Tuesday, August 21, 2012

a #threat assessment for #Wikipedia

The people who take care of mail send to Wikipedia are often informed that Wikipedia is not secure; "everybody can edit Wikipedia". This is actually intentional because Wikipedia is the encyclopaedia that everybody can edit. The real risk is when people do not recognise they are invited to edit. This is a genuine issue and it is something that receives a lot of attention.

When you consider security for Wikipedia, the people most at risk are its editors. There are several threats they are exposed to. Several of these are issues computer security can deal with.
  • threat to the anonymity of a registered user
  • threat to user credentials
When the potential threats are evaluated, it is important to realise that the severity of these threats is not obvious. It matters considerably where you reside, what your ethnicity is or what your belief system is. It is important to minimise any threats because once people no longer feel free to contribute it will damage the "neutral point of view" that gives Wikipedia much of its relevance.

With the implementation of SSH it has become considerably more difficult to learn what a person is doing when working on Wikipedia. This has been a real improvement. However, user credentials and particularly passwords are considered not really secure. Read for instance what Wired had to say about them. It is explained that improvements can only be expected when changing the infrastructure of online security. This will probably do a whole lot more good than lecturing people about how they should change their behaviour.

The question is if the WMF is open for such considerations. So far the talk is about "Nascar" ?!?! to me this sounds remarkably like bikeshedding and is very much beside the point.
Post a Comment