[Wikimedia-l] Blocking of HTTPS connection by China
mroth at wikimedia.org
Fri Jun 7 22:24:48 UTC 2013
I wanted to share a clarifying email from Ryan Lane in WMF Ops. He's
working through the challenges of HTTPS from the Foundation's end.
Please see below for more details:
On Fri, Jun 7, 2013 at 2:31 PM, Ryan Lane <rlane at wikimedia.org> wrote:
> How does it impact people? Short answer: it shouldn't. Long answer: It may
> make the site slightly slower due to increased network latency, and it is
> slightly more computationally expensive, which may make the site slower on
> computers that are underpowered.
> How does it impact the WMF? It depends. For enabling it for logged-in
> users, or for those that use HTTPS-anywhere? It doesn't affect us, because
> that's the state we're in right now. For making HTTPS the default for
> anonymous users? We need to change how our infrastructure works. We may
> need to buy additional hardware. We definitely need to do some engineering
> How does it impact the government's ability to apply censorship? Short
> answer: it doesn't. It affects their ability to eavesdrop on people. Long
> answer: It depends on how sophisticated the government's censorship program
> is. In some countries the government's censorship program can be totally
> bypassed using HTTPS. China's program is very sophisticated. The best HTTPS
> is going to help the Chinese is to give them a reasonable amount of
> protection against eavesdropping. It's still possible for China to
> eavesdrop, even when users are using HTTPS, if China has subverted any of
> the Certificate Authorities trusted by our browsers.
> Are there negative sides of each choice? Yes. Not providing HTTPS means
> that users will always be subject to eavesdropping, which in very
> authoritative countries could mean they are imprisoned or killed for
> reading or editing Wikipedia, depending on what they are reading or
> editing. Realistically not making HTTPS the default is similar to not
> providing it for all intents and purposes. Search engines will bring people
> to the HTTP version of the site, not the HTTPS version so the vast majority
> of users will still be able to be eavesdropped on. Making HTTPS the default
> also has negatives. A very small minority of users don't have HTTPS
> support, or their computers are so old that it makes the site unusably
> slow. That's a *very* small percentage of users, though. Additionally, it
> makes the site slower for everyone, which may cause a decrease in viewers
> and/or editors.
> This is likely the most non-technical way I can explain things. I hope it
On Fri, Jun 7, 2013 at 11:39 AM, Benjamin Chen <bencmqwiki at gmail.com> wrote:
> On 8 Jun, 2013, at 12:24 AM, Matthew Roth <mroth at wikimedia.org> wrote:
> > We have had contact with the authors of the blog and they have said they
> > will publish our response to their article, though I'm not sure when or
> > what format.
> Great. That's really fast response.
> On the issue itself, we haven't seen any large scale blocks for years
> (around the time since last time Jimbo visited some Chinese official more
> than 4 or 5 years ago I think).
> The secure.wikimedia domain was blocked long ago, but they waited till now
> to block HTTPS, after 3 years? (I can't remember when it was enabled). I
> wonder how long it took for them to realise.
> It is suggested that this could be a long term block similar to how
> secure.wikimedia was blocked - for HTTPS they have no control over content,
> so they are simply blocking it all. For HTTP they are still performing deep
> package inspection (means content censoring), so since they can filter what
> the Chinese people can see, it's likely that they'll leave HTTP alone.
> Benjamin Chen / [[User:Bencmq]]
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Global Communications Manager
+1.415.839.6885 ext 6635
More information about the Wikimedia-l