Jimmy Wales Threatens To Obstruct UK Government Snooping

judgecorp writes "Wikipedia founder Jimmy Wales has threatened to encrypt communications between Wikipedia and UK users in order to frustrate the proposed Communications Bill, known as the Snooper's Charter, which would give the UK government the right to routinely track citizens' web and phone use. Wales was addressing the committee which is scrutinising the Bill before it is considered by Parliament."

Good

[netwarerip]

Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.

Re:Good

[Anonymous Coward]

Nice to see someone has a pair of balls. Not very common on an adult named 'Jimmy'.

"The Outlaw Jimmy Wales"

Re:Good

[wonkey_monkey]

The virgin Connie Swail?

Re:

[wonkey_monkey]

Dum, da dum-dum!

Re:

[dywolf]

Clint Eastwood reference deserves a mod up. Great movie

Re:Good

[camionbleu]

Yes, a good gesture indeed. However, encrypting the packets will not prevent traffic analysis by the UK government. To avoid that, individual users will have to take their own security measures (such as using Tor). Nevertheless, it's nice to see high-profile opposition to the Communications Bill.

Re:Good

[jd2112]

UK GOV: We can't read it so it must be pedophile terrorists trading MP3s.

Re:

[AmberBlackCat]

UK GOV: We can't read it so it must be pedophile terrorists trading MP3s.

That kind of happened to me in high school. Not the pedophile terrorist part, but I was saving my school assignments in WordPerfect files that could not be opened without a password. School administrators considered me a "hacker" or something and routinely examined the files I had saved on the school network. They could not read my WordPerfect files but the words added to my spellchecker's dictionary were in plain text. And they deleted all of my school assignments on the grounds that there were dirty words

Re:

[bWareiWare.co.uk]

Even the IP and size of the file may be enough to prosecute some things (say a given image was deemed illegal, but happens to be the only image roughly* a given size on Wikipedia at the time you accessed it). A much bigger problem is that if the page (or worse search results) that linked to the forbidden page are not using SSL, the fact that your next hop is to the SSL server is itself fairly incriminating. (A lot of the UK's thought crime stuff is about 'anti-terrorism' stuff were they don't need to prove

Re:

[icebike]

Wait, the size of a given file can not reliably be determined by the packet stream when the stream is encrypted. All sorts of "white space" can be added to files on the fly.

Further, there is not that much on Wiki that would trigger an arrest anyway.

Re:

[reub2000]

Well there is the image on the Virgin Killer article.

Re:

[VTI9600]

Traffic analysis does not require decryption. Someone watching the traffic can still see that you are on Wikipedia, what time you were on the site, how long, and the approximate size of the content you downloaded...or uploaded for that matter.

Say you submitted a post; even encrypted its still possible to see that more bytes were sent than in a normal GET request. Even if your IP is hidden behind your WP login, it is feasibly possible that the timestamp combined with the approximate byte count could be used

Re:Explain me? SSL is not sufficient?

[Jawnn]

I think we're missing the point here. Wales is threatening to make a statement, one that will demonstrate the stupidity of the bill. The simple measure he proposes will immediately mask the content of all traffic between wikipedia servers and their users. Yes, there's still a record that a user visited this or that IP address, but the point being made is that technology should, can, and will easily bypass ill-conceived government moves like this.

Re:Explain me? SSL is not sufficient?

[zlives]

people with more knowledge please correct me...

from my understanding your ISP can use a transparent proxy (so without your knowledge, or actually make you use a web proxy) and be able to see your data even in SSL. This is how websense gateway product works. they actually use it as a selling point to be able to scan ssl based web email that may include confidential documents as attachments.

Re:Explain me? SSL is not sufficient?

[Anonymous Coward]

A SSL/HTTPS (transparent) proxy can only do a man-in-the-middle attack if you install the proxy-server's private CA (certificate authority) certificate in your browser. At your work place, IT may have installed one of those CA certificates for their own proxy in the browser on every computer they manage.

Basically for every website you try to access, the proxy becomes the end-point for the website, and then the proxy make its own fake-certificate for the website signed with its CA certificate. The browser checks the fake-certificate with the fake-CA-certificate and thinks everything is fine.

Governments can also transparent proxy specific websites which they have a fake-certificate for which was signed by a hacked real CA. Like what happened with a dutch CA diginotar.nl, which was used to create certificates for google.com and Facebook.com by hackers from Iran, if I remember correctly.

Re:

[EETech1]

One of my past employers had internet explorer configured that way. When traveling you had to VPN in to use their proxy server to get to the Internet (:via the Internet:) DNS, everything came through their proxy servers all the time so it was just like back at the office, but
Slowwwww...

The guy that did the desktop IT support was a good friend of mine, and I asked him why they did that, and after that he used to poke fun at me that they could read my encrypted web mail and web browsing (unless I encrypted it

Re:

[cpu6502]

>>>a pair of balls. Not very common on an adult named 'Jimmy'.

Jimmy Swaggert (stood-up against segregation)
Jimmy Carter (stood-up against Arab terrorists)
Jimmy Stewart (World War 2 fighter pilot)
Jimmy Buffett (okay this is a bit of a stretch)

Re:

[Roberticus]

Minor correction: Jimmy Stewart flew bombers, not fighters.

Re:

[Hillgiant]

Hey. Let's keep our history straight. It was Reagan that negotiated with the terrorists.

Re:

[cpu6502]

>>>Let's keep our history straight. It was Reagan that negotiated with the terrorists.

False. Jimmy Carter's men did the negotiations and it was essentially a done deal to release the hostages. However the Arabs refused to send them home until Reagan took the oath of office, thereby enabling him to take credit for his predecessors' actions. (Source: My college history class.)

Re:

[dwye]

However the Arabs refused to send them home until Reagan took the oath of office,

They were Iranians, not Arabs. Both Arab terrorists and Iranians would be insulted if they read your mistake. I hope that no one can figure out where you live :-)

Re:

[Maxwell'sSilverLART]

...and standing down against a rabbit.

Re:Euphemism

[NonUniqueNickname]

Also, his last name is Wales, so it's not surprising he enjoys sticking it to the English.

Here we go...

[benjymous]

https://en.wikipedia.org/wiki/Main_Page [wikipedia.org]

Done.

Re:Here we go...

[L4t3r4lu5]

HTTPS Everywhere [eff.org]

If I were a Russian meerkat, I'd be sucking my teeth right now.

Re:Here we go...

[tomtomtom]

It's also worth pointing out HTTPS Finder [mozilla.org] which will work for the random sites you visit that aren't in HTTPS Everywhere's default list. And of course you might want to use some other privacy-protecting addons to stop info leaking out to ad-trackers over plain old HTTP and/or alert you to a potential compromise of your HTTPS certificate chain of authority.

Re:

[Control-Z]

HTTPS doesn't encrypt the request though does it? The government could still see you requested https://wikipedia.com/how_to_make_bombs.html

Re:Here we go...

[PsychoKiller]

The URL is encrypted:

http://stackoverflow.com/questions/499591/are-https-urls-encrypted [stackoverflow.com]

Re:

[Pieroxy]

I do believe only the host name is readable in an https request.

Why not just do it?

[MisterP]

I understand that wikipedia is a non-profit and has limited resources, but why not just do it? This doesn't seem like a radical stance at all. This should be on their roadmap. Given wikipedia history of taking sides on issues like this, they should be pioneers in doing this sort of thing.

Plain text HTTP is on its way to becoming a legacy protocol.

Re:Why not just do it?

[xded]

Given the traffic volume experienced by Wikipedia every day, switching the entire UK (or worldwide) traffic to HTTPS would represent a significant hit on the servers CPU load if they're not using cryptographically capable hardware (and maybe even if they do, however IANANE and I'm not sure how this could work with load balancing).

Re:Why not just do it?

[Anonymous Coward]

I'm not sure how this could work with load balancing

Their load balancers probably already handle the SSL and unwrap it for the web servers.
Most decent load balancers support hardware-SSL these days.

Re:Why not just do it?

[Cajun Hell]

I totally agree with the idea that he should just go ahead and do it, but

Most decent load balancers support hardware-SSL these days.

That's gotta at least increase the wattage. Nothing is ever really free though in 2012 you'd think crypto would be dirt cheap. If your 20 year old computer can do it...

Re:Why not just do it?

[Anonymous Coward]

Perfect response to the many people saying the same thing over and over... 'why not just DO it??!??!?'. They're threatening for now because it would require a significant financial and time investment to follow through. There's also the chances of downtime, server overload, etc... that needs to be taken into consideration. With Wikipedia's reputation, at least from all i can tell, of having a solid and stable domain, it wouldn't do well to fight on a stance like this and cripple itself in the process.
Besides, with the widespread use of Wikipedia, it's a good way to get the word out there to the millions who use the site daily.
I've said it before, and will reiterate now...
V for Vendetta's view of England seems to be coming closer to reality with every passing year.

-- Valor958

Re:Why not just do it?

[DarwinSurvivor]

Wikipedia already supports SSL, all they seem to *really* be threatening is making it *default* for UK users (either through a redirect or some other method). Anyone with "HTTPS Everywhere" already has it enabled.

Re:

[Valor958]

Some of this I 'should' know, but admittedly I use enhanced level defaults for my browsers of choice, Chrome. Slightly enhanced security, but no custom settings aside from my theme. I'm a smart browser and haven't had a virus in years, excluding the wife downloads.... I DO use Incognito Browsing for Chrome from time to time though, and may do some custom enhancements to Chrome for security if I get off my butt. Since it's apparently sub-topic now... anyone have suggestions on enhancements that don't sacrifi

Re:

[Seumas]

If only they were able to raise tens of millions of dollars per year for their "non-profit". Perhaps via some banner at the top of every page on their site, so they could afford servers.

Re:

[cpu6502]

https is the answer but it should be a voluntary thing.

According to the politicians & judges we have "no expectation of privacy in a public arena". It's why they camcord us in the streets, and why we can camcord them as they are writing tickets or beating people with clubs. So isn't the world wide web also a public venue? The politicians appear to be saying "yes".

Re:

[DarwinSurvivor]

Your second paragraph doesn't back up the first in the slightest. Give me a SINGLE valid reason for preferring http over https (from a normal user's perspective).

Re:Why not just do it?

[tolan-b]

With HTTPS there's less caching going on in general so it's a bit slower. Doesn't bother me but it's definitely a valid reason.

Re:

[TheLink]

Latency.

Re:

[TheLink]

OK assuming 200ms round trip latency from Asia Pacific to USA (which is currently close to the actual figure under good conditions). So 100ms one way.

TCP 3 way handshake= 300ms. HTTP =-300ms.
TCP + SSL handshake = 300ms + 300ms. HTTPS = 600ms.

If the RTT link latency goes up to 400ms (does happen), HTTP would be 600 and HTTPS would be 1200.

Human average reflexes are about 200ms. So it will be distinguishable - a http website will feel "snappier", assuming "light" pages.

Of course if by decent webmaster you me

Re:

[LihTox]

So isn't the world wide web also a public venue? The politicians appear to be saying "yes".

Which is like saying that because Harry Potter is a publicly published book series, reading a Harry Potter book in bed is a public act.

Re:

[Inda]

Google released a report a year or so back. I'm sure the figures they quoted showed 1-2% extra CPU usage.

Re:

[cduffy]

Google released a report a year or so back. I'm sure the figures they quoted showed 1-2% extra CPU usage.

With a whole lot of tuning and optimization, that is -- certainly not free.

I don't remember whether the 1%-2% was requiring client-side support as well.

Re:

[Eil]

HTTPS would represent a significant hit on the servers CPU load if they're not using cryptographically capable hardware

I thought that myth has been pretty well debunked [imperialviolet.org] for quite some time now.

Re:

[X0563511]

Plain text HTTP is on its way to becoming a legacy protocol.

No it's not. What do you think that SSL/TLS session is encapsulating?

Re:

[Tanktalus]

Talk about nit-picking. You know what he meant, but you had to pick on how he said it instead.

Is this any better? "Unencrypted HTTP is on its way to becomming a legacy protocol."

(Typo left in so you can ignore my point, too, and instead nit pick on something else.)

Re:

[X0563511]

It's still not legacy, as it's unencrypted HTTP as soon as the SSL/TLS layer is removed.

It's not nit picking if you're correcting someone who's just plain wrong.

Re:

[X0563511]

SSH does not contain telnet. Doesn't apply.

Re:

[X0563511]

False. If your protocol includes encryption out-of-the-box, it's an encrypted protocol.

Re:

[mug funky]

Wales is making a statement.

Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you keep it a secret! Why didn't you tell the world, EH?

Not a threat, just a statement

[Anonymous Coward]

From what I read of TFA, it doesn't look like Jimbo is actually making a threat. He's just saying "Your idea sucks because I, and any competent server operator, could bypass it in 30 seconds."

Threat?

[betterunixthanunix]

It is interesting to refer to this as a "threat" -- what exactly is being threatened here? There is nothing illegal about using cryptography in the UK, and the UK has a key disclosure law. It is only logical for people to use cryptography when they have good reason to suspect that untrusted third parties might be reading their traffic, and frankly, we should have been encrypting our communications from the start.

cryptoparties

[SgtChaireBourne]

Yes. We (and Wikipedia) should be encrypting our communications from the start. A lot has been written about why we should use encryption [wikibooks.org], some of it from around 20 years ago. It's an uphill fight still these days and many won't become interested until it is too late. If you haven't already, consider throwing your own cryptoparty [falkvinge.net].

Snooper's Charter?

[Anonymous Coward]

How does a bill like this even get proposed in this day and age? What ever happened to privacy?

I'd hate to make the ridiculous V for Vendetta reference.. but yikes. The UK really isn't supposed to be going that way.

Re:

[BMOC]

UK Citizens unfortunately trust their government too much. I like UK citizens, and I think they're very very rational people, but they can't seem to grasp that no matter how reasonable and rational a politician might seem, they still want power over you, so they can't be trusted

Re:

[radio4fan]

UK Citizens unfortunately trust their government too much.

I don't know anyone in the UK who trusts the government.

But what to do? Vote for a Labour government, who lied about WMD, tuition fees and lots more, and introduced police-state bollocks like the RIPA [wikipedia.org]?

Or opt for a Conservative-led government, who lied about the NHS, pension age, child benefit, reining in the banks, and lots more, then introduce police-state bollocks like the Draft Communications Bill?

I like UK citizens, and I think they're very very rational people, but they can't seem to grasp that no matter how reasonable and rational a politician might seem, they still want power over you, so they can't be trusted

Oh, they grasp this very well.

But the fact remains that the UK electorate has a choice between shit and shit

Re:

[betterunixthanunix]

https://en.wikipedia.org/wiki/Gordon_Kaye_v._Andrew_Robertson_and_Sport_Newspapers_Ltd [wikipedia.org]

https://en.wikipedia.org/wiki/Wainwright_v_Home_Office [wikipedia.org]

The UK is not the USA; here in the US, we can point to our constitution and say, "We are supposed to have these rights, so what's up with this snooping by the government?!" In the UK, there is no such guarantee of a right to privacy.

Re:

[RabidReindeer]

How does a bill like this even get proposed in this day and age? What ever happened to privacy?

I'd hate to make the ridiculous V for Vendetta reference.. but yikes. The UK really isn't supposed to be going that way.

Smile for the cameras, now!

Smith! 6079 Smith W! Sit up straight!

Re:

[cpghost]

How does a bill like this even get proposed in this day and age? What ever happened to privacy?

George Orwell of 1984 fame was British. It was not a coincidence, you know?

Re:

[steelfood]

The UK really isn't supposed to be going that way.

In the same way the book 1984 stopped the events of 1984 from happening?

Video...

[trancemission]

Video: http://www.parliamentlive.tv/Main/Player.aspx?meetingId=11355 [parliamentlive.tv] [Windows silverlight warning!]

To highlight what we are up against - the chairman wasn't aware that 'kids' these days are able to chat to each other in games using their Xbox - 'Good Lord' was his reaction.

The committee really do not have a clue, and have no real chance of getting it if the goverment machine gets their way - the witnesses here showed this.

The 25% arguement is laughable [That being it is claimed that 25% of internet data is not available to collect thorugh current legislation]

Just do it anyway?

[JustAnotherIdiot]

Why "threaten" to do it?
Like Nike says, Just Do It.

Re:

[thegarbz]

Great then we can look forward to another few months of begging for money after the Wikipedia servers turn into a puddle at the bottom of a 19" rack. SSL has some serious overhead issues, kind of a problem when you run a website which attracts 2500 pageviews each second.

All these attacks to freedom will end

[aglider]

Once we'll all switch to peer-to-peer encrypted communication.
Using HTTPS is not enough, though.

Re:

[aglider]

Internet? Why Internet?
Mesh wireless networks!

Re:

[TheRealGrogan]

That's "https://en.wikipedia.org/wiki/Straw#Uses" you clod. Oh wait... it's only a threat. :-)

Re:

[dwye]

In principle - and in practice prior to commercialization - the Internet worked fine without a "central service provider."

What? When was this? Before Jon Postel started doing this on a volunteer basis, or before sri.nic? The only time that I can think of is during those days of yore when the DARPANet was limited to less than 255 hosts by its design, and IP, UDP, and TCP were bare glints in people's eyes. And only in the earliest part of those days (probably the first couple months, at most).

Sorry, this is the reason that the polis became obsolete, that voting is no longer by clashing swords on shields, and laws are written

I'm doing my part.

[L4t3r4lu5]

I run a Tor relay and an I2P node 24/7. Both can be configured to only use a certain amount of bandwidth over a certain amount of time, for those on metered connections.

A personal appeal

[ultrasawblade]

A personal appeal by Wikipedia founder, Jimmy Wales

  mQGiBEe68W8RBACVuFuv4d+roDSCdRO1SuO8dQwds4VTjVOqgVKQtq6+8Fe95RY8
  BAf1IyLj4bxvWPhr0wZdVwTosD/sFoPtdCyhVcF932nP0GLHsTEeVwSz9mid22HI
  O4Kmwj2kE+I+C9QdzAg0zaWQnVaF9UC7pIdMR6tEnADI8nkVDdZ+zb2ziwCg6Yqu
  tk3KAzKRT1SNUzTE/n9y2PED/1tIWiXfGBGzseX0W/e1G+MjuolWOXv4BXeiFGmn
  8wnHsQ4Z4Tzk+ag0k+6pZZXjcL6Le486wpZ9MAe6LM31XDpQDVtyCL8t63nvQpB8
  TUimbseBZMb3TytCubNLGFe5FnNLGDciElcD09d2xC6Xv6zE2jj4GtBW1bXqYWtl
  jm0PA/4u6av6o6pIgLRfAawspr8kaeZ8+FU4NbIiS6xZmBUEQ/o7q95VKGgFVKBi
  ugDOlnbgSzBIwSlsRVT2ivu/XVWnhQaRCotSm3AzOc2XecqrJ6F1gqk0n+yP/1h1
  yeTvvfS5zgqNTG2UmovjVsKFzaDqmsYZ+sYfwc209z9PY+6FuLQnQXBhY2hlVGVz
  dCAoVGVzdGluZykgPGFwYWNoZUBsb2NhbGhvc3Q+iF4EExECAB4FAke68W8CGwMG
  CwkIBwMCAxUCAwMWAgECHgECF4AACgkQJE9COu2PFIEGDwCglArzAza13xjbdR04
  DQ1U9FWQhMYAnRrWQeGTRm+BYm6SghNpDOKcmMqruQENBEe68XAQBADPIO+JFe5t
  BQmI4l60bNMNSUqsL0TtIP8G6Bpd8q2xBOemHCLfGT9Y5DN6k0nneBQxajSfWBQ5
  ZdKFwV5ezICz9fnGisEf9LPSwctfUIcvumbcPPsrUOUZX7BuCHrcfy1nebS3myO/
  ScTKpW8Wz8AjpKTBG55DMkXSvnx+hS+PEwADBQP/dNnVlKYdNKA70B4QTEzfvF+E
  5lyiauyT41SQoheTMhrs/3RIqUy7WWn3B20aTutHWWYXdYV+E85/CarhUmLNZGA2
  tml1Mgl6F2myQ/+MiKi/aj9NVhcuz38OK/IAze7kNJJqK+UEWblB2Wfa31/9nNzv
  ewVHa1xHtUyVDaewAACISQQYEQIACQUCR7rxcAIbDAAKCRAkT0I67Y8UgRwEAKDT
  L6DwyEZGLTpAqy2OLUH7SFKm2ACgr3tnPuPFlBtHx0OqY4gGiNMJHXE=

I have a dream

[CuteSteveJobs]

A dream that all web sites use https for everything. Why do so many web sites still not use https? Do they *like* third-parties being able to snoop on their visitors?

https://www.eff.org/https-everywhere/faq [eff.org]
https://httpsnow.org/ [httpsnow.org]
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/ [arstechnica.com]
http://arstechnica.com/business/2011/03/https-is-great-here-is-why-everyone-needs-to-use-it-so-ars-can-too/ [arstechnica.com]
http://serverfault.com/questions/161854/how-to-set-up-https-without-paying-any [serverfault.com]

Re:

[cpghost]

To use HTTPS, you need a certificate from a CA. What kind of CA that is recognized by the browser vendors do you suggest for small website owners, whose certificates don't cost an arm and a leg, year after year after year?

Re:

[Fuzion]

StartSSL [startssl.com] provides free SSL certificates.

Re:

[Dwedit]

I use HTTPS everywhere.
Sometimes I have to turn remove a site from the list because the https:/// [https] version does not load at all, but the http:/// [http] version loads fine. So that's the only problem with that extensions, often the https:/// [https] versions of a site simply don't work at all.

Thank Goodness

[sfhock]

that snooping stuff could NEVER happen here in the U.S.! Whew!

Communications white paper 2000

[Martin S.]

In 2000 the previous government tried something similar with the Communications white paper [homeoffice.gov.uk] that would require every ISP and data carrier to keep every byte of data carried for eight years.

At the time I worked for a small subsidiary of a local telco, our Chairman of our Board was well connected member of the House of Lords. I prepared a position paper for him pointing out that our division alone would need as much storage as was sold annually in the UK to fulfil our obligation.

IT Professional the country

Re:

[mrbester]

That's the thing though. On one hand you have the Govt. passing a law that means you have to declare what tracking you do via cookies (and Silktide have just said "go ahead and sue us for not doing so") while they are proposing to pass a law that requires ISPs to route via a black box that performs MITM SSL interception to track ALL visits to ANY site, regardless of security *and not tell anyone*

I see an issue:

[SuricouRaven]

A lot of censorware setups block all HTTPS traffic by default, as the censor-proxy can't see what is being sent without relying on a fiddley-and-expensive MITM attack. If wikipedia moves to HTTPS by default, it'll suddenly become impossible to access from within many schools.

Re:

[6031769]

So it will become evident to everyone that the censorware serves no useful purpose and will be binned. Double bonus.

Re:

[Arker]

Sounds more like an incentive to fix an issue to me.

Where will Wikipedia buy their SSL certificates...

[gshegosh]

...I wonder. So there's no risk that private cert leaks out and government can do a man-in-the-middle attack easily.

Corporations abusing their power!

[khallow]

Here, we have a prime example of a multinational corporation using its immense power to control a large national government. Let's cut them off at the knees before they enslave us all!

So..

[crossmr]

When is the US going to invade England and restore freedom?

Re:

[Anonymous Coward]

Cost. https is slightly more expensive because it can't be cached, and as such, every access will hit his servers rather than someone's cache servers.

Re:

[jythie]

Not only that, but moving everything over to https can be time consuming as you track down all the places that assume http is available. Depending on what is lurking in those configuration files, simply cutting off port 80 might not be enough. I know when I tried to do it to some of our servers, some worked fine, others started having mysterious errors that took a while to run to ground. One I gave up because people needed the service immediately and the cause was not obvious.

Re:

[DarwinSurvivor]

You can still cache the content, you just have to re-encrypt the content. Many load balancing systems and site caches support SSL already.

Re:

[Dr_Barnowl]

Yes, but most large ISPs in the UK operate transparent web caches to reduce their interconnect fees, so instead of being served up from your ISP, your page will have to come from Wikipedia.

Re:

[MightyMartian]

Which is why you don't have your webservers do the encryption, you use some sort of https load balancer acting as an https proxy. Throw in some caching and there you go.

Re:Why "threaten"? That's lame

[xaxa]

He lives in Britain (in London), so perhaps he chooses to get more involved in politics here than anywhere else.

Re:Why "threaten"? That's lame

[gman003]

Because *threats* get more publicity than *action*. Especially when the action is this simple (force HTTPS), but the threat is phrased as something more complex (defeat the government's system).

Re:

[Dishevel]

Maybe you run a web server from your house that gets 12 hits a day. Or. Maybe you run something for a company that just gives you all the cash you request.
For everyone else forcing HTTPS is not "simple".

Not really

[oGMo]

Well, he could act. And then make the press release. To me, that's the better course of action. It would prove he means business.

You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted. Possibly unrealistic worst cases are made. If not, an ultimatum ("next friday") is delivered. Stirs things up, gets people wondering and talking (like this!).

Action, on the other hand, leads only to the question "is there a major outcry, and how long will it last?" Most people don't notice unless they can't access the site. Doesn't actually accomplish much, unless outcry can be sustained for a considerable period of time, which would require a lot more than "we're going SSL-only" ... like UK-wide wikipedia blackout. And that hurts more than it helps.

Re:Not really

[Nkwe]

Well, he could act. And then make the press release. To me, that's the better course of action. It would prove he means business.

You're missing the point. Action is undesirable. Threat of action means that people scratch their heads and wonder what it means, what the fallout could be, if their political careers might be impacted.

Also you can only take a given action once. Once you have forced SSL, you don't get to force SSL again. If on the other hand you threaten action and you get what you want, you can threaten action again in the future. Sure it is possible that someone may call your bluff and if you threaten action too many times without following through you will be dismissed as "crying wolf", but you at least get a couple of chances.

Re:

[dyingtolive]

You must be popular with your government.

Re:

[hypergreatthing]

Why? are they going to deport him to Sweden?

Re:

[dyingtolive]

Nah, because he's relying on ad homarus attacks.

(...cause like, he seems a little crabby.)

Re:Shouldn't Jimmy Wales be more concerned

[Anonymous Coward]

Shouldn't Jimmy Wales be more concerned with how he's going to keep scamming users for more money with his stupid "pledge drives"? Seems like Wales is trying to be another boneheaded Assange-like figure and make up wild accusations just to try and get a media spotlight.

You know most of the time I disagree with down-modding people. I prefer to call them out instead, tell them why they're wrong and why their reason is faulty. I think that's more useful for the rest of the readers even if the asshat in question is too stubborn to admit obvious fault. Obvious fault like "it's a voluntary donation, why shouldn't people be free to make a gift when they want to", etc.

But you, sir, are making me reconsider that point of view. There's no reasoning with people like you. You don't like Wikipedia, its administration, or anything about it, that's fine, don't use it. No one is going to force you to access the site. But that's not good enough, no not for you. You can't stand that other people derive value from it and want to see it prosper, and some of those people are willing to back that up by putting their money where their mouth is. You call this a "scam".

Naturally everyone who disagrees with you is "stupid". If I like a beer you don't like then clearly I have substandard taste. If I like a song you don't like then obviously I know nothing about music. If I use an OS you don't use then of course I am a brainwashed fanboy. Yeah, I know how you think. There's lots of people like you. I wish there were other habitable planets our technology could reach, so then the rest of us can leave all of you to your own devices instead of having to partake of the taint you promote on this planet.

Re:

[causality]

AC, I wish I knew who you were so I could praise you properly. Instead, I can just say, "Fuck Yes."

I ended up using my mod points elsewhere, so I'm willing to identify myself.

That was me. I was actually wondering if the writing style was going to be a give-away, or perhaps the fact that the mentality he showed is the kind of thing I often speak against.

The unfortunate fact is that it's very important to many people to have some reason to look down their nose at another person and judge them as inferior in some way. This particularly happens to people who are noble and display virtue, or to people

Self-signed, published in British papers

[davidwr]

Bonus points if the Foundation publishes a picture of WikiMedia Foundation officers holding up a clearly-legible copy of the certificate along with yesterday's copy of The Times in every major British newspaper.

That way people can verify for themselves that the self-signed certificate is legit.

Well, they can if they have faith that Photoshop, er, I mean an open-source photo-manipulation program wasn't involved.