Dear list members,
I read with interest the article on `Great canon'; and, as an immediate stop-gap measure, recommend:
Policy: Advise every Wikipedia user to install `HTTPS Everywhere'.
Reference: https://en.wikipedia.org/wiki/HTTPS_Everywhere.
Sincerely Yours, Kent
On Tue, Apr 14, 2015 at 8:01 AM, wikitech-l-request@lists.wikimedia.org wrote:
Send Wikitech-l mailing list submissions to wikitech-l@lists.wikimedia.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.wikimedia.org/mailman/listinfo/wikitech-l or, via email, send a message with subject or body 'help' to wikitech-l-request@lists.wikimedia.org
You can reach the person managing the list at wikitech-l-owner@lists.wikimedia.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Wikitech-l digest..."
Today's Topics:
- Re: Another reason to consider forcing https (Ryan Lane)
Message: 1 Date: Mon, 13 Apr 2015 13:27:13 -0700 From: Ryan Lane rlane32@gmail.com To: Wikimedia developers wikitech-l@lists.wikimedia.org Subject: Re: [Wikitech-l] Another reason to consider forcing https Message-ID: <CALKgCA2u2qWuNK9J7sPSN56_=Cpne_TKNUP_FFe= XmNmOdS8BQ@mail.gmail.com> Content-Type: text/plain; charset=UTF-8
On Sat, Apr 11, 2015 at 7:44 PM, Brian Wolff bawolff@gmail.com wrote:
On Apr 11, 2015 1:18 PM, "Pine W" wiki.pine@gmail.com wrote:
https://citizenlab.org/2015/04/chinas-great-cannon/
Pine _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
A surprisingly bold move on China's part.
Im not sure if what is talked about applies directly to Wikipedia. Seems the goal was to try to compel github to remove specific content "hostile" to China's censorship interests, without china itself getting blocked, which might happen if DDOS was comming entirely from China IPs (since blocking github angers local programmers). To do that they needed to intercept connections inbound to servers in China, which doesn't apply to us as our servers are mostly in US (and despite various abuses of the NSA so often talked about, it is hard to imagine the US would ever consider
so
blatently misusing other people's computers in a ddos-via-mitm-js
attack).
Of course one never knows if future attacks might target outbound connections from China, or if some other group might try to do something similar (again hard to imagine, and it seems like there are very few entities other than China who could get away with this, but im still kind of shocked that China did this)
The most interesting aspect of the report (imo) from the context of Wikipedia is, to quote:
"The attack on GitHub specifically targeted these repositories, possibly
in
an attempt to compel GitHub to remove these resources. GitHub encrypts
all
traffic using TLS, preventing a censor from only blocking access to specific GitHub pages. In the past, China attempted to block Github, but the block was lifted within two days, following significant negative reaction from local programmers."
So because github encrypted everything with https (and thus blocking is
an
all or nothing afair), and because it was very popular, China was
unwilling
to block it entirely despite a small portion being objectionable.
I don't really know what the status of wikipedia in China is, or how popular it is, but its conceivable that we could be in a similar
position.
Food for thought.
The only reason we remain unblocked is because we don't force SSL. Wikipedia is relatively unused in China. If it was blocked, there'd be no major public outcry.
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
End of Wikitech-l Digest, Vol 141, Issue 24
wikitech-l@lists.wikimedia.org