[Wikimedia-l] Wikimedia and the politics of encryption

classic Classic list List threaded Threaded
41 messages Options
123
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Wikimedia and the politics of encryption

Erik Moeller-4
Hi folks,

As many of you know, this week we enabled HTTPS for logged-in users of
Wikimedia projects. See:

https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/

We have geographically exempted users geo-located to China or Iran
from this [1], because these countries mostly block HTTPS traffic and
requiring HTTPS for logged-in users would make it impossible for users
in these countries to log in.

Long term, we’d like to increase HTTPS coverage further, initially by
marking the HTTPS versions of our pages as "canonical", which would
cause search engines to refer to them instead of the unencrypted
content. This would make issues with countries that block HTTPS
traffic even more complex to deal with.

HTTPS for editors is important because it is otherwise trivial to
sniff account credentials, especially when users use unencrypted
connections such as open wireless networks. This could potentially
enable an attacker to gain access to an account with significant
privileges, such as checkuser credentials. Beyond that, HTTPS makes it
harder for attackers (individuals, organizations, governments) to
monitor user behavior of readers and editors. It’s not perfect by any
means, but it’s a step towards more privacy and security.

There are many sites on the web now that use HTTPS for all
transactions. For example, Twitter and Facebook use HTTPS by default.
Both sites are also completely blocked in mainland China. [2]

Disabling HTTPS-by-default in regions where HTTPS is blocked for
political reasons of course also exposes affected users to monitoring
and credentials-theft -- which is likely part of the political
motivation for blocking it in the first place. Therefore, our current
exemption is an explicit choice to _not_ give users a degree of
security that we give to everyone else, for the simple reason that
their government would otherwise completely limit their access.

If they know how to make HTTPS work in their region, these users will
still be able to use it by explicitly visiting the HTTPS URLs or use
an extension such as HTTPSEverywhere to enforce HTTPS usage.

In the long term, the Wikimedia movement is faced with a choice, which
is inherently political: Should we indefinitely sustain security
exceptions for regions that prevent the use of encryption, or should
we shift to an alternative strategy? How do we answer that question?

We can, of course, ask users in the affected countries. Given that
this may lead to degradation or loss of access, users are likely to be
opposed, and indeed, when plans to expand HTTPS usage were announced,
a group of Chinese Wikipedians published an open letter asking for
exemptions to be implemented:

https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86%E7%99%BB%E5%BD%95/openletter

This was a big part of what drove the decision to implement exemptions.

The bigger consideration here, however, is whether any such
accommodation achieves positive or negative long term effects. The
argument against it goes like this: If we accommodate the PRC’s or
Iran’s censorship practices, we are complicit in their attempts to
monitor and control their citizenry. If a privileged user’s
credentials (e.g. Checkuser) are misused by the government through
monitoring of unencrypted traffic, for example, this is an action that
would not have been possible without our exemption. This could
potentially expose even users not in the affected country to risks.

Moreover, Wikimedia is not just any website -- it’s a top 5 web
property, and the only non-profit organization among the top sites.
Our actions can have signalling effects on the rest of the web. By
exempting China and Iran from standard security measures, we are
treating them as part of the global web community. It could be argued
that it’s time to draw a line in the sand - if you’re prohibiting the
use of encryption, you’re effectively not part of the web. You’re
subverting basic web technologies.

Drawing this hard line clearly has negative near term effects on the
citizenry of affected countries. But the more the rest of the world
comes together in saying "What you are doing is wrong. Stop it." - the
harder it will be for outlier countries to continue doing it.  Another
way to pose the question is: Would we be implementing these exemptions
if China had blocked HTTPS traffic well after we switched to HTTPS?

Moreover, we’re not helpless against censorship. There _are_ effective
tools that can be used to circumvent attempts to censor and control
the Internet. Perhaps it is time for WMF to ally with the
organizations that develop and promote such tools, rather than looking
for ways to guarantee basic site operation in hostile environments
even at the expense of user privacy.

So, what to do? My main suggestion is to organize a broad request for
comments and input on possible paths forward. I think we’re doing the
right thing by initially implementing these exemptions -- but I do
think this decision needs to finally rest with the Board of the
Wikimedia Foundation, based on community input, taking the tradeoffs
into account.

My own stance, which I will continue to argue for (and which is my
view as an individual -- there are many divergent opinions on this
even inside WMF), is clear: I think we should set a deadline for the
current approach, and shift to HTTPS for all traffic, for all sites,
for all users, by default, after that deadline passes. This will force
us to take the consequences of that shift seriously, and to explore
alternatives to designing our technical policies around the practices
of regimes that undermine web security in order to better censor and
monitor their citizens.

All best,

Erik

[1] For the curious, the list of blacklisted countries is defined in
the configuration array 'wmgHTTPSBlacklistCountries’ in
https://noc.wikimedia.org/conf/InitialiseSettings.php.txt .

[2] A reasonably up-to-date list is being maintained at
https://en.wikipedia.org/wiki/List_of_websites_blocked_in_China

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Emmanuel Engelhart-5
Le 31/08/2013 07:17, Erik Moeller a écrit :
> We can, of course, ask users in the affected countries. Given that
> this may lead to degradation or loss of access, users are likely to be
> opposed, and indeed, when plans to expand HTTPS usage were announced,
> a group of Chinese Wikipedians published an open letter asking for
> exemptions to be implemented:
>
> https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86%E7%99%BB%E5%BD%95/openletter
>
> This was a big part of what drove the decision to implement exemptions.

This attitude seems to be, on a first look, the most logical and
respectful one.

But, I want to be remember, that the risk perception is often not
proportional *at all* to the risk itself. In daily life, many risks are
suppressed because the imagination of a constant threat would paralyse
all activities. So, this feedback from the Chinese community should be
handled carefully.

I tend myself to think that deploying HTTPS everywhere and force its
usage is the best long term approach.

However, this is without any doubt, a difficult dilemma.

Emmanuel
--
Kiwix - Wikipedia Offline & more
* Web: http://www.kiwix.org
* Twitter: https://twitter.com/KiwixOffline
* more: http://www.kiwix.org/wiki/Communication

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Denny Vrandečić
In reply to this post by Erik Moeller-4
There are three groups to consider, readers, contributors without and
contributors with specific rights that allow them access to data which is
not publicly visible anyway:

For readers: Readers will not have reduced access to knowledge. I think
that runs against our mission. There are a number of possible reactions:
1) nothing, and the readers cannot access this knowledge anymore
2) readers move to alternatives like Baidu Knows
3) an HTTP proxy will be set up by a third party, giving access to readers
without the supervision and guidance of the WMF, and potentially with
technical and even more serious security issues
What is the advantage for readers to not have access to the HTTP version?

For contributors without specific rights:
 1) what they do is publicly visible anyway, and logged. What is in danger
is the connection between them and their login. Would HTTPS help with that?
2) most of these contributors do not touch sensitive issues. Why block them
out? For what advantage?

For contributors with specific rights:
1) HTTPS only. Putting the contributors themselves in risk is bad enough,
but compromising further contributors is not acceptable.
2) How many would be affected by this anyway? I would be pleasantly
surprised if it is more than a handful.

I think this is an important and hard discussion, and I hope for wide
participation. Thank you Erik, for starting it.

Cheers,
Denny



2013/8/31 Erik Moeller <[hidden email]>

> Hi folks,
>
> As many of you know, this week we enabled HTTPS for logged-in users of
> Wikimedia projects. See:
>
>
> https://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/
>
> We have geographically exempted users geo-located to China or Iran
> from this [1], because these countries mostly block HTTPS traffic and
> requiring HTTPS for logged-in users would make it impossible for users
> in these countries to log in.
>
> Long term, we’d like to increase HTTPS coverage further, initially by
> marking the HTTPS versions of our pages as "canonical", which would
> cause search engines to refer to them instead of the unencrypted
> content. This would make issues with countries that block HTTPS
> traffic even more complex to deal with.
>
> HTTPS for editors is important because it is otherwise trivial to
> sniff account credentials, especially when users use unencrypted
> connections such as open wireless networks. This could potentially
> enable an attacker to gain access to an account with significant
> privileges, such as checkuser credentials. Beyond that, HTTPS makes it
> harder for attackers (individuals, organizations, governments) to
> monitor user behavior of readers and editors. It’s not perfect by any
> means, but it’s a step towards more privacy and security.
>
> There are many sites on the web now that use HTTPS for all
> transactions. For example, Twitter and Facebook use HTTPS by default.
> Both sites are also completely blocked in mainland China. [2]
>
> Disabling HTTPS-by-default in regions where HTTPS is blocked for
> political reasons of course also exposes affected users to monitoring
> and credentials-theft -- which is likely part of the political
> motivation for blocking it in the first place. Therefore, our current
> exemption is an explicit choice to _not_ give users a degree of
> security that we give to everyone else, for the simple reason that
> their government would otherwise completely limit their access.
>
> If they know how to make HTTPS work in their region, these users will
> still be able to use it by explicitly visiting the HTTPS URLs or use
> an extension such as HTTPSEverywhere to enforce HTTPS usage.
>
> In the long term, the Wikimedia movement is faced with a choice, which
> is inherently political: Should we indefinitely sustain security
> exceptions for regions that prevent the use of encryption, or should
> we shift to an alternative strategy? How do we answer that question?
>
> We can, of course, ask users in the affected countries. Given that
> this may lead to degradation or loss of access, users are likely to be
> opposed, and indeed, when plans to expand HTTPS usage were announced,
> a group of Chinese Wikipedians published an open letter asking for
> exemptions to be implemented:
>
>
> https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86%E7%99%BB%E5%BD%95/openletter
>
> This was a big part of what drove the decision to implement exemptions.
>
> The bigger consideration here, however, is whether any such
> accommodation achieves positive or negative long term effects. The
> argument against it goes like this: If we accommodate the PRC’s or
> Iran’s censorship practices, we are complicit in their attempts to
> monitor and control their citizenry. If a privileged user’s
> credentials (e.g. Checkuser) are misused by the government through
> monitoring of unencrypted traffic, for example, this is an action that
> would not have been possible without our exemption. This could
> potentially expose even users not in the affected country to risks.
>
> Moreover, Wikimedia is not just any website -- it’s a top 5 web
> property, and the only non-profit organization among the top sites.
> Our actions can have signalling effects on the rest of the web. By
> exempting China and Iran from standard security measures, we are
> treating them as part of the global web community. It could be argued
> that it’s time to draw a line in the sand - if you’re prohibiting the
> use of encryption, you’re effectively not part of the web. You’re
> subverting basic web technologies.
>
> Drawing this hard line clearly has negative near term effects on the
> citizenry of affected countries. But the more the rest of the world
> comes together in saying "What you are doing is wrong. Stop it." - the
> harder it will be for outlier countries to continue doing it.  Another
> way to pose the question is: Would we be implementing these exemptions
> if China had blocked HTTPS traffic well after we switched to HTTPS?
>
> Moreover, we’re not helpless against censorship. There _are_ effective
> tools that can be used to circumvent attempts to censor and control
> the Internet. Perhaps it is time for WMF to ally with the
> organizations that develop and promote such tools, rather than looking
> for ways to guarantee basic site operation in hostile environments
> even at the expense of user privacy.
>
> So, what to do? My main suggestion is to organize a broad request for
> comments and input on possible paths forward. I think we’re doing the
> right thing by initially implementing these exemptions -- but I do
> think this decision needs to finally rest with the Board of the
> Wikimedia Foundation, based on community input, taking the tradeoffs
> into account.
>
> My own stance, which I will continue to argue for (and which is my
> view as an individual -- there are many divergent opinions on this
> even inside WMF), is clear: I think we should set a deadline for the
> current approach, and shift to HTTPS for all traffic, for all sites,
> for all users, by default, after that deadline passes. This will force
> us to take the consequences of that shift seriously, and to explore
> alternatives to designing our technical policies around the practices
> of regimes that undermine web security in order to better censor and
> monitor their citizens.
>
> All best,
>
> Erik
>
> [1] For the curious, the list of blacklisted countries is defined in
> the configuration array 'wmgHTTPSBlacklistCountries’ in
> https://noc.wikimedia.org/conf/InitialiseSettings.php.txt .
>
> [2] A reasonably up-to-date list is being maintained at
> https://en.wikipedia.org/wiki/List_of_websites_blocked_in_China
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>




--
Project director Wikidata
Wikimedia Deutschland e.V. | Obentrautstr. 72 | 10963 Berlin
Tel. +49-30-219 158 26-0 | http://wikimedia.de

Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e.V.
Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter
der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für
Körperschaften I Berlin, Steuernummer 27/681/51985.
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

MZMcBride-2
In reply to this post by Erik Moeller-4
Erik Moeller wrote:
>So, what to do? My main suggestion is to organize a broad request for
>comments and input on possible paths forward. I think we’re doing the
>right thing by initially implementing these exemptions -- but I do
>think this decision needs to finally rest with the Board of the
>Wikimedia Foundation, based on community input, taking the tradeoffs
>into account.

Thanks for writing out these thoughts. A broad request for comments and
input seems reasonable, though there seems to be quite a bit of work
needed to get ready to begin such a discussion.

>My own stance, which I will continue to argue for (and which is my
>view as an individual -- there are many divergent opinions on this
>even inside WMF), is clear: I think we should set a deadline for the
>current approach, and shift to HTTPS for all traffic, for all sites,
>for all users, by default, after that deadline passes. This will force
>us to take the consequences of that shift seriously, and to explore
>alternatives to designing our technical policies around the practices
>of regimes that undermine web security in order to better censor and
>monitor their citizens.

I think it would help the conversation to have more data. Everybody knows
that there are over a billion people in China. However, how many people
globally can't use HTTPS (for whatever reason)? What is that breakdown by
country? How many users have opted out of HTTPS via user preference?

There's merit to the idea of ignoring user-hostile countries such as Iran
and China and cutting them off: certainly it's a mess of their own making.
But it seems to me that this idea is orthogonal to the idea that Wikimedia
needs to make a political point, engage in political advocacy, or take a
stand. Wikimedia is in the business of spreading free educational content.
It seems to me that getting involved in politics leads down a perilous
path that could ultimately destroy Wikimedia.

Of course, we've already decided to act by specifically exempting certain
countries from the new HTTPS requirement. But there might be a strong
contingent of users in the community that feels we should stop exempting
countries (i.e., treat everybody the same), but also _not_ be involved in
attempting to subvert whichever government monitoring we feel is most
egregious. While we can pretend as though it's only China and Iran, many
countries are spying on their own people at various levels.

And it becomes a question of cost versus benefit, much like everything
else that Wikimedia decides to work on. There's a very public trail of any
edits that you make. What information, exactly, are we trying to prevent
governments from getting ahold of? I think a stronger, clearer case for
what benefits Wikimedia will see would help justify (or help eliminate)
some of the proposed costs.

Both the community and the Board need to think about these questions and
their answers and ultimately address how to move forward.

MZMcBride



_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Marc-Andre
On 09/02/2013 12:08 PM, MZMcBride wrote:
> What information, exactly, are we trying to prevent
> governments from getting ahold of?

There are three such things, in (my personal) order of importance:

1) credentials, especially those of editors that have rights allowing
further privacy encroachments (i.e., checkuser, oversight, even sysop to
some degree);

2) association between user account and person (this one is /especially/
difficult to hide to a determined attacker that can do whole-network
monitoring); and

3) what users are interested in (reading), whether logged in or not.

But I should also add that governments are most certainly not the only
entity we are trying to protect against; anyone in a position of
authority - or who would like to position themselves as such - are
potential attackers that might like to collect information to use
against their targets.  This means employers, schools, parents, and
multitude others.

Governments seem the most salient mostly because they have the capacity
to do so on a massive scale; but to me scenarios like a fellow student
doing a tcpdump in the lab to find "dirt" to use against someone is at
least as important to protect against.

All of those three points are greatly countered with *uniform*
encryption at the network level (ranging from "solved" for the amateur
attackers to "vastly increased cost and complexity of mass monitoring"
for the bigger ones).

-- Marc


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Victor Grigas
In reply to this post by Emmanuel Engelhart-5
I think that we should make a policy of https by default and grandfather-in
(https://en.wikipedia.org/wiki/Grandfather_clause)  exceptions to Iran and
PRC, reason being that

1. We should not exclude whole groups of existing Wikipedians simply
because of the government they happen to live within the jurisdiction of.

2. Any time anyone else says "wait well *they* have no https! What gives?
Why can't we have that?" We could cite the grandfathered-in nature of the
rule, and how we want to grant access to as many people as possible.

We could also say that grandfathered-in places would lose their status
permanently should the community of Wikipedians in such places decide to
change the http/https status.

On Aug 31, 2013, at 1:07 AM, Emmanuel Engelhart <[hidden email]> wrote:

> Le 31/08/2013 07:17, Erik Moeller a écrit :
>> We can, of course, ask users in the affected countries. Given that
>> this may lead to degradation or loss of access, users are likely to be
>> opposed, and indeed, when plans to expand HTTPS usage were announced,
>> a group of Chinese Wikipedians published an open letter asking for
>> exemptions to be implemented:
>>
>>
https://zh.wikipedia.org/wiki/Wikipedia:%E5%BC%BA%E5%88%B6%E5%8A%A0%E5%AF%86%E7%99%BB%E5%BD%95/openletter

>>
>> This was a big part of what drove the decision to implement exemptions.
>
> This attitude seems to be, on a first look, the most logical and
> respectful one.
>
> But, I want to be remember, that the risk perception is often not
> proportional *at all* to the risk itself. In daily life, many risks are
> suppressed because the imagination of a constant threat would paralyse
> all activities. So, this feedback from the Chinese community should be
> handled carefully.
>
> I tend myself to think that deploying HTTPS everywhere and force its
> usage is the best long term approach.
>
> However, this is without any doubt, a difficult dilemma.
>
> Emmanuel
> --
> Kiwix - Wikipedia Offline & more
> * Web: http://www.kiwix.org
> * Twitter: https://twitter.com/KiwixOffline
> * more: http://www.kiwix.org/wiki/Communication
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Tim Starling-2
In reply to this post by Erik Moeller-4
On 31/08/13 15:17, Erik Moeller wrote:
> It could be argued
> that it’s time to draw a line in the sand - if you’re prohibiting the
> use of encryption, you’re effectively not part of the web. You’re
> subverting basic web technologies.

China is not prohibiting encryption. They're prohibiting specific
instances of encryption which facilitate circumvention of censorship.

> So, what to do? My main suggestion is to organize a broad request for
> comments and input on possible paths forward.

OK, well there's one fairly obvious solution which hasn't been
proposed or discussed. It would allow the end-to-end encryption and
would allow us to stay as popular in China as we are now.

We could open a data centre in China, send frontend requests from
clients in China to that data centre, and comply with local censorship
and surveillance as required to continue such operation.

It would be kind of like the cooperation we give to the US government
at the moment, except specific to readers in China instead of imposed
on everyone in the world.

It would allow WMF to monitor censorship and surveillance by being in
the request loop. It would give WMF greater influence over local
policy, because our staff would be in direct contact with their staff.
We would be able to deliver clear error messages in place of censored
content, instead of a connection reset.

-- Tim Starling


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Gerard Meijssen-3
Hoi,

HEAR HEAR !!

Thanks,
     Gerard


On 3 September 2013 00:17, Tim Starling <[hidden email]> wrote:

> On 31/08/13 15:17, Erik Moeller wrote:
> > It could be argued
> > that it’s time to draw a line in the sand - if you’re prohibiting the
> > use of encryption, you’re effectively not part of the web. You’re
> > subverting basic web technologies.
>
> China is not prohibiting encryption. They're prohibiting specific
> instances of encryption which facilitate circumvention of censorship.
>
> > So, what to do? My main suggestion is to organize a broad request for
> > comments and input on possible paths forward.
>
> OK, well there's one fairly obvious solution which hasn't been
> proposed or discussed. It would allow the end-to-end encryption and
> would allow us to stay as popular in China as we are now.
>
> We could open a data centre in China, send frontend requests from
> clients in China to that data centre, and comply with local censorship
> and surveillance as required to continue such operation.
>
> It would be kind of like the cooperation we give to the US government
> at the moment, except specific to readers in China instead of imposed
> on everyone in the world.
>
> It would allow WMF to monitor censorship and surveillance by being in
> the request loop. It would give WMF greater influence over local
> policy, because our staff would be in direct contact with their staff.
> We would be able to deliver clear error messages in place of censored
> content, instead of a connection reset.
>
> -- Tim Starling
>
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Fred Bauder-2
In reply to this post by Tim Starling-2
> On 31/08/13 15:17, Erik Moeller wrote:
>> It could be argued
>> that it’s time to draw a line in the sand - if you’re prohibiting
>> the
>> use of encryption, you’re effectively not part of the web. You’re
>> subverting basic web technologies.
>
> China is not prohibiting encryption. They're prohibiting specific
> instances of encryption which facilitate circumvention of censorship.
>
>> So, what to do? My main suggestion is to organize a broad request for
>> comments and input on possible paths forward.
>
> OK, well there's one fairly obvious solution which hasn't been
> proposed or discussed. It would allow the end-to-end encryption and
> would allow us to stay as popular in China as we are now.
>
> We could open a data centre in China, send frontend requests from
> clients in China to that data centre, and comply with local censorship
> and surveillance as required to continue such operation.
>
> It would be kind of like the cooperation we give to the US government
> at the moment, except specific to readers in China instead of imposed
> on everyone in the world.
>
> It would allow WMF to monitor censorship and surveillance by being in
> the request loop. It would give WMF greater influence over local
> policy, because our staff would be in direct contact with their staff.
> We would be able to deliver clear error messages in place of censored
> content, instead of a connection reset.
>
> -- Tim Starling

Their orders would be classified; disclosure of them would be a crime.
Not a problem for us, but a big problem for staff on the ground in China.

Fred


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
FT2
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

FT2
There are many very sane comments in this thread.  I agree with most of
them -

   - Network encryption is important as one aspect;
   - "Local" threats and "digging dirt" are an important realistic threat
   (far more people are of interest to *THEIR OWN COMMUNITIES* vs nationally,
   or open to so many types of harm - defamation, humiliation, "Lulz");
   - Moving to https and forcing a serious look at technical implications
   and needed workarounds is a strong argument;
   - Asking those affected is a strong argument;
   - We are a global presence, so our stance, its strength, its
   "rightness", and the signal we send, are crucial.

With all respect to local editors, whose position I wish were better, there
is more at stake in Chinese and other affected Wikipedias, than China.
There are questions of internet/freedom/privacy-related beliefs, policies,
and directions -- what one might describe as the battleground for "privacy
of thought vs. state right to monitor thought". That is what it comes to,
whether now, or in 5 or 15 years.

I'm reminded of public reaction years back, to Google, when as a condition
of entry to China it agreed to filter its results. Part of the logic was
"better partial information and presence than none".  Did it help Google's
efforts in China? It was seen by many outside as a betrayal. Google had to
leave eventually. Are there lessons we should consider from others who have
tried different approaches in these countries?

I see no reason to believe that state oversight and interception will be
benevolent institutions - and would disregard assurances that they are
designed as such. History teaches over and again that fallibility and
expansion of power is the more usual rule, and good intentions easily turn
to dark uses. To take a simple scenario and how we are affected, if passage
of time and public indifference endorses states being "usually" able to
watch what one studies and writes on, how long before immigration, access
to medical or welfare services, legal rights, marginalization, 'staged'
crimes, targeting, accusations of sedition or "anti-state activity", and so
on, become informed by (among other things) a standard government lookup by
state authorities and law enforcement, of one's Wikipedia (or other online)
accesses, and negative interpretations of what those may "mean"? Self
censorship is a grave possibility, and will encroach from the edges.

To give specific examples, take a Western visitor to Russia who once 8
years ago edited a Wikipedia article adding a note on homosexuality policy
in a school or a legal case in a county. There is no expectation that a
state body would not save all data they can and even in US law a URL is
probably metadata and has no right of privacy. When immigration routinely
obtains visitors' names 72 hours in advance (as some countries expect and
others may demand as a norm) won't they at some time turn around and ask as
part of that process, what is known of possible visitors, and annotate
their immigration records with "Edits pro-jewish topics" or "Seems to
support homosexuality"? Perhaps editors on contentious topics (drugs,
abortion, religion) will have these noted by immigration and less ethical
law enforcement bodies seeking visitors to target, if editing or reading
patterns become easily accessible. The same goes double for editors
attempting to uphold NPOV in countries where this is a risk, and the act of
simply toning down articles that contain inappropriately POV tone in
locally controversial articles may put one at risk.

Twitter and Facebook may show ones daily life, but Wikipedia editing and
page reads show what one sees as areas of interest to inform others, and
areas to be informed oneself. There are workarounds but we can't simply say
"people should know" or "if they are at risk they shouldn't edit". That's
not sustainable.

While this isn't explicitly "known" to happen yet in the US or UK, I
suggest that it's likely to be a logical step round the corner, worldwide,
where state bodies seek to know in advance more about individuals, and
individuals screen and self-censor in response. We need that not to become
a habit, or NPOV can be kissed goodbye.

The profound and poignant comment appeared in one media report a month ago,
that people like Merkel do act as strong advocates of privacy precisely
because - *unlike* US and UK citizens - they have actually lived under the
Stasi. They know what a file on every person, or state access to innermost
and private thoughts "for the common good" truly means for a country.
We probably do need to do what we can to afford a safe ecosphere, as our
whole endeavor depends on it and we have the position to make that point.
It may be difficult, but we probably have a good call for discussing the
possible need to support the ball rolling.

FT2


On Mon, Sep 2, 2013 at 11:23 PM, Fred Bauder <[hidden email]> wrote:

> > On 31/08/13 15:17, Erik Moeller wrote:
> >> It could be argued
> >> that it’s time to draw a line in the sand - if you’re prohibiting
> >> the
> >> use of encryption, you’re effectively not part of the web. You’re
> >> subverting basic web technologies.
> >
> > China is not prohibiting encryption. They're prohibiting specific
> > instances of encryption which facilitate circumvention of censorship.
> >
> >> So, what to do? My main suggestion is to organize a broad request for
> >> comments and input on possible paths forward.
> >
> > OK, well there's one fairly obvious solution which hasn't been
> > proposed or discussed. It would allow the end-to-end encryption and
> > would allow us to stay as popular in China as we are now.
> >
> > We could open a data centre in China, send frontend requests from
> > clients in China to that data centre, and comply with local censorship
> > and surveillance as required to continue such operation.
> >
> > It would be kind of like the cooperation we give to the US government
> > at the moment, except specific to readers in China instead of imposed
> > on everyone in the world.
> >
> > It would allow WMF to monitor censorship and surveillance by being in
> > the request loop. It would give WMF greater influence over local
> > policy, because our staff would be in direct contact with their staff.
> > We would be able to deliver clear error messages in place of censored
> > content, instead of a connection reset.
> >
> > -- Tim Starling
>
> Their orders would be classified; disclosure of them would be a crime.
> Not a problem for us, but a big problem for staff on the ground in China.
>
> Fred
>
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Matthew Flaschen
In reply to this post by Tim Starling-2
On 09/02/2013 06:17 PM, Tim Starling wrote:
> It would allow WMF to monitor censorship and surveillance by being in
> the request loop.

There's no guarantee they would accept HTTPS, even if there were still
user surveillance inside the data center.

 > It would be kind of like the cooperation we give to the US government
 > at the moment, except specific to readers in China instead of imposed
 > on everyone in the world.

This is apples and oranges, in my opinion.  Yes, the U.S. monitors
Internet traffic in some circumstances.  And I assume they occasionally
serve subpoenas and such to Wikimedia.

But as far as I know, the U.S. government has never blocked the general
public from accessing a Wikipedia article, nor have they sent a takedown
that was based on ideology/"social harmony"/etc.

> We would be able to deliver clear error messages in place of censored
> content, instead of a connection reset.

Not necessarily.  Google was delivering such censorship notes for a
while
(http://www.theguardian.com/technology/2013/jan/04/google-defeat-china-censorship-battle),
but eventually conceded to China in a game of chicken.

As mentioned by other people, they also tried this approach of
tolerating censorship in China for google.cn, but eventually pulled out.
  google.cn is now just a picture of their home page that links to
google.com.hk

I understand the goals of your hypothetical solution.  However,
pragmatic matters aside, I think it's too far down the road of appeasing
censorship.

Matt Flaschen

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Peter Gervai-5
On Tue, Sep 3, 2013 at 6:38 AM, Matthew Flaschen
<[hidden email]> wrote:

> But as far as I know, the U.S. government has never blocked the general
> public from accessing a Wikipedia article, nor have they sent a takedown
> that was based on ideology/"social harmony"/etc.

Instead they use "terrorism" (or really anything they come up with)
poilerplate to monitor their and foreign citizens, illegally collect
personal data about them and monetize it or use to pressure or
threaten selected individuals, companies or agencies. They,
additionally, use various cease&desist processes (which is basically
the same as blocking but they let you do the work instead of them).
And it's just the same way based on ideology and social harminy as of
China, apart from that it's for a slightly different agenda.

China does censorship to prevent unwanted content, USA does
surveillance and pressure to prevent unwanted content. Not much of a
difference.

g

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Peter Gervai-5
In reply to this post by Fred Bauder-2
On Tue, Sep 3, 2013 at 12:23 AM, Fred Bauder <[hidden email]> wrote:

> Their orders would be classified; disclosure of them would be a crime.
> Not a problem for us, but a big problem for staff on the ground in China.

Indeed, I believe it may even be outright life threatening to have
strong connection to WMF China operation.

And as a sidenote it's the same in the US and the world in general
(and I do not know about the US but isn't it so that WMF can be forced
not to tell about data extraction). And let's face it: https is like a
5 mm diameter wire lock against a skilled bike thief. It is there but
will not stop skilled adversaries. But, obviously, that'd be also
classified, so I haven't mentioned it. Google it around.

g

_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Gerard Meijssen-3
In reply to this post by Fred Bauder-2
Hoi,

Fred, what is different in your scenario from what happens in the USA ?

Thanks,
      GerardM


On 3 September 2013 00:23, Fred Bauder <[hidden email]> wrote:

> > On 31/08/13 15:17, Erik Moeller wrote:
> >> It could be argued
> >> that it’s time to draw a line in the sand - if you’re prohibiting
> >> the
> >> use of encryption, you’re effectively not part of the web. You’re
> >> subverting basic web technologies.
> >
> > China is not prohibiting encryption. They're prohibiting specific
> > instances of encryption which facilitate circumvention of censorship.
> >
> >> So, what to do? My main suggestion is to organize a broad request for
> >> comments and input on possible paths forward.
> >
> > OK, well there's one fairly obvious solution which hasn't been
> > proposed or discussed. It would allow the end-to-end encryption and
> > would allow us to stay as popular in China as we are now.
> >
> > We could open a data centre in China, send frontend requests from
> > clients in China to that data centre, and comply with local censorship
> > and surveillance as required to continue such operation.
> >
> > It would be kind of like the cooperation we give to the US government
> > at the moment, except specific to readers in China instead of imposed
> > on everyone in the world.
> >
> > It would allow WMF to monitor censorship and surveillance by being in
> > the request loop. It would give WMF greater influence over local
> > policy, because our staff would be in direct contact with their staff.
> > We would be able to deliver clear error messages in place of censored
> > content, instead of a connection reset.
> >
> > -- Tim Starling
>
> Their orders would be classified; disclosure of them would be a crime.
> Not a problem for us, but a big problem for staff on the ground in China.
>
> Fred
>
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

James Alexander-3
In reply to this post by Erik Moeller-4
On Mon, Sep 2, 2013 at 10:58 PM, Peter Gervai <[hidden email]> wrote:

> illegally collect personal data about them and *monetize it *or use to
> pressure or
> threaten selected individuals, companies or agencies.


Monetize it?

I am in no way going to defend my government on most of this given that I
think they are doing much of it unconstitutionally and much of the rest
immorally (though I will say that we would/do fight our ass off against
inappropriate demands and that the demands that would be placed on us in
Europe are actually worse so I really wouldn't agree with this supposition
that the US is significantly worse then the rest of the world... though I'd
agree that we're less 'better' then we like to claim) but how do you think
they will *monetize* it?
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Fred Bauder-2
In reply to this post by Gerard Meijssen-3
Any censor from the United States or European governments that works
directly with us (I have no personal knowledge of this, I just know it
has to be) is concerned with classified information, not someone's
opinions or factual information about historical events or political
personalities.

Detailed information about construction of advanced nuclear weapons or
the details of military or intelligence operations cannot be on Wikipedia
just as child pornography cannot be; on the other hand, a distorted, or
devastatingly accurate picture, of the Iraq War, or Obama, can be.

So, while the details of material removed for legitimate security reasons
cannot be published; in China the identity and any personal information
we have gathered such as the ip address of an editor and the content of
their edits to the Tiananmen Square protests of 1989 article would be of
interest to the security apparatus and classified. Any local employee or
volunteer of ours who shared that information with others even within our
organization could be prosecuted. It is quite impossible to work with the
Chinese government in the manner suggested and maintain a scintilla of
integrity. A request by them to remove details about their advanced
nuclear weapons or specific details of their military deployments would,
of course, be legitimate.

The Chinese government has legitimate reason to avoid extensive public
attention to past errors and disasters; one has only to look at the
history of the Soviet Union to observe the effect of focusing on past
outrages on public morale, but that is their burden to bear not ours to
share.

Fred

> Hoi,
>
> Fred, what is different in your scenario from what happens in the USA ?
>
> Thanks,
>       GerardM
>
>
> On 3 September 2013 00:23, Fred Bauder <[hidden email]> wrote:
>
>> > On 31/08/13 15:17, Erik Moeller wrote:
>> >> It could be argued
>> >> that it’s time to draw a line in the sand - if you’re
>> prohibiting
>> >> the
>> >> use of encryption, you’re effectively not part of the web.
>> You’re
>> >> subverting basic web technologies.
>> >
>> > China is not prohibiting encryption. They're prohibiting specific
>> > instances of encryption which facilitate circumvention of censorship.
>> >
>> >> So, what to do? My main suggestion is to organize a broad request
>> for
>> >> comments and input on possible paths forward.
>> >
>> > OK, well there's one fairly obvious solution which hasn't been
>> > proposed or discussed. It would allow the end-to-end encryption and
>> > would allow us to stay as popular in China as we are now.
>> >
>> > We could open a data centre in China, send frontend requests from
>> > clients in China to that data centre, and comply with local
>> censorship
>> > and surveillance as required to continue such operation.
>> >
>> > It would be kind of like the cooperation we give to the US government
>> > at the moment, except specific to readers in China instead of imposed
>> > on everyone in the world.
>> >
>> > It would allow WMF to monitor censorship and surveillance by being in
>> > the request loop. It would give WMF greater influence over local
>> > policy, because our staff would be in direct contact with their
>> staff.
>> > We would be able to deliver clear error messages in place of censored
>> > content, instead of a connection reset.
>> >
>> > -- Tim Starling
>>
>> Their orders would be classified; disclosure of them would be a crime.
>> Not a problem for us, but a big problem for staff on the ground in
>> China.
>>
>> Fred
>>
>>
>> _______________________________________________
>> Wikimedia-l mailing list
>> [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
>



_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Gerard Meijssen-3
Fred,

Sorry, there is no us. As far as the United States is concerned they
allowed themselves to spy on any person who is not one of US to be speid
on. Given that our movement is a global movement, the fact that it is based
in the US is incidental.
Thanks,
      GerardM


On 3 September 2013 14:36, Fred Bauder <[hidden email]> wrote:

> Any censor from the United States or European governments that works
> directly with us (I have no personal knowledge of this, I just know it
> has to be) is concerned with classified information, not someone's
> opinions or factual information about historical events or political
> personalities.
>
> Detailed information about construction of advanced nuclear weapons or
> the details of military or intelligence operations cannot be on Wikipedia
> just as child pornography cannot be; on the other hand, a distorted, or
> devastatingly accurate picture, of the Iraq War, or Obama, can be.
>
> So, while the details of material removed for legitimate security reasons
> cannot be published; in China the identity and any personal information
> we have gathered such as the ip address of an editor and the content of
> their edits to the Tiananmen Square protests of 1989 article would be of
> interest to the security apparatus and classified. Any local employee or
> volunteer of ours who shared that information with others even within our
> organization could be prosecuted. It is quite impossible to work with the
> Chinese government in the manner suggested and maintain a scintilla of
> integrity. A request by them to remove details about their advanced
> nuclear weapons or specific details of their military deployments would,
> of course, be legitimate.
>
> The Chinese government has legitimate reason to avoid extensive public
> attention to past errors and disasters; one has only to look at the
> history of the Soviet Union to observe the effect of focusing on past
> outrages on public morale, but that is their burden to bear not ours to
> share.
>
> Fred
>
> > Hoi,
> >
> > Fred, what is different in your scenario from what happens in the USA ?
> >
> > Thanks,
> >       GerardM
> >
> >
> > On 3 September 2013 00:23, Fred Bauder <[hidden email]> wrote:
> >
> >> > On 31/08/13 15:17, Erik Moeller wrote:
> >> >> It could be argued
> >> >> that it’s time to draw a line in the sand - if you’re
> >> prohibiting
> >> >> the
> >> >> use of encryption, you’re effectively not part of the web.
> >> You’re
> >> >> subverting basic web technologies.
> >> >
> >> > China is not prohibiting encryption. They're prohibiting specific
> >> > instances of encryption which facilitate circumvention of censorship.
> >> >
> >> >> So, what to do? My main suggestion is to organize a broad request
> >> for
> >> >> comments and input on possible paths forward.
> >> >
> >> > OK, well there's one fairly obvious solution which hasn't been
> >> > proposed or discussed. It would allow the end-to-end encryption and
> >> > would allow us to stay as popular in China as we are now.
> >> >
> >> > We could open a data centre in China, send frontend requests from
> >> > clients in China to that data centre, and comply with local
> >> censorship
> >> > and surveillance as required to continue such operation.
> >> >
> >> > It would be kind of like the cooperation we give to the US government
> >> > at the moment, except specific to readers in China instead of imposed
> >> > on everyone in the world.
> >> >
> >> > It would allow WMF to monitor censorship and surveillance by being in
> >> > the request loop. It would give WMF greater influence over local
> >> > policy, because our staff would be in direct contact with their
> >> staff.
> >> > We would be able to deliver clear error messages in place of censored
> >> > content, instead of a connection reset.
> >> >
> >> > -- Tim Starling
> >>
> >> Their orders would be classified; disclosure of them would be a crime.
> >> Not a problem for us, but a big problem for staff on the ground in
> >> China.
> >>
> >> Fred
> >>
> >>
> >> _______________________________________________
> >> Wikimedia-l mailing list
> >> [hidden email]
> >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> >> <mailto:[hidden email]?subject=unsubscribe>
> >>
> >
>
>
>
> _______________________________________________
> Wikimedia-l mailing list
> [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Fred Bauder-2
And from that assertion what practical action or policy should follow?

Fred

> Fred,
>
> Sorry, there is no us. As far as the United States is concerned they
> allowed themselves to spy on any person who is not one of US to be speid
> on. Given that our movement is a global movement, the fact that it is
> based
> in the US is incidental.
> Thanks,
>       GerardM
>
>
> On 3 September 2013 14:36, Fred Bauder <[hidden email]> wrote:
>
>> Any censor from the United States or European governments that works
>> directly with us (I have no personal knowledge of this, I just know it
>> has to be) is concerned with classified information, not someone's
>> opinions or factual information about historical events or political
>> personalities.
>>
>> Detailed information about construction of advanced nuclear weapons or
>> the details of military or intelligence operations cannot be on
>> Wikipedia
>> just as child pornography cannot be; on the other hand, a distorted, or
>> devastatingly accurate picture, of the Iraq War, or Obama, can be.
>>
>> So, while the details of material removed for legitimate security
>> reasons
>> cannot be published; in China the identity and any personal information
>> we have gathered such as the ip address of an editor and the content of
>> their edits to the Tiananmen Square protests of 1989 article would be
>> of
>> interest to the security apparatus and classified. Any local employee
>> or
>> volunteer of ours who shared that information with others even within
>> our
>> organization could be prosecuted. It is quite impossible to work with
>> the
>> Chinese government in the manner suggested and maintain a scintilla of
>> integrity. A request by them to remove details about their advanced
>> nuclear weapons or specific details of their military deployments
>> would,
>> of course, be legitimate.
>>
>> The Chinese government has legitimate reason to avoid extensive public
>> attention to past errors and disasters; one has only to look at the
>> history of the Soviet Union to observe the effect of focusing on past
>> outrages on public morale, but that is their burden to bear not ours to
>> share.
>>
>> Fred
>>
>> > Hoi,
>> >
>> > Fred, what is different in your scenario from what happens in the USA
>> ?
>> >
>> > Thanks,
>> >       GerardM
>> >
>> >
>> > On 3 September 2013 00:23, Fred Bauder <[hidden email]>
>> wrote:
>> >
>> >> > On 31/08/13 15:17, Erik Moeller wrote:
>> >> >> It could be argued
>> >> >> that it’s time to draw a line in the sand - if
>> you’re
>> >> prohibiting
>> >> >> the
>> >> >> use of encryption, you’re effectively not part
>> of the web.
>> >> You’re
>> >> >> subverting basic web technologies.
>> >> >
>> >> > China is not prohibiting encryption. They're prohibiting specific
>> >> > instances of encryption which facilitate circumvention of
>> censorship.
>> >> >
>> >> >> So, what to do? My main suggestion is to organize a broad request
>> >> for
>> >> >> comments and input on possible paths forward.
>> >> >
>> >> > OK, well there's one fairly obvious solution which hasn't been
>> >> > proposed or discussed. It would allow the end-to-end encryption
>> and
>> >> > would allow us to stay as popular in China as we are now.
>> >> >
>> >> > We could open a data centre in China, send frontend requests from
>> >> > clients in China to that data centre, and comply with local
>> >> censorship
>> >> > and surveillance as required to continue such operation.
>> >> >
>> >> > It would be kind of like the cooperation we give to the US
>> government
>> >> > at the moment, except specific to readers in China instead of
>> imposed
>> >> > on everyone in the world.
>> >> >
>> >> > It would allow WMF to monitor censorship and surveillance by being
>> in
>> >> > the request loop. It would give WMF greater influence over local
>> >> > policy, because our staff would be in direct contact with their
>> >> staff.
>> >> > We would be able to deliver clear error messages in place of
>> censored
>> >> > content, instead of a connection reset.
>> >> >
>> >> > -- Tim Starling
>> >>
>> >> Their orders would be classified; disclosure of them would be a
>> crime.
>> >> Not a problem for us, but a big problem for staff on the ground in
>> >> China.
>> >>
>> >> Fred
>> >>
>> >>
>> >> _______________________________________________
>> >> Wikimedia-l mailing list
>> >> [hidden email]
>> >> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> >> <mailto:[hidden email]?subject=unsubscribe>
>> >>
>> >
>>
>>
>>
>> _______________________________________________
>> Wikimedia-l mailing list
>> [hidden email]
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
>> <mailto:[hidden email]?subject=unsubscribe>
>>
>



_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Marc-Andre
In reply to this post by Fred Bauder-2
On 09/03/2013 08:36 AM, Fred Bauder wrote:
> Any censor from the United States or European governments that works
> directly with us (I have no personal knowledge of this, I just know it
> has to be) is concerned with classified information, not someone's
> opinions or factual information about historical events or political
> personalities.

You have an optimism and faith in your government(s) that is, sadly, not
justified by history (past and recent).  The blanket "classified" (or,
more recently "national security") has and is being used to cover up
"embarrassing" more often than not.

-- Marc


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Wikimedia and the politics of encryption

Marc-Andre
In reply to this post by Tim Starling-2
On 09/02/2013 06:17 PM, Tim Starling wrote:
> OK, well there's one fairly obvious solution which hasn't been
> proposed or discussed.

[collaborating with the PRC]

That's because, ideologically, it would be abhorrent to a very large
segment (possibly even the majority) of editors, staff and readers.

And because it would set a /horrible/ precedent that other governments
who currently feel obligated to tolerate unfettered access to our
projects would be quick to demand.

The idea of playing along with censors doesn't just not fly, it's a
non-starter.

-- Marc


_______________________________________________
Wikimedia-l mailing list
[hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
123