On 23 August 2013 18:35, David Gerard <dgerard(a)gmail.com> wrote:
On 23 August 2013 23:31, Risker
<risker.wp(a)gmail.com> wrote:
There are other options. The question is whether
or not they can be made
to
work in the MediaWiki/WMF circumstances. If you
looked at the data
collected to see where HTTPS attempts were unsuccessful, you'd see that
there are editors in a lot of countries with issues (i.e., greater than
5%
failure rates), and most of them are technical
issues. Suddenly you're
not
just talking about a few projects, you're
talking about dozens who may
have
difficulty getting CU/OS support internally.
That doesn't change the security consideration.
No it doesn't change the security consideration. What changes is the
recognition that the problem may actually be bigger than initially thought.
Everyone knew about China and Iran. Probably nobody knew about Pakistan,
Indonesia, Philippines, India, etc - all of which have multiple language
projects. Even just HTTPS logins may be a challenge for some of these
countries, and it gives the WMF reason to consider how to better support
them just so everyone is protected and isn't left with the choice of
editing by IP or not editing at all.
The people in our many overlapping MediaWiki and
Wikimedia communities
have
come up with a lot of very creative solutions to
problems that other
sites
haven't figured out or don't care enough
to bother with. I have a lot of
faith that some out of the box thinking might very well resolve this
specific issue, and possibly open a gateway to solving the security issue
for even larger groups.
And until then, it actually needs to be HTTPS-only. I'm horrified it
isn't already.
Well, I'm not terribly technical, but I don't think there's ever been
consideration of linking login requirements to user permissions. Perhaps
that needs to change. I'm concerned too.
Risker/Anne