[Wikimedia-l] NSA

[MZMcBride]

Anthony wrote:
>And I thought Ryan Lane was talking about the future, not the past.  I
>certainly was.

I think we should focus on the present, personally.

If a user goes to <https://wikipedia.org>, they're quietly redirected to
<http://www.wikipedia.org>. This is true of a large number of domains
(e.g., <https://wikimedia.org> and <https://mediawiki.org>).

This has been known about since at least October 2011 (cf.
<https://bugzilla.wikimedia.org/31369>) and everyone seems to agree that
it's a pretty evil bug (a user knowingly tries to access a site over HTTPS
and is unknowingly routed to HTTP). And yet it's August 2013 and the best
response we seem to have come up with is "install a client-side browser
plugin" and "we're working on it."

It's difficult to believe that the Wikimedia Foundation is committed to
user privacy when bugs like this go unresolved after so many months. This
bug will celebrate its second birthday in less than two months.

MZMcBride