On 07/31/2013 04:35 PM, Tyler Romeo wrote:
Like I've said before, the NSA spying on what
users are reading is still
the least of our concerns. We should focus on making sure passwords aren't
sent over plaintext before attempting to evade a government-run
international spy network.
I'm not sure what that has to do with the the message you replied to. I
completely support rolling out HTTPS where possible (I'm using HTTPS
Everywhere already).
I was agreeing that we need to be aware of Risker's concern (other
people have mentioned it too, of course) that we not effectively lock
out users in China and other countries that may block SSL. It's
important to remember that people in China still can and do edit
Wikipedias in other languages, too.
This applies if we mandate secure login in such countries, too.
As for government-run spy networks, we don't know what their full
capabilities are. But there are plenty of benefits to rolling out SSL
regardless, even just for privacy from the person at the other end of
the coffee shop. Firesheep, anyone?
Matt Flaschen