On Mon, Oct 25, 2010 at 5:26 PM, George Herbert <george.herb...@gmail.com> wrote: > I for one only use secure.wikimedia.org; I would like to urge as a > general course that the Foundation switch to a HTTPS by default > strategy... > > It was necessary for Gmail; it's a really good idea for WMF.
Gmail typically contains things like credit card numbers, passwords, maybe state secrets if you pick the right person, lots of stuff that attackers would be highly motivated to steal. But there's basically nothing of significance you could get from taking over someone's Wikipedia account -- at most you could compromise an admin account (which is hard on open wi-fi, unless you get really lucky or are at a Wikimedia conference) and cause a small amount of havoc before getting desysopped and having all your vandalism undone. No profit motive, not likely to happen much. So I'd classify this as "nice to have", but not "a really good idea". _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
