On 23 August 2013 19:55, Rob Lanphier robla@wikimedia.org wrote:
On Fri, Aug 23, 2013 at 3:43 PM, Risker risker.wp@gmail.com wrote:
No it doesn't change the security consideration. What changes is the recognition that the problem may actually be bigger than initially
thought.
Everyone knew about China and Iran. Probably nobody knew about Pakistan, Indonesia, Philippines, India, etc - all of which have multiple language projects. Even just HTTPS logins may be a challenge for some of these countries, and it gives the WMF reason to consider how to better support them just so everyone is protected and isn't left with the choice of editing by IP or not editing at all.
Hi Risker,
We made a mistake in publishing those numbers. We hadn't fully vetted the numbers, and after they went out, we discovered a flaw in our methodology that meant we were likely overcounting (probably drastically) the number of HTTPS failures we would see in practice.
I'm going to quote Tim Starling's internal analysis below. My apologies to Tim to forwarding without permission, though I doubt he would object.
The main point is that we shouldn't draw too many conclusions about the data. It was useful in seeing where we are being blocked (China and Iran), but the numbers <15% probably shouldn't be counted to draw any conclusions about problems in other countries.
Rob
Thanks for the clarification, Rob.
Risker