Wikipedia's Switch To HTTPS Has Successfully Fought Government Censorship

Determining how to prevent acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption. From a report: HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square. Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS. [...] The Harvard researchers began by deploying an algorithm which detected unusual changes in Wikipedia's global server traffic for a year beginning in May 2015. This data was then combined with a historical analysis of the daily request histories for some 1.7 million articles in 286 different languages from 2011 to 2016 in order to determine possible censorship events. [...] After a painstakingly long process of manual analysis of potential censorship events, the researchers found that, globally, Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015.

Wrong Direction

had a positive effect on the number censorship events

The number went down so that is a negative effect. No need to introduce value-laden descriptors into the math.

Re:Wrong Direction

Why are you so negative?

Re:Wrong Direction

Why are you so negative?

I'm trying to provide some counter-balance to unconscious positivity.

More seriously the religious conservatives in those countries who are employing censorship to "protect public morals" (or whatever they imagine themselves doing) do not regard the successful circumvention of censorship as positive. To call an objectively negative effect on a number 'positive,' betrays the tacit liberal ideological bias of the author. Better to call a spade a spade and allow the reader to draw her own conclusions as to the desirability of the outcome.

Re:Wrong Direction

And in the math, they probably didn't. What you're reading, though, is English, where a positive change can be described as positive no matter the direction.

Re:Wrong Direction

English ... where a positive change can be described as positive no matter the direction.

But from my Hobbsean conservative PoV it's a negative change inasmuch as the sovereignty of the censoring nation is being disturbed. ;)

It's a statistical result being described in English, which can use the English word 'negative' to report the statistical finding objectively, instead of the value-laden (and mathematically inaccurate) 'positive'. That was my original point.

Re:Wrong Direction

[BlueStrat]

It's a statistical result being described in English, which can use the English word 'negative' to report the statistical finding objectively, instead of the value-laden (and mathematically inaccurate) 'positive'. That was my original point.

TFS/TFA are about Wikipedia's battle against censorship, the article is simply reporting the story from the POV of Wikipedia. It's not like they'd likely get much in the way of newsworthy discussion from the governments involved. No bias here. Just the story reported as it was heard, from the party making the announcement.

You should sharpen that razor. You need to slice these things a bit finer. :)

Strat

Re: Wrong Direction

More censorship or less? Tricky question.

Re:Wrong Direction

Why are you so negative?

I'm trying to provide some counter-balance to unconscious positivity.

Uhm, have you tried keeping score?
You aren't providing counter-balance, you are making sure that the scale doesn't leave the lower state.

Re:Wrong Direction

The interest rate has a positive effect on the money I owe.

Re:Wrong Direction

You must be great fun at parties. No wonder why you are a 55 year old virgin.

Re:Wrong Direction

The interest rate has a positive effect on the money I owe.

Exactly! And a negative effect on your assets (your liabilities and assets being inversely related).

Go to the top of the class :)

Delusional

[gravewax]

It is completely delusional to think this effectively prevents government censorship as if they can't selectively block content they simply take the sledgehammer approach and ban the site altogether.

Re: Delusional

It's a little worse than that. Because the url's are different, the Chinese government has blocked the zh.wikipedia.org but not the en.wikipedia.org, presumably because most Chinese people can not read English too a high enough level. They should move the language into the end part of the URL i.e. wikipedia.org/en/some-article

Re:Delusional

any decent overlord is using SSL inspection (seemlessly via compromised root certs), so this is a non-issue

Re:Delusional

Also except for the fact that ISP can see your destination AND the url request... Yep they can not see it at all.

Re:Delusional

[aaarrrgggh]

Pretty much. It makes https trivially easy to attack.

Re:Delusional

Modded insightful because that's what my boss overlord does.

Re:Delusional

no they CAN'T see your url request, that is not how SSL works, your browser establishes a secure tunnel to the server before it sends the url. the only thing visible to the ISP is the destination server IP and domain name. not that it matters much because as mentioned this just means they block everything instead of the specific content.

Re:Delusional

[swillden]

any decent overlord is using SSL inspection (seemlessly via compromised root certs)

Cite?

There have been occasional instances of compromised root certs, which have fairly quickly been removed from default trust stores, but I see no evidence of ongoing vulnerability -- excepting when the overlord controls the trust store. That is common in corporate scenarios but not really possible without removing admin rights from users' computers, which is hard for any nation other than North Korea to do.

Re:Delusional

[swillden]

Also except for the fact that ISP can see your destination AND the url request... Yep they can not see it at all.

No. The ISP, etc., can see the hostname in the DNS request and they can see the IP address of the server you connect to, but that's all. The first messages exchanged with the server establish the encrypted channel and then the GET (or similar) request that specifies everything after the hostname in the URL is inside the secure channel. They cannot see the URL.

Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely. The only thin exception to this is if they can inject their own CA certificates in the TLS trust stores. That enables a man in the middle attack. Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale, since it essentially requires taking away the ability to install arbitrary software on the end-user machine.

Re: Delusional

It's a lot worse than that. Governments as powerful as the U.S. and China have a dozen different ways to snoop on what citizens are ingesting. Remember that snowden slide about "we unencrypt and reencrypt ssl here" bit? Now yes, ssl is like, the first obvious step towards doing things the right way. But Snowden revealed to us that several not so completely trustworthy governments are a dozen steps ahead of that and have been for many years. Time has since revealed that the situation isn't getting better. Now if in 2014 Amazon had gone https only, I might have the faintest hope that we have a realistic chance of seeing a decent path in our lifetimes. But here it is in 2017, and the Amazon quasi-monopoly (AWS holy shit) is cementing the expectation of lack of privacy of much of our purchasing logs. Remember that biblical bit about the number of the beast, it had more than a passing reference to commerce tracking the likes of which we've been living with for many years now.

For a few moments we had hope that someone like Snowden could legitimately turn things around. Now I'm quite convinced it's going to take another Holocaust. No joke. And even then it's not going to get better, it will just regress to something much different with new possible directions for the long term, and perhaps hope that people then will have better learned the lessons of history.

Wikipedia is definitely part of the problem as well as Amazon. There is no good reason why they need to have a centralized infrastructure that NO DOUBT is being tracked WHOLESALE by at least the U.S., Russia, and China. Censorship of the sort this summary talks about is a red herring. China after getting the U.S. to help whitewash the Tiananmen Square Massacre in '89 has so much power over their citizens that they can go ahead and let people have unfettered access to information. People learn that it's smarter not to go choosing to ingest the 'wrong' type of information. The government is quite effective at educating the people over their lifetimes as to what the 'wrong' types of information are.

It's so much worse than you think.

Re:Delusional

How would you ever know if the US government went to Verisign and ordered them to create a valid cert for any domain? If you didn't have some form of client cert pinning you would never know.

Re:Delusional

You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world. Let's assume you're rose-colored glasses are right, though... how about all of those domain certificates - along with their private keys - held by Akamai, Amazon and Azure for their SSL-enabled load balancers and content distribution services?

Re:Delusional

[AHuxley]

Re Cite
Project Bullrun, Cheesy Name, Edgehill
"Revealed: how US and UK spy agencies defeat internet privacy and security" (6 September 2013)
https://www.theguardian.com/wo...
".. agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking."

Re:Delusional

How would you ever know if the US government went to Verisign and ordered them to create a valid cert for any domain? If you didn't have some form of client cert pinning you would never know.

Even if they could have a duplicate created and signed by Verisign, the public and private key pair would necessarily be different because these are generated at the time of certificate creation using a cryptographically strong random prime number pair generator. Thus, the signature on the certificate would be different than the one that Verisign previously generated for the original recipient. So, even though the new certificate would be "trusted", because it was issued by Verisign, the signature hashes would be different so a sharp user or a browser that queried a database of known public hashes would be able to spot the discrepancy and warn the user that the certificate is fishy. Remember, these certificates were designed to prevent precisely the sort of behavior that you're suggesting, namely creating identical forged copies of originally issued certificates.

Re:Delusional

Here you go. The Chinese government requires all browsers to have their root certificate installed, allowing them to intercept encrypted traffic. Not every government is that technically competent, though.

Re: Delusional

For the record both Mozilla and Google have been pushing ahead with stronger sanctions against certificate authorities, better review processes and indeed more transparency to ensure that unauthorized certificates can't be hidden.

There is no single solution, but getting though on CAs is a good start.

Re:Delusional

[swillden]

Yes, we know they exploited the widely-known vulnerabilities in SSLv2 and v3. The recently-published NSA hacking tools contained no new capabilities, though. There's no evidence that they can exploit properly-configured TLS.

Re:Delusional

[swillden]

You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world.

I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way. If such unauthorized keys were being used broadly, someone would notice that the public key certificates received by end users are not the same ones being served by the sites.

Re:Delusional

[swillden]

Here you go. The Chinese government requires all browsers to have their root certificate installed, allowing them to intercept encrypted traffic. Not every government is that technically competent, though.

Yes, that's an example of compromised certificates being identified and removed from trust stores... or in this case blocked via certificate pinning.

Re:Delusional

it takes zero effort to force all new computer users to install a government/company mandated root certificate. It happens in most of the public and private companies in China. No need to compromise anything, you can just force it down the throats of people.

Re:Delusional

Here you go. The Chinese government requires all browsers to have their root certificate installed, allowing them to intercept encrypted traffic. Not every government is that technically competent, though.

Yes, that's an example of compromised certificates being identified and removed from trust stores... or in this case blocked via certificate pinning.

Unfortunately you do not understand the problem.

Re:Delusional

His point was that this mythical "sharp user or browser" doesn't exist. It's simply not realistic to expect users to ever catch these occasional discrepancies since they can happen only during one request and even then, most users wouldn't even know what they just saw. Even if they did, unless they were a respected security researcher, how would they share this incident in a way believable to other people?

As for the "browser" part, this is what your parent poster was referring to with "client cert pinning" and it doesn't exist in any modern browser by default. There's HPKP (HTTP Public Key Pinning) but it requires support from each website that wants to use it and it has various other flaws.

The certificate system is deeply flawed.

Re:Delusional

The clients can see those certificates and which root cert issued them. And thanks to the certificate transparency initiative, so can anyone else. Basically as long as someone with a certificate transparency compatible client sees such a rogue certificate, the browser makers will quickly and automatically find out and start the process of investigating and revoking that root.

Re:Delusional

[bentcd]

Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely.

This is an undesirable measure for a forward-looking regime like China's: they don't want to deny their tech sector etc. access to knowledge sources useful to their profession.

They have an alternative however, they can mirror wikipedia within China and censor their mirror while blocking the international site.

Re:Delusional

[fuzzyfuzzyfungus]

It is completely delusional to think this effectively prevents government censorship as if they can't selectively block content they simply take the sledgehammer approach and ban the site altogether.

That is an option; but only if you want to (quite visibly) be caught interfering with your citizen's access to intriguing trivia, fun facts; and the best friend of last-minute-'researchers' everywhere.

Sure, against somebody who doesn't give a damn, at all; and has no domestic opposition even close to being able to make him do so, "You'll have to ban it all to ban any of it!" will just get you a "Challenge Accepted." and a ban. That cuts down on the list of potential censors, and raises the cost they pay with their constituents, if they choose to try. Even members of the public who are in favor of banning 'immorality' or whatever generally like access to lolcats and innocuous articles. That's where forcing the adversary to make all-or-nothing choices pays off.

Using encryption has the added benefit of making it harder to do 'silent' censorship. If you have http, you can do very granular blocking or even selective rewriting and your censored version will only be distinguishable from the real thing by people willing to do a lot of tedious testing from multiple connections in different jurisdictions and look for changes. If it's either 'blocked' or 'not blocked', you can't really deny what you are doing. You may be able to do it anyway; but you'll have to deal with whatever fallout emerges.

Re: Delusional

[Antique+Geekmeister]

> For the record both Mozilla and Google have been pushing ahead with stronger sanctions against certificate authorities

While this is helpful for general security, I don't think it's that helpful against targeted snooping. I'd expect Wikipedia's certificates to be stolen from inside their security environment: they're large enough and a source of enough useful trackable information that I'd expect them to be targeted, successfully, by security agencies around the world. Moreover, I would expect agencies like the NSA have access to the certificate signing certificates by targeting the signature authorities themselves, and to have access to the systems at worldwide SSL proxy systems like AWS and other commercial load balancers.

Where I'd expect HTTPS to be most helpful for privacy advocates is by raising the _cost_ of intercepting the traffic. Bulk monitoring of unencrypted traffic is much cheaper, and faster, than inserting a man-in-the-middle agent to decrypt and re-encrypt the traffic going to an endpoint, and requires much less sophisticated tools to avoid confusing the receiving website about where the traffic is connected from.

Re:Delusional

> I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way.

If you think that, then you don't get out much. The "Great Firewall of China" is an infamous example of such monitoring, and the AT&T hosted fiver optic taps revealed in the infamous "Room 641A" are the tip of the iceberg of network monitoring accepted as a part of doing Internet business. Take a good look at the old "NetInercept" box by Sandstorm Enterprises, which does just such monitoring wholesale. The product went off the public radar for awhile since their purchase by NikSun, but it's still in use and still a strong seller to various Nefarious Security Agencies(tm).

https://www.securitywizardry.c...

Re:Delusional

[thegarbz]

Your computer makes a request to the server. The ISP can see which server. The details of the request are within the HTTP GET message that is sent. It is with this GET request that the URL is passed to the server.

When your computer connects via HTTPS the very first thing that happens is an encrypted channel is established. Only then is a GET request sent through with a URL, of which the ISP sees just gobbledygook, they can't even tell if you made a GET request, or a POST, or a PUT, much less that you're accessing /censoredcontent/terroristhandbook.html

Re: Delusional

[fuzzyfuzzyfungus]

Nothing Snowden released was unsuspected; but there is a fair difference between "Yeah, I strongly suspect that my TLAs have some scary capabilities and enjoy using them." and actually seeing the slide decks outlining the 'and this is how we capture a genuinely impressive percentage of traffic; including more flavors of VPN and the like than you might hope."

Even when history gives one little reason to trust the spooks; the kooks always have a bad time getting taken seriously, even when they have good evidence; and much more so when they can only speculate.

Re:Delusional

[fuzzyfuzzyfungus]

Having a pet CA seriously weakens SSL(and definitely makes relying on it downright crazy for anyone who could get in trouble for going to the wrong sites); but there has been some, not terribly adequate, work to ameliorate the worst of 'Yeah! Any CA is just as trusted as any other!'. Deployment of pinning is deeply patchy, and essentially only open to vendors who have some other mechanism(usually a pet software updater) to push their pinned settings; and 'SSL Observatory' type stuff can only catch attacks after the fact; but it can be tricky to do SSL MiTM on a large scale without breaking some things, throwing some scary warnings, and being detected.

If you just want to do it on a LAN, to a bunch of machines that obey your Group Policy, that's a lot easier.

Re:Delusional

[heypete]

An individual user affected by a one-time event probably won't know, but depending on the remote site and browser used by the user, it may be still be detectable, particularly if used on a larger scale.

For example, Chrome comes with information about authorized CAs and intermediates used by Google baked-into the browser itself, and has since 2011. It will refuse to connect to a "Google" site using an unauthorized certificate (unless manually added by an administrator, for things like SSL interceptors used at businesses, but unlikely in use on a wide scale on the general internet). It sends telemetry back to Google about any bad certs that it sees for Google properties (that's one of the ways they learned about the DigiNotar compromise), and I wouldn't be surprised if such information was also checked for other major sites.

Many CAs also submit records to public Certificate Transparency logs. Google, in particular, uses its standard web crawlers to feed data about certificates it sees into CT logs and has been strongly encouraging (and requiring, in some cases) CAs to submit data to CT logs. This makes detection of falsely-issued certificates quite easy. Perhaps not detectable fast enough to stop an individual, targeted attack, but it should be enough to detect any medium-scale attack on the public internet.

Re: Delusional

[houghi]

That would mean they filter Wikipedia.org
So GP is right.

Re:Delusional

[AmiMoJo]

If you look at the detail of the exploits they use, none of them involve getting a root certificate to compromise large portions of the public internet. They are all work-arounds, like malware installing bogus certs on machines, flaws in SSL implementations or intercepting traffic being transferred between servers in an unencrypted state.

Beyond that, they save some HTTPS traffic for offline analysis. If it turns out to be important later, e.g. identified as belonging to a very valuable target, they apply some brute force effort to cracking it or simply try to hack the server and obtain its private keys or the data directly.

Re:Delusional

Please examine your list of default CAs.
You do not necessarily need to hack a root cert when you are already a trusted CA.

Re:Delusional

>Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale, since it essentially requires taking away the ability to install arbitrary software on the end-user machine.

If all secure connections require a government TLS key, then either you will download it and put up with it, or you will have no secure connections.

Re:Delusional

They can also bribe the contributors. They have very loose morals in that regard, and are willing to completely change pages to fit certain agendas.

Re:Delusional

[plover]

What this means is that such tampering is detectable by experts. That means if "they" were doing wholesale attacks on all traffic, it would be caught. Since pervasive tampering isn't evident here, that means they probably aren't drift-net trawling random internet traffic. Sure, they may be intercepting certain suspects' traffic, but that's not the same thing as Big Brother watching every conversation.

Re:Delusional

That's not what really happens. In real world it goes like this:

1. You send a HTTPS request to Wikipedia/Google
2. Government MITMs the request, inserts its own certificate for you to accept
3. Your browser sees an invalid certificate, pulls a big red scary flashing prompt if you are sure you wish to accept it, warning you it might be dangerous to do so
4. If you accept then everything goes through MITM proxy who can see all your traffic. You can of course reject, in that case, oh well, no Google for you citizen! Now fall back in line please.

No need for the govt. to insert anything into root certificate stores, all they have to do is control your internet connectivity, and flatly reject everything they can't MITM.

This is already happening in some places in Europe, like Germany. But don't worry citizen, it's a good leftist govt who's only after 'em fascists, not honest citizens. You're not one of 'em fascists are you?

Re:Delusional

[swillden]

The "Great Firewall of China" is an infamous example of such monitoring

The GFC does do some TLS MiTM, based on government CA certificates installed in many browsers. Not much, though, because it's pretty expensive, and not that hard to work around. Mostly the GFC prefers to simply block HTTPS connections to sites the government doesn't want its people to access.

and the AT&T hosted fiver optic taps revealed in the infamous "Room 641A" are the tip of the iceberg of network monitoring accepted as a part of doing Internet business

Red herring. Those sort of taps are exactly what TLS make useless.

Take a good look at the old "NetInercept" box by Sandstorm Enterprises, which does just such monitoring wholesale. The product went off the public radar for awhile since their purchase by NikSun, but it's still in use and still a strong seller to various Nefarious Security Agencies(tm).

https://www.securitywizardry.c...

No, those boxes aren't very useful to government agencies. They're mostly used by corporations who can push certs to the browsers of all of the corporate-managed devices.

Re:Delusional

[plover]

> I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way.

His very words you quoted clearly said there is no evidence of a surreptitious drift-net attack.

The Great Firewall is a drift-net, but it is an open secret that China does so. Anyone technical can look at their certificate chain and see if their communications are being intercepted. And China has no lack of people with the skills needed to detect that tampering.

Instead, what's being claimed is that the NSA is doing some technically undetectable certificate replacement at a global scale, but there is just no evidence for those claims. Sure, they can violate one guy's computer, but they do so one suspect at a time. If they did it to the entire country, it would get noticed.

Re: Delusional

Encouraging more careful behavior by signers is fine, but concentrating on it doesn't significantly help.

The best way to fix the MitM problem is to upgrade to 1990s tech, with multiple certifiers for each identity, each one only moderately trusted (at most) by default. A MitM should require a widespread conspiracy, not just a single bad actor or compromised machine. Take that fraction which represents the probability of a screwup, and put an exponent on it.

I call bullshit on everyone claiming that they're really trying to make MitM attacks harder, if they are still advocating solitary "CAs" as the entire trust mechanism. We know for sure that the idea definitely does not work, and for decades we've known how to easily do better.

Re: Delusional

It's moderately heartening to see my commented modded to 5insightful and yours fighting troll status. Go ahead and elaborate on why you chose to use the word 'kooks' in this particular context.

I'll go ahead and elaborate further on my points-

Note I felt I had to choose my words carefully to attract mod points, i.e. a little 'not completely trustworthy' brown nosing. Had I expressed what I really felt as far as the trustworthyniess of 'my TLAs' I would have been troll modded into oblivion. If you do real research on the day by day of the Snowden story as it unfolded, you'll see that the LOVINT/deconfliction parts got buried by the mainstream media. Sadly quite plausibly because they too understand that they have to brown-nose their somewhat patriotic audience in the age of the PATRIOT Act just like I did. The entire orwellian level of modern cyber-surveillance is founded on presenting the illusion that these powerful capabilities are used by 99% highly ethical people. Jean-Luc Picard, etc. When in fact the reality is that there are far more Fat 'grab em by the pussy' Leonards in the mix than they can afford to become widely let known.

The deconfliction (as it relates to Snowden documents about Second Life) angle is critically important to focus on because at the moment, blocking-style censorship is not where its at for the authoritarians. The authoritarians already have so much power, that their game is in massaging and manipulating public discussion forums. 'deconfliction' in Second Life was the Snowden revelation that most closely glanced this critically important issue. However such intense efforts have been put up to maintain the highly-ethical-TLA illusion, that legitimate debate about the important concerns in this area are squarely in the kook-troll-mod-to-oblivion realm.

Another key point is to look at the epicly amazing evolution in the last year of U.S. ISPs literally being given the governments blessing to sell the com meta/data of subscribers to the highest bidder. This flies in the face of the original evolution of expectation of privacy where people considered the phone company that was providing their ISP service to be under the same privacy expectations as their traditional phone call meta/data. I.e. it was never legal for AT&T to sell call logs to Magnum P.I. But somehow the public was massaged into this new-normal of enough tv shows with phone company employees giving such data with a wink and maybe a small bribe to hero cops and hero private investigators, and then post-911 homeland security heroes that eventually it just became - 'fuck it, why not just let them sell it to the highest bidder. Throw the kids to the wolves, let some of them enjoy an illusion of security as they use a VPN that the worlds TLAs have Pwn3d for years".

Now that I'm in full kook mode... I guess my point is that this progress on the wikipedia/https front is simply much too little much too late. I'd dare to say it's borderline criminal negligent for them to imply to their audience that this is protecting them from governments prying into their reading habits. At best, it's protecting them from mediocrely-cyber-skilled geeks employed at the local branch of their ISP. Now, don't get me wrong, I totally enjoy having even that level of enhanced privacy. But for God's sake, don't confuse that with somehow escaping persecution from your government that doesn't like you reading about certain topics.

Re:Delusional

[jez9999]

(unless manually added by an administrator, for things like SSL interceptors used at businesses

If you ask me, that's a pretty gigantic "unless" for a browser that claims it's big on security. Admin can get your password and other personal details? No problem, that's acceptable for some reason! I ended up quitting my job over it because the company's policy was to do HTTPS snooping.

Re:Delusional

[erapert]

... but that's not the same thing as Big Brother watching every conversation.

No problem. They just store all traffic in a huge database and crack it at their leisure later-- if they even need to.

Re:Delusional

[erapert]

Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale ...

Meanwhile, M$ is pushing W10 + spyware as hard as they can and forcing updates on all users. What a coincidence!

Re:Delusional

[heypete]

I agree.

While I appreciate the necessity for manually adding roots (e.g. for internal, corporate resources), I dislike HTTPS snooping and its ability to override baked-in protections against phishing and impersonation of major sites like Google (among many other reasons to oppose such things).

That said, it's one thing for a company to deploy such a system with a corresponding company-owned root across company-owned computers, but another thing entirely for a government to do the same thing to all (or a substantial fraction of) people within its borders. The latter is, with the exception of China and maybe North Korea, bordering on infeasible.

Re:Delusional

[plover]

Have you read how the NSA performs their intercepts? They use a server called FOXACID which is inserted into the network closer to the target than the target's actual desired server. FOXACID responds quicker than the legitimate server and performs the MITM handshake. That's how they can then decrypt the messages.

Saving the packets for later would mean they get nothing.

Who is responsible for censorship?

Most censorship actually comes from leftists, and this truth needs to come out. I applaud Wikipedia for trying to stop leftists censorship. Keep in mind that Europe restricts speech far more than the US does, under the grounds that it's hate speech. Yes, there's legitimately hate speech, but it's easy to censor ideas and positions that the majority or those in power don't like. China is another opponent of free speech, and their government is a leftist Communist regime. Again, leftists are responsible. The only speech that needs to be protected is offensive speech, because if nobody is offended, nobody will try to censor the speech. Kudos to Wikipedia, but let's say it like it is and admit that leftists are the primary opponent of free speech.

- snruter rotsac

Re:Who is responsible for censorship?

I'm sorry you're retarded.

Re: Who is responsible for censorship?

As usual, more ad hominem attacks from the left. How about addressing the statements instead of hurling insults? Again, this is typical from the left, launch insults, deflect, and censor. Address the issue that the leftists are the primary threat to Wikipedia's freedom. If you can't, don't reply.

Re:Who is responsible for censorship?

Most censorship actually comes from leftists ...

Wrong. Most censorship actually comes from "countries like Pakistan or Iran", that is to say, from religious conservatives.

Re: Who is responsible for censorship?

Sorry we also forgot right wing Christian nut jobs...

Re:Who is responsible for censorship?

[ZorinLynx]

No. Wrong!

Most censorship comes from *AUTHORITARIANS*. From both sides of the aisle. By their very nature authoritarians want to control what you can do, and that includes what you can read. Regardless of which way someone leans politically, if they are more libertarian they will be against censorship, and/or pretty much telling people how to live their lives. If they are authoritarian, they will want to meddle, and that includes censorship.

Authoritarian left, authoritarian right; they BOTH suck. No matter how you lean politically the most important thing is to remember that we shouldn't be telling people how to live their lives.

Re: Who is responsible for censorship?

What you're saying is that leftists and Islam are the two greatest threats to free speech.

No, what I'm saying is that religious conservatives, including Islamic religious conservatives (especially Islamic religious conservatives, since they have been allowed closer to the reigns of government) are the single greatest threat to free speech.

... to help them understand that Jesus is God

Don't be ridiculous! Jesus isn't God, he was just some gay guy in ancient Palestine who had group sex with them 12 dudes he hung 'round with.

Re:Who is responsible for censorship?

Authoritarian left, authoritarian right; they BOTH suck.

Goes without saying... Now, can you tell us the difference, if there really is any, between the two?

Re:Who is responsible for censorship?

No. Wrong! Most censorship comes from *AUTHORITARIANS* ... Authoritarian left, authoritarian right; they BOTH suck.

Oh no! You want us to consider BOTH left/right AND authoritarian/libertarian as two separate dimensions?!

But that means we have to elevate our thinking above the one dimensional ... I think my head hurts. I'm sticking with US vs THEM thanks. And as far as THEM is concerned, let's return to tying 'em up to a lamp post and forcing 'em to drink castor oil.

Re:Who is responsible for censorship?

[Capsaicin]

Now, can you tell us the difference, if there really is any, between the two?

The most obvious difference is whether the "means of production" are held in private or state ownership.

Re: Who is responsible for censorship?

How the fuck you can attack the character of an AC? You're just as retarded as the 2nd AC said.

Re: Who is responsible for censorship?

Don't be ridiculous! Jesus isn't God, he was just some gay guy in ancient Palestine who had group sex with them 12 dudes he hung 'round with.

[Old Irish Catholic Priest voice]

Aye, and ye'll be smokin' a turd in purgatory fer *that* one, me boy-o!

[/Old Irish Catholic Priest voice]

Re: Who is responsible for censorship?

Bad troll, get back in your hole.

Re:Who is responsible for censorship?

Authoritarian right and left both want the government to control you.. Modern libertarians (as opposed to libertarian communists) want corporations to control you while pretending that with no government control you will suddenly be free. The simple fact is as a consumer your access and ability to stay truly informed (the only way you can actually make a free choice) is limited (by time and access to accurate information) and you will simply be controlled by mega corps, but at least you will think you are free I guess.. lol..

Re:Who is responsible for censorship?

[AHuxley]

In the USA?
Countering Foreign Propaganda and Disinformation Act (2016)
https://en.wikipedia.org/wiki/...

Re: Who is responsible for censorship?

No u r.

Re: Who is responsible for censorship?

[oobayly]

Only purgatory?

Re:Who is responsible for censorship?

The old definition is that right favours wealth inequality while left goes for the opposite.

Note that by that logic right isn't necessarily libertarian or even capitalist, kings will do fine too, but for the past century or two megacorps have just been the more fashionable implementation. Then, on the extreme left, one size must fit all and if that doesn't suit you the state/collective/whatever will happily get rid of you. What wouldn't you do for the common good, if you weren't a traitor?

Of course the common failure mode in the latter is that some are more equal than others because (insert some complex handwaving and mental gymnastics here). Say, party elite can misuse fruits of others labour without limits because they are acting on behalf of state or something. This can lead to a situation where the only difference is in rhetoric.

Re:Who is responsible for censorship?

The most obvious difference is whether the "means of production" are held in private or state ownership.

Not even that.

The authoritarian leftist state (controlled by a small elite, certianly not "the people") owns the means of production.

In an "authoritarian right" state, a small elite owns the means of production. This small elite is also the political elite - or they control politicians through massive campaign donations nobody else can come close to matching. (They get the donations back when politicians spend them on TV ads - the benefit of owning TV networks . . .) When they get tired of paying for politicians, they get themselves elected.

In either case, a small elite controls government and most of the 'means of production'. Whether the 'means' are officially owned by the government or directly by the small elite doesn't matter much - it is only a level of indirection to confuse the masses. Same for "whether the 'government' is the small elite, or is controlled by...

Re:Who is responsible for censorship?

[Wootery]

Modulo inverted totalitarianism muddying the waters?

Re: Who is responsible for censorship?

[Maritz]

Something, something, something... Leftists.

Do you bore yourself? You bore the fuck out of me.

Re:Who is responsible for censorship?

[Maritz]

Most censorship actually comes from leftists ...

Wrong. Most censorship actually comes from "countries like Pakistan or Iran", that is to say, from religious conservatives.

His assertion that most censorship comes from 'leftists' had me about 90% sure it was a troll. Genuinely idiotic opinion.

Re:Who is responsible for censorship?

[moeinvt]

When corporations can force people to hand over their wealth under threat of incarceration and/or violence, I'll take your perspective seriously. As much as you might hate Comcast, Monsanto or Koch Industries, they don't send men with guns to your house to kidnap you and throw you in a cage should you refuse to follow their orders.

You also neglect the fact that corporations exist in their current form only because they manipulate government and thus enjoy numerous government-backed special privileges. Eliminate all of the government bailouts, handouts, subsidies, barriers to competition, etc. and corporate power will begin to wane.

Re:Who is responsible for censorship?

Authoritarian left, authoritarian right; they BOTH suck.

Goes without saying... Now, can you tell us the difference, if there really is any, between the two?

The difference is that when authoritarian right censors then noone has any doubt it's wrong. When authoritarian left censors all they have to do is say that they are stopping hate speech, combating the spread of fascism, homophobia, racism and whatnot and suddenly censorship becomes okay. You're not a fascist, are you?

Re:Who is responsible for censorship?

[fustakrakich]

Corporate and state are a distinction without a difference.

Re:Who is responsible for censorship?

Eliminate all of the government bailouts, handouts, subsidies, barriers to competition, etc. and corporate power (money) will finance opposition candidates and promote them on their media outlets, and the voters will go along, because, tribalism.

Re:Who is responsible for censorship?

[Capsaicin]

The authoritarian leftist state (controlled by a small elite, certianly not "the people") owns the means of production.

Which is, of course, the reason I chose to describe it as "state" ownership, rather than public ownership.

Re:Who is responsible for censorship?

[fustakrakich]

When corporations can force people to hand over their wealth under threat of incarceration and/or violence, I'll take your perspective seriously.

You mean, like this?

Re:Who is responsible for censorship?

[Capsaicin]

Sorry cut myself off ...

In an "authoritarian right" state, a small elite owns the means of production. This small elite is also the political elite - or they control politicians through massive campaign donations nobody else can come close to matching.

No, this is not generally true. It may the case that there exists some authoritarian right-wing state or states where the industrial elite and the political elite are the same persons. But that is hardly true for authoritarian right-wing states generally, nor especially for the most iconic examples thereof. Hitler did not own BMW or Krupps, and yet he was explicit that of all the institutions in German society these large industries alone were to be immune from Gleichschaltung. Exactly the same separation of political and industrial elites applied too in Fascist Italy. It was for this reason that C20th Marxists viewed facism(s) as an "extra-ordinary form of the bourgeios State." That is right-wing authoritarianism was seen as an extreme form of capitalism.

And speaking of right-wing authoritarian capitalism we can see that in contemporary Singapore foreign corporations are more than welcome. Which transnational corporations, while local elites may have investment interests, they very clearly do not control.

In either case, a small elite controls government and most of the 'means of production'.

This contention fails to stand up to an examination of real world examples of all, and probably not even most, right-wing authoritarian states. It sounds like something someone dreamt up in their head with little historical or contemporary real world knowledge.

Re:Who is responsible for censorship?

[Capsaicin]

Modulo inverted totalitarianism muddying the waters?

Like the 'totalitarianism' trope itself, though perhaps not with the same level of intent, it certainly serves to muddy the waters. By which I mean it serves to obfuscate the real radical differences between left and right-wing authoritarian states (at least at their inception).* US political theorists have busied themselves with this task since at least 1945.

[* that is the case of China, at the very least, serves to illustrate the possibility of nominally leftists dictatorships migrating towards the right economically.]

Re:Who is responsible for censorship?

even many of the so called libertarians want censorship, they are generally only against censorship when it is something that doesn't disagree with some strongly held belief on their part.

Re:Who is responsible for censorship?

[Capsaicin]

... which I hasten to add does not mean that I feel that Wolin's ideas as described on that page (I haven't read him) are without merit (nor even apparently that distinct from observations I have made about "free-market totalitarianism"* in the past). For present purposes, that is distinguishing left from right authoritarianism, however, conflating even Stalinism with fascism provides no clarity.

[*By which I meant that following the stunning global victory of neo-liberal ideology in the late 1980s, the market merged the sole justification for almost any human activity. Economics, in other words, became not merely a "totalising discourse," to borrow Foucault's term, but the totalising discourse. Rendering it almost inconceivable for generations born thereafter that people may have ever been motivated by anything other than profit, and thus providing self-reinforcement for neo-liberalism, grounded as it is upon the abstraction of the utility maximising individual. But I digress, in a footnote no less ...]

That's nice so are they going to work on

[NotSoHeavyD3]

censorship from the Wikipedia "mods" who've decided which pages are "theirs" and only they are allowed to update them?

Re:That's nice so are they going to work on

[aevan]

If you search for "irony" on wikipedia, you're redirected to the main page.

Re:That's nice so are they going to work on

If you search for "irony" on wikipedia, you're redirected to the main page.

You must be one of those "post-factual" people. https://en.wikipedia.org/wiki/...

Re:That's nice so are they going to work on

[aevan]

You're like the world's revenge on sarcasm, do you know that?

Re:That's nice so are they going to work on

You're like the world's revenge on sarcasm, do you know that?

Are you kidding me, pal!? Slashdot is Aspy-Central! Unless you tag it /s plus add a Wiki link to an explanation of sarcasm, *expect* this shit!

Hell, expect it even if you do!

Re:That's nice so are they going to work on

Hell, expect it even if you do!

Well yeah, the dipstick who responded even linked to the page on "irony" after all.

Govt can have machine make own request

They could easily work around that ...

1. You try to browse site https://example.com/badpage.html
2. Government network can't read the traffic, so it also visits https://example.com/badpage.html and determines the context that way.

HTTPS might complicate censorship very briefly. But it wouldn't take Albert Einstein for a censorship government to adapt.

Re:Govt can have machine make own request

[jonwil]

Except the whole point of HTTPS is that the government only knows you visited https://example.com/ and not which page on example.com you visited.

Re:Govt can have machine make own request

that just means the more oppressive government simply blanket ban the entire site. If anything this means less accessibility and more censorship in countries like China rather than less.

Re:Govt can have machine make own request

[91degrees]

https encrypts the request. They know you're going to the IP address for example.com but not what the page is. Or even that you're doing a GET

If they already have some idea, they can probably confirm it to some degree of satisfaction though. They know the size of the download, and I think they know the size of the image downloads as well. they can deduce the page from that. (At least I believe this is the case - this is Slashdot so someone will tell me if I'm wrong).

Re:Govt can have machine make own request

[plover]

Except the whole point of HTTPS is that the government only knows you visited https://example.com/ and not which page on example.com you visited.

Technically the monitor can't see the whole URL. Monitoring only lets you see that they resolved the name example.com, and that they then visited port 443 on that site. The network traffic is encrypted and you can't be sure if they visited index.html or not.

I realize this is probably what you meant, and is just splitting hairs, but it pays to be accurate.

Ah cool - left and right -- what a simple world!

Ah cool - left and right -- what a simple world!

Sounds like the Donnie Dark "LOVE or FEAR" measuring stick.

The free market probably was once a "liberal" idea, back in the days of Dukes and Lords who wanted to control all commerce. Segregation is making a huge comeback, is the idea of segregation supposed to be a "left" or "right" idea ... if so why is "the left" pushing it.

So is Smokey The Bear not wanting you to litter a "left thing" ("the environment") or a "right thing" ("use a trash can, lazy ass")? Is wanting fuel efficiency a "left thing" ("air quality") or a "right thing" ("use your resources efficiently").

Left and right is so various knuckleheads can argue with each other and navel gaze and repeat arguments someone else told to them on the television.

Only a temporary solution

[PAjamian]

The only reason this is working for now is because the censoring governments haven't implemented a workaround for it yet. There are various ways they can still censor Wikipedia:

They can use their own CA (don't even think that a country like China doesn't have access to be able to generate certs for any hostnames they want from a trusted CA) to generate a wikipedia.com cert and proxy wikipedia traffic through their own servers censoring it in the process.

They can proxy traffic from http to https and locally block the https traffic so the people in their country are foced to use the http version which is censored.

They can block Wikipedia alltogether by various different means.

Re:Only a temporary solution

[fulldecent]

If a trusted CA ever creates a fake certificate so that a party may perform MITM then will leave a positive artifact.

If you can ever find this artifact, then post in on Slashdot and I guarantee it will be first page and it will also result in at least one browser revoking that CA.

Re:Only a temporary solution

[PAjamian]

When China provides not only the browser, but the entire OS that the majority of people there run, don't you think they can insert their own trusted CA into the mix? How hard is it for a country to require users to access essential government services online, and oh look, they might just have their own trusted CA that you have to accept. If the certs are only presented to connections in their own country it becomes that much harder for security researchers to detect. There are so many ways to pull this off it's ridiculous, and countries that can't can still use one of the other methods I outlined.

Re:Only a temporary solution

You forgot (and I'm too lazy) to provide the link to the recent slashdot post about China hiring tens of thousands of citizens to write their own wikipedia.

Re:Only a temporary solution

don't even think that a country like China doesn't have access to be able to generate certs for any hostnames they want from a trusted CA

It's possible that China or other very wealthy nation states have either cracked or stolen the private keys for various root certificate signing certificates. However, I don't believe that they would waste such a valuable asset on run of the mill censorship. The reason for this is that very soon after they start using the private keys to issue fake certificates the world at large is going to find out about it, cancel the root signing certificates, create new ones and then re-issue all of the certs signed by the compromised signing certificates. This would generate tons of negative publicity and economic disruption and for no long term gain since any success with the faked certificates would be short lived. No, any government that has these keys is going to keep them secret and save them for a truly dire situation of great national importance, since cracking the new private keys or stealing them again will probably be difficult or impossible, even for a wealthy nation state like China.

They can proxy traffic from http to https and locally block the https traffic so the people in their country are foced to use the http version which is censored.

That's possible, but without control over every individual client, which would be difficult even in a communist nation like China, people are going to know about the censorship because the connection will be http or the certificate will be red flagged by the browser.

They can block Wikipedia alltogether by various different means.

Yes, but that's rather obvious and generates bad publicity. China desperately wants to be taken seriously by the other powerful nations of this world and they know that that will not happen if they're seen to be using the same blunt instruments, like blocking a popular website or turning off the Internet, that are favored by Arab and African dictators. Of course, they would still do those things if they thought they had no other choice, but they won't reach for those tools first because using them causes loss of face and if there's one thing that's anathema in Asian cultures it's losing face.

Re:Only a temporary solution

When China provides not only the browser, but the entire OS that the majority of people there run, don't you think they can insert their own trusted CA into the mix? How hard is it for a country to require users to access essential government services online, and oh look, they might just have their own trusted CA that you have to accept. If the certs are only presented to connections in their own country it becomes that much harder for security researchers to detect. There are so many ways to pull this off it's ridiculous, and countries that can't can still use one of the other methods I outlined.

Exactly, and they do, I have seen it first hand.

Re:Only a temporary solution

[fph+il+quozientatore]

You mean like they didn't when Symantec did it?

Re:Only a temporary solution

[thegarbz]

When China provides not only the browser, but the entire OS that the majority of people there run,

The *majority* of the people do not run some government provided OS. There's a reason piracy rates are so incredibly high in China.

A few mandated businesses run Chinese mandated OSes. Educational institutions do too. And all of this is completely irrelevant since every idiot on the street has workarounds to blocked content anyway. The Chinese censorship can be best described as "casual".

Re:Only a temporary solution

[AmiMoJo]

The most popular operating system in China are Android and Windows. China doesn't supply a browser; the most popular one is Chrome by a long shot.

http://gs.statcounter.com/brow...

Maybe you are confusing them with North Korea?

Re:Only a temporary solution

They can proxy traffic from http to https and locally block the https traffic so the people in their country are foced to use the http version which is censored.

I think the summary was clear that what we are talking about is the removal of that option since wikipedia no longer serves http. That was kinda the whole point.

Re:Only a temporary solution

Eh, I see where you are going with this, but I disagree (I think) with the place you've wound up.

We don't have to make spying "impossible", or "permanent", or even implement unblockable technologies. We only have to make it difficult, annoying and expensive. Sure, perfect solutions would be great, but perfect isn't within our grasp.

Also, perfect solutions could attract giant hammer solutions from the spying agencies and authoritarian governments. Security that is possible to crack but difficult in practice, might actually survive longer in the real world, because those solutions might seem less threatening. This is a tentative proposition and I don't want to push this idea too far!

What is the security analog in daily life? Your house. Your house has locks and maybe alarms and cameras. Can those be defeated? Well yes, of course. Do they need to be perfect in practice? No, not at all. You only have to make it difficult and risky enough for a criminal, to move on to the next target.

I would suggest, that's where we are at with government censorship, spying and monitoring. Make mass spying impossible or wildly impractical. Force the Three Letter Agencies to target specific individuals, people who actually merit some monitoring (we hope).

Re:Only a temporary solution

[PAjamian]

No, removal of http means that someone can no longer connect directly to http on the Wikipedia servers (or more precisely they will be redirected to https). It does not prevent a 3rd party MITM (eg: nation states) from accepting http connections and proxying them to Wikipedia via https. It is the latter that I refer to not the former.

Re:Only a temporary solution

[PAjamian]

Perhaps I came across to harsh in my criticism. I did not mean to imply that this is a bad move by Wikipedia, it is certainly a good idea and probably something they should have done a long time ago. What I am criticising is the arrogance of claiming that they have solved the censorship issue. They have not by a long shot.

Re:

It is meant to be a self-perpetuating strangle-hold on knowledge that can be controlled centrally. The efforts to replicate and make this knowledge distributed (fault-tolerant) are marginalized and avoided. They only care about getting their major donations for their ancient software that attempts to control world knowledge, naturally facilitating its manipulation.

Hard to believe.

[BitterOak]

The article makes the following claim:

For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square.

This is hard to believe. The vast majority of Wikipedia pages contain several images and the file sizes for each of these images is different. When you load a page, the browser first loads the text of the page, then in separate https requests, it loads each of the images, usually in the order listed in the page's HTML. Each page then has a unique signature: the size of the text, and the sizes of each of the images in order. It would be very easy for an adversary to build up a database of these signatures, simply by analyzing their own traffic when they examine various pages. Even if the traffic is encrypted, by looking at the amount of data transferred and the timing, it seems it would be almost trivial to figure out which pages a user was visiting.

Re:Hard to believe.

Tor .onion

Re:Hard to believe.

[The+MAZZTer]

That is a legitimate attack, of course it can be more easily protected against then it can be exploited. Gzip compression (and tweaking the settings behind the compression per stream) of streams or padding with junk data in either direction can be used to adjust sizes of resources.

Also a slight technical correction, a client can make multiple requests per stream. But that does not affect your concern.

Re:Hard to believe.

[PAjamian]

The web client will reuse the connection to the server, and to a 3rd-party observer it will all look like one massive blob of data so that all they could really get out of it is the content length of the whole thing, which due to gzip compression (which is enabled for Wikipedia, I checked), caching of resources, etc, means it will vary considerably from one fetch of a given page to the next.

If that isn't enough, http servers and TLS ciphers themselves actively hide the length of the content they transmit with techniques such as padding and adding additional random bytes to the beginning or end of a HTTPS transmission.

All up, I'd say this vector would be pretty much impossible to exploit.

Re:Hard to believe.

You're assuming that "Connection: close" is used instead of "Connection: keep-alive" for HTTP over SSL/TLS. That's generally a wrong assumption. There's also that pesky HTTP Pipelining thing where several requests can be sent over the same connection before even the first response is received.

Re:Hard to believe.

When you load a page, the browser first loads the text of the page, then in separate https requests, it loads each of the images, usually in the order listed in the page's HTML.

It's not the 90s anymore, browsers do things in parallel, and reuse connections

Re: Hard to believe.

Not so sure about this. With keep-alive and parallel fetching of page oblects, you would just see a bunch of activity on some https connections. It isn't one connection per request. Not to mention caching.

Yeah, we won!

Great, now that battle is over, what's next?

Re:Hard to believe. (That's padding's job)

[charliemerritt03]

Wikipedia could pad every (page, image, or paragraph) with random junk so that traffic quantity analysis is useless. Also they could hesitate a random time between (page, image, or paragraph). I recon they do something like this now.

ReLWrong Direction

the article is simply reporting the story from the POV of Wikipedia ... No bias here.

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
LogicError: contradictory assertions in same line of code

Amusing to see you defend the bastion of Progressivism that an encylopedia, a fortiori Wikipedia, is. :) In China or Iran, or medieval Europe, you too are a liberal.

Just the story reported as it was heard, from the party making the announcement.

Not really to the point, but there is no indication in TFA, that the sentence "Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015" is a direct quote from the report or the researchers, as opposed to the description chosen by the author.

To regard censorship as an unqualifed bad, is an ideological position. To describe an effect on a number which acts to decrease the number as "positive" (since it is referring to an ideological as distinct from a mathematical effect) is value-laden. Liberal bias detected.

Re:ReLWrong Direction

[BlueStrat]

"Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015" is a direct quote from the report or the researchers, as opposed to the description chosen by the author.

Uh...how about the *purpose* Wikipedia switched to HTTPS? To avoid censorship, for which a reduction is, in fact, a positive. Stop with the sophistry. It's not intellectually honest, it's simply a way to have your cake and throw it in the trash, but all in your own head.

Strat

Re:ReLWrong Direction

[colinwb]

Assuming you are the same AC who wrote "The number went down so that is a negative effect. No need to introduce value-laden descriptors into the math." in the first post:
"To describe an effect on a number which acts to decrease the number as "positive" (since it is referring to an ideological as distinct from a mathematical effect) is value-laden. Liberal bias detected."

Are you seriously arguing that, for example, Ron Clarke's achievement running 10,000 metres in 27m39.4s in 1965, reducing the world record from the previous 28m15.6s, was negative? And that anyone who considers it a positive achievement is showing value-laden Liberal bias? To mis-quote Douglas Adams, this is obviously some strange usage of the word "negative" that I hadn't previously been aware of. You must be on more drugs and booze than Hunter S Thompson.

Since the URL isn't encrypted... WHAT IS THE POINT

https://en.wikipedia.org/wiki/Special:Search?search=dumb+ass

Cake? What cake?!

You choose to quote the obiter (clearly marked as "not really to the point") ... that says something in itself.

Uh...how about the *purpose* ... To avoid censorship, for which a reduction is, in fact, a positive.

How is avoidance of, or a reduction in, censorship a positive "in fact", as opposed to it being a positive in relation to a system of values to which you (but not apparently the censors) happen to subscribe?

Re: Cake? What cake?!

Achieving stated goal == positive effect.

God, you suck at this...

positive change in Score

More censorship or less? Tricky question.

It's never really a question of more or less, but of what.

For example, even suggesting that we should remember our belief 'censorship is always bad' is a matter of values, has gotten my first post censored to -1 ... presumably by someone who'd advocate for "less censorship".

now get rid of the notability censors

I'm fed up of looking up information and seeing it deleted as "not notable". Information wants to be free, and shouldnt be held to arbitary "notability" standards. The day a notability free version of Wikipedia gets popular I will donate again.

Re:now get rid of the notability censors

wh?y Wikipedia modding Nazi's are complete arseholes,but Notability is a relatively useful bar (even if it is poorly implemented), otherwise you will simply get a database riddled with complete utter garbage, why should an article I post that my Pets name is frost describing her daily shitting cycle be something that is kept, indexed and polluting search results?

Re:now get rid of the notability censors

Rated comment -1 "Not Notable"

Then Harvard sold copy of the access log to China

and Pakistan and Google. Problem solved and self-funded the research.

Real world effects

[Dunbal]

Of course countries simply respond by censoring ALL of Wikipedia.

Re:Then Harvard sold copy of the access log to Chi

The student interns with access to the data also managed to sell several copies as the instance on pastebin indicates. After all, we have to get our next Zuckerberg from somewhere...

I don't believe it

"HTTPS prevents governments and others from seeing the specific page users are visiting."

I am no expert, but I don't think this is true as a fact, because I am assuming that the US government has a forged digital certificate, or, that they (and other governments) know about some flaw to subvert the encryption process somehow.

This world sucks, this internet sucks, and I am not happy about this. This is NOT the time to sit back and enjoy HTTPS/tls encryption.

Re: Cake? What cake?!

Poor thing! Kinda dense, bless his heart!

It is very interesting that...

...people are still using Solid State Logic audio boards nowadays. I'm a Neve man myself.

Re:Since the URL isn't encrypted... WHAT IS THE PO

THE FUCKING url is encrypted in SSL requests dumb ass. only the hostname and IP are not encrypted.

Fork wikipedia

[aberglas]

The solution is simple. China et al can simply fork Wikipedia onto their own website. They can then push edits through for all non-controvertial pages, and do what they like with the others. Wikipedia provides a huge ability to rewrite history. He controls the present...

Re: Cake? What cake?!

Achieving stated goal == positive effect.

That's hardly a coherent answer to the question "[h]ow is avoidance of, or a reduction in, censorship a positive "in fact", as opposed to it being a positive in relation to a system of values to which you (but not apparently the censors) happen to subscribe? Is it?

Look, the stated goal was negatively to effect a censoring state's ability to ban individual Wikipedia pages. Whether or not you regard the goal as positive or negative is "in fact" a value judgement, we simply cannot avoid that.

Nor was the original (now censored) comment strictly concerned with the effect on the stated goal. It noted the description of the effect on the "number of censorship events," which clearly was a negative . The point being made was that describing it as "positive effect" requires importing something other then the objective observation that the number had gone down, something ideological, for example an assumption that the stated goal is itself a positive. To equate the "Achieving stated goal" with "positive effect" is simply to reinscribe the self-same value judgement. Yes?

You are being asked nothing more than to be aware of the tacit values (even, or especially, if you share them) in that seemingly innocent description of a mathematically negative effect as "positive."

God, you suck at this...

Whoa dude! What a slam-dunk argument! Anyone ever tell you what an excellent debater you are? No? OK, the good news is you have honest friends.

What about wikipedia's own censorship?

[walterbyrd]

And distortion of facts?

Re:What about wikipedia's own censorship?

List a couple and we will certainly verify your statements then pound on the doors of wikipedia until the tin-pot tyrants relent and allow the revision.

Or if you're just complaining in general about the tone of and flavor of wikipedia, then you can scoot on over to Conservapedia and suckle your thumb in your safe-space.

blabbermouth

[roc97007]

> For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square.

Well, until now. Gee thanks, guys.

HTTPS does not hide a URL

HTTPS prevents governments and others from seeing the specific page users are visiting.

This is just a wrong assumption in so many ways.

Take the following HTTPS URL:

https://en.wikipedia.org/wiki/Tiananmen_Square

It's about Tiananmen Square. NSA can see that I just visited the Tiananmen Square page on Wikipedia - HTTPS doesn't stop this - it only prevents inspection of the actual data bits sent between my browser and the web server, snooping parties can still see exactly which page I just visited whether HTTPS is employed or not.

Re:HTTPS does not hide a URL

[gravewax]

please go and learn how SSL works before posting garbage. The URL is NOT visible, only the host name and IP address is. The url is sent as a GET after the HTTPS tunnel is established and hence is encrypted so unless they are either spying on your desktop or man in the middling your connection they cannot see what you are accessing, only that you are visiting wikipedia

Chinese censors *religious*?!?! Are you stoned?

[raymorris]

> religious conservatives who are employing censorship to "protect public morals" (or whatever they imagine themselves doing)

Are you by chance stoned out of your mind right now? The great firewall of China is there to block international religious text ideas and other ideas which are at odds with the dictum of the ATHEIST Communist party of China. Exactly the opposite of what you seem to think.

Preaching in China can get you a jail sentence, though in recent decades they've started allowing Buddhist and Taoist centers under government control.

Re:Chinese censors *religious*?!?! Are you stoned?

Are you by chance stoned out of your mind right now?

Unfortunately no ... it's a simple a case of having actually read TFA.

Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia ... The Harvard researchers ... found that, globally, Wikipedia's switch to HTTPS had a positive [sic] effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015. ... Although countries like China ... were still censoring part or all of Wikipedia by the time the researchers wrapped up their study ...

TLDR; Effective against religious conservatives in Iran and Pakistan, ineffective against China.

Now if you could pass the pipe 'round dude!

Score: -1 Gadfly

Are you seriously arguing that, for example, Ron Clarke's achievement running 10,000 metres in 27m39.4s in 1965, reducing the world record from the previous 28m15.6s, was negative?

No. I'm not even suggesting that the a drop in the number of censorship events is negative (in any general sense), only that the effect on the number is negative (it made it go down.)

As BlueStrat implied I'm splitting hairs with a very fine razor. I could not have made that point had the author written, "it had a positive effect, reducing the number of censorship events." Instead the author predicated 'positive' to a negative numerical effect. But I'm splitting hairs because I think this subtle grammatical error reveals the unthinking way we accept that reducing censorship events in different countries and cultures is an unproblematic good. I want to problematize our presumptions.

And that anyone who considers it a positive achievement is showing value-laden Liberal bias?

If by 'it' you are referring to Ron Clarke's achievement you are simply being silly. The value-laden liberal bias, is that the particular ideological bias by which we uncritically accept that a private US company degrading the sovereignty of foreign nations when it comes to censorship so as to describe a negative effect on the number of censorship events as "positive." And do note, this is not to say it isn't a positive, that's not the point.

Not that this bromide really deserves a reply ...

[Capsaicin]

Corporate and state are a distinction without a difference.

Given it was legislated into existence, the corporate form is itself an expression of state power. Creator and creature is fairly obviously not a "distinction without a difference." Just for a start ...

So tell me what do you make of a piece of legislation which explicitly applies to corporations but does not bind the Crown?

'ere

[raymorris]

'ere

[Coughing]

Re:'ere

Very nice ... have to pay that one. Made me literally LOL.

Re:Since the URL isn't encrypted... WHAT IS THE PO

Learn how HTTPS works.

I have to.

[poofmeisterp]

So the government(s) "no rikey" encryption hiding user use from them? Windows 10 will take care of that for them. Er... has already taken care of that for them.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

The government is bound and dominated by corporate funding ('donations', media promotion, etc.), which will go elsewhere if the state does not play ball. Revolution is a big expense, but not out of reach. The wars in the middle east (and Central/South America) are about business, not any silly ideology, which is just a low wage motivator. Also note where most top level government appointees come from. They are juiced in. It should be pretty obvious who rules overs whom. Granted, the cause is voter disinterest and antipathy, but that doesn't matter. Most everybody is wagging the dog. The government acts as security and hired gun for its financiers. It is truly a servant to specific interests.

use Tor

[peawormsworth]

For people that live in China, please use TOR.

Take your security into your own hands. Don't depend on external sites to protect you. SSL has been compromised in the past, browser exploits do occur and your computer will keep logs of what you visit.

It's much better to use TOR and setup to tunnel through a bridge to get the information you want. Your country will not be able to monitor your information gathering, your browser will erase all logs on exit and wikipedia will not have an IP log of your visit. You will not be depending on the security of the end site (like wikipedia) to protect you.

Once you learn how to do it, go out and teach your friends and family how to live free. All the information you need is here: https://www.torproject.org/

Best luck to you, young minds of China. We love ya.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

The government is bound and dominated by [state] funding ... which will go elsewhere if the state does not play ball.

Given we are examining your assertion that "[c]orporate and state are [sic] a distinction without a difference" I've taken the liberty of substituting 'state' where you wrote 'corporate'. The sentence, I think you must agree, no longer makes much sense. I put it to you that you cannot coherently write what you just wrote without differentiating between 'corporate' and 'state.'

Re:Not that this bromide really deserves a reply .

[fustakrakich]

They are simply one in the same and inseparable. It really makes no difference which department is in charge. Protection of their wealth from the ravaging hoards is the singular goal.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

They are simply one in the same and inseparable.

Yet the very fact that you could write "[t]he government is bound and dominated by corporate funding," or even think/i> it, betrays that even you do not truly believe this quip. That's before we even come to look at concrete historical questions, such as to which particular corporations Stalin, for example, was beholden for "donations, media promotions etc."

It's a rhetorical flourish, not serious analysis. And while your point might hold some glimmer of truth when considering the undue influence trans-national corporations have on liberal-democratic polities, it's entirely beside the point when considering the distinction between left- and right-wing authoritarian dictatorships, which turns most obviously on the relationship of the state to private capital. Given that was the question being addressed your original interjection was simply impertinent (arguable in both senses of the word).

Re:Not that this bromide really deserves a reply .

[fustakrakich]

I'm sorry, what? You expect me to believe that Stalin had the wealth and power to act on his own?

Re:Not that this bromide really deserves a reply .

[Capsaicin]

I'll take that a concession as to the point under dispute.

Cheers.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

Take it as you wish. You still can't differentiate the state from the corporation.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

You still can't differentiate the state from the corporation.

My ability to distinguish them was never in question. What you have demonstrated is that you suffer no particular lack of discernment on that score either.

You've now had 5 more replies than your orignal jive deserved ... enough of your sillyness already.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

You still haven't shown any difference between 'left' and 'right'.

My ability to distinguish them was never in question.

Exactly, but it is based on a totally imaginary premise. The reality is that there is no difference. Authoritarianism is totally and utterly non partisan in whatever fashion you can dream up.