Wikipedia to go all HTTPS, all the time
Freedom and security need MOAR SERVERS, says Wikimedia Foundation
The Wikimedia Foundation has decided the time is right to implement HTTPS on all its projects, for all users, all the time.
It's been possible to access the Foundation's works – notably Wikipedia – with HTTPs for a while if you're willing to jump through some hoops. The Foundation's now decided to go all-HTTPs, all the time, was made because the Foundation says “Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push for more broad protection through HTTPS.”
“We believe encryption makes the web stronger for everyone,” the Foundation's post says. “In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications. Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now.”
“We encourage others to join us as we move forward with this commitment.”
The post announcing the change says that the Foundation needs to do rather more than flick a switch to make the move.
“Our first steps involved improving our infrastructure and code base so we could support HTTPS. We also significantly expanded and updated our server hardware,” the Foundation writes. “Since we don’t employ third party content delivery systems, we had to manage this process for our entire infrastructure stack in-house.”
There's also been work to ensure that the small overhead encryption imposes doesn't make using Wikipedia even less fun.
The Foundation says it's been working on this for a while, but has now reached the final push and expects that HTTPs will be on by default in about three weeks. ®