Filtered By: Scitech
SciTech

Wikimedia to enable HTTPS by default after being targeted by spy software


Following recent claims that the US National Security Agency's XKeyScore program is targeting it, the Wikimedia Foundation—the group that runs online collaborative projects like Wikipedia—is speeding up moves to use HTTPS (secure HTTP) by default.

Wikimedia Foundation operations engineer Ryan Lane said using HTTPS by default for Wikimedia projects had already been on the unofficial roadmap, but may start to be used August 21.

"Our current architecture cannot handle HTTPS by default, but we’ve been incrementally making changes to make it possible. Since we appear to be specifically targeted by XKeyscore, we’ll be speeding up these efforts," Lane said in a blog post.

"Until HTTPS is enabled by default, we urge privacy-conscious users to use HTTPS Everywhere or Tor," he added.

He was referring to the NSA's XKeyscore, which can potentially give a data analyst access to "nearly everything a user does on the Internet," according to TechCrunch.

TechCrunch said the data the program can capture includes that from from chat sessions, email and even browsing habits.

Lane said the Wikimedia Foundation's internal roadmap involves redirecting to HTTPS for login, and keeping logged-in users on HTTPS.

"This change is scheduled to be deployed on August 21, at 16:00 UTC (midnight August 21, Manila time)," he said.

Also, Lane said they are planning to expand the HTTPS infrastructure and "put in engineering effort to more properly distribute our SSL load across the frontend caches."

The foundation will then tweak its links to search engines will return HTTPS results, rather than HTTP results.

Lane also urged Wikimedia members to consider enabling perfect forward secrecy.

Hard-enabling HTTPS

On the other hand, the foundation is still studying doing a hard-enable of HTTPS, or force-redirecting users from HTTP pages to the HTTPS versions of those pages.

Lane said some countries including CHina completely block HTTPS to Wikimedia projects, "so doing a hard-enable of HTTPS would probably block large numbers of users from accessing our projects at all."

"Because of this, we feel this action would probably do more harm than good, but we’ll continue to evaluate our options here," he said. — VC, GMA News

Tags: wikimedia
LOADING CONTENT