So, some ideas:
As for the idea that we need to fix internet that's so bad it can't handle
HTTPS for "technical reasons"; anything that's that broken is pretty
hopeless to "fix" from the web server's end. Instead, consider:
* provide support to groups working for improving internet access in areas
with poor connectivity
And for the "some countries block our HTTPS" issue:
* *actually support* use of Tor etc for editing, allowing folks "in the
know" to work around the government blocks and use the site over HTTPS
* provide support to groups working against government censorship of the
internet
* sponsor an official hosted-and-run-in-PRC censor-friendly mirror, and
devise some way to migrate edits back
This last would probably be controversial, but if we're serious about
'providing access to knowledge' in PRC, I suspect that's our best bet. Good
news is, we're an open-source open-content project, and so this service
could be launched *by anyone at any time*. Arguably, Baidupedia already
beat us to this.
-- brion
On Fri, Aug 23, 2013 at 3:31 PM, Risker <risker.wp(a)gmail.com> wrote:
On 23 August 2013 18:13, Tyler Romeo
<tylerromeo(a)gmail.com> wrote:
On Fri, Aug 23, 2013 at 5:33 PM, Risker
<risker.wp(a)gmail.com> wrote:
> As I said, Marc, there's already an offline discussion happening
looking
> for ways to effectively manage this without
outright banning editors
from
those
geographical regions from serving Wikimedia communities. A
decision
> to prevent users from certain countries or with certain technical
> challenges from holding these permissions is as much a policy issue as
it
> is a security issue (it's also a
cross-wiki one), so that aspect needs
to
be
considered from a broad community perspective.
It's statements like these that make me question whether the WMF actually
cares about its users' privacy in the first place. There's some big talk
on
this list about "subverting the NSA"
and making sure that users are
secure
within their accounts when using Wikipedia. But
if you're not willing to
actually do something about privacy, then it's just talk.
It is completely unacceptable for checkusers in
China to be logging in
over
an insecure connection. The Chinese government
directly monitors these
connections and can easily harvest these passwords en masse. I truly
sympathize with Chinese Wikipedians who aspire to hold checkuser
positions,
but putting at risk the IP address information of
every user on Wikipedia
just for the sake of one person who wants to volunteer in a certain
capacity is completely unacceptable.
I'm not disagreeing with you about Checkusers (wherever they're from)
needing to have secure connections when using the tools. If a community
RFC was posted today, I would support that requirement.
If a technical solution can be found that facilitates affected users
being
> able to securely use the tools, then the
policy discussion would focus
on
whether
we require those editors to use the technical solution, instead
of
recommending outright bans to granting advanced
permissions to those
affected by HTTPS issues. Solutions are already being considered and
examined for this; granted, the discussion is occurring off-wiki so you
wouldn't have been aware.
There is no technical solution, as has been discussed previously. The
China
firewall blocks all HTTPS connections. There is
no legal method of
getting
around this. The only solution that would
preserve both accessibility and
security would be if Wikipedia implemented its own application level TLS
protocol, which would be an absurd undertaking, and would probably just
result in the Chinese government blocking Wikipedia completely anyway.
You're going to have to choose: risk everybody's privacy or deny
checkuser
opportunities to people in China.
There are other options. The question is whether or not they can be made to
work in the MediaWiki/WMF circumstances. If you looked at the data
collected to see where HTTPS attempts were unsuccessful, you'd see that
there are editors in a lot of countries with issues (i.e., greater than 5%
failure rates), and most of them are technical issues. Suddenly you're not
just talking about a few projects, you're talking about dozens who may have
difficulty getting CU/OS support internally.
The people in our many overlapping MediaWiki and Wikimedia communities have
come up with a lot of very creative solutions to problems that other sites
haven't figured out or don't care enough to bother with. I have a lot of
faith that some out of the box thinking might very well resolve this
specific issue, and possibly open a gateway to solving the security issue
for even larger groups.
Risker/Anne
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l