Wikipedia's Switch To HTTPS Has Successfully Fought Government Censorship

Determining how to prevent acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption. From a report: HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square. Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS. [...] The Harvard researchers began by deploying an algorithm which detected unusual changes in Wikipedia's global server traffic for a year beginning in May 2015. This data was then combined with a historical analysis of the daily request histories for some 1.7 million articles in 286 different languages from 2011 to 2016 in order to determine possible censorship events. [...] After a painstakingly long process of manual analysis of potential censorship events, the researchers found that, globally, Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015.

Delusional

[gravewax]

It is completely delusional to think this effectively prevents government censorship as if they can't selectively block content they simply take the sledgehammer approach and ban the site altogether.

Re: Delusional

It's a little worse than that. Because the url's are different, the Chinese government has blocked the zh.wikipedia.org but not the en.wikipedia.org, presumably because most Chinese people can not read English too a high enough level. They should move the language into the end part of the URL i.e. wikipedia.org/en/some-article

Re:Delusional

any decent overlord is using SSL inspection (seemlessly via compromised root certs), so this is a non-issue

Re:Delusional

[aaarrrgggh]

Pretty much. It makes https trivially easy to attack.

Re:Delusional

Modded insightful because that's what my boss overlord does.

Re:Delusional

[swillden]

any decent overlord is using SSL inspection (seemlessly via compromised root certs)

Cite?

There have been occasional instances of compromised root certs, which have fairly quickly been removed from default trust stores, but I see no evidence of ongoing vulnerability -- excepting when the overlord controls the trust store. That is common in corporate scenarios but not really possible without removing admin rights from users' computers, which is hard for any nation other than North Korea to do.

Re:Delusional

[swillden]

Also except for the fact that ISP can see your destination AND the url request... Yep they can not see it at all.

No. The ISP, etc., can see the hostname in the DNS request and they can see the IP address of the server you connect to, but that's all. The first messages exchanged with the server establish the encrypted channel and then the GET (or similar) request that specifies everything after the hostname in the URL is inside the secure channel. They cannot see the URL.

Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely. The only thin exception to this is if they can inject their own CA certificates in the TLS trust stores. That enables a man in the middle attack. Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale, since it essentially requires taking away the ability to install arbitrary software on the end-user machine.

Re: Delusional

It's a lot worse than that. Governments as powerful as the U.S. and China have a dozen different ways to snoop on what citizens are ingesting. Remember that snowden slide about "we unencrypt and reencrypt ssl here" bit? Now yes, ssl is like, the first obvious step towards doing things the right way. But Snowden revealed to us that several not so completely trustworthy governments are a dozen steps ahead of that and have been for many years. Time has since revealed that the situation isn't getting better. Now if in 2014 Amazon had gone https only, I might have the faintest hope that we have a realistic chance of seeing a decent path in our lifetimes. But here it is in 2017, and the Amazon quasi-monopoly (AWS holy shit) is cementing the expectation of lack of privacy of much of our purchasing logs. Remember that biblical bit about the number of the beast, it had more than a passing reference to commerce tracking the likes of which we've been living with for many years now.

For a few moments we had hope that someone like Snowden could legitimately turn things around. Now I'm quite convinced it's going to take another Holocaust. No joke. And even then it's not going to get better, it will just regress to something much different with new possible directions for the long term, and perhaps hope that people then will have better learned the lessons of history.

Wikipedia is definitely part of the problem as well as Amazon. There is no good reason why they need to have a centralized infrastructure that NO DOUBT is being tracked WHOLESALE by at least the U.S., Russia, and China. Censorship of the sort this summary talks about is a red herring. China after getting the U.S. to help whitewash the Tiananmen Square Massacre in '89 has so much power over their citizens that they can go ahead and let people have unfettered access to information. People learn that it's smarter not to go choosing to ingest the 'wrong' type of information. The government is quite effective at educating the people over their lifetimes as to what the 'wrong' types of information are.

It's so much worse than you think.

Re:Delusional

You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world. Let's assume you're rose-colored glasses are right, though... how about all of those domain certificates - along with their private keys - held by Akamai, Amazon and Azure for their SSL-enabled load balancers and content distribution services?

Re:Delusional

[AHuxley]

Re Cite
Project Bullrun, Cheesy Name, Edgehill
"Revealed: how US and UK spy agencies defeat internet privacy and security" (6 September 2013)
https://www.theguardian.com/wo...
".. agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking."

Re:Delusional

How would you ever know if the US government went to Verisign and ordered them to create a valid cert for any domain? If you didn't have some form of client cert pinning you would never know.

Even if they could have a duplicate created and signed by Verisign, the public and private key pair would necessarily be different because these are generated at the time of certificate creation using a cryptographically strong random prime number pair generator. Thus, the signature on the certificate would be different than the one that Verisign previously generated for the original recipient. So, even though the new certificate would be "trusted", because it was issued by Verisign, the signature hashes would be different so a sharp user or a browser that queried a database of known public hashes would be able to spot the discrepancy and warn the user that the certificate is fishy. Remember, these certificates were designed to prevent precisely the sort of behavior that you're suggesting, namely creating identical forged copies of originally issued certificates.

Re:Delusional

[swillden]

Yes, we know they exploited the widely-known vulnerabilities in SSLv2 and v3. The recently-published NSA hacking tools contained no new capabilities, though. There's no evidence that they can exploit properly-configured TLS.

Re:Delusional

[swillden]

You're likely delusional to believe that there are no CA Root or Intermediate certificates in possession of various governments of the world.

I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way. If such unauthorized keys were being used broadly, someone would notice that the public key certificates received by end users are not the same ones being served by the sites.

Re:Delusional

[swillden]

Here you go. The Chinese government requires all browsers to have their root certificate installed, allowing them to intercept encrypted traffic. Not every government is that technically competent, though.

Yes, that's an example of compromised certificates being identified and removed from trust stores... or in this case blocked via certificate pinning.

Re:Delusional

[bentcd]

Governments that wish to censor HTTPS sites with proper TLS configurations and decent CAs really have only one option: to block the sites entirely.

This is an undesirable measure for a forward-looking regime like China's: they don't want to deny their tech sector etc. access to knowledge sources useful to their profession.

They have an alternative however, they can mirror wikipedia within China and censor their mirror while blocking the international site.

Re:Delusional

[fuzzyfuzzyfungus]

It is completely delusional to think this effectively prevents government censorship as if they can't selectively block content they simply take the sledgehammer approach and ban the site altogether.

That is an option; but only if you want to (quite visibly) be caught interfering with your citizen's access to intriguing trivia, fun facts; and the best friend of last-minute-'researchers' everywhere.

Sure, against somebody who doesn't give a damn, at all; and has no domestic opposition even close to being able to make him do so, "You'll have to ban it all to ban any of it!" will just get you a "Challenge Accepted." and a ban. That cuts down on the list of potential censors, and raises the cost they pay with their constituents, if they choose to try. Even members of the public who are in favor of banning 'immorality' or whatever generally like access to lolcats and innocuous articles. That's where forcing the adversary to make all-or-nothing choices pays off.

Using encryption has the added benefit of making it harder to do 'silent' censorship. If you have http, you can do very granular blocking or even selective rewriting and your censored version will only be distinguishable from the real thing by people willing to do a lot of tedious testing from multiple connections in different jurisdictions and look for changes. If it's either 'blocked' or 'not blocked', you can't really deny what you are doing. You may be able to do it anyway; but you'll have to deal with whatever fallout emerges.

Re: Delusional

[Antique+Geekmeister]

> For the record both Mozilla and Google have been pushing ahead with stronger sanctions against certificate authorities

While this is helpful for general security, I don't think it's that helpful against targeted snooping. I'd expect Wikipedia's certificates to be stolen from inside their security environment: they're large enough and a source of enough useful trackable information that I'd expect them to be targeted, successfully, by security agencies around the world. Moreover, I would expect agencies like the NSA have access to the certificate signing certificates by targeting the signature authorities themselves, and to have access to the systems at worldwide SSL proxy systems like AWS and other commercial load balancers.

Where I'd expect HTTPS to be most helpful for privacy advocates is by raising the _cost_ of intercepting the traffic. Bulk monitoring of unencrypted traffic is much cheaper, and faster, than inserting a man-in-the-middle agent to decrypt and re-encrypt the traffic going to an endpoint, and requires much less sophisticated tools to avoid confusing the receiving website about where the traffic is connected from.

Re:Delusional

[thegarbz]

Your computer makes a request to the server. The ISP can see which server. The details of the request are within the HTTP GET message that is sent. It is with this GET request that the URL is passed to the server.

When your computer connects via HTTPS the very first thing that happens is an encrypted channel is established. Only then is a GET request sent through with a URL, of which the ISP sees just gobbledygook, they can't even tell if you made a GET request, or a POST, or a PUT, much less that you're accessing /censoredcontent/terroristhandbook.html

Re: Delusional

[fuzzyfuzzyfungus]

Nothing Snowden released was unsuspected; but there is a fair difference between "Yeah, I strongly suspect that my TLAs have some scary capabilities and enjoy using them." and actually seeing the slide decks outlining the 'and this is how we capture a genuinely impressive percentage of traffic; including more flavors of VPN and the like than you might hope."

Even when history gives one little reason to trust the spooks; the kooks always have a bad time getting taken seriously, even when they have good evidence; and much more so when they can only speculate.

Re:Delusional

[fuzzyfuzzyfungus]

Having a pet CA seriously weakens SSL(and definitely makes relying on it downright crazy for anyone who could get in trouble for going to the wrong sites); but there has been some, not terribly adequate, work to ameliorate the worst of 'Yeah! Any CA is just as trusted as any other!'. Deployment of pinning is deeply patchy, and essentially only open to vendors who have some other mechanism(usually a pet software updater) to push their pinned settings; and 'SSL Observatory' type stuff can only catch attacks after the fact; but it can be tricky to do SSL MiTM on a large scale without breaking some things, throwing some scary warnings, and being detected.

If you just want to do it on a LAN, to a bunch of machines that obey your Group Policy, that's a lot easier.

Re:Delusional

[heypete]

An individual user affected by a one-time event probably won't know, but depending on the remote site and browser used by the user, it may be still be detectable, particularly if used on a larger scale.

For example, Chrome comes with information about authorized CAs and intermediates used by Google baked-into the browser itself, and has since 2011. It will refuse to connect to a "Google" site using an unauthorized certificate (unless manually added by an administrator, for things like SSL interceptors used at businesses, but unlikely in use on a wide scale on the general internet). It sends telemetry back to Google about any bad certs that it sees for Google properties (that's one of the ways they learned about the DigiNotar compromise), and I wouldn't be surprised if such information was also checked for other major sites.

Many CAs also submit records to public Certificate Transparency logs. Google, in particular, uses its standard web crawlers to feed data about certificates it sees into CT logs and has been strongly encouraging (and requiring, in some cases) CAs to submit data to CT logs. This makes detection of falsely-issued certificates quite easy. Perhaps not detectable fast enough to stop an individual, targeted attack, but it should be enough to detect any medium-scale attack on the public internet.

Re: Delusional

[houghi]

That would mean they filter Wikipedia.org
So GP is right.

Re:Delusional

[AmiMoJo]

If you look at the detail of the exploits they use, none of them involve getting a root certificate to compromise large portions of the public internet. They are all work-arounds, like malware installing bogus certs on machines, flaws in SSL implementations or intercepting traffic being transferred between servers in an unencrypted state.

Beyond that, they save some HTTPS traffic for offline analysis. If it turns out to be important later, e.g. identified as belonging to a very valuable target, they apply some brute force effort to cracking it or simply try to hack the server and obtain its private keys or the data directly.

Re:Delusional

[plover]

What this means is that such tampering is detectable by experts. That means if "they" were doing wholesale attacks on all traffic, it would be caught. Since pervasive tampering isn't evident here, that means they probably aren't drift-net trawling random internet traffic. Sure, they may be intercepting certain suspects' traffic, but that's not the same thing as Big Brother watching every conversation.

Re:Delusional

[swillden]

The "Great Firewall of China" is an infamous example of such monitoring

The GFC does do some TLS MiTM, based on government CA certificates installed in many browsers. Not much, though, because it's pretty expensive, and not that hard to work around. Mostly the GFC prefers to simply block HTTPS connections to sites the government doesn't want its people to access.

and the AT&T hosted fiver optic taps revealed in the infamous "Room 641A" are the tip of the iceberg of network monitoring accepted as a part of doing Internet business

Red herring. Those sort of taps are exactly what TLS make useless.

Take a good look at the old "NetInercept" box by Sandstorm Enterprises, which does just such monitoring wholesale. The product went off the public radar for awhile since their purchase by NikSun, but it's still in use and still a strong seller to various Nefarious Security Agencies(tm).

https://www.securitywizardry.c...

No, those boxes aren't very useful to government agencies. They're mostly used by corporations who can push certs to the browsers of all of the corporate-managed devices.

Re:Delusional

[plover]

> I wouldn't claim there are none, but we have pretty strong evidence that if there are any, they're used sparingly and in a very targeted way.

His very words you quoted clearly said there is no evidence of a surreptitious drift-net attack.

The Great Firewall is a drift-net, but it is an open secret that China does so. Anyone technical can look at their certificate chain and see if their communications are being intercepted. And China has no lack of people with the skills needed to detect that tampering.

Instead, what's being claimed is that the NSA is doing some technically undetectable certificate replacement at a global scale, but there is just no evidence for those claims. Sure, they can violate one guy's computer, but they do so one suspect at a time. If they did it to the entire country, it would get noticed.

Re:Delusional

[jez9999]

(unless manually added by an administrator, for things like SSL interceptors used at businesses

If you ask me, that's a pretty gigantic "unless" for a browser that claims it's big on security. Admin can get your password and other personal details? No problem, that's acceptable for some reason! I ended up quitting my job over it because the company's policy was to do HTTPS snooping.

Re:Delusional

[erapert]

... but that's not the same thing as Big Brother watching every conversation.

No problem. They just store all traffic in a huge database and crack it at their leisure later-- if they even need to.

Re:Delusional

[erapert]

Doing that is easy for corporations on corporate-owned and controlled machines, but harder for governments to do at scale ...

Meanwhile, M$ is pushing W10 + spyware as hard as they can and forcing updates on all users. What a coincidence!

Re:Delusional

[heypete]

I agree.

While I appreciate the necessity for manually adding roots (e.g. for internal, corporate resources), I dislike HTTPS snooping and its ability to override baked-in protections against phishing and impersonation of major sites like Google (among many other reasons to oppose such things).

That said, it's one thing for a company to deploy such a system with a corresponding company-owned root across company-owned computers, but another thing entirely for a government to do the same thing to all (or a substantial fraction of) people within its borders. The latter is, with the exception of China and maybe North Korea, bordering on infeasible.

Re:Delusional

[plover]

Have you read how the NSA performs their intercepts? They use a server called FOXACID which is inserted into the network closer to the target than the target's actual desired server. FOXACID responds quicker than the legitimate server and performs the MITM handshake. That's how they can then decrypt the messages.

Saving the packets for later would mean they get nothing.

Re:Wrong Direction

Why are you so negative?

That's nice so are they going to work on

[NotSoHeavyD3]

censorship from the Wikipedia "mods" who've decided which pages are "theirs" and only they are allowed to update them?

Re:That's nice so are they going to work on

[aevan]

If you search for "irony" on wikipedia, you're redirected to the main page.

Re:That's nice so are they going to work on

[aevan]

You're like the world's revenge on sarcasm, do you know that?

Re:Govt can have machine make own request

[jonwil]

Except the whole point of HTTPS is that the government only knows you visited https://example.com/ and not which page on example.com you visited.

Ah cool - left and right -- what a simple world!

Ah cool - left and right -- what a simple world!

Sounds like the Donnie Dark "LOVE or FEAR" measuring stick.

The free market probably was once a "liberal" idea, back in the days of Dukes and Lords who wanted to control all commerce. Segregation is making a huge comeback, is the idea of segregation supposed to be a "left" or "right" idea ... if so why is "the left" pushing it.

So is Smokey The Bear not wanting you to litter a "left thing" ("the environment") or a "right thing" ("use a trash can, lazy ass")? Is wanting fuel efficiency a "left thing" ("air quality") or a "right thing" ("use your resources efficiently").

Left and right is so various knuckleheads can argue with each other and navel gaze and repeat arguments someone else told to them on the television.

Re:Wrong Direction

Why are you so negative?

I'm trying to provide some counter-balance to unconscious positivity.

More seriously the religious conservatives in those countries who are employing censorship to "protect public morals" (or whatever they imagine themselves doing) do not regard the successful circumvention of censorship as positive. To call an objectively negative effect on a number 'positive,' betrays the tacit liberal ideological bias of the author. Better to call a spade a spade and allow the reader to draw her own conclusions as to the desirability of the outcome.

Re:Wrong Direction

And in the math, they probably didn't. What you're reading, though, is English, where a positive change can be described as positive no matter the direction.

Re:Who is responsible for censorship?

Most censorship actually comes from leftists ...

Wrong. Most censorship actually comes from "countries like Pakistan or Iran", that is to say, from religious conservatives.

Only a temporary solution

[PAjamian]

The only reason this is working for now is because the censoring governments haven't implemented a workaround for it yet. There are various ways they can still censor Wikipedia:

They can use their own CA (don't even think that a country like China doesn't have access to be able to generate certs for any hostnames they want from a trusted CA) to generate a wikipedia.com cert and proxy wikipedia traffic through their own servers censoring it in the process.

They can proxy traffic from http to https and locally block the https traffic so the people in their country are foced to use the http version which is censored.

They can block Wikipedia alltogether by various different means.

Re:Only a temporary solution

[fulldecent]

If a trusted CA ever creates a fake certificate so that a party may perform MITM then will leave a positive artifact.

If you can ever find this artifact, then post in on Slashdot and I guarantee it will be first page and it will also result in at least one browser revoking that CA.

Re:Only a temporary solution

[PAjamian]

When China provides not only the browser, but the entire OS that the majority of people there run, don't you think they can insert their own trusted CA into the mix? How hard is it for a country to require users to access essential government services online, and oh look, they might just have their own trusted CA that you have to accept. If the certs are only presented to connections in their own country it becomes that much harder for security researchers to detect. There are so many ways to pull this off it's ridiculous, and countries that can't can still use one of the other methods I outlined.

Re:Only a temporary solution

[fph+il+quozientatore]

You mean like they didn't when Symantec did it?

Re:Only a temporary solution

[thegarbz]

When China provides not only the browser, but the entire OS that the majority of people there run,

The *majority* of the people do not run some government provided OS. There's a reason piracy rates are so incredibly high in China.

A few mandated businesses run Chinese mandated OSes. Educational institutions do too. And all of this is completely irrelevant since every idiot on the street has workarounds to blocked content anyway. The Chinese censorship can be best described as "casual".

Re:Only a temporary solution

[AmiMoJo]

The most popular operating system in China are Android and Windows. China doesn't supply a browser; the most popular one is Chrome by a long shot.

http://gs.statcounter.com/brow...

Maybe you are confusing them with North Korea?

Re:Only a temporary solution

[PAjamian]

No, removal of http means that someone can no longer connect directly to http on the Wikipedia servers (or more precisely they will be redirected to https). It does not prevent a 3rd party MITM (eg: nation states) from accepting http connections and proxying them to Wikipedia via https. It is the latter that I refer to not the former.

Re:Only a temporary solution

[PAjamian]

Perhaps I came across to harsh in my criticism. I did not mean to imply that this is a bad move by Wikipedia, it is certainly a good idea and probably something they should have done a long time ago. What I am criticising is the arrogance of claiming that they have solved the censorship issue. They have not by a long shot.

Hard to believe.

[BitterOak]

The article makes the following claim:

For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square.

This is hard to believe. The vast majority of Wikipedia pages contain several images and the file sizes for each of these images is different. When you load a page, the browser first loads the text of the page, then in separate https requests, it loads each of the images, usually in the order listed in the page's HTML. Each page then has a unique signature: the size of the text, and the sizes of each of the images in order. It would be very easy for an adversary to build up a database of these signatures, simply by analyzing their own traffic when they examine various pages. Even if the traffic is encrypted, by looking at the amount of data transferred and the timing, it seems it would be almost trivial to figure out which pages a user was visiting.

Re:Hard to believe.

[The+MAZZTer]

That is a legitimate attack, of course it can be more easily protected against then it can be exploited. Gzip compression (and tweaking the settings behind the compression per stream) of streams or padding with junk data in either direction can be used to adjust sizes of resources.

Also a slight technical correction, a client can make multiple requests per stream. But that does not affect your concern.

Re:Hard to believe.

[PAjamian]

The web client will reuse the connection to the server, and to a 3rd-party observer it will all look like one massive blob of data so that all they could really get out of it is the content length of the whole thing, which due to gzip compression (which is enabled for Wikipedia, I checked), caching of resources, etc, means it will vary considerably from one fetch of a given page to the next.

If that isn't enough, http servers and TLS ciphers themselves actively hide the length of the content they transmit with techniques such as padding and adding additional random bytes to the beginning or end of a HTTPS transmission.

All up, I'd say this vector would be pretty much impossible to exploit.

Re:Who is responsible for censorship?

[ZorinLynx]

No. Wrong!

Most censorship comes from *AUTHORITARIANS*. From both sides of the aisle. By their very nature authoritarians want to control what you can do, and that includes what you can read. Regardless of which way someone leans politically, if they are more libertarian they will be against censorship, and/or pretty much telling people how to live their lives. If they are authoritarian, they will want to meddle, and that includes censorship.

Authoritarian left, authoritarian right; they BOTH suck. No matter how you lean politically the most important thing is to remember that we shouldn't be telling people how to live their lives.

Re:Wrong Direction

[BlueStrat]

It's a statistical result being described in English, which can use the English word 'negative' to report the statistical finding objectively, instead of the value-laden (and mathematically inaccurate) 'positive'. That was my original point.

TFS/TFA are about Wikipedia's battle against censorship, the article is simply reporting the story from the POV of Wikipedia. It's not like they'd likely get much in the way of newsworthy discussion from the governments involved. No bias here. Just the story reported as it was heard, from the party making the announcement.

You should sharpen that razor. You need to slice these things a bit finer. :)

Strat

Re:Hard to believe. (That's padding's job)

[charliemerritt03]

Wikipedia could pad every (page, image, or paragraph) with random junk so that traffic quantity analysis is useless. Also they could hesitate a random time between (page, image, or paragraph). I recon they do something like this now.

Re:Who is responsible for censorship?

[Capsaicin]

Now, can you tell us the difference, if there really is any, between the two?

The most obvious difference is whether the "means of production" are held in private or state ownership.

Re:Who is responsible for censorship?

[AHuxley]

In the USA?
Countering Foreign Propaganda and Disinformation Act (2016)
https://en.wikipedia.org/wiki/...

Re:ReLWrong Direction

[BlueStrat]

"Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015" is a direct quote from the report or the researchers, as opposed to the description chosen by the author.

Uh...how about the *purpose* Wikipedia switched to HTTPS? To avoid censorship, for which a reduction is, in fact, a positive. Stop with the sophistry. It's not intellectually honest, it's simply a way to have your cake and throw it in the trash, but all in your own head.

Strat

Since the URL isn't encrypted... WHAT IS THE POINT

https://en.wikipedia.org/wiki/Special:Search?search=dumb+ass

now get rid of the notability censors

I'm fed up of looking up information and seeing it deleted as "not notable". Information wants to be free, and shouldnt be held to arbitary "notability" standards. The day a notability free version of Wikipedia gets popular I will donate again.

Real world effects

[Dunbal]

Of course countries simply respond by censoring ALL of Wikipedia.

Re:Govt can have machine make own request

[91degrees]

https encrypts the request. They know you're going to the IP address for example.com but not what the page is. Or even that you're doing a GET

If they already have some idea, they can probably confirm it to some degree of satisfaction though. They know the size of the download, and I think they know the size of the image downloads as well. they can deduce the page from that. (At least I believe this is the case - this is Slashdot so someone will tell me if I'm wrong).

Re:ReLWrong Direction

[colinwb]

Assuming you are the same AC who wrote "The number went down so that is a negative effect. No need to introduce value-laden descriptors into the math." in the first post:
"To describe an effect on a number which acts to decrease the number as "positive" (since it is referring to an ideological as distinct from a mathematical effect) is value-laden. Liberal bias detected."

Are you seriously arguing that, for example, Ron Clarke's achievement running 10,000 metres in 27m39.4s in 1965, reducing the world record from the previous 28m15.6s, was negative? And that anyone who considers it a positive achievement is showing value-laden Liberal bias? To mis-quote Douglas Adams, this is obviously some strange usage of the word "negative" that I hadn't previously been aware of. You must be on more drugs and booze than Hunter S Thompson.

Re: Who is responsible for censorship?

[oobayly]

Only purgatory?

Fork wikipedia

[aberglas]

The solution is simple. China et al can simply fork Wikipedia onto their own website. They can then push edits through for all non-controvertial pages, and do what they like with the others. Wikipedia provides a huge ability to rewrite history. He controls the present...

Re:Who is responsible for censorship?

[Wootery]

Modulo inverted totalitarianism muddying the waters?

Re: Who is responsible for censorship?

[Maritz]

Something, something, something... Leftists.

Do you bore yourself? You bore the fuck out of me.

Re:Who is responsible for censorship?

[Maritz]

Most censorship actually comes from leftists ...

Wrong. Most censorship actually comes from "countries like Pakistan or Iran", that is to say, from religious conservatives.

His assertion that most censorship comes from 'leftists' had me about 90% sure it was a troll. Genuinely idiotic opinion.

Re:Who is responsible for censorship?

[moeinvt]

When corporations can force people to hand over their wealth under threat of incarceration and/or violence, I'll take your perspective seriously. As much as you might hate Comcast, Monsanto or Koch Industries, they don't send men with guns to your house to kidnap you and throw you in a cage should you refuse to follow their orders.

You also neglect the fact that corporations exist in their current form only because they manipulate government and thus enjoy numerous government-backed special privileges. Eliminate all of the government bailouts, handouts, subsidies, barriers to competition, etc. and corporate power will begin to wane.

What about wikipedia's own censorship?

[walterbyrd]

And distortion of facts?

Re:Govt can have machine make own request

[plover]

Except the whole point of HTTPS is that the government only knows you visited https://example.com/ and not which page on example.com you visited.

Technically the monitor can't see the whole URL. Monitoring only lets you see that they resolved the name example.com, and that they then visited port 443 on that site. The network traffic is encrypted and you can't be sure if they visited index.html or not.

I realize this is probably what you meant, and is just splitting hairs, but it pays to be accurate.

Re:Who is responsible for censorship?

[fustakrakich]

Corporate and state are a distinction without a difference.

blabbermouth

[roc97007]

> For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square.

Well, until now. Gee thanks, guys.

Chinese censors *religious*?!?! Are you stoned?

[raymorris]

> religious conservatives who are employing censorship to "protect public morals" (or whatever they imagine themselves doing)

Are you by chance stoned out of your mind right now? The great firewall of China is there to block international religious text ideas and other ideas which are at odds with the dictum of the ATHEIST Communist party of China. Exactly the opposite of what you seem to think.

Preaching in China can get you a jail sentence, though in recent decades they've started allowing Buddhist and Taoist centers under government control.

Re:HTTPS does not hide a URL

[gravewax]

please go and learn how SSL works before posting garbage. The URL is NOT visible, only the host name and IP address is. The url is sent as a GET after the HTTPS tunnel is established and hence is encrypted so unless they are either spying on your desktop or man in the middling your connection they cannot see what you are accessing, only that you are visiting wikipedia

Re:Who is responsible for censorship?

[Capsaicin]

The authoritarian leftist state (controlled by a small elite, certianly not "the people") owns the means of production.

Which is, of course, the reason I chose to describe it as "state" ownership, rather than public ownership.

Re:Who is responsible for censorship?

[fustakrakich]

When corporations can force people to hand over their wealth under threat of incarceration and/or violence, I'll take your perspective seriously.

You mean, like this?

Not that this bromide really deserves a reply ...

[Capsaicin]

Corporate and state are a distinction without a difference.

Given it was legislated into existence, the corporate form is itself an expression of state power. Creator and creature is fairly obviously not a "distinction without a difference." Just for a start ...

So tell me what do you make of a piece of legislation which explicitly applies to corporations but does not bind the Crown?

Re:Who is responsible for censorship?

[Capsaicin]

Sorry cut myself off ...

In an "authoritarian right" state, a small elite owns the means of production. This small elite is also the political elite - or they control politicians through massive campaign donations nobody else can come close to matching.

No, this is not generally true. It may the case that there exists some authoritarian right-wing state or states where the industrial elite and the political elite are the same persons. But that is hardly true for authoritarian right-wing states generally, nor especially for the most iconic examples thereof. Hitler did not own BMW or Krupps, and yet he was explicit that of all the institutions in German society these large industries alone were to be immune from Gleichschaltung. Exactly the same separation of political and industrial elites applied too in Fascist Italy. It was for this reason that C20th Marxists viewed facism(s) as an "extra-ordinary form of the bourgeios State." That is right-wing authoritarianism was seen as an extreme form of capitalism.

And speaking of right-wing authoritarian capitalism we can see that in contemporary Singapore foreign corporations are more than welcome. Which transnational corporations, while local elites may have investment interests, they very clearly do not control.

In either case, a small elite controls government and most of the 'means of production'.

This contention fails to stand up to an examination of real world examples of all, and probably not even most, right-wing authoritarian states. It sounds like something someone dreamt up in their head with little historical or contemporary real world knowledge.

Re:Who is responsible for censorship?

[Capsaicin]

Modulo inverted totalitarianism muddying the waters?

Like the 'totalitarianism' trope itself, though perhaps not with the same level of intent, it certainly serves to muddy the waters. By which I mean it serves to obfuscate the real radical differences between left and right-wing authoritarian states (at least at their inception).* US political theorists have busied themselves with this task since at least 1945.

[* that is the case of China, at the very least, serves to illustrate the possibility of nominally leftists dictatorships migrating towards the right economically.]

Re:Who is responsible for censorship?

[Capsaicin]

... which I hasten to add does not mean that I feel that Wolin's ideas as described on that page (I haven't read him) are without merit (nor even apparently that distinct from observations I have made about "free-market totalitarianism"* in the past). For present purposes, that is distinguishing left from right authoritarianism, however, conflating even Stalinism with fascism provides no clarity.

[*By which I meant that following the stunning global victory of neo-liberal ideology in the late 1980s, the market merged the sole justification for almost any human activity. Economics, in other words, became not merely a "totalising discourse," to borrow Foucault's term, but the totalising discourse. Rendering it almost inconceivable for generations born thereafter that people may have ever been motivated by anything other than profit, and thus providing self-reinforcement for neo-liberalism, grounded as it is upon the abstraction of the utility maximising individual. But I digress, in a footnote no less ...]

'ere

[raymorris]

'ere

[Coughing]

I have to.

[poofmeisterp]

So the government(s) "no rikey" encryption hiding user use from them? Windows 10 will take care of that for them. Er... has already taken care of that for them.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

The government is bound and dominated by corporate funding ('donations', media promotion, etc.), which will go elsewhere if the state does not play ball. Revolution is a big expense, but not out of reach. The wars in the middle east (and Central/South America) are about business, not any silly ideology, which is just a low wage motivator. Also note where most top level government appointees come from. They are juiced in. It should be pretty obvious who rules overs whom. Granted, the cause is voter disinterest and antipathy, but that doesn't matter. Most everybody is wagging the dog. The government acts as security and hired gun for its financiers. It is truly a servant to specific interests.

use Tor

[peawormsworth]

For people that live in China, please use TOR.

Take your security into your own hands. Don't depend on external sites to protect you. SSL has been compromised in the past, browser exploits do occur and your computer will keep logs of what you visit.

It's much better to use TOR and setup to tunnel through a bridge to get the information you want. Your country will not be able to monitor your information gathering, your browser will erase all logs on exit and wikipedia will not have an IP log of your visit. You will not be depending on the security of the end site (like wikipedia) to protect you.

Once you learn how to do it, go out and teach your friends and family how to live free. All the information you need is here: https://www.torproject.org/

Best luck to you, young minds of China. We love ya.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

The government is bound and dominated by [state] funding ... which will go elsewhere if the state does not play ball.

Given we are examining your assertion that "[c]orporate and state are [sic] a distinction without a difference" I've taken the liberty of substituting 'state' where you wrote 'corporate'. The sentence, I think you must agree, no longer makes much sense. I put it to you that you cannot coherently write what you just wrote without differentiating between 'corporate' and 'state.'

Re:Not that this bromide really deserves a reply .

[fustakrakich]

They are simply one in the same and inseparable. It really makes no difference which department is in charge. Protection of their wealth from the ravaging hoards is the singular goal.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

They are simply one in the same and inseparable.

Yet the very fact that you could write "[t]he government is bound and dominated by corporate funding," or even think/i> it, betrays that even you do not truly believe this quip. That's before we even come to look at concrete historical questions, such as to which particular corporations Stalin, for example, was beholden for "donations, media promotions etc."

It's a rhetorical flourish, not serious analysis. And while your point might hold some glimmer of truth when considering the undue influence trans-national corporations have on liberal-democratic polities, it's entirely beside the point when considering the distinction between left- and right-wing authoritarian dictatorships, which turns most obviously on the relationship of the state to private capital. Given that was the question being addressed your original interjection was simply impertinent (arguable in both senses of the word).

Re:Not that this bromide really deserves a reply .

[fustakrakich]

I'm sorry, what? You expect me to believe that Stalin had the wealth and power to act on his own?

Re:Not that this bromide really deserves a reply .

[Capsaicin]

I'll take that a concession as to the point under dispute.

Cheers.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

Take it as you wish. You still can't differentiate the state from the corporation.

Re:Not that this bromide really deserves a reply .

[Capsaicin]

You still can't differentiate the state from the corporation.

My ability to distinguish them was never in question. What you have demonstrated is that you suffer no particular lack of discernment on that score either.

You've now had 5 more replies than your orignal jive deserved ... enough of your sillyness already.

Re:Not that this bromide really deserves a reply .

[fustakrakich]

You still haven't shown any difference between 'left' and 'right'.

My ability to distinguish them was never in question.

Exactly, but it is based on a totally imaginary premise. The reality is that there is no difference. Authoritarianism is totally and utterly non partisan in whatever fashion you can dream up.