Page semi-protected

User:Bender the Bot

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

HTTP → HTTPS

The purpose of this bot is to convert existing external links on Wikipedia, where ever possible, from HTTP to HTTP Secure (HTTPS), i.e. from an unencrypted to an encrypted transport protocol. There are three reasons for using HTTPS: (i) data is sealed from eavesdropping on the internet cable (privacy) which also prevents censorship, (ii) data cannot be manipulated (integrity), and (iii) data came from the correct source (authentication). Rather than further elaborating (but have a look here), here are some news reports emphasizing the importance of each point.

  • Privacy (prevents eavesdropping and censorship)
"How the German Foreign Intelligence Agency BND tapped the Internet Exchange Point DE-CIX in Frankfurt, since 2009". Netzpolitik.org. March 31, 2015.
"Russia Is Banning the Internet Archive and Blaming It On Terrorism". Gizmodo. June 25, 2015.
"Chinese censors have blocked 50 websites for "spreading rumors" about the Tianjin explosions". Quartz. August 17, 2015.
"'Snooper's charter' bill becomes law, extending UK state surveillance". The Guardian. November 29, 2016. The new surveillance law requires web and phone companies to store everyone’s web browsing histories for 12 months [...]
"How ISPs can sell your Web history—and how to stop them". Ars Technica. March 24, 2017. As we discussed earlier, your ISP can't see what you do on an HTTPS-enabled website. For example, the ISP knows when you visit https://arstechnica.com, but it doesn't see which articles you're reading.
"Analyzing Accessibility of Wikipedia Projects Around the World". Berkman Klein Center for Internet & Society. May 25, 2017. In fact, our study finds there was less censorship in June 2016 than before Wikipedia’s transition to HTTPS-only content delivery in June 2015. [...] This finding suggests that the shift to HTTPS has been a good one in terms of ensuring accessibility to knowledge.
  • Integrity (prevents data manipulation)
"How a banner ad for H&R Block appeared on apple.com—without Apple's OK". Ars Technica. April 7, 2013.
"Verizon's 'Perma-Cookie' Is a Privacy-Killing Machine". Wired. October 27, 2014.
"AT&T Wi-Fi hotspot reportedly stuffs extra ads into Web pages". PC World. August 25, 2015.
"Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks". Ars Technica. August 15, 2016. The tl;dr is for Android users to ensure they are encrypting their communications by using VPNs, [or] ensuring the sites they go to are encrypted [...]
"Bad Traffic: Sandvine's PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?". Citizen Lab. March 9, 2018. The findings of this report also illustrate the urgent need for ubiquitous adoption of HTTPS by website developers.
  • Authentication (prevents phishing and man-in-the-middle attacks)
"Why Public WiFi Hotspots Are Trouble Spots for Users". AOL.com. March 10, 2013.

Tasks