On Tue, Aug 20, 2013 at 3:57 PM, Tyler Romeo tylerromeo@gmail.com wrote:
The lack of secure login on WMF wikis is a *major security issue*, and AFAIK is the biggest publicly known security issue in the site.
Indeed. For a Signpost article three years ago, I asked a security researcher (who had co-authored a comparative study of user password handling on 150 websites) about his recommendations for Wikipedia. "Making encrypted transmission of the password the default" was his foremost advice: https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2010-08-02/Techno...
It's excellent news that this issue is finally being resolved, even when there are exceptions and corner cases that need to be addressed.
All you need is some random checkuser to be using Wikipedia at a Starbucks, and all of a sudden the privacy policy of every single registered user is violated. There's big talk all around about "evading the NSA" and attempting to protect the privacy of our users, but it is literally impossible to protect users' privacy if we can't even protect their security in the first place. To re-iterate, privacy depends on security, and right now we have neither of them.
Furthermore, secure login is not a new idea. I've been fighting to get this feature enabled since October 2012 when the secure login functionality in MW core was finally fixed. Since then, HTTPS login has been deployed *twice*, but reverted once due to a bug with CentralAuth and once due the design team concerned about the login form. This will be the third attempt at deploying this in the past six months, so I don't know why this discussion had to start right now.