Wikipedia talk:Wikipedia Signpost/2010-11-01/Technology report

← Back to Technology report

Discuss this story

Latest comment: 13 years ago12 comments10 people in discussion

Secure browsing: it is possible to use a combination of server side scripting and JavaScript to create signed URLs: using encryption on the content of WP pages and the edits thereto,which are public knowledge, would be a waste of resource indeed. Rich Farmbrough, 09:51, 2 November 2010 (UTC).Reply

It's already planned that 'Wikipedia' will be added to FireSheep. Your Wikipedia account can be taken over completely. My advice is don't use public Wifi without WPA encryption enabled. Regards, SunCreator ^(talk) 12:45, 2 November 2010 (UTC)Reply

Signed urls ? Isn't that for content only ? Wouldn't protect you from cookie hijacking, which is the problem with firesheep, right ? —TheDJ (talk • contribs) 23:43, 2 November 2010 (UTC)Reply

Firesheep is a session-stealing attack utilizing packet sniffing on a shared medium. Signing URLs does exactly nothing to prevent this. --Carnildo (talk) 01:47, 3 November 2010 (UTC)Reply

An OpenSearch search bar plugin has been added: Wikipedia (SSL) search, which can replace the default Wikipedia search-bar in browsers like Firefox. You can review the source code for the plugin as well. Nimur (talk) 02:00, 3 November 2010 (UTC)Reply

The Electronic Frontier Foundation's HTTPS Everywhere add-on makes Firefox use the secure server for every page viewed on Wikipedia (and various other sites). Regards, HaeB (talk) 10:58, 4 November 2010 (UTC)Reply

Keep in mind that the number of active editors is much, much smaller than the number of anonymous readers. I don't know whether the secure server would support us editing securely all at once, since WMF has not yet dedicated any special resources to scaling SSL, but you should always use it when editing from a network that you don't control such as an open wifi network, particularly if you have a privileged account. A hybrid solution that encrypts session data and not page content might be useful, but I know of no way to implement it and it still presents privacy risks (which articles you read says something about you). Dcoetzee 18:49, 3 November 2010 (UTC)Reply

Note, that well the secure site does protect your session, it doesn't really (overly) protect your privacy. Images are still loaded from the non-secure site. If you notice person A downloads 10 images in about 5 seconds, and there is only one page on wikipedia that uses precisely these ten images, it is a pretty sure bet that person A is looking at that page. (Of course, if someone is watching you that closely, you probably have bigger problems...). Bawolff (talk) 05:33, 4 November 2010 (UTC)Reply

Interesting, I didn't know that. I hope WMF will consider also protecting inline images by SSL, eventually - although I realise the cost of doing so would be somewhat greater than pages alone. This would be particularly important for people who are interested in learning more about topics related to sex and pornography and may not want this to be known. Dcoetzee 05:36, 4 November 2010 (UTC)Reply

Well there is a long standing bug - bugzilla:16822. But If you're really that concerned about your privacy, you can always use something like TOR. (which has the added bonus that even if the foundation was evil, they still wouldn't know who you are ;) Bawolff (talk) 00:24, 5 November 2010 (UTC)Reply

But we block TOR, remember? :P - Jarry1250 ^{[Who? Discuss.]} 17:46, 5 November 2010 (UTC)Reply

No comments on the Wikimedia / Gmail story? Doesn't that concern some poeple? 128.59.179.238 (talk) 18:37, 18 November 2010 (UTC)Reply