Forgot your password?
typodupeerror
Government Censorship Privacy The Internet United Kingdom Wikipedia Your Rights Online

Jimmy Wales Threatens To Obstruct UK Government Snooping 198

Posted by timothy
from the different-kind-of-man-in-the-middle dept.
judgecorp writes "Wikipedia founder Jimmy Wales has threatened to encrypt communications between Wikipedia and UK users in order to frustrate the proposed Communications Bill, known as the Snooper's Charter, which would give the UK government the right to routinely track citizens' web and phone use. Wales was addressing the committee which is scrutinising the Bill before it is considered by Parliament."
This discussion has been archived. No new comments can be posted.

Jimmy Wales Threatens To Obstruct UK Government Snooping

Comments Filter:
  • Good (Score:5, Insightful)

    by netwarerip (2221204) on Thursday September 06, 2012 @10:11AM (#41247399)
    Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.
    • Re:Good (Score:5, Funny)

      by Anonymous Coward on Thursday September 06, 2012 @10:14AM (#41247429)

      Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.

      "The Outlaw Jimmy Wales"

    • Re:Good (Score:5, Insightful)

      by camionbleu (1633937) on Thursday September 06, 2012 @10:48AM (#41247947)

      Yes, a good gesture indeed. However, encrypting the packets will not prevent traffic analysis by the UK government. To avoid that, individual users will have to take their own security measures (such as using Tor). Nevertheless, it's nice to see high-profile opposition to the Communications Bill.

      • Re:Good (Score:5, Insightful)

        by jd2112 (1535857) on Thursday September 06, 2012 @11:48AM (#41248897)
        UK GOV: We can't read it so it must be pedophile terrorists trading MP3s.
        • UK GOV: We can't read it so it must be pedophile terrorists trading MP3s.

          That kind of happened to me in high school. Not the pedophile terrorist part, but I was saving my school assignments in WordPerfect files that could not be opened without a password. School administrators considered me a "hacker" or something and routinely examined the files I had saved on the school network. They could not read my WordPerfect files but the words added to my spellchecker's dictionary were in plain text. And they deleted all of my school assignments on the grounds that there were dirty words

    • by cpu6502 (1960974)

      >>>a pair of balls. Not very common on an adult named 'Jimmy'.

      Jimmy Swaggert (stood-up against segregation)
      Jimmy Carter (stood-up against Arab terrorists)
      Jimmy Stewart (World War 2 fighter pilot)
      Jimmy Buffett (okay this is a bit of a stretch)

      • Minor correction: Jimmy Stewart flew bombers, not fighters.
  • by benjymous (69893) on Thursday September 06, 2012 @10:17AM (#41247481) Homepage
  • Why not just do it? (Score:5, Interesting)

    by MisterP (156738) on Thursday September 06, 2012 @10:18AM (#41247491)

    I understand that wikipedia is a non-profit and has limited resources, but why not just do it? This doesn't seem like a radical stance at all. This should be on their roadmap. Given wikipedia history of taking sides on issues like this, they should be pioneers in doing this sort of thing.

    Plain text HTTP is on its way to becoming a legacy protocol.

    • by xded (1046894) on Thursday September 06, 2012 @10:29AM (#41247679)
      Given the traffic volume experienced by Wikipedia every day, switching the entire UK (or worldwide) traffic to HTTPS would represent a significant hit on the servers CPU load if they're not using cryptographically capable hardware (and maybe even if they do, however IANANE and I'm not sure how this could work with load balancing).
      • by Anonymous Coward on Thursday September 06, 2012 @10:35AM (#41247763)

        I'm not sure how this could work with load balancing

        Their load balancers probably already handle the SSL and unwrap it for the web servers.
        Most decent load balancers support hardware-SSL these days.

      • by Anonymous Coward on Thursday September 06, 2012 @10:35AM (#41247767)

        Perfect response to the many people saying the same thing over and over... 'why not just DO it??!??!?'. They're threatening for now because it would require a significant financial and time investment to follow through. There's also the chances of downtime, server overload, etc... that needs to be taken into consideration. With Wikipedia's reputation, at least from all i can tell, of having a solid and stable domain, it wouldn't do well to fight on a stance like this and cripple itself in the process.
        Besides, with the widespread use of Wikipedia, it's a good way to get the word out there to the millions who use the site daily.
        I've said it before, and will reiterate now...
        V for Vendetta's view of England seems to be coming closer to reality with every passing year.

        -- Valor958

        • by DarwinSurvivor (1752106) on Thursday September 06, 2012 @11:17AM (#41248379)
          Wikipedia already supports SSL, all they seem to *really* be threatening is making it *default* for UK users (either through a redirect or some other method). Anyone with "HTTPS Everywhere" already has it enabled.
          • by Valor958 (2724297)
            Some of this I 'should' know, but admittedly I use enhanced level defaults for my browsers of choice, Chrome. Slightly enhanced security, but no custom settings aside from my theme. I'm a smart browser and haven't had a virus in years, excluding the wife downloads.... I DO use Incognito Browsing for Chrome from time to time though, and may do some custom enhancements to Chrome for security if I get off my butt. Since it's apparently sub-topic now... anyone have suggestions on enhancements that don't sacrifi
      • by Seumas (6865)

        If only they were able to raise tens of millions of dollars per year for their "non-profit". Perhaps via some banner at the top of every page on their site, so they could afford servers.

      • by cpu6502 (1960974)

        https is the answer but it should be a voluntary thing.

        According to the politicians & judges we have "no expectation of privacy in a public arena". It's why they camcord us in the streets, and why we can camcord them as they are writing tickets or beating people with clubs. So isn't the world wide web also a public venue? The politicians appear to be saying "yes".

        • Your second paragraph doesn't back up the first in the slightest. Give me a SINGLE valid reason for preferring http over https (from a normal user's perspective).
          • by tolan-b (230077) on Thursday September 06, 2012 @11:35AM (#41248665)

            With HTTPS there's less caching going on in general so it's a bit slower. Doesn't bother me but it's definitely a valid reason.

          • by TheLink (130905)
            Latency.
        • by LihTox (754597)

          So isn't the world wide web also a public venue? The politicians appear to be saying "yes".

          Which is like saying that because Harry Potter is a publicly published book series, reading a Harry Potter book in bed is a public act.

      • by Inda (580031)
        Google released a report a year or so back. I'm sure the figures they quoted showed 1-2% extra CPU usage.
        • by cduffy (652)

          Google released a report a year or so back. I'm sure the figures they quoted showed 1-2% extra CPU usage.

          With a whole lot of tuning and optimization, that is -- certainly not free.

          I don't remember whether the 1%-2% was requiring client-side support as well.

      • by Eil (82413)

        HTTPS would represent a significant hit on the servers CPU load if they're not using cryptographically capable hardware

        I thought that myth has been pretty well debunked [imperialviolet.org] for quite some time now.

    • by X0563511 (793323)

      Plain text HTTP is on its way to becoming a legacy protocol.

      No it's not. What do you think that SSL/TLS session is encapsulating?

      • by Tanktalus (794810)

        Talk about nit-picking. You know what he meant, but you had to pick on how he said it instead.

        Is this any better? "Unencrypted HTTP is on its way to becomming a legacy protocol."

        (Typo left in so you can ignore my point, too, and instead nit pick on something else.)

        • by X0563511 (793323)

          It's still not legacy, as it's unencrypted HTTP as soon as the SSL/TLS layer is removed.

          It's not nit picking if you're correcting someone who's just plain wrong.

    • by mug funky (910186)

      Wales is making a statement.

      Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you keep it a secret! Why didn't you tell the world, EH?

  • by Anonymous Coward on Thursday September 06, 2012 @10:19AM (#41247499)

    From what I read of TFA, it doesn't look like Jimbo is actually making a threat. He's just saying "Your idea sucks because I, and any competent server operator, could bypass it in 30 seconds."

  • Threat? (Score:5, Insightful)

    by betterunixthanunix (980855) on Thursday September 06, 2012 @10:19AM (#41247503)
    It is interesting to refer to this as a "threat" -- what exactly is being threatened here? There is nothing illegal about using cryptography in the UK, and the UK has a key disclosure law. It is only logical for people to use cryptography when they have good reason to suspect that untrusted third parties might be reading their traffic, and frankly, we should have been encrypting our communications from the start.
    • Yes. We (and Wikipedia) should be encrypting our communications from the start. A lot has been written about why we should use encryption [wikibooks.org], some of it from around 20 years ago. It's an uphill fight still these days and many won't become interested until it is too late. If you haven't already, consider throwing your own cryptoparty [falkvinge.net].
  • Snooper's Charter? (Score:4, Insightful)

    by Anonymous Coward on Thursday September 06, 2012 @10:21AM (#41247523)

    How does a bill like this even get proposed in this day and age? What ever happened to privacy?

    I'd hate to make the ridiculous V for Vendetta reference.. but yikes. The UK really isn't supposed to be going that way.

    • by BMOC (2478408)
      UK Citizens unfortunately trust their government too much. I like UK citizens, and I think they're very very rational people, but they can't seem to grasp that no matter how reasonable and rational a politician might seem, they still want power over you, so they can't be trusted
      • by radio4fan (304271)

        UK Citizens unfortunately trust their government too much.

        I don't know anyone in the UK who trusts the government.

        But what to do? Vote for a Labour government, who lied about WMD, tuition fees and lots more, and introduced police-state bollocks like the RIPA [wikipedia.org]?

        Or opt for a Conservative-led government, who lied about the NHS, pension age, child benefit, reining in the banks, and lots more, then introduce police-state bollocks like the Draft Communications Bill?

        I like UK citizens, and I think they're very very rational people, but they can't seem to grasp that no matter how reasonable and rational a politician might seem, they still want power over you, so they can't be trusted

        Oh, they grasp this very well.

        But the fact remains that the UK electorate has a choice between shit and shit

    • https://en.wikipedia.org/wiki/Gordon_Kaye_v._Andrew_Robertson_and_Sport_Newspapers_Ltd [wikipedia.org]

      https://en.wikipedia.org/wiki/Wainwright_v_Home_Office [wikipedia.org]

      The UK is not the USA; here in the US, we can point to our constitution and say, "We are supposed to have these rights, so what's up with this snooping by the government?!" In the UK, there is no such guarantee of a right to privacy.
    • How does a bill like this even get proposed in this day and age? What ever happened to privacy?

      I'd hate to make the ridiculous V for Vendetta reference.. but yikes. The UK really isn't supposed to be going that way.

      Smile for the cameras, now!

      Smith! 6079 Smith W! Sit up straight!

    • by cpghost (719344)

      How does a bill like this even get proposed in this day and age? What ever happened to privacy?

      George Orwell of 1984 fame was British. It was not a coincidence, you know?

    • by steelfood (895457)

      The UK really isn't supposed to be going that way.

      In the same way the book 1984 stopped the events of 1984 from happening?

  • Video... (Score:5, Informative)

    by trancemission (823050) on Thursday September 06, 2012 @10:22AM (#41247551)

    Video: http://www.parliamentlive.tv/Main/Player.aspx?meetingId=11355 [parliamentlive.tv] [Windows silverlight warning!]

    To highlight what we are up against - the chairman wasn't aware that 'kids' these days are able to chat to each other in games using their Xbox - 'Good Lord' was his reaction.

    The committee really do not have a clue, and have no real chance of getting it if the goverment machine gets their way - the witnesses here showed this.

    The 25% arguement is laughable [That being it is claimed that 25% of internet data is not available to collect thorugh current legislation]

  • by JustAnotherIdiot (1980292) on Thursday September 06, 2012 @10:26AM (#41247617)
    Why "threaten" to do it?
    Like Nike says, Just Do It.
    • by thegarbz (1787294)

      Great then we can look forward to another few months of begging for money after the Wikipedia servers turn into a puddle at the bottom of a 19" rack. SSL has some serious overhead issues, kind of a problem when you run a website which attracts 2500 pageviews each second.

  • Once we'll all switch to peer-to-peer encrypted communication.
    Using HTTPS is not enough, though.

  • I run a Tor relay and an I2P node 24/7. Both can be configured to only use a certain amount of bandwidth over a certain amount of time, for those on metered connections.
  • by ultrasawblade (2105922) on Thursday September 06, 2012 @10:54AM (#41248049)

    A personal appeal by Wikipedia founder, Jimmy Wales

      mQGiBEe68W8RBACVuFuv4d+roDSCdRO1SuO8dQwds4VTjVOqgVKQtq6+8Fe95RY8
      BAf1IyLj4bxvWPhr0wZdVwTosD/sFoPtdCyhVcF932nP0GLHsTEeVwSz9mid22HI
      O4Kmwj2kE+I+C9QdzAg0zaWQnVaF9UC7pIdMR6tEnADI8nkVDdZ+zb2ziwCg6Yqu
      tk3KAzKRT1SNUzTE/n9y2PED/1tIWiXfGBGzseX0W/e1G+MjuolWOXv4BXeiFGmn
      8wnHsQ4Z4Tzk+ag0k+6pZZXjcL6Le486wpZ9MAe6LM31XDpQDVtyCL8t63nvQpB8
      TUimbseBZMb3TytCubNLGFe5FnNLGDciElcD09d2xC6Xv6zE2jj4GtBW1bXqYWtl
      jm0PA/4u6av6o6pIgLRfAawspr8kaeZ8+FU4NbIiS6xZmBUEQ/o7q95VKGgFVKBi
      ugDOlnbgSzBIwSlsRVT2ivu/XVWnhQaRCotSm3AzOc2XecqrJ6F1gqk0n+yP/1h1
      yeTvvfS5zgqNTG2UmovjVsKFzaDqmsYZ+sYfwc209z9PY+6FuLQnQXBhY2hlVGVz
      dCAoVGVzdGluZykgPGFwYWNoZUBsb2NhbGhvc3Q+iF4EExECAB4FAke68W8CGwMG
      CwkIBwMCAxUCAwMWAgECHgECF4AACgkQJE9COu2PFIEGDwCglArzAza13xjbdR04
      DQ1U9FWQhMYAnRrWQeGTRm+BYm6SghNpDOKcmMqruQENBEe68XAQBADPIO+JFe5t
      BQmI4l60bNMNSUqsL0TtIP8G6Bpd8q2xBOemHCLfGT9Y5DN6k0nneBQxajSfWBQ5
      ZdKFwV5ezICz9fnGisEf9LPSwctfUIcvumbcPPsrUOUZX7BuCHrcfy1nebS3myO/
      ScTKpW8Wz8AjpKTBG55DMkXSvnx+hS+PEwADBQP/dNnVlKYdNKA70B4QTEzfvF+E
      5lyiauyT41SQoheTMhrs/3RIqUy7WWn3B20aTutHWWYXdYV+E85/CarhUmLNZGA2
      tml1Mgl6F2myQ/+MiKi/aj9NVhcuz38OK/IAze7kNJJqK+UEWblB2Wfa31/9nNzv
      ewVHa1xHtUyVDaewAACISQQYEQIACQUCR7rxcAIbDAAKCRAkT0I67Y8UgRwEAKDT
      L6DwyEZGLTpAqy2OLUH7SFKm2ACgr3tnPuPFlBtHx0OqY4gGiNMJHXE=

  • A dream that all web sites use https for everything. Why do so many web sites still not use https? Do they *like* third-parties being able to snoop on their visitors?

    https://www.eff.org/https-everywhere/faq [eff.org]
    https://httpsnow.org/ [httpsnow.org]
    http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/ [arstechnica.com]
    http://arstechnica.com/business/2011/03/https-is-great-here-is-why-everyone-needs-to-use-it-so-ars-can-too/ [arstechnica.com]
    http://serverfault.com/questions/161854/how-to-set-up-https-without-paying-any [serverfault.com]
    • by cpghost (719344)
      To use HTTPS, you need a certificate from a CA. What kind of CA that is recognized by the browser vendors do you suggest for small website owners, whose certificates don't cost an arm and a leg, year after year after year?
    • by Dwedit (232252)

      I use HTTPS everywhere.
      Sometimes I have to turn remove a site from the list because the https:/// [https] version does not load at all, but the http:/// [http] version loads fine. So that's the only problem with that extensions, often the https:/// [https] versions of a site simply don't work at all.

  • that snooping stuff could NEVER happen here in the U.S.! Whew!
  • In 2000 the previous government tried something similar with the Communications white paper [homeoffice.gov.uk] that would require every ISP and data carrier to keep every byte of data carried for eight years.

    At the time I worked for a small subsidiary of a local telco, our Chairman of our Board was well connected member of the House of Lords. I prepared a position paper for him pointing out that our division alone would need as much storage as was sold annually in the UK to fulfil our obligation.

    IT Professional the country

    • by mrbester (200927)

      That's the thing though. On one hand you have the Govt. passing a law that means you have to declare what tracking you do via cookies (and Silktide have just said "go ahead and sue us for not doing so") while they are proposing to pass a law that requires ISPs to route via a black box that performs MITM SSL interception to track ALL visits to ANY site, regardless of security *and not tell anyone*

  • A lot of censorware setups block all HTTPS traffic by default, as the censor-proxy can't see what is being sent without relying on a fiddley-and-expensive MITM attack. If wikipedia moves to HTTPS by default, it'll suddenly become impossible to access from within many schools.
    • by 6031769 (829845)

      So it will become evident to everyone that the censorware serves no useful purpose and will be binned. Double bonus.

    • by Arker (91948)
      Sounds more like an incentive to fix an issue to me.
  • ...I wonder. So there's no risk that private cert leaks out and government can do a man-in-the-middle attack easily.
  • Here, we have a prime example of a multinational corporation using its immense power to control a large national government. Let's cut them off at the knees before they enslave us all!
  • by crossmr (957846)

    When is the US going to invade England and restore freedom?

To understand a program you must become both the machine and the program.

Working...