[Wikimedia-l] Blocking of HTTPS connection by China

Anthony wikimail at inbox.org
Sat Jun 8 13:38:07 UTC 2013


This response seems to miss the fact that, in this particular case,
censorship is being accomplished through eavesdropping.


On Fri, Jun 7, 2013 at 6:24 PM, Matthew Roth <mroth at wikimedia.org> wrote:

> Hi all,
> I wanted to share a clarifying email from Ryan Lane in WMF Ops. He's
> working through the challenges of HTTPS from the Foundation's end.
>
> Please see below for more details:
>
> -Matthew
>
> On Fri, Jun 7, 2013 at 2:31 PM, Ryan Lane <rlane at wikimedia.org> wrote:
>
> > How does it impact people? Short answer: it shouldn't. Long answer: It
> may
> > make the site slightly slower due to increased network latency, and it is
> > slightly more computationally expensive, which may make the site slower
> on
> > computers that are underpowered.
> >
> > How does it impact the WMF? It depends. For enabling it for logged-in
> > users, or for those that use HTTPS-anywhere? It doesn't affect us,
> because
> > that's the state we're in right now. For making HTTPS the default for
> > anonymous users? We need to change how our infrastructure works. We may
> > need to buy additional hardware. We definitely need to do some
> engineering
> > work.
> >
> > How does it impact the government's ability to apply censorship? Short
> > answer: it doesn't. It affects their ability to eavesdrop on people. Long
> > answer: It depends on how sophisticated the government's censorship
> program
> > is. In some countries the government's censorship program can be totally
> > bypassed using HTTPS. China's program is very sophisticated. The best
> HTTPS
> > is going to help the Chinese is to give them a reasonable amount of
> > protection against eavesdropping. It's still possible for China to
> > eavesdrop, even when users are using HTTPS, if China has subverted any of
> > the Certificate Authorities trusted by our browsers.
> >
> > Are there negative sides of each choice? Yes. Not providing HTTPS means
> > that users will always be subject to eavesdropping, which in very
> > authoritative countries could mean they are imprisoned or killed for
> > reading or editing Wikipedia, depending on what they are reading or
> > editing. Realistically not making HTTPS the default is similar to not
> > providing it for all intents and purposes. Search engines will bring
> people
> > to the HTTP version of the site, not the HTTPS version so the vast
> majority
> > of users will still be able to be eavesdropped on. Making HTTPS the
> default
> > also has negatives. A very small minority of users don't have HTTPS
> > support, or their computers are so old that it makes the site unusably
> > slow. That's a *very* small percentage of users, though. Additionally, it
> > makes the site slower for everyone, which may cause a decrease in viewers
> > and/or editors.
> >
> > This is likely the most non-technical way I can explain things. I hope it
> > helps!
> >
>
>
> On Fri, Jun 7, 2013 at 11:39 AM, Benjamin Chen <bencmqwiki at gmail.com>
> wrote:
>
> > On 8 Jun, 2013, at 12:24 AM, Matthew Roth <mroth at wikimedia.org> wrote:
> >
> > > We have had contact with the authors of the blog and they have said
> they
> > > will publish our response to their article, though I'm not sure when or
> > in
> > > what format.
> >
> > Great. That's really fast response.
> >
> > On the issue itself, we haven't seen any large scale blocks for years
> > (around the time since last time Jimbo visited some Chinese official more
> > than 4 or 5 years ago I think).
> >
> > The secure.wikimedia domain was blocked long ago, but they waited till
> now
> > to block HTTPS, after 3 years? (I can't remember when it was enabled). I
> > wonder how long it took for them to realise.
> >
> > It is suggested that this could be a long term block similar to how
> > secure.wikimedia was blocked - for HTTPS they have no control over
> content,
> > so they are simply blocking it all. For HTTP they are still performing
> deep
> > package inspection (means content censoring), so since they can filter
> what
> > the Chinese people can see, it's likely that they'll leave HTTP alone.
> >
> >
> > Regards,
> >
> > Benjamin Chen / [[User:Bencmq]]
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
>
>
>
> --
>
> Matthew Roth
> Global Communications Manager
> Wikimedia Foundation
> +1.415.839.6885 ext 6635
> www.wikimediafoundation.org
> *http://blog.wikimedia.org/*
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>


More information about the Wikimedia-l mailing list