On 23 August 2013 18:13, Tyler Romeo <tylerro...@gmail.com> wrote: > On Fri, Aug 23, 2013 at 5:33 PM, Risker <risker...@gmail.com> wrote: > > > As I said, Marc, there's already an offline discussion happening looking > > for ways to effectively manage this without outright banning editors from > > those geographical regions from serving Wikimedia communities. A > decision > > to prevent users from certain countries or with certain technical > > challenges from holding these permissions is as much a policy issue as it > > is a security issue (it's also a cross-wiki one), so that aspect needs to > > be considered from a broad community perspective. > > > > It's statements like these that make me question whether the WMF actually > cares about its users' privacy in the first place. There's some big talk on > this list about "subverting the NSA" and making sure that users are secure > within their accounts when using Wikipedia. But if you're not willing to > actually do something about privacy, then it's just talk. >
> It is completely unacceptable for checkusers in China to be logging in over > an insecure connection. The Chinese government directly monitors these > connections and can easily harvest these passwords en masse. I truly > sympathize with Chinese Wikipedians who aspire to hold checkuser positions, > but putting at risk the IP address information of every user on Wikipedia > just for the sake of one person who wants to volunteer in a certain > capacity is completely unacceptable. > I'm not disagreeing with you about Checkusers (wherever they're from) needing to have secure connections when using the tools. If a community RFC was posted today, I would support that requirement. > > If a technical solution can be found that facilitates affected users being > > able to securely use the tools, then the policy discussion would focus on > > whether we require those editors to use the technical solution, instead > of > > recommending outright bans to granting advanced permissions to those > > affected by HTTPS issues. Solutions are already being considered and > > examined for this; granted, the discussion is occurring off-wiki so you > > wouldn't have been aware. > > > There is no technical solution, as has been discussed previously. The China > firewall blocks all HTTPS connections. There is no legal method of getting > around this. The only solution that would preserve both accessibility and > security would be if Wikipedia implemented its own application level TLS > protocol, which would be an absurd undertaking, and would probably just > result in the Chinese government blocking Wikipedia completely anyway. > > You're going to have to choose: risk everybody's privacy or deny checkuser > opportunities to people in China. > > There are other options. The question is whether or not they can be made to work in the MediaWiki/WMF circumstances. If you looked at the data collected to see where HTTPS attempts were unsuccessful, you'd see that there are editors in a lot of countries with issues (i.e., greater than 5% failure rates), and most of them are technical issues. Suddenly you're not just talking about a few projects, you're talking about dozens who may have difficulty getting CU/OS support internally. The people in our many overlapping MediaWiki and Wikimedia communities have come up with a lot of very creative solutions to problems that other sites haven't figured out or don't care enough to bother with. I have a lot of faith that some out of the box thinking might very well resolve this specific issue, and possibly open a gateway to solving the security issue for even larger groups. Risker/Anne _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l