Jump to content

Wikipedia talk:Wikipedia Signpost/2010-11-01/Technology report

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

Secure browsing: it is possible to use a combination of server side scripting and JavaScript to create signed URLs: using encryption on the content of WP pages and the edits thereto,which are public knowledge, would be a waste of resource indeed. Rich Farmbrough, 09:51, 2 November 2010 (UTC).[reply]

It's already planned that 'Wikipedia' will be added to FireSheep. Your Wikipedia account can be taken over completely. My advice is don't use public Wifi without WPA encryption enabled. Regards, SunCreator (talk) 12:45, 2 November 2010 (UTC)[reply]
Signed urls ? Isn't that for content only ? Wouldn't protect you from cookie hijacking, which is the problem with firesheep, right ? —TheDJ (talkcontribs) 23:43, 2 November 2010 (UTC)[reply]
Firesheep is a session-stealing attack utilizing packet sniffing on a shared medium. Signing URLs does exactly nothing to prevent this. --Carnildo (talk) 01:47, 3 November 2010 (UTC)[reply]
An OpenSearch search bar plugin has been added: Wikipedia (SSL) search, which can replace the default Wikipedia search-bar in browsers like Firefox. You can review the source code for the plugin as well. Nimur (talk) 02:00, 3 November 2010 (UTC)[reply]
The Electronic Frontier Foundation's HTTPS Everywhere add-on makes Firefox use the secure server for every page viewed on Wikipedia (and various other sites). Regards, HaeB (talk) 10:58, 4 November 2010 (UTC)[reply]
Keep in mind that the number of active editors is much, much smaller than the number of anonymous readers. I don't know whether the secure server would support us editing securely all at once, since WMF has not yet dedicated any special resources to scaling SSL, but you should always use it when editing from a network that you don't control such as an open wifi network, particularly if you have a privileged account. A hybrid solution that encrypts session data and not page content might be useful, but I know of no way to implement it and it still presents privacy risks (which articles you read says something about you). Dcoetzee 18:49, 3 November 2010 (UTC)[reply]
Note, that well the secure site does protect your session, it doesn't really (overly) protect your privacy. Images are still loaded from the non-secure site. If you notice person A downloads 10 images in about 5 seconds, and there is only one page on wikipedia that uses precisely these ten images, it is a pretty sure bet that person A is looking at that page. (Of course, if someone is watching you that closely, you probably have bigger problems...). Bawolff (talk) 05:33, 4 November 2010 (UTC)[reply]
Interesting, I didn't know that. I hope WMF will consider also protecting inline images by SSL, eventually - although I realise the cost of doing so would be somewhat greater than pages alone. This would be particularly important for people who are interested in learning more about topics related to sex and pornography and may not want this to be known. Dcoetzee 05:36, 4 November 2010 (UTC)[reply]
Well there is a long standing bug - bugzilla:16822. But If you're really that concerned about your privacy, you can always use something like TOR. (which has the added bonus that even if the foundation was evil, they still wouldn't know who you are ;) Bawolff (talk) 00:24, 5 November 2010 (UTC)[reply]
But we block TOR, remember? :P - Jarry1250 [Who? Discuss.] 17:46, 5 November 2010 (UTC)[reply]

No comments on the Wikimedia / Gmail story? Doesn't that concern some poeple? 128.59.179.238 (talk) 18:37, 18 November 2010 (UTC)[reply]