On Fri, Aug 23, 2013 at 5:33 PM, Risker <risker...@gmail.com> wrote: > As I said, Marc, there's already an offline discussion happening looking > for ways to effectively manage this without outright banning editors from > those geographical regions from serving Wikimedia communities. A decision > to prevent users from certain countries or with certain technical > challenges from holding these permissions is as much a policy issue as it > is a security issue (it's also a cross-wiki one), so that aspect needs to > be considered from a broad community perspective. >
It's statements like these that make me question whether the WMF actually cares about its users' privacy in the first place. There's some big talk on this list about "subverting the NSA" and making sure that users are secure within their accounts when using Wikipedia. But if you're not willing to actually do something about privacy, then it's just talk. It is completely unacceptable for checkusers in China to be logging in over an insecure connection. The Chinese government directly monitors these connections and can easily harvest these passwords en masse. I truly sympathize with Chinese Wikipedians who aspire to hold checkuser positions, but putting at risk the IP address information of every user on Wikipedia just for the sake of one person who wants to volunteer in a certain capacity is completely unacceptable. If a technical solution can be found that facilitates affected users being > able to securely use the tools, then the policy discussion would focus on > whether we require those editors to use the technical solution, instead of > recommending outright bans to granting advanced permissions to those > affected by HTTPS issues. Solutions are already being considered and > examined for this; granted, the discussion is occurring off-wiki so you > wouldn't have been aware. There is no technical solution, as has been discussed previously. The China firewall blocks all HTTPS connections. There is no legal method of getting around this. The only solution that would preserve both accessibility and security would be if Wikipedia implemented its own application level TLS protocol, which would be an absurd undertaking, and would probably just result in the Chinese government blocking Wikipedia completely anyway. You're going to have to choose: risk everybody's privacy or deny checkuser opportunities to people in China. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
