Wikipedia deploys HTTPS by default

Searches in Wikipedia will now be more secure from surveillance following the implementation this month of HTTPS to encrypt all Wikimedia traffic. It will also use HTTP Strict Transport Security (HSTS) to protect against efforts to break HTTPS and intercept traffic – as used by SSL attacks such as Freak which downgrade the level of encryption employed.

A blog by Wikimedia Foundation senior legal counsels Yana Wlinder and Victoria Baranetsky and operations engineer Brandon Black, explains: “Over the last few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams..... The HTTPS protocol creates an encrypted connection between your computer and Wikimedia sites to ensure the security and integrity of data you transmit. Encryption makes it more difficult for governments and other third parties to monitor your traffic. It also makes it harder for Internet Service Providers (ISPs) to censor access to specific Wikipedia articles and other information.”

HTTPS could previously be used manually to access Wikimedia sites via HTTPS Everywhere and via search engines or if logged in to Wikipedia.

The transition entailed improving infrastructure and code base to support HTTPS as well as significantly expanding and updating server hardware. Wikipedia's blog also reports that HTTPS may also have performance implications for users, particularly users accessing Wikimedia sites from countries or networks with low bandwidth or poor connections. As a result some commentators on the site have been asking for the option of opting out of HTTPS.

Sign up to our newsletters