When you consider security for Wikipedia, the people most at risk are its editors. There are several threats they are exposed to. Several of these are issues computer security can deal with.
- threat to the anonymity of a registered user
- threat to user credentials
When the potential threats are evaluated, it is important to realise that the severity of these threats is not obvious. It matters considerably where you reside, what your ethnicity is or what your belief system is. It is important to minimise any threats because once people no longer feel free to contribute it will damage the "neutral point of view" that gives Wikipedia much of its relevance.
With the implementation of SSH it has become considerably more difficult to learn what a person is doing when working on Wikipedia. This has been a real improvement. However, user credentials and particularly passwords are considered not really secure. Read for instance what Wired had to say about them. It is explained that improvements can only be expected when changing the infrastructure of online security. This will probably do a whole lot more good than lecturing people about how they should change their behaviour.
The question is if the WMF is open for such considerations. So far the talk is about "Nascar" ?!?! to me this sounds remarkably like bikeshedding and is very much beside the point.
The question is if the WMF is open for such considerations. So far the talk is about "Nascar" ?!?! to me this sounds remarkably like bikeshedding and is very much beside the point.
Thanks,
GerardM
3 comments:
You mean HTTPS and not SSH, right?
The nascar problem isn't bikeshedding. It's one (of many) of the major reasons that OpenID isn't widely adopted.
I love the concept of OpenID, and I really, really wish it was usable, but unfortunately it isn't in the originally intended way.
You may not realize this, but I've been one of the main proponents of enabling OpenID on the sites for years now. It's disheartening to list the issues stopping implementation and have them brushed off as "bikeshedding".
If you're actually passionate about making this happen, then put your effort into solving the problems, rather than complaining that someone else isn't.
Note even with HTTPS (which is very very different thing from ssh) there's still lots of scary traffic analysis one can do.
Passwords may have issues, but I'm doubtful openid will fix those issues.
Post a Comment