Tuesday, August 21, 2012

a #threat assessment for #Wikipedia

The people who take care of mail send to Wikipedia are often informed that Wikipedia is not secure; "everybody can edit Wikipedia". This is actually intentional because Wikipedia is the encyclopaedia that everybody can edit. The real risk is when people do not recognise they are invited to edit. This is a genuine issue and it is something that receives a lot of attention.

When you consider security for Wikipedia, the people most at risk are its editors. There are several threats they are exposed to. Several of these are issues computer security can deal with.
  • threat to the anonymity of a registered user
  • threat to user credentials
When the potential threats are evaluated, it is important to realise that the severity of these threats is not obvious. It matters considerably where you reside, what your ethnicity is or what your belief system is. It is important to minimise any threats because once people no longer feel free to contribute it will damage the "neutral point of view" that gives Wikipedia much of its relevance.

With the implementation of SSH it has become considerably more difficult to learn what a person is doing when working on Wikipedia. This has been a real improvement. However, user credentials and particularly passwords are considered not really secure. Read for instance what Wired had to say about them. It is explained that improvements can only be expected when changing the infrastructure of online security. This will probably do a whole lot more good than lecturing people about how they should change their behaviour.

The question is if the WMF is open for such considerations. So far the talk is about "Nascar" ?!?! to me this sounds remarkably like bikeshedding and is very much beside the point.


Ryan Lane said...

You mean HTTPS and not SSH, right?

Ryan Lane said...

The nascar problem isn't bikeshedding. It's one (of many) of the major reasons that OpenID isn't widely adopted.

I love the concept of OpenID, and I really, really wish it was usable, but unfortunately it isn't in the originally intended way.

You may not realize this, but I've been one of the main proponents of enabling OpenID on the sites for years now. It's disheartening to list the issues stopping implementation and have them brushed off as "bikeshedding".

If you're actually passionate about making this happen, then put your effort into solving the problems, rather than complaining that someone else isn't.

Bawolff said...

Note even with HTTPS (which is very very different thing from ssh) there's still lots of scary traffic analysis one can do.

Passwords may have issues, but I'm doubtful openid will fix those issues.