Wikipedia switches on HTTPS to stop snooping
Wikimedia aims to thwart spooks and censors with Wikipedia encryption
The Wikimedia Foundation says it will makes encrypted connections the default across all of its sites in a bid to prevent government snooping on users’ activity on sites such as Wikipedia. The online encyclopaedia will use HTTPS by default within “a couple of weeks”, making it harder to both monitor Wikipedia usage and for ISPs to block access to individual pages.
The Foundation – the non-profit organisation that operates Wikipedia – says it’s been working towards implementing HTTPS since 2011. Recent revelations about widespread government snooping appear to have hastened the transition. “Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push for more broad protection through HTTPS,” reads a blog written by two of the Foundation’s counsels and its operations engineer. “We agreed, and made this transition a priority for our policy and engineering teams.”
“In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world,” the blog adds. “Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens.”
The switch will make it much more difficult – if not impossible – for third parties to tell which pages you’re accessing on the Wikipedia site. It will also make it far more challenging for ISPs or governments to filter out specific pages, preventing the Chinese government from specifically barring citizens from reading entries about Tiananmen Square, for example.
The site will also implement the HTTP Strict Transport Security (HSTS) protocol to make it harder to intercept traffic with so-called man-in-the-middle attacks.
The Foundation says it has had to upgrade both its code base and server infrastructure to accommodate the changes, and admits that performance may suffer for some users. “HTTPS may have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure,” the blog reads. “We’ve been carefully calibrating our HTTPS configuration to minimise negative impacts related to latency, page load times, and user experience.”
HTTPS has become the default for major websites. Google removed the option to switch off HTTPS in Gmail last year, having first switched it on by default in 2010. Search was switched over a year later. Twitter and Facebook also both offer HTTPS connections by default.