[Wikimedia-l] Wikimedia and the politics of encryption

Wed Sep 4 14:46:27 UTC 2013

Tim sets out some excellent points; in particular it's a good reminder that
there is a continuum of options.

I've tended to advocate on the protest side of things, but I would like to
posit another option: we don't have to operate *everything* under the
auspices of Wikimedia Foundation, Inc (a Florida not-for-profit
corporation).

Our organizational goal is not "make Wikipedia.org a popular web site in
all countries", it's to make knowledge available to everyone in their own
language.

I would love to see Wikipedia content made available in China on Chinese
infrastructure operated by a Chinese organization, with total ability to
determine their own security and censorship policies.

"But that's what Baidu did and we hate them!" you say?

We could work *with* such an organization to coordinate, share content,
etc, without compromising basic web security for our sites or giving up our
liberal content policies on Wikipedia "proper".

I know this runs counter to our group tendency to centralization but we
should remember that Open Content is *meant* to be distributed and
redistributable. Centralization is often convenient but shouldn't be
mandatory.

-- brion
 On Sep 3, 2013 8:22 PM, "Tim Starling" <tstarling at wikimedia.org> wrote:

> On 04/09/13 05:38, Terry Chay wrote:
> > This part of the discussion has strayed a bit far from the politics
> > of encryption. ;-)
> >
> > Not that it doesn't have value, but if I can bring it back on-topic
> > for a moment…
> >
> > The gist of the HTTPS issues is that it's simply not an engineering
> > discussion, it's a political one.
>
> Yes, obviously, hence the subject line.
>
> > It's important to outline what our choices are and
> > the consequences of those choices, and derive consensus on what the
> > right choice is going forward, as it is clear what we have now[1]
> > is a temporary band-aid.[2]
>
> I don't think it is clear. We have a variety of options open to us, on
> a spectrum of appeasement versus protest. From the former to the
> latter, we have:
>
> 1. Make ourselves subject to Chinese law and do what they tell us to
> (i.e. open a datacentre in China).
> 2. Use a technical setup which implicitly cooperates with their
> existing system for censorship of foreign content (i.e. use
> unencrypted HTTP).
> 3. Use a technical setup which is inherently incompatible with the
> existing system of censorship, thus forcing the Chinese government to
> block us (i.e. use HTTPS).
>
> I don't see option 2 as a band-aid, I see it as a moderate path
> between appeasement and protest, which allows us to remain popular in
> China without explicitly supporting censorship, with minimal risk to
> our staff. Of course, it has its down sides.
>
> None of the three options are without risk to our users. Probably the
> most risky for our users is option 3, which encourages users to
> circumvent censorship, in violation of Chinese law. It turns our users
> into activists.
>
> There's nothing inherently wrong with activism, but I think we have an
> ethical responsibility to be fully aware of the risks we are
> encouraging our users to take, and also to understand the benefits
> which are likely to come from successful activism, so that we can
> decide whether the action we are inciting is rational and prudent.
>
> -- Tim Starling
>
>
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-request at lists.wikimedia.org?subject=unsubscribe>