On 21 August 2013 00:08, Marc A. Pelletier <marc(a)uberbox.org> wrote:
On 08/20/2013 11:05 PM, Risker wrote:
Perhaps then you might want to re-familiarize
yourself with the WMF's
policy on political advocacy
I'm sorry Risker, but you've got this backwards. Making a long-overdue
/minimal/ fix to our login process is not political advocacy.
Compromising the security and privacy of our editors for the sake of a
government's censorship policies, *is*.
The mandatory use of HTTPS outside of a limited number of countries where
we know the editors will be blocked is not what I am talking about. I was
responding to Erik's political manifesto about censorship. I have no
problems with the core concept here.
The very idea that editors with checkuser or oversight might even be
*able* to login in cleartext over an Internet we *know* is monitored by
entities that are demonstrably hostile to privacy is worrying enough on
its own without introducing additional flaws in the process.
I don't even agree that an exception should be made to allow cleartext
logins from regions which are even *more* hostile to privacy than the
United States; and I would have advocated that no account with bits
should be allowed to do so regardless of location.
Well, you're not alone there. But that is an entirely different
discussion. You want to take up security of accounts with "bits", Chris
Stiepp is thataway.
Nevertheless, engineering has been bending over backwards to accommodate
as many editors with crippled Internet access as is possible; inventing
bogeymen and quoting misapplied bits of policy around ("promotional
use"? Really?) is an extraordinary show of bad faith.
-
Again, I was not referring to the core concept here. Read Erik's last
paragraph again: it is a political manifesto, and something I would not
have expected from the #2 of Wikimedia Foundation leadership in the middle
of a technical discussion. I don't entirely disagree with him, but it's
not in line with the mission and vision of the Foundation itself, which is
unsupportive of using technical means to prevent good-faith contributions.
Risker