On 07/31/2013 04:35 PM, Tyler Romeo wrote:
Like I've said before, the NSA spying on what users are reading is still the least of our concerns. We should focus on making sure passwords aren't sent over plaintext before attempting to evade a government-run international spy network.
I'm not sure what that has to do with the the message you replied to. I completely support rolling out HTTPS where possible (I'm using HTTPS Everywhere already).
I was agreeing that we need to be aware of Risker's concern (other people have mentioned it too, of course) that we not effectively lock out users in China and other countries that may block SSL. It's important to remember that people in China still can and do edit Wikipedias in other languages, too.
This applies if we mandate secure login in such countries, too.
As for government-run spy networks, we don't know what their full capabilities are. But there are plenty of benefits to rolling out SSL regardless, even just for privacy from the person at the other end of the coffee shop. Firesheep, anyone?
Matt Flaschen