On Fri, Aug 23, 2013 at 3:43 PM, Risker
<risker.wp(a)gmail.com> wrote:
No it doesn't change the security
consideration. What changes is the
recognition that the problem may actually be bigger than initially
thought.
Everyone knew about China and Iran. Probably
nobody knew about Pakistan,
Indonesia, Philippines, India, etc - all of which have multiple language
projects. Even just HTTPS logins may be a challenge for some of these
countries, and it gives the WMF reason to consider how to better support
them just so everyone is protected and isn't left with the choice of
editing by IP or not editing at all.
Hi Risker,
We made a mistake in publishing those numbers. We hadn't fully vetted
the numbers, and after they went out, we discovered a flaw in our
methodology that meant we were likely overcounting (probably
drastically) the number of HTTPS failures we would see in practice.
I'm going to quote Tim Starling's internal analysis below. My
apologies to Tim to forwarding without permission, though I doubt he
would object.
The main point is that we shouldn't draw too many conclusions about
the data. It was useful in seeing where we are being blocked (China
and Iran), but the numbers <15% probably shouldn't be counted to draw
any conclusions about problems in other countries.
Rob