Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jimmy Wales Threatens To Obstruct UK Government Snooping

Posted by timothy on from the different-kind-of-man-in-the-middle dept.

judgecorp writes "Wikipedia founder Jimmy Wales has threatened to encrypt communications between Wikipedia and UK users in order to frustrate the proposed Communications Bill, known as the Snooper's Charter, which would give the UK government the right to routinely track citizens' web and phone use. Wales was addressing the committee which is scrutinising the Bill before it is considered by Parliament."

30 of 198 comments (clear)

  1. Good by netwarerip · · Score: 5, Insightful

    Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.

    1. Re:Good by Anonymous Coward · · Score: 5, Funny

      Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.

      "The Outlaw Jimmy Wales"

    2. Re:Good by wonkey_monkey · · Score: 5, Funny

      The virgin Connie Swail?

      --
      systemd is Roko's Basilisk.
    3. Re:Good by camionbleu · · Score: 5, Insightful

      Yes, a good gesture indeed. However, encrypting the packets will not prevent traffic analysis by the UK government. To avoid that, individual users will have to take their own security measures (such as using Tor). Nevertheless, it's nice to see high-profile opposition to the Communications Bill.

    4. Re:Good by jd2112 · · Score: 4, Insightful

      UK GOV: We can't read it so it must be pedophile terrorists trading MP3s.

      --
      Any insufficiently advanced magic is indistinguishable from technology.
  2. Here we go... by benjymous · · Score: 4, Funny

    https://en.wikipedia.org/wiki/Main_Page

    Done.

    --
    Help me! I'm turning into a grapefruit!
    1. Re:Here we go... by L4t3r4lu5 · · Score: 4, Informative

      HTTPS Everywhere

      If I were a Russian meerkat, I'd be sucking my teeth right now.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    2. Re:Here we go... by tomtomtom · · Score: 4, Informative

      It's also worth pointing out HTTPS Finder which will work for the random sites you visit that aren't in HTTPS Everywhere's default list. And of course you might want to use some other privacy-protecting addons to stop info leaking out to ad-trackers over plain old HTTP and/or alert you to a potential compromise of your HTTPS certificate chain of authority.

    3. Re:Here we go... by PsychoKiller · · Score: 3, Informative

      The URL is encrypted:

      http://stackoverflow.com/questions/499591/are-https-urls-encrypted

  3. Why not just do it? by MisterP · · Score: 4, Interesting

    I understand that wikipedia is a non-profit and has limited resources, but why not just do it? This doesn't seem like a radical stance at all. This should be on their roadmap. Given wikipedia history of taking sides on issues like this, they should be pioneers in doing this sort of thing.

    Plain text HTTP is on its way to becoming a legacy protocol.

    1. Re:Why not just do it? by xded · · Score: 4, Interesting

      Given the traffic volume experienced by Wikipedia every day, switching the entire UK (or worldwide) traffic to HTTPS would represent a significant hit on the servers CPU load if they're not using cryptographically capable hardware (and maybe even if they do, however IANANE and I'm not sure how this could work with load balancing).

    2. Re:Why not just do it? by Anonymous Coward · · Score: 5, Informative

      I'm not sure how this could work with load balancing

      Their load balancers probably already handle the SSL and unwrap it for the web servers.
      Most decent load balancers support hardware-SSL these days.

    3. Re:Why not just do it? by Anonymous Coward · · Score: 4, Insightful

      Perfect response to the many people saying the same thing over and over... 'why not just DO it??!??!?'. They're threatening for now because it would require a significant financial and time investment to follow through. There's also the chances of downtime, server overload, etc... that needs to be taken into consideration. With Wikipedia's reputation, at least from all i can tell, of having a solid and stable domain, it wouldn't do well to fight on a stance like this and cripple itself in the process.
      Besides, with the widespread use of Wikipedia, it's a good way to get the word out there to the millions who use the site daily.
      I've said it before, and will reiterate now...
      V for Vendetta's view of England seems to be coming closer to reality with every passing year.

      -- Valor958

    4. Re:Why not just do it? by Cajun+Hell · · Score: 4, Interesting
      I totally agree with the idea that he should just go ahead and do it, but

      Most decent load balancers support hardware-SSL these days.

      That's gotta at least increase the wattage. Nothing is ever really free though in 2012 you'd think crypto would be dirt cheap. If your 20 year old computer can do it...

      --
      "Believe me!" -- Donald Trump
    5. Re:Why not just do it? by DarwinSurvivor · · Score: 4, Informative

      Wikipedia already supports SSL, all they seem to *really* be threatening is making it *default* for UK users (either through a redirect or some other method). Anyone with "HTTPS Everywhere" already has it enabled.

    6. Re:Why not just do it? by tolan-b · · Score: 3, Insightful

      With HTTPS there's less caching going on in general so it's a bit slower. Doesn't bother me but it's definitely a valid reason.

  4. Not a threat, just a statement by Anonymous Coward · · Score: 3, Interesting

    From what I read of TFA, it doesn't look like Jimbo is actually making a threat. He's just saying "Your idea sucks because I, and any competent server operator, could bypass it in 30 seconds."

  5. Threat? by betterunixthanunix · · Score: 4, Insightful

    It is interesting to refer to this as a "threat" -- what exactly is being threatened here? There is nothing illegal about using cryptography in the UK, and the UK has a key disclosure law. It is only logical for people to use cryptography when they have good reason to suspect that untrusted third parties might be reading their traffic, and frankly, we should have been encrypting our communications from the start.

    --
    Palm trees and 8
  6. Snooper's Charter? by Anonymous Coward · · Score: 4, Insightful

    How does a bill like this even get proposed in this day and age? What ever happened to privacy?

    I'd hate to make the ridiculous V for Vendetta reference.. but yikes. The UK really isn't supposed to be going that way.

  7. Video... by trancemission · · Score: 5, Informative

    Video: http://www.parliamentlive.tv/Main/Player.aspx?meetingId=11355 [Windows silverlight warning!]

    To highlight what we are up against - the chairman wasn't aware that 'kids' these days are able to chat to each other in games using their Xbox - 'Good Lord' was his reaction.

    The committee really do not have a clue, and have no real chance of getting it if the goverment machine gets their way - the witnesses here showed this.

    The 25% arguement is laughable [That being it is claimed that 25% of internet data is not available to collect thorugh current legislation]

  8. Re:Why "threaten"? That's lame by gman003 · · Score: 4, Insightful

    Because *threats* get more publicity than *action*. Especially when the action is this simple (force HTTPS), but the threat is phrased as something more complex (defeat the government's system).

  9. Re:Shouldn't Jimmy Wales be more concerned by Anonymous Coward · · Score: 5, Insightful

    Shouldn't Jimmy Wales be more concerned with how he's going to keep scamming users for more money with his stupid "pledge drives"? Seems like Wales is trying to be another boneheaded Assange-like figure and make up wild accusations just to try and get a media spotlight.

    You know most of the time I disagree with down-modding people. I prefer to call them out instead, tell them why they're wrong and why their reason is faulty. I think that's more useful for the rest of the readers even if the asshat in question is too stubborn to admit obvious fault. Obvious fault like "it's a voluntary donation, why shouldn't people be free to make a gift when they want to", etc.

    But you, sir, are making me reconsider that point of view. There's no reasoning with people like you. You don't like Wikipedia, its administration, or anything about it, that's fine, don't use it. No one is going to force you to access the site. But that's not good enough, no not for you. You can't stand that other people derive value from it and want to see it prosper, and some of those people are willing to back that up by putting their money where their mouth is. You call this a "scam".

    Naturally everyone who disagrees with you is "stupid". If I like a beer you don't like then clearly I have substandard taste. If I like a song you don't like then obviously I know nothing about music. If I use an OS you don't use then of course I am a brainwashed fanboy. Yeah, I know how you think. There's lots of people like you. I wish there were other habitable planets our technology could reach, so then the rest of us can leave all of you to your own devices instead of having to partake of the taint you promote on this planet.

  10. Re:Why "threaten"? That's lame by xaxa · · Score: 5, Informative

    He lives in Britain (in London), so perhaps he chooses to get more involved in politics here than anywhere else.

  11. A personal appeal by ultrasawblade · · Score: 5, Funny

    A personal appeal by Wikipedia founder, Jimmy Wales

      mQGiBEe68W8RBACVuFuv4d+roDSCdRO1SuO8dQwds4VTjVOqgVKQtq6+8Fe95RY8
      BAf1IyLj4bxvWPhr0wZdVwTosD/sFoPtdCyhVcF932nP0GLHsTEeVwSz9mid22HI
      O4Kmwj2kE+I+C9QdzAg0zaWQnVaF9UC7pIdMR6tEnADI8nkVDdZ+zb2ziwCg6Yqu
      tk3KAzKRT1SNUzTE/n9y2PED/1tIWiXfGBGzseX0W/e1G+MjuolWOXv4BXeiFGmn
      8wnHsQ4Z4Tzk+ag0k+6pZZXjcL6Le486wpZ9MAe6LM31XDpQDVtyCL8t63nvQpB8
      TUimbseBZMb3TytCubNLGFe5FnNLGDciElcD09d2xC6Xv6zE2jj4GtBW1bXqYWtl
      jm0PA/4u6av6o6pIgLRfAawspr8kaeZ8+FU4NbIiS6xZmBUEQ/o7q95VKGgFVKBi
      ugDOlnbgSzBIwSlsRVT2ivu/XVWnhQaRCotSm3AzOc2XecqrJ6F1gqk0n+yP/1h1
      yeTvvfS5zgqNTG2UmovjVsKFzaDqmsYZ+sYfwc209z9PY+6FuLQnQXBhY2hlVGVz
      dCAoVGVzdGluZykgPGFwYWNoZUBsb2NhbGhvc3Q+iF4EExECAB4FAke68W8CGwMG
      CwkIBwMCAxUCAwMWAgECHgECF4AACgkQJE9COu2PFIEGDwCglArzAza13xjbdR04
      DQ1U9FWQhMYAnRrWQeGTRm+BYm6SghNpDOKcmMqruQENBEe68XAQBADPIO+JFe5t
      BQmI4l60bNMNSUqsL0TtIP8G6Bpd8q2xBOemHCLfGT9Y5DN6k0nneBQxajSfWBQ5
      ZdKFwV5ezICz9fnGisEf9LPSwctfUIcvumbcPPsrUOUZX7BuCHrcfy1nebS3myO/
      ScTKpW8Wz8AjpKTBG55DMkXSvnx+hS+PEwADBQP/dNnVlKYdNKA70B4QTEzfvF+E
      5lyiauyT41SQoheTMhrs/3RIqUy7WWn3B20aTutHWWYXdYV+E85/CarhUmLNZGA2
      tml1Mgl6F2myQ/+MiKi/aj9NVhcuz38OK/IAze7kNJJqK+UEWblB2Wfa31/9nNzv
      ewVHa1xHtUyVDaewAACISQQYEQIACQUCR7rxcAIbDAAKCRAkT0I67Y8UgRwEAKDT
      L6DwyEZGLTpAqy2OLUH7SFKm2ACgr3tnPuPFlBtHx0OqY4gGiNMJHXE=

  12. Not really by oGMo · · Score: 4, Insightful

    Well, he could act. And then make the press release. To me, that's the better course of action. It would prove he means business.

    You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted. Possibly unrealistic worst cases are made. If not, an ultimatum ("next friday") is delivered. Stirs things up, gets people wondering and talking (like this!).

    Action, on the other hand, leads only to the question "is there a major outcry, and how long will it last?" Most people don't notice unless they can't access the site. Doesn't actually accomplish much, unless outcry can be sustained for a considerable period of time, which would require a lot more than "we're going SSL-only" ... like UK-wide wikipedia blackout. And that hurts more than it helps.

    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

    1. Re:Not really by Nkwe · · Score: 4, Insightful

      Well, he could act. And then make the press release. To me, that's the better course of action. It would prove he means business.

      You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted.

      Also you can only take a given action once. Once you have forced SSL, you don't get to force SSL again. If on the other hand you threaten action and you get what you want, you can threaten action again in the future. Sure it is possible that someone may call your bluff and if you threaten action too many times without following through you will be dismissed as "crying wolf", but you at least get a couple of chances.

  13. Re:Euphemism by NonUniqueNickname · · Score: 5, Funny

    Also, his last name is Wales, so it's not surprising he enjoys sticking it to the English.

  14. Re:Explain me? SSL is not sufficient? by zlives · · Score: 3, Interesting

    people with more knowledge please correct me...

    from my understanding your ISP can use a transparent proxy (so without your knowledge, or actually make you use a web proxy) and be able to see your data even in SSL. This is how websense gateway product works. they actually use it as a selling point to be able to scan ssl based web email that may include confidential documents as attachments.

  15. Re:Explain me? SSL is not sufficient? by Anonymous Coward · · Score: 5, Informative

    A SSL/HTTPS (transparent) proxy can only do a man-in-the-middle attack if you install the proxy-server's private CA (certificate authority) certificate in your browser. At your work place, IT may have installed one of those CA certificates for their own proxy in the browser on every computer they manage.

    Basically for every website you try to access, the proxy becomes the end-point for the website, and then the proxy make its own fake-certificate for the website signed with its CA certificate. The browser checks the fake-certificate with the fake-CA-certificate and thinks everything is fine.

    Governments can also transparent proxy specific websites which they have a fake-certificate for which was signed by a hacked real CA. Like what happened with a dutch CA diginotar.nl, which was used to create certificates for google.com and Facebook.com by hackers from Iran, if I remember correctly.

  16. Re:Explain me? SSL is not sufficient? by Jawnn · · Score: 3, Insightful

    I think we're missing the point here. Wales is threatening to make a statement, one that will demonstrate the stupidity of the bill. The simple measure he proposes will immediately mask the content of all traffic between wikipedia servers and their users. Yes, there's still a record that a user visited this or that IP address, but the point being made is that technology should, can, and will easily bypass ill-conceived government moves like this.