Ryan Lane wrote:
>...
> Assuming traffic analysis can be used to determine your browsing
> habits as they are occurring (which is likely not terribly hard for Wikipedia)
The Google Maps example you linked to works by building a huge
database of the exact byte sizes of satellite image tiles. Are you
suggesting that we could fingerprint articles by their sizes and/or
the sizes of the images they load?
But if so, in your tweet you said padding wouldn't help. But padding
would completely obliterate that size information, wouldn't it?
With the NSA revelations over the past months, there has been some very
questionable information starting to circulate suggesting that trying to
implement perfect forward secrecy for https web traffic isn't worth the
effort. I am not sure of the provenance of these reports, and I would like
to see a much more thorough debate on their accuracy or lack thereof. Here
is an example:
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse
As my IETF RFC coauthor Harald Alvestrand told me: "The stuff about 'have
to transmit the session key I the clear' is completely bogus, of course.
That's what Diffie-Hellman is all about."
Ryan Lane tweeted yesterday: "It's possible to determine what you've been
viewing even with PFS. And no, padding won't help." And he wrote on today's
Foundation blog post, "Enabling perfect forward secrecy is only useful if
we also eliminate the threat of traffic analysis of HTTPS, which can be
used to detect a user’s browsing activity, even when using HTTP," citing
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
It is not at all clear to me that discussion pertains to PFS or Wikimedia
traffic in any way.
I strongly suggest that the Foundation contract with well-known independent
reputable cryptography experts to resolve these questions. Tracking and
correcting misinformed advice, perhaps in cooperation with the EFF, is just
as important.
Hi all,
The Wikimedia Foundation and the Individual Engagement Grants Committee
invite you to submit proposals for grants of up to $30,000 to support
6-month projects that improve the Wikimedia community. These grants fund
individuals or small teams to organize, build, create, research or
facilitate something that enhances the work of Wikimedia’s volunteers.
The deadline to submit a proposal for this round is 30 September 2013:
https://meta.wikimedia.org/wiki/Grants:IEG
We’re also seeking new committee members to help review and recommend
proposals for funding. The round 2 committee will be finalized 31 August
2013:
https://meta.wikimedia.org/wiki/Grants:IEG/Committee
You can read more about what the previous round of grantees have been
working on here:
https://blog.wikimedia.org/2013/08/01/ieg-learnings-call-new-proposals/
Hope to have your participation!
Best wishes,
Siko
--
Siko Bouterse
Head of Individual Engagement Grants
Wikimedia Foundation, Inc.
sbouterse(a)wikimedia.org
*Imagine a world in which every single human being can freely share in the
sum of all knowledge. *
*Donate <https://donate.wikimedia.org> or click the "edit" button today,
and help us make it a reality!*
Dear all,
The next WMF metrics and activities meeting will take place on Thursday,
August 1, 2013 at 6:00 PM UTC (11 AM PDT). The IRC channel is
#wikimedia-office on irc.freenode.net and the meeting will be broadcast as
a live YouTube stream.
The current structure of the meeting is:
* Review of key metrics including the monthly report card, but also
specialized reports and analytics
* Review of financials
* Welcoming recent hires
* Brief presentations on recent projects, with a focus on highest priority
initiatives
* Update and Q&A with the Executive Director, if available
Please review
https://meta.wikimedia.org/wiki/Metrics_and_activities_meetings for further
information about how to participate.
We’ll post the video recording publicly after the meeting.
Thank you,
Praveena
--
Praveena Maharaj
Executive Assistant to the VP of Engineering and Product Development
+1 (415) 839 6885 ext. 6689
www.wikimedia.org
I know I've been critical of Zack Exley for technical reasons over the
past year, but I think very highly of him as a person. If I was
recruiting colonists for an interstellar colonization mission, he
would likely be in the top 100 based on his accomplishments,
orientation, drive, and social skills alone.
But even if he weren't, his new project is outstandingly spectacular
on its own merits, and I want to urge everyone reading this in or from
the U.S. to sign up and join it:
http://www.fivethirtysix.org/
I predict that anyone with even a passing interest in U.S. politics
who doesn't follow FiveThirtySix will first regret it, and then end up
following it afterwards to prevent further such regret.
Also, congratulations to Megan and Lisa!
Sincerely,
James Salsman
Nathan wrote:
>
>... It seems that most of the data they
> collect is wiped within 3 days; that the data itself can only be
> analyzed under a fairly specific set of minimization rules....
Are you referring to the 2009 Holder minimization rules which per
http://m.newyorker.com/online/blogs/closeread/2013/06/how-many-americans-do…
sharing records on anyone who has ever sent or received email or
chat from a foreign national with the FBI, or the more recent "three hop"
minimization rules which require permanent storage of the records
pertaining to the roughly one billion people who are connected to people
connected to people connected with suspects?
I think it's more reasonable to assume that
> Wikipedia (which shares many features with Google, Yahoo, Twitter,
Facebook and other social networks) has been the subject of this kind
of demand than that it hasn't. No one with direct knowledge would be
able to do anything other than deny it, but we can easily see why data
held by Wikipedia (including partially anonymized e-mails, file
> uploads, talk page communication, etc.) would be of interest to
> intelligence agencies.
The capacity of the Wikimedia Foundation to keep a secret of this nature
is low. Simply too many outlaws; something NSA could probably figure out;
they are not called intelligence for nothing.
Fred
Changed "law" to "low"