On Sat, Apr 11, 2015 at 7:44 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
On Apr 11, 2015 1:18 PM, "Pine W"
<wiki.pine(a)gmail.com> wrote:
https://citizenlab.org/2015/04/chinas-great-cannon/
Pine
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
A surprisingly bold move on China's part.
Im not sure if what is talked about applies directly to Wikipedia. Seems
the goal was to try to compel github to remove specific content "hostile"
to China's censorship interests, without china itself getting blocked,
which might happen if DDOS was comming entirely from China IPs (since
blocking github angers local programmers). To do that they needed to
intercept connections inbound to servers in China, which doesn't apply to
us as our servers are mostly in US (and despite various abuses of the NSA
so often talked about, it is hard to imagine the US would ever consider so
blatently misusing other people's computers in a ddos-via-mitm-js attack).
Of course one never knows if future attacks might target outbound
connections from China, or if some other group might try to do something
similar (again hard to imagine, and it seems like there are very few
entities other than China who could get away with this, but im still kind
of shocked that China did this)
-
The most interesting aspect of the report (imo) from the context of
Wikipedia is, to quote:
"The attack on GitHub specifically targeted these repositories, possibly in
an attempt to compel GitHub to remove these resources. GitHub encrypts all
traffic using TLS, preventing a censor from only blocking access to
specific GitHub pages. In the past, China attempted to block Github, but
the block was lifted within two days, following significant negative
reaction from local programmers."
So because github encrypted everything with https (and thus blocking is an
all or nothing afair), and because it was very popular, China was unwilling
to block it entirely despite a small portion being objectionable.
I don't really know what the status of wikipedia in China is, or how
popular it is, but its conceivable that we could be in a similar position.
Food for thought.
The only reason we remain unblocked is because we don't force SSL.
Wikipedia is relatively unused in China. If it was blocked, there'd be no
major public outcry.
- Ryan