[Advocacy Advisors] [Wikimedia-l] WMF response to PRISM?

John Vandenberg jayvdb at gmail.com
Sat Jul 13 05:00:56 UTC 2013


On Tue, Jul 9, 2013 at 4:07 PM, James Salsman <jsalsman at gmail.com> wrote:
> Would publicizing these free and open secure alternatives to commercial
> applications known to be under surveillance -- https://prism-break.org/ --
> be sufficiently aligned with out values?

Our values?  ...
Our practise.  No.

SSL is mandatory to avoid surveillance, but TOR is also quite important.

The very first entry on prism-break is TOR, which is blocked on
Wikimedia projects for editing, by explicit blocks and by the TorBlock
extension, which is enabled on all wikis, even Chinese Wikipedia.

https://www.mediawiki.org/wiki/Extension:TorBlock
https://zh.wikipedia.org/wiki/Special:Version

The mobile functionality is very unfriendly for privacy.

Loading a non-mobile HTTPS url (e.g.
https://en.wikipedia.org/wiki/1984), redirects the reader to the
mobile HTTP page.  If they clicked on a https link believing that
their browsing pattern was not able to be monitored, their reading
patterns are in clear text on the internet without them being informed
of this.  The EFF is pushing solutions to send readers from HTTP to
HTTPS sites, and WMF is sending readers from HTTPS to HTTP -
transparently.

https://bugzilla.wikimedia.org/show_bug.cgi?id=35215
(reported March 2012, last comment from WMF tech team in April 2013
indicates this may not be fixed soon)

Admins can bypass the Tor block, however logging in on Mobile is not easy.
In the mobile search type in special:userlogin.  The login screen
appears, and the 'sign in' button replies to the user that there was a
cookie error.

https://bugzilla.wikimedia.org/show_bug.cgi?id=31045
(reported 2011; closed as INVALID the same day)

When using the Orweb browser (part of the tor solution for Android),
trying to log in is even more difficult as you cant go to the Desktop
site without tying in a long url that bypasses the mobile site.

https://bugzilla.wikimedia.org/show_bug.cgi?id=51277
(reported by me today)

--
John Vandenberg



More information about the Advocacy_Advisors mailing list