On 25/06/15 23:27, Deryck Chan wrote:
We always need to balance security and accessibility. I feel that it is unwise to remove even the option to use Wikimedia without https encryption. With the systemic bias of Wikipedia, I feel that this switch has cost us more in loss of breadth of readership than we gain in security.
"Not our fault" is not good enough when an encyclopedia loses a small but significant proportion of its readership, not out of the readers' voluntary choice.
Deryck
P.S. Nemo: FYI the case in my mind is in the UK, not HK or Mainland China.
Can you provide a case in a country like that (not HK, China, Korea...) where -in a properly configured environment- wikipedia access has been restricted due to https deployment? The case you presented before is clearly one where the administrators of the snooper company failed to properly configure it (all other https websites would already fail before). I could as well restrict all outgoing connections in my network but add an exception to the IP used to serve wikipedias. However, it would be unfair to blame WMF because they changed the underlying IP (eg. the dns was switched to the other datacenter) and now wikipedia can't be read from my network.