
After NSA's XKeyscore, Wikipedia Switches to HTTPS - alecco
http://www.fastcompany.com/3015199/the-code-war/after-nsas-xkeyscore-wikipedia-switches-to-secure-https
======
MisterWebz
[https://www.eff.org/https-everywhere](https://www.eff.org/https-everywhere)

Switches to https automatically when visiting Wikipedia, even if you're not
logged in.

------
sehrope
They should switch to a better cipher suite to enable PFS[1] (ex: ECDHE-RSA-
AES128-GCM-SHA256). Right now they're using RC4-SHA:

    
    
        $ echo | openssl s_client -debug  -connect en.wikipedia.org:443 | grep "Cipher is"  -A 4
        depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
        verify error:num=20:unable to get local issuer certificate
        verify return:0
        DONE
        New, TLSv1/SSLv3, Cipher is RC4-SHA
        Server public key is 2048 bit
        Secure Renegotiation IS supported
        Compression: NONE
        Expansion: NONE
    

[1]:
[http://en.wikipedia.org/wiki/Perfect_forward_secrecy](http://en.wikipedia.org/wiki/Perfect_forward_secrecy)

~~~
codex
There are easier ways to reconstruct your HTTPS Wikipedia browsing habits than
to crack HTTPS.

Because Wikipedia's content is public, the NSA can crawl the site repeatedly
with all common user agents, generating the number of HTTPS bytes needed to
download any given Wikipedia page. Then, simply by looking at the patterns of
bits sent over the wire, they can trivially reconstruct the likely pages a
user was viewing.

Wikipedia has not discussed any plans to mitigate traffic analysis; until they
do so this whole exercise is futile, and I doubt Wikipedia will be able to
obfuscate their site sufficiently to evade sophisticated traffic analysis.

~~~
moocowduckquack
Presumably you could make it a single page site where the page and server act
like number stations so that the page always uses a fixed bandwidth on a tick,
some of which is data.

~~~
siddboots
Or you could just insert a random payload into the served content. I imagine
that you would only need to add a small amount of variation to completely
thwart the type of analysis that codex described.

------
jasonkolb
Things like this are going to force a confrontation at some point. Either the
existing programs for monitoring people are going to become progressively more
useless as people switch to HTTPS for example, or the government will insist
very forcefully to get access--getting private keys from certificate
authorities, for example.

~~~
gsnedders
And more worrying than even that, with the top four browser vendors all US-
based, would pressure be put on them to not remove the root certificates?
That, IMO, is more worrying than government interference in CAs: the system is
designed to work around government interference in CAs (by removing the CA
root as trusted), but isn't so capable at dealing with government interference
of trusted roots.

~~~
Zikes
Due to Firefox and Chromium both being open source, this won't be an issue. If
the browser companies remove the ability to remove root certs, we can just
fork and add it back.

~~~
ihsw
This isn't a technological issue, it's a political issue. It requires a
political solution, since laws can be enacted to make what you're proposing
illegal.

The hacker mantra is indeed "There is a key to every lock" but what happens
when 1) you unlock a door, 2) they know you unlocked that door, and 3) it's
illegal to unlock that door?

Answer: Then they put you in prison.

~~~
Zikes
I'd love to see that headline: Hacker Jailed for Not Updating Web Browser

~~~
soganess
It would read like this:

A hacker charged with changing YOUR Internet Browser, potentially making the
entire country less secure in the face of terrorists, has been found guilty of
crimes against the state.

~~~
gavinlynch
Exactly. Let's not pretend they aren't experts at framing false narratives.

Actually, that's pretty much the #1 prerequisite for the job of a being a
politician...

------
cma
Seems like the NSA could still easily fingerprint some users:

1) Find the first edit made by a user

2) Search for IP sockets with a spike in outbound traffic to Wikipedia at
around the same time (editing a large section submits a large POST).

3) Follow the users' further edits, and do the same as above to keep narrowing
the candidate IPs down.

~~~
ISL
I don't think they're so worried about edits. Wikipedia is a go-to source for
quick lookups of information.

I work in a nuclear physics lab; if the NSA is watching, I'm sure that some of
my searches have triggered flags. Doesn't help that the physics community is
small, and everyone is only a few degrees of separation apart.

------
greenyoda
I noticed that if DuckDuckGo returns a link to a Wikipedia article, it always
seems to be an https URL. With Google, Wikipedia links seems to vary between
http and https.

~~~
chebucto
DDG defaults to HTTPS links wherever possible; its like having HTTPS-
everywhere in your search engine.

~~~
teeja
Not yet for en.m.wikipedia.org.

~~~
Skalman
I sent them a proposal to change that. :-)

------
chakalakasp
Is TLS really secure from the NSA?

~~~
hannibal5
Against mass surveillance, yes.

But if you become person of interest, there is strong possibility that they
can do man-in-the-middle attack very easily (with certificates that don't give
any alarms). They probably have stuff in major network hubs that can divert
traffic trough their servers.

Remember how easily Nokia, Opera and Amazon are able to do MITM attack against
phone users by running it trough SSL proxy (I think Nokia has stopped doing
this). [https://www.schneier.com/blog/archives/2013/01/man-in-the-
mi...](https://www.schneier.com/blog/archives/2013/01/man-in-the-midd_6.html)

~~~
nandhp
But that's when using the Nokia, Opera, or Amazon browser. If you're worried
about Nokia, Opera, and Amazon facilitating MITM attacks, they could also just
program the browser with a secret NSA certificate authority.

~~~
hannibal5
>they could also just program the browser with a secret NSA certificate
authority.

I strongly suspect that NSA don't have to do that kind of stuff that can be
easily noticed. They just ask nicely from Symantec/Verisign to give them valid
certificate. Or they already have common root certificates.

------
jahabrewer
I'm not a security guy, but it seems to me that it would also be useful to
mask the URL. It's my understanding that a snooper could still see that you
accessed
[https://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1...](https://en.wikipedia.org/wiki/Tiananmen_Square_protests_of_1989)
, but not the content of the page.

Maybe offer a search on the site that returns links that are generated just
for you, so instead of going to the above url, you'd access something like
[https://en.wikipedia.org/wiki/onetime/45sdf3sd8re2dfa7w7eras...](https://en.wikipedia.org/wiki/onetime/45sdf3sd8re2dfa7w7erasdf)
(and throw away the key after the access).

~~~
burke
At a really rough approximation, this is how an SSL pageview works:

1\. DNS query in plaintext for en.wikipedia.org.

2\. Open a connection to the resultant IP (the fact that you connect to this
IP is trace-able).

3\. Do an SSL handshake.

4\. HTTP protocol stuff, including transmission of PATH_INFO, happens on the
encrypted channel.

5\. Server responds on encrypted channel.

~~~
gsnedders
Also worthwhile pointing out that if you have a local DNS cache (you almost
certainly do), and if there are several hosts sharing a IP, given a cache hit,
the adversary will only know the connection is to one of a set of hostnames
(those you have previously requested and for whom the cache is still valid) or
the IP itself.

~~~
teddyh
Not with a modern browser with SNI. This transmits the host name in the
initial unencrypted portion of the SSL connection.

------
jingo
I've been using HTTPS Wikipedia for years. It's great to see them make it the
default.

But considering what Wikipedia is, users wanting increased privacy could just
download a copy of the encyclopedia and do their searches offline. Wikimedia
makes data dumps of their user-generated content (UGC) available to the
public. (Don't you wish all mega-websites relying on UGC did that?)

There was a time before the internet when we used volumes of paper bound
encyclopedias. These were not written by laypeople and they were not free. Few
people owned their own set of volumes of Brittanica's encyclopedia. They used
someone else's copy, e.g., a library's.

But imagine if Brittanica offered _free_ copies of their encyclopedia that
could somehow fit in your pocket (as is possible now through digitization and
Wikipedia).

Would you continue to use a copy belonging to someone else everytime you had
to look something up? Why wouldn't you obtain a copy for yourself?

What if... Wikipedia's data dumps were small enough. Wikipedia content was,
overall, static enough. Storage was cheap enough. Download speeds were fast
enough. And you could get your very own copy of the encyclopedia.

Compared to the speed, reliability and privacy of offline reading, grabbing
specific articles piecemeal via HTTPS simply cannot compare.

See OpenMoko's WikiReader as an example implementation. It's on Github.

~~~
generj
The only possible disadvantage is information about rapidly changing world
events (for which Wikipedia isn't the best resource, but still). English
Wikipedia dumps are only run on a monthly basis.

Images are much more resource intensive, but if text only is sufficient then
the average user can download the compressed Wikipedia dumps in less than 2
days.

Please use torrents to reduce the load on Wikimedia's servers and to increase
download speed:
[https://meta.wikimedia.org/wiki/Data_dump_torrents#enwiki](https://meta.wikimedia.org/wiki/Data_dump_torrents#enwiki)

I keep a backup on an external hard-drive, in case of apocalypse or censorship
(same thing). Nobody can take away my list of Scrubs episodes.

------
adolph
How helpful would this actually be? If some semi-omnipotent entity were to
observe the https traffic, could deductions be made about the series of web
pages visited/information sought by comparing the sizes of traffic to the
known sizes of wikipedia pages?

~~~
planetsherbet
Could Wikipedia serve pages with a random number of dummy bytes inserted (like
within a comment) to prevent this?

------
EGreg
Well, considering that the vast majority of its users have already signed up,
and that information is already stored, their accounts can already be
researched. Same goes for most sites which implement a "new" security scheme.

~~~
jlgreco
> _Well, considering that the vast majority of its users have already signed
> up_

Do you have any data for that? I _highly_ doubt it.

~~~
EGreg
Let's see, the data is that all the users that have signed up before they
changed their security, have signed up before they changed their security.
Since they changed it very recently, but have been around for years, I think
it's a safe bet that my statement is correct.

~~~
na85
I highly doubt the number of users with accounts constitutes a majority of
wikipedia users

~~~
EGreg
Fine, what I really meant to say was "accounts", not "users". In my framework,
I only consider "users" those who signed up, so I usually refer to accounts as
"users", but technically this may be incorrect.

~~~
rhizome
I wouldn't be surprised if 99% of the people who have ever used WP never
created an account.

~~~
foobarbazqux
There are 20 million accounts, 125 thousand active accounts [1]. The number of
people who refer to Wikipedia is probably over a billion, since it's often the
first hit in Google (speculation). Roughly 25% of edits are anonymous (no
account), and anonymous edits are significantly longer than non-anonymous ones
[2].

[1]
[https://en.wikipedia.org/wiki/Wikipedia:Statistics](https://en.wikipedia.org/wiki/Wikipedia:Statistics)

[2]
[https://meta.wikimedia.org/wiki/Research:Anonymous_edits](https://meta.wikimedia.org/wiki/Research:Anonymous_edits)

------
wlj
Link to actual announcement: [https://blog.wikimedia.org/2013/08/01/future-
https-wikimedia...](https://blog.wikimedia.org/2013/08/01/future-https-
wikimedia-projects/)

------
teeja
Just in time for the BREACH exploit.
[http://arstechnica.com/security/2013/08/gone-
in-30-seconds-n...](http://arstechnica.com/security/2013/08/gone-
in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/)

Time to get the TLS hangups sorted and upgrade to 1.2 ?!

------
Hello71
> secure HTTPS

 _sigh_

~~~
eksith
How many times have you used the "ATM machine"? ;)

~~~
bionsuba
Hey guys, I can't remember my PIN number.

~~~
clicks
[https://en.wikipedia.org/wiki/RAS_syndrome](https://en.wikipedia.org/wiki/RAS_syndrome)

------
GigabyteCoin
*Will be switching to HTTPS...

I just went to wikipedia and the implementation is not live yet.

~~~
yuvipanda
you can just go to [https://en.wikipedia.org](https://en.wikipedia.org) and it
works. We just do not have automatic redirection yet.

~~~
GigabyteCoin
You could always do that..

------
diminoten
Can they afford to? What was stopping them before?

~~~
eksith
It's not exactly a basement operation. I mean WikiMedia is basically one of
the busiest destinations on the web running on donations alone, so even if the
majority of sites aren't affected that much by switching to HTTPS, at the
volumes they're serving, it must have a pretty significant impact.

~~~
diminoten
Yeah that's what I'm thinking as well, this isn't a switch-flip, I hope this
doesn't impact their operating cost too much. :(

~~~
eksith
They may very well see a significant spike though.

This is why people should donate as much as possible before the "drive
banners" come up. It doesn't have to be a whole lot; if most of the people who
use it give even a small sum, considering the volume of visitors, they could
still keep up with operations costs pretty well.

------
samhamilton
Watch for a drop in China traffic, HTTPS Wikipedia is blocked but HTTP is not.

------
teeja
Considering how much I use WP, they're gonna need a terabyte just for me.

------
jonknee
Why just for logged-in users?

------
znowi
Bitcoin concept disrupts the banking industry and effectively deprecates it.
I'd like to see a similar decentralized system in application to SSL
certificates, where anyone can establish secure connection without paying fees
to 3rd party CAs.

~~~
ihsw
Don't be ridiculous. Bitcoin is little else than a reliable and decentralized
transaction network, and a currency.

Banks are connections between customers that have deficits and customers that
have surpluses, ie: credit and lending. There are also investment structures
that people use, ie: stocks and bonds.

In addition to consumer banking and investment banking, there is also
insurance functions.

There are companies that meet individual needs (ie: companies that do only
insurance) but many consumers still prefer to utilize "one-stop shop" banking
institutions that accommodate a variety of needs.

------
codex
This is ridiculous. Wikipedia is headquartered in San Francisco. If the NSA
wanted to snoop Wikipedia lookups it would force Wikipedia to install PRISM-
like access devices to the site itself, secretly. Switching to HTTPS consumes
more resources all around, increases latency, increases site operation costs,
and emits more climate changing CO2, with no net change in the NSA's
capabilities to snoop Wikipedia lookups.

~~~
freehunter
Why would HTTPS necessarily cause more CO2 emissions? Wikipedia might be
headquartered in San Francisco, but their data centers are not. For example,
their European data center is CO2-neutral. [1]

[1] [http://www.thewhir.com/web-hosting-news/evoswitch-hosts-
the-...](http://www.thewhir.com/web-hosting-news/evoswitch-hosts-the-
wikimedia-foundation)

~~~
toomuchtodo
Their US datacenter is in Florida.

EDIT: My info is out of date. Their Florida datacenter has become the backup,
with the primary being Equinix in Ashburn, Virginia:

[http://www.datacenterknowledge.com/archives/2013/01/14/its-o...](http://www.datacenterknowledge.com/archives/2013/01/14/its-
official-equinix-ashburn-is-wikimedias-home/)

