My educational institution does this, but access to Wikimedia sites is unaffected. If they can't set up their system to make it work, I can see exactly where liability is in this case. Matt -----Original Message----- From: "billinghurst" <billinghurstwiki(a)gmail.com> Sent: ‎25/‎06/‎2015 12:55 To: "Coordination of technology deployments across languages/projects" <wikitech-ambassadors(a)lists.wikimedia.org> Subject: Re: [Wikitech-ambassadors] https-only is reducing accessibility I think that it is somewhat inaccurate to say that Wikimedia is at fault here, it seems that those schools and companies bear the responsibilities for their actions and snooping. They are responsible for the blocking and that makes them responsible for their solutions. Regards, Billinghurst On Thu, Jun 25, 2015 at 8:38 PM Deryck Chan <deryckchan(a)wikimedia.hk> wrote: Hi ambassadors, Recently Wikimedia sites switched to https-only for privacy reasons, and the https certificate has been updated to prevent access altogether where a secure connection couldn't be established. This is a problem because some schools and companies deliberately eavesdrop https for monitoring purposes by inserting an in-house https certificate. Wikimedia's switch to https-only is preventing people from such networks from even *reading* Wikipedia. Is there a compromise that can be sought? Deryck _______________________________________________ Wikitech-ambassadors mailing list Wikitech-ambassadors(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-ambassadors

Understanding comes both ways. Since Snowden's whistleblowing, the tech community has already been denounced by a significant proportion of society as selfish nerds who value their own privacy over (communal / national) security and order. Our switch to https-only (as opposed to https-recommended) is only sealing that impression. Coincidentally with the switch to https-only, China has blocked the Chinese Wikipedia. We always need to balance security and accessibility. I feel that it is unwise to remove even the option to use Wikimedia without https encryption. With the systemic bias of Wikipedia, I feel that this switch has cost us more in loss of breadth of readership than we gain in security. "Not our fault" is not good enough when an encyclopedia loses a small but significant proportion of its readership, not out of the readers' voluntary choice. Deryck P.S. Nemo: FYI the case in my mind is in the UK, not HK or Mainland China. On 25 June 2015 at 14:53, Federico Leva (Nemo) <nemowiki(a)gmail.com> wrote:

On 25/06/15 23:27, Deryck Chan wrote: Can you provide a case in a country like that (not HK, China, Korea...) where -in a properly configured environment- wikipedia access has been restricted due to https deployment? The case you presented before is clearly one where the administrators of the snooper company failed to properly configure it (all other https websites would already fail before). I could as well restrict all outgoing connections in my network but add an exception to the IP used to serve wikipedias. However, it would be unfair to blame WMF because they changed the underlying IP (eg. the dns was switched to the other datacenter) and now wikipedia can't be read from my network.

Deryck Chan, 25/06/2015 23:27: Good, then it's easier for the chapter to do what I said. Nemo