There's a relevant research project outlined on Meta, about HTTPS:
https://meta.wikimedia.org/wiki/Research:Wikimedia_referrer_policy
Here's the "nutshell" description:
"Since we started switching to HTTPS and an increasing portion of inbound traffic happens over SSL, Wikimedia sites stopped advertising themselves as sources of referred traffic to external sites. While this is a literal implication of HTTPS, it means that Wikimedia's impact on traffic directed to other sites is becoming largely invisible: *is Wikimedia turning into a large source of dark traffic?* I review a use case (traffic directed to CrossRef) and discuss how other top web properties deal with this issue by adopting a so-called "Referrer Policy"."
I don't know anything about this beyond what I've read on Meta, but I think it offers some useful background for this discussion.
Pete -- Pete Forsyth [[User:Peteforsyth]] on English Wikipedia, Wikisource, Commons, etc.
On Tue, Mar 10, 2015 at 7:58 AM, Andrew Lih andrew.lih@gmail.com wrote:
Probably a good time for everyone to know about EFF's HTTPS Everywhere:
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today.
https://www.eff.org/https-everywhere
On Tue, Mar 10, 2015 at 10:02 AM, Johan Jönsson brevlistor@gmail.com wrote:
2015-03-10 13:26 GMT+01:00 Comet styles cometstyles@gmail.com:
for an organization taking on the NSA for "spying"..why are we using https? doesn't that show that we are already scared of them and running with our tail between our legs?
(For non-technical readers: the HTTP protocol is the normal way to send around information on the web. HTTPS is the secure way of sending said information, adding encryption among other things, to avoid
eavesdropping.)
HTTP traffic can easily be tracked by people sharing the same network, by your Internet service provider and so on. If one cares about privacy,
HTTPS
is always important. It's worth noting that the NSA is not the only government agency in the world. I'd be even more worried about a number
of
countries where there would be little chance to fight the intruding party in the courtroom.
Side note: you could probably track most HTTPS traffic to Wikipedia as well, even if you're not the NSA. Normally you would see that the user
has
accessed Wikipedia, but not which article. A way around that would be to let a spider (https://en.wikipedia.org/wiki/Web_crawler) track the byte size of Wikipedia articles, which should be individual enough as soon as images are involved and compare it to the size of the page the user just accessed. If two articles happen to be of exactly the same size, compare with incoming and outgoing wiki links and see if the user accessed any
page
linking to or linked from one the articles to determine which one. But it would at least take some sort of effort, and wouldn't be perfect.
//Johan Jönsson
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe