So, some ideas: As for the idea that we need to fix internet that's so bad it can't handle HTTPS for "technical reasons"; anything that's that broken is pretty hopeless to "fix" from the web server's end. Instead, consider: * provide support to groups working for improving internet access in areas with poor connectivity
And for the "some countries block our HTTPS" issue: * *actually support* use of Tor etc for editing, allowing folks "in the know" to work around the government blocks and use the site over HTTPS * provide support to groups working against government censorship of the internet * sponsor an official hosted-and-run-in-PRC censor-friendly mirror, and devise some way to migrate edits back This last would probably be controversial, but if we're serious about 'providing access to knowledge' in PRC, I suspect that's our best bet. Good news is, we're an open-source open-content project, and so this service could be launched *by anyone at any time*. Arguably, Baidupedia already beat us to this. -- brion On Fri, Aug 23, 2013 at 3:31 PM, Risker <risker...@gmail.com> wrote: > On 23 August 2013 18:13, Tyler Romeo <tylerro...@gmail.com> wrote: > > > On Fri, Aug 23, 2013 at 5:33 PM, Risker <risker...@gmail.com> wrote: > > > > > As I said, Marc, there's already an offline discussion happening > looking > > > for ways to effectively manage this without outright banning editors > from > > > those geographical regions from serving Wikimedia communities. A > > decision > > > to prevent users from certain countries or with certain technical > > > challenges from holding these permissions is as much a policy issue as > it > > > is a security issue (it's also a cross-wiki one), so that aspect needs > to > > > be considered from a broad community perspective. > > > > > > > It's statements like these that make me question whether the WMF actually > > cares about its users' privacy in the first place. There's some big talk > on > > this list about "subverting the NSA" and making sure that users are > secure > > within their accounts when using Wikipedia. But if you're not willing to > > actually do something about privacy, then it's just talk. > > > > > > It is completely unacceptable for checkusers in China to be logging in > over > > an insecure connection. The Chinese government directly monitors these > > connections and can easily harvest these passwords en masse. I truly > > sympathize with Chinese Wikipedians who aspire to hold checkuser > positions, > > but putting at risk the IP address information of every user on Wikipedia > > just for the sake of one person who wants to volunteer in a certain > > capacity is completely unacceptable. > > > > I'm not disagreeing with you about Checkusers (wherever they're from) > needing to have secure connections when using the tools. If a community > RFC was posted today, I would support that requirement. > > > > > > > If a technical solution can be found that facilitates affected users > being > > > able to securely use the tools, then the policy discussion would focus > on > > > whether we require those editors to use the technical solution, instead > > of > > > recommending outright bans to granting advanced permissions to those > > > affected by HTTPS issues. Solutions are already being considered and > > > examined for this; granted, the discussion is occurring off-wiki so you > > > wouldn't have been aware. > > > > > > There is no technical solution, as has been discussed previously. The > China > > firewall blocks all HTTPS connections. There is no legal method of > getting > > around this. The only solution that would preserve both accessibility and > > security would be if Wikipedia implemented its own application level TLS > > protocol, which would be an absurd undertaking, and would probably just > > result in the Chinese government blocking Wikipedia completely anyway. > > > > You're going to have to choose: risk everybody's privacy or deny > checkuser > > opportunities to people in China. > > > > > There are other options. The question is whether or not they can be made to > work in the MediaWiki/WMF circumstances. If you looked at the data > collected to see where HTTPS attempts were unsuccessful, you'd see that > there are editors in a lot of countries with issues (i.e., greater than 5% > failure rates), and most of them are technical issues. Suddenly you're not > just talking about a few projects, you're talking about dozens who may have > difficulty getting CU/OS support internally. > > The people in our many overlapping MediaWiki and Wikimedia communities have > come up with a lot of very creative solutions to problems that other sites > haven't figured out or don't care enough to bother with. I have a lot of > faith that some out of the box thinking might very well resolve this > specific issue, and possibly open a gateway to solving the security issue > for even larger groups. > > Risker/Anne > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l