On 04/09/13 05:38, Terry Chay wrote: > This part of the discussion has strayed a bit far from the politics > of encryption. ;-) > > Not that it doesn't have value, but if I can bring it back on-topic > for a moment… > > The gist of the HTTPS issues is that it's simply not an engineering > discussion, it's a political one.
Yes, obviously, hence the subject line. > It's important to outline what our choices are and > the consequences of those choices, and derive consensus on what the > right choice is going forward, as it is clear what we have now[1] > is a temporary band-aid.[2] I don't think it is clear. We have a variety of options open to us, on a spectrum of appeasement versus protest. From the former to the latter, we have: 1. Make ourselves subject to Chinese law and do what they tell us to (i.e. open a datacentre in China). 2. Use a technical setup which implicitly cooperates with their existing system for censorship of foreign content (i.e. use unencrypted HTTP). 3. Use a technical setup which is inherently incompatible with the existing system of censorship, thus forcing the Chinese government to block us (i.e. use HTTPS). I don't see option 2 as a band-aid, I see it as a moderate path between appeasement and protest, which allows us to remain popular in China without explicitly supporting censorship, with minimal risk to our staff. Of course, it has its down sides. None of the three options are without risk to our users. Probably the most risky for our users is option 3, which encourages users to circumvent censorship, in violation of Chinese law. It turns our users into activists. There's nothing inherently wrong with activism, but I think we have an ethical responsibility to be fully aware of the risks we are encouraging our users to take, and also to understand the benefits which are likely to come from successful activism, so that we can decide whether the action we are inciting is rational and prudent. -- Tim Starling _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>