Wikipedia to Switch on HTTPS to Counter Surveillance Threat

The Wikimedia Foundation has announced it is switching over to HTTPS to encrypt all traffic to all of its websites, in a bid to undermine government censorship and surveillance efforts.

The organization, which most famously runs Wikipedia, said in a blog post that the move would ensure that the 500 million global users who visit its sites each month are able “to share in the world’s knowledge more securely.”

HTTPS ensures that data travelling between a web site and browser is encrypted, making it harder for governments to monitor traffic and for ISPs to censor specific content.

The post continued:

“We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world. Without encryption, governments can more easily surveil sensitive information, creating a chilling effect, and deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications.”

The Foundation said it has been working on migrating to HTTPS for the past four years, but previously users wishing for a more secure browsing experience had to either access HTTPS Everywhere, visit from a major search engine, or be logged in.

The transition has been slow as Wikimedia manages all of its own infrastructure in-house. This means it has had to spend a great deal of time on things like improving its code base to optimize the user experience no matter where individuals are located.

“HTTPS may also have performance implications for users, particularly our many users accessing Wikimedia sites from countries or networks with poor technical infrastructure,” the post continued.

“We’ve been carefully calibrating our HTTPS configuration to minimize negative impacts related to latency, page load times, and user experience. This was an iterative process that relied on industry standards, a large amount of testing, and our own experience running the Wikimedia sites.”

The organization said it will also be implementing HTTP Strict Transport Security (HSTS) to guard against attempts by third parties to crack HTTPS and intercept traffic.

What’s Hot on Infosecurity Magazine?