Dear list members,
I read with interest the article on `Great canon'; and, as an immediate
stop-gap measure, recommend:
Policy: Advise every Wikipedia user to install `HTTPS Everywhere'.
Reference: <https://en.wikipedia.org/wiki/HTTPS_Everywhere>.
Sincerely Yours,
Kent
On Tue, Apr 14, 2015 at 8:01 AM, <wikitech-l-request(a)lists.wikimedia.org>
wrote:
Send Wikitech-l mailing list submissions to
wikitech-l(a)lists.wikimedia.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
or, via email, send a message with subject or body 'help' to
wikitech-l-request(a)lists.wikimedia.org
You can reach the person managing the list at
wikitech-l-owner(a)lists.wikimedia.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wikitech-l digest..."
Today's Topics:
1. Re: Another reason to consider forcing https (Ryan Lane)
----------------------------------------------------------------------
Message: 1
Date: Mon, 13 Apr 2015 13:27:13 -0700
From: Ryan Lane <rlane32(a)gmail.com>
To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>
Subject: Re: [Wikitech-l] Another reason to consider forcing https
Message-ID:
<CALKgCA2u2qWuNK9J7sPSN56_=Cpne_TKNUP_FFe=
XmNmOdS8BQ(a)mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Sat, Apr 11, 2015 at 7:44 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
On Apr 11, 2015 1:18 PM, "Pine W"
<wiki.pine(a)gmail.com> wrote:
https://citizenlab.org/2015/04/chinas-great-cannon/
Pine
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
A surprisingly bold move on China's part.
Im not sure if what is talked about applies directly to Wikipedia. Seems
the goal was to try to compel github to remove specific content "hostile"
to China's censorship interests, without china itself getting blocked,
which might happen if DDOS was comming entirely from China IPs (since
blocking github angers local programmers). To do that they needed to
intercept connections inbound to servers in China, which doesn't apply to
us as our servers are mostly in US (and despite various abuses of the NSA
so often talked about, it is hard to imagine the US would ever consider
so
blatently misusing other people's computers
in a ddos-via-mitm-js
attack).
Of course one never knows if future attacks might
target outbound
connections from China, or if some other group might try to do something
similar (again hard to imagine, and it seems like there are very few
entities other than China who could get away with this, but im still kind
of shocked that China did this)
-
The most interesting aspect of the report (imo) from the context of
Wikipedia is, to quote:
"The attack on GitHub specifically targeted these repositories, possibly
in
an attempt to compel GitHub to remove these
resources. GitHub encrypts
all
traffic using TLS, preventing a censor from only
blocking access to
specific GitHub pages. In the past, China attempted to block Github, but
the block was lifted within two days, following significant negative
reaction from local programmers."
So because github encrypted everything with https (and thus blocking is
an
all or nothing afair), and because it was very
popular, China was
unwilling
to block it entirely despite a small portion
being objectionable.
I don't really know what the status of wikipedia in China is, or how
popular it is, but its conceivable that we could be in a similar
position.
Food for thought.
The only reason we remain unblocked is because we don't force SSL.
Wikipedia is relatively unused in China. If it was blocked, there'd be no
major public outcry.
- Ryan
------------------------------
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
End of Wikitech-l Digest, Vol 141, Issue 24
*******************************************