Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wikipedia's Switch To HTTPS Has Successfully Fought Government Censorship (vice.com)

Posted by msmash on from the problem-solved dept.

Determining how to prevent acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption. From a report: HTTPS prevents governments and others from seeing the specific page users are visiting. For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square. Up until 2015, Wikipedia offered its service using both HTTP and HTTPS, which meant that when countries like Pakistan or Iran blocked the certain articles on the HTTP version of Wikipedia, the full version would still be available using HTTPS. But in June 2015, Wikipedia decided to axe HTTP access and only offer access to its site with HTTPS. [...] The Harvard researchers began by deploying an algorithm which detected unusual changes in Wikipedia's global server traffic for a year beginning in May 2015. This data was then combined with a historical analysis of the daily request histories for some 1.7 million articles in 286 different languages from 2011 to 2016 in order to determine possible censorship events. [...] After a painstakingly long process of manual analysis of potential censorship events, the researchers found that, globally, Wikipedia's switch to HTTPS had a positive effect on the number censorship events by comparing server traffic from before and after the switch in June of 2015.

7 of 170 comments (clear)

  1. Delusional by gravewax · · Score: 5, Interesting

    It is completely delusional to think this effectively prevents government censorship as if they can't selectively block content they simply take the sledgehammer approach and ban the site altogether.

    1. Re: Delusional by Anonymous Coward · · Score: 5, Informative

      It's a little worse than that. Because the url's are different, the Chinese government has blocked the zh.wikipedia.org but not the en.wikipedia.org, presumably because most Chinese people can not read English too a high enough level. They should move the language into the end part of the URL i.e. wikipedia.org/en/some-article

    2. Re: Delusional by Anonymous Coward · · Score: 5, Insightful

      It's a lot worse than that. Governments as powerful as the U.S. and China have a dozen different ways to snoop on what citizens are ingesting. Remember that snowden slide about "we unencrypt and reencrypt ssl here" bit? Now yes, ssl is like, the first obvious step towards doing things the right way. But Snowden revealed to us that several not so completely trustworthy governments are a dozen steps ahead of that and have been for many years. Time has since revealed that the situation isn't getting better. Now if in 2014 Amazon had gone https only, I might have the faintest hope that we have a realistic chance of seeing a decent path in our lifetimes. But here it is in 2017, and the Amazon quasi-monopoly (AWS holy shit) is cementing the expectation of lack of privacy of much of our purchasing logs. Remember that biblical bit about the number of the beast, it had more than a passing reference to commerce tracking the likes of which we've been living with for many years now.

      For a few moments we had hope that someone like Snowden could legitimately turn things around. Now I'm quite convinced it's going to take another Holocaust. No joke. And even then it's not going to get better, it will just regress to something much different with new possible directions for the long term, and perhaps hope that people then will have better learned the lessons of history.

      Wikipedia is definitely part of the problem as well as Amazon. There is no good reason why they need to have a centralized infrastructure that NO DOUBT is being tracked WHOLESALE by at least the U.S., Russia, and China. Censorship of the sort this summary talks about is a red herring. China after getting the U.S. to help whitewash the Tiananmen Square Massacre in '89 has so much power over their citizens that they can go ahead and let people have unfettered access to information. People learn that it's smarter not to go choosing to ingest the 'wrong' type of information. The government is quite effective at educating the people over their lifetimes as to what the 'wrong' types of information are.

      It's so much worse than you think.

  2. That's nice so are they going to work on by NotSoHeavyD3 · · Score: 5, Insightful

    censorship from the Wikipedia "mods" who've decided which pages are "theirs" and only they are allowed to update them?

    --
    Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
  3. Hard to believe. by BitterOak · · Score: 5, Insightful
    The article makes the following claim:

    For example, a government could tell that a user is browsing Wikipedia, but couldn't tell that the user is specifically reading the page about Tiananmen Square.

    This is hard to believe. The vast majority of Wikipedia pages contain several images and the file sizes for each of these images is different. When you load a page, the browser first loads the text of the page, then in separate https requests, it loads each of the images, usually in the order listed in the page's HTML. Each page then has a unique signature: the size of the text, and the sizes of each of the images in order. It would be very easy for an adversary to build up a database of these signatures, simply by analyzing their own traffic when they examine various pages. Even if the traffic is encrypted, by looking at the amount of data transferred and the timing, it seems it would be almost trivial to figure out which pages a user was visiting.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Hard to believe. by PAjamian · · Score: 5, Informative

      The web client will reuse the connection to the server, and to a 3rd-party observer it will all look like one massive blob of data so that all they could really get out of it is the content length of the whole thing, which due to gzip compression (which is enabled for Wikipedia, I checked), caching of resources, etc, means it will vary considerably from one fetch of a given page to the next.

      If that isn't enough, http servers and TLS ciphers themselves actively hide the length of the content they transmit with techniques such as padding and adding additional random bytes to the beginning or end of a HTTPS transmission.

      All up, I'd say this vector would be pretty much impossible to exploit.

      --
      Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
  4. Re:Who is responsible for censorship? by ZorinLynx · · Score: 5, Insightful

    No. Wrong!

    Most censorship comes from *AUTHORITARIANS*. From both sides of the aisle. By their very nature authoritarians want to control what you can do, and that includes what you can read. Regardless of which way someone leans politically, if they are more libertarian they will be against censorship, and/or pretty much telling people how to live their lives. If they are authoritarian, they will want to meddle, and that includes censorship.

    Authoritarian left, authoritarian right; they BOTH suck. No matter how you lean politically the most important thing is to remember that we shouldn't be telling people how to live their lives.