On Sat, Apr 11, 2015 at 7:44 PM, Brian Wolff bawolff@gmail.com wrote:
On Apr 11, 2015 1:18 PM, "Pine W" wiki.pine@gmail.com wrote:
https://citizenlab.org/2015/04/chinas-great-cannon/
Pine _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
A surprisingly bold move on China's part.
Im not sure if what is talked about applies directly to Wikipedia. Seems the goal was to try to compel github to remove specific content "hostile" to China's censorship interests, without china itself getting blocked, which might happen if DDOS was comming entirely from China IPs (since blocking github angers local programmers). To do that they needed to intercept connections inbound to servers in China, which doesn't apply to us as our servers are mostly in US (and despite various abuses of the NSA so often talked about, it is hard to imagine the US would ever consider so blatently misusing other people's computers in a ddos-via-mitm-js attack). Of course one never knows if future attacks might target outbound connections from China, or if some other group might try to do something similar (again hard to imagine, and it seems like there are very few entities other than China who could get away with this, but im still kind of shocked that China did this)
The most interesting aspect of the report (imo) from the context of Wikipedia is, to quote:
"The attack on GitHub specifically targeted these repositories, possibly in an attempt to compel GitHub to remove these resources. GitHub encrypts all traffic using TLS, preventing a censor from only blocking access to specific GitHub pages. In the past, China attempted to block Github, but the block was lifted within two days, following significant negative reaction from local programmers."
So because github encrypted everything with https (and thus blocking is an all or nothing afair), and because it was very popular, China was unwilling to block it entirely despite a small portion being objectionable.
I don't really know what the status of wikipedia in China is, or how popular it is, but its conceivable that we could be in a similar position. Food for thought.
The only reason we remain unblocked is because we don't force SSL. Wikipedia is relatively unused in China. If it was blocked, there'd be no major public outcry.
- Ryan