[Wikimedia-l] Wikimedia and the politics of encryption

Marc A. Pelletier marc at uberbox.org
Mon Sep 2 16:43:17 UTC 2013


On 09/02/2013 12:08 PM, MZMcBride wrote:
> What information, exactly, are we trying to prevent
> governments from getting ahold of?

There are three such things, in (my personal) order of importance:

1) credentials, especially those of editors that have rights allowing
further privacy encroachments (i.e., checkuser, oversight, even sysop to
some degree);

2) association between user account and person (this one is /especially/
difficult to hide to a determined attacker that can do whole-network
monitoring); and

3) what users are interested in (reading), whether logged in or not.

But I should also add that governments are most certainly not the only
entity we are trying to protect against; anyone in a position of
authority - or who would like to position themselves as such - are
potential attackers that might like to collect information to use
against their targets.  This means employers, schools, parents, and
multitude others.

Governments seem the most salient mostly because they have the capacity
to do so on a massive scale; but to me scenarios like a fellow student
doing a tcpdump in the lab to find "dirt" to use against someone is at
least as important to protect against.

All of those three points are greatly countered with *uniform*
encryption at the network level (ranging from "solved" for the amateur
attackers to "vastly increased cost and complexity of mass monitoring"
for the bigger ones).

-- Marc




More information about the Wikimedia-l mailing list