Re: [Wikipedia-l] [WikiEN-l] Tearing down the Chinese Firewall

Erik Moeller wrote: HTTPS does not protect anonymity for editors. Neither does Tor. Low-latency encryption methods suffer a common flaw: an attacker can correlate timestamps and message lengths with the size and posting time of an edit. With ordinary HTTPS you can also correlate the destination address. You could almost say that encryption is useless for sending data which will be public 200ms after it arrives. The situation is better for reading, not least because judging by the reports I've read, the Government is primarily interested in tracking down and prosecuting content producers, not consumers. But I think Wikipedia's strength is in its editability; that's how it maintains its growth, neutrality and timeliness. I think it would be a great loss if Wikipedia was only available in read-only form in mainland China. Public HTTPS is vulnerable to blocking, almost as much as HTTP. HTTPS websites can be spidered, indexed and checked for offensive keywords, just like regular websites. Then they could be blocked at the firewall by IP. You'd have to use a captcha or some similar means of authentication to keep the bots out. But if it's not indexed by the major search engines, then its utility will be limited. The advantage of HTTPS is that it resists traffic sampling at the firewall, which appears to be a mainstay of content filtering at the moment. But I think it's important to note that it's not a magic bullet. The point is, SSL isn't a good method to circumvent censorship, so the authorities would be unlikely to block it as a whole, as Erik suggests. Unfortunately there's a fundamental conflict between offerring a popular service and offerring a covert service. There's only so much we can do. That's not to say we shouldn't try, of course. -- Tim Starling