedia _must_ provide, is precisely information of the kind that the Chinese government would censor. Neutral information about people, politics and history, irrespective of whether that information afflicts a comfortable bureaucrat somewhere.
I would posit a different argument. The problem of providing basic information about any subject _is_ being solved for by local information providers. China isn't some backwater waiting for us to educate them about physics and disease control. The problem of providing a neutral, uncensored encyclopedia in the Chinese language, on the other hand, isn't being solved for by anyone but us. The answer is not to water down our security or partner with local information providers that allow censorship and are willing to turn over user data. It's to find ways to get that information to people, including the bits they'd rather have people not see.
Erik
So, does this have any bearing on the discussion? - http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
Or are we just partial to the US surveillance over PRC.
The article does mention SSL, VPNs and 4G security. They even have a "Key recovery service" and it's been going on for a long while apparently, to the point that the NSA has been steering the release of encryption standards and tools. I suppose that should make the "politics of encryption" a bit less relevant?
-Theo
On Wed, Sep 4, 2013 at 10:09 PM, Erik Moeller erik@wikimedia.org wrote:
On Wed, Sep 4, 2013 at 7:46 AM, Brion Vibber bvibber@wikimedia.org wrote:
I would love to see Wikipedia content made available in China on Chinese infrastructure operated by a Chinese organization, with total ability to determine their own security and censorship policies.
"But that's what Baidu did and we hate them!" you say?
We could work *with* such an organization to coordinate, share content, etc, without compromising basic web security for our sites or giving up
our
liberal content policies on Wikipedia "proper".
I don't buy the argument. Last time I checked, Hudong (now just "Baike") and Baidu Baike were the main wiki-like encyclopedias operating out of and serving mainland China. Both use non-free licensing terms, and both are subject to local censorship policies and practices. That may include turning over contributors if they post content that's deemed to be problematic by local authorities.
At least on the surface, the projects are successful, with millions of articles and lots of traffic. I have no idea what the quality of the content is, but looking at an article like DNA, I'm guessing it provides useful value to its readers:
http://www.baike.com/wiki/DNA&prd=button_doc_jinru
Where they are failing to do so, they can improve, if necessary by copying Wikipedia content. But the one thing that they _cannot_ provide, and that a neutral encyclopedia _must_ provide, is precisely information of the kind that the Chinese government would censor. Neutral information about people, politics and history, irrespective of whether that information afflicts a comfortable bureaucrat somewhere.
I would posit a different argument. The problem of providing basic information about any subject _is_ being solved for by local information providers. China isn't some backwater waiting for us to educate them about physics and disease control. The problem of providing a neutral, uncensored encyclopedia in the Chinese language, on the other hand, isn't being solved for by anyone but us. The answer is not to water down our security or partner with local information providers that allow censorship and are willing to turn over user data. It's to find ways to get that information to people, including the bits they'd rather have people not see.
Erik
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Theo:
"They even have a "Key recovery service" and it's been going on for a long while apparently, to the point that the NSA has been steering the release of encryption standards and tools. I suppose that should make the "politics of encryption" a bit less relevant?"
No; with "Perfect Forward Security" it is still entirely relevant, and PFS has been discussed in the game plan for WMF (I don't recall the status of the long term security roadmap, but it's been widely discussed on technical lists here).
It's also entirely relevant with or without PFS for any less-than-NSA-capable agency or third party attempting to watch WMF project users. UK and China may be somewhere up there in capability, for example, but most countries won't be.
https://en.wikipedia.org/wiki/Perfect_forward_secrecy
On Thu, Sep 5, 2013 at 4:55 PM, Theo10011 de10011@gmail.com wrote:
So, does this have any bearing on the discussion? -
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
Or are we just partial to the US surveillance over PRC.
The article does mention SSL, VPNs and 4G security. They even have a "Key recovery service" and it's been going on for a long while apparently, to the point that the NSA has been steering the release of encryption standards and tools. I suppose that should make the "politics of encryption" a bit less relevant?
-Theo
On Wed, Sep 4, 2013 at 10:09 PM, Erik Moeller erik@wikimedia.org wrote:
On Wed, Sep 4, 2013 at 7:46 AM, Brion Vibber bvibber@wikimedia.org wrote:
I would love to see Wikipedia content made available in China on
Chinese
infrastructure operated by a Chinese organization, with total ability
to
determine their own security and censorship policies.
"But that's what Baidu did and we hate them!" you say?
We could work *with* such an organization to coordinate, share content, etc, without compromising basic web security for our sites or giving up
our
liberal content policies on Wikipedia "proper".
I don't buy the argument. Last time I checked, Hudong (now just "Baike") and Baidu Baike were the main wiki-like encyclopedias operating out of and serving mainland China. Both use non-free licensing terms, and both are subject to local censorship policies and practices. That may include turning over contributors if they post content that's deemed to be problematic by local authorities.
At least on the surface, the projects are successful, with millions of articles and lots of traffic. I have no idea what the quality of the content is, but looking at an article like DNA, I'm guessing it provides useful value to its readers:
http://www.baike.com/wiki/DNA&prd=button_doc_jinru
Where they are failing to do so, they can improve, if necessary by copying Wikipedia content. But the one thing that they _cannot_ provide, and that a neutral encyclopedia _must_ provide, is precisely information of the kind that the Chinese government would censor. Neutral information about people, politics and history, irrespective of whether that information afflicts a comfortable bureaucrat somewhere.
I would posit a different argument. The problem of providing basic information about any subject _is_ being solved for by local information providers. China isn't some backwater waiting for us to educate them about physics and disease control. The problem of providing a neutral, uncensored encyclopedia in the Chinese language, on the other hand, isn't being solved for by anyone but us. The answer is not to water down our security or partner with local information providers that allow censorship and are willing to turn over user data. It's to find ways to get that information to people, including the bits they'd rather have people not see.
Erik
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I don’t see precisely how mandatory HTTPS could help spread the knowledge; accordingly if users feel themselves spied and it prevent them to contribute, yes, HTTPS helps; but if others feel cluttered by HTTPS (time load, unfriendly firewalls, various problems), it could also lower the number of editors.
On another side HTTPS is quite useless if users click-through any warning ("You are spied.": "Ok"/close me that ad → privacy education); anyway encryption and code breaking is always a cat-and-mouse play, and we sould have to carefully monitor state of the art if we really want to protect the users; but imho it’s not our vision.
For HTTPS, I would like to see the users opt-in to the security they want: e.g. if they write about intelligence, they probably know the dangers about being spied and want minimize it as part of other means; if they write about butterflies, perhaps they don’t matter about being spied. For specific-rights editors security could be enforced, but possibly with other means than encryption; e.g. if an oversight has to hide an article, it is primarly needed to be sure the user has oversight rights (authorisation), and it is not really useful to hide what article it is (it was public). Accordingly for checkusers, we want the IPs stay private (encrypted during the transport). This point is: HTTPS is not the solution to all problems.
For HTTPS I see some security levels chosed by the users: no HTTPS at all (Chinese users), equal HTTP/HTTPS (butterflies editor), prefered HTTPS (privacy-conscious editor, but travelling to China regularly), always HTTPS or nothing (intelligence editor). And this could be also implemented for readers during their session. This option is politically neutral, it just let the user choose.
Sébastien
Le Tue, 03 Sep 2013 21:38:36 +0200, Terry Chay tchay@wikimedia.org a écrit:
This part of the discussion has strayed a bit far from the politics of encryption. ;-)
Not that it doesn't have value, but if I can bring it back on-topic for a moment…
The gist of the HTTPS issues is that it's simply not an engineering discussion, it's a political one. The abuses recently revealed in the United States is either orthogonal to the issue of the politics of encryption (in that HTTPS encryption in China, Iran, and the future is in discussion), or is the direct salient (in that it is a prime motivator for accelerating HTTPS rollout which has triggered this issue).
I, for one, would like to see the discussion of what to do. I'm of the believe that there is no simple engineering decision without introducing practical, political, legal, and moral complications. I suspect that even the more clever or complex ones also introduce these issues. It's important to outline what our choices are and the consequences of those choices, and derive consensus on what the right choice is going forward, as it is clear what we have now[1] is a temporary band-aid.[2]
I'm less sanguine about Erik's suggestion that creating a deadline to HTTP-canonical will actually get us to an adequate resolution. The reason is simply—whatever I think of Google personally—I feel Google has a highly-capable, highly-motivated, engineering-driven staff, and they were unable to come up with a workable solution. Unlike Google, we have a clear sense about what motivates us[3], so we need to figure out how best to get there/interpret it.
[2]: Maybe start an RfC or other wiki page on Meta with a summary of the discussion so far? [3]: http://wikimediafoundation.org/wiki/Vision
Take care,
terry
On Sep 3, 2013, at 11:50 AM, Kirill Lokshin kirill.lokshin@gmail.com wrote:
The thing is, it's kind of a crapshoot anyways. You might see something that you think might be classified and report it; but, unless you actually have the corresponding clearance yourself, you have no way of knowing for certain whether the material is in fact classified in the first place. Conversely, anyone who does have that information is unlikely to confirm it one way or the other, for obvious reasons.
To make things even more convoluted, reporting certain kinds of material to the WMF could itself potentially be considered illegal in some circumstances, since not everyone at the WMF is considered a "US person" for ITAR purposes.
Kirill
On Sep 3, 2013, at 2:34 PM, "Fred Bauder" fredbaud@fairpoint.net wrote:
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about a major matter has ever been made through any channel. In a way, that is kind of a dumb move.
Fred
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
To be fair, none of the people receiving requests through legal@ or emergency@ have security clearances either.
Kirill
True, but there are not so many of them. I'm not sure if a request about a major matter has ever been made through any channel. In a way, that is kind of a dumb move.
Fred
On Tue, Sep 3, 2013 at 5:36 AM, Fred Bauder fredbaud@fairpoint.net wrote:
... Detailed information about construction of advanced nuclear weapons or ...
So, while the details of material removed for legitimate security reasons cannot be published; ...
On point of information -
Thanks to Howard Morland, who as it happens was the same Howard Morland who wrote the Progressive article on the Teller-Ulam thermonuclear device concept that sparked the US v Progressive court case, we do have at least two distinct sets of detailed information on advanced nuclear weapons, the aforementioned Teller-Ulam information and the Swan device's basic explosive lens principle/concept. We had a third regarding another specific weapon, sufficient for an expert to reconstruct the weapon design from scratch, but it was removed (by someone else) as anecdotal reporting by a former weapon maintainer that had no reliable sources published.
As far as I recall, there has not been anything like an organized on-wiki effort to remove the info, nor has the Foundation done anything that I noticed pursuant to any secret orders they might have received.
There's more self-restraint among that field's active participating crowd, things we haven't published yet, than anything else.
We had a little kerfuffle over photos of the former head of the National Nuclear Security Agency's Q-clearance badge, but that was as close as it ever came to DoE or others poking their heads in here on any of these topics...
-george
On 09/02/2013 06:17 PM, Tim Starling wrote:
It would allow WMF to monitor censorship and surveillance by being in the request loop.
There's no guarantee they would accept HTTPS, even if there were still user surveillance inside the data center.
It would be kind of like the cooperation we give to the US government at the moment, except specific to readers in China instead of imposed on everyone in the world.
This is apples and oranges, in my opinion. Yes, the U.S. monitors Internet traffic in some circumstances. And I assume they occasionally serve subpoenas and such to Wikimedia.
But as far as I know, the U.S. government has never blocked the general public from accessing a Wikipedia article, nor have they sent a takedown that was based on ideology/"social harmony"/etc.
We would be able to deliver clear error messages in place of censored content, instead of a connection reset.
Not necessarily. Google was delivering such censorship notes for a while (http://www.theguardian.com/technology/2013/jan/04/google-defeat-china-censor...), but eventually conceded to China in a game of chicken.
As mentioned by other people, they also tried this approach of tolerating censorship in China for google.cn, but eventually pulled out. google.cn is now just a picture of their home page that links to google.com.hk
I understand the goals of your hypothetical solution. However, pragmatic matters aside, I think it's too far down the road of appeasing censorship.
Matt Flaschen
On Tue, Sep 3, 2013 at 6:38 AM, Matthew Flaschen matthew.flaschen@gatech.edu wrote:
But as far as I know, the U.S. government has never blocked the general public from accessing a Wikipedia article, nor have they sent a takedown that was based on ideology/"social harmony"/etc.
Instead they use "terrorism" (or really anything they come up with) poilerplate to monitor their and foreign citizens, illegally collect personal data about them and monetize it or use to pressure or threaten selected individuals, companies or agencies. They, additionally, use various cease&desist processes (which is basically the same as blocking but they let you do the work instead of them). And it's just the same way based on ideology and social harminy as of China, apart from that it's for a slightly different agenda.
China does censorship to prevent unwanted content, USA does surveillance and pressure to prevent unwanted content. Not much of a difference.
g
On 09/02/2013 06:17 PM, Tim Starling wrote:
OK, well there's one fairly obvious solution which hasn't been proposed or discussed.
[collaborating with the PRC]
That's because, ideologically, it would be abhorrent to a very large segment (possibly even the majority) of editors, staff and readers.
And because it would set a /horrible/ precedent that other governments who currently feel obligated to tolerate unfettered access to our projects would be quick to demand.
The idea of playing along with censors doesn't just not fly, it's a non-starter.
-- Marc
wikimedia-l@lists.wikimedia.org