User talk

Since when?::Bender235


Bender::nowiki    Https::https    Bender::style    Links::october    Google::august    MSJapan::archive

Since when? Since when do we do http to https link changing? MSJapan (talk) 09:13, 14 August 2015 (UTC)

Since there's no grand agreement on things I can't say what “we” do, but I certainly found it useful. A lot of websites that Wikipedia articles rely on as sources offer HTTPS without any downsides, so it seemed only plausible to me to do this. A lot of users thanked me so far and apparently agreed. In general, using HTTPS is not sufficient, but certainly a necessary step to ensure readers' privacy. HTTPS prevents entities to scan traffic at internet hubs. --bender235 (talk) 09:20, 14 August 2015 (UTC)
Should've read your talk page. This seems to be related to an earlier discussion, and seems to be your personal judgment. This needs wider discussion. MSJapan (talk) 09:14, 14 August 2015 (UTC)
@MSJapan: Wider discussion? How about WP:VPP? Wikipedia and all its Wikimedia sister projects already moved to HTTPS permanently. For what reason should external links not? --bender235 (talk) 09:26, 14 August 2015 (UTC)
That VPP discussion closed no consensus due to technical issues (as clearly stated), and WMF does not decide what services external servers should run. That's why not. MSJapan (talk) 09:32, 14 August 2015 (UTC)
MSJapan FYI... The VPP you mention is moot. It was closed as something the Mediawiki people should decide. They decided and Wikipedia is now https only. The only reason not to move to https is where countries (ie China & Russia) are blocking websites. https makes it harder to go around the blocks. Reasons not to switch, such as https is slower, are no longer the case. https is now faster. Another FYI... the new HTTP/2 protocol technically handles both http and https, but the browser companies are only going to support https. Note, I have no position on what Bender is doing. Bgwhite (talk)
@Bgwhite: fyi, it is this edit we're talking about.
  • Bender... I don't think what you are doing is wrong... but you are going about it in the wrong way. Making mass changes to lots of articles in a short period of time is almost seen as disruptive (it is seen as crusading, and people react negatively to any form of crusading). You need to go slower... remember that most editors don't know about the WMF decision to favor https, or why they favor it. They will instinctively react negatively to mass changes (especially to changes to citations). This reaction may be a "knee-jerk" reaction, but it is a natural, instinctive reaction never the less. You need to anticipate this reaction, and take the time to educate other editors as to why you are making the changes you wish to make. I realize that you left edit summaries explaining what you were doing, but a simple edit summary is often not enough.
What I would suggest is that you craft a short paragraph, outlining the situation with http and https... something you can cut and paste onto the talk pages of articles. Post this paragraph, wait a day or two... then return and (if there are no objections) update the links to https. If there are objections, take the time to respond to them. At a minimum, this will let others know that you are acting in good faith. Blueboar (talk) 14:20, 14 August 2015 (UTC)
I see your point, but do you honestly believe this is practical given almost five million articles on Wikipedia? Am I supposed to post on five million talk pages about this issue? It doesn't seem practical to me.
In my opinion, this subtle URL switch from HTTP to HTTPS for (some!) websites is no different from other low-level copy-editing types of changes that I have made for years. For instance, I replaced some words---some words with some words—some words, or 4x winner with 4× winner on thousands of articles without anyone complaining. The HTTPS switch is of the same kind, only that it is less esthetic and more practical. It harms no one. Honestly I have no clue why anyone would oppose this other than pure “nobody's touching my article without asking me” kind of knee-jerk reactions. --bender235 (talk) 15:51, 14 August 2015 (UTC)
Bender, if the VPP was moot, you should not have cited it as support for your position. You have been questioned by at least three different editors on this talk page and have yet to give an answer that boils down to anything other than "because I want to." The fact that WMF is https does not force external sites to do so. I went back to VPP, and if a site does not use https, the reference breaks, period. Therefore, there appears to be no pressing reasons to change external citations, especially when you have no idea if those sites are running https services. So do you want to "protect users' privacy" or only make them think their privacy is secure? The sites that are being visited still use cookies, https or no. So I don't see a pressing need or an appropriate rationale for mass editing like this. MSJapan (talk) 17:08, 14 August 2015 (UTC)
Thanks for the elaborate answer, and giving me the chance to clear some obvious misunderstandings. The point "if a site does not use https, the reference breaks" is, of course, true. That's why I do not convert each and every link, but only those who offer and encourage the use of HTTPS. One example is the Internet Archive, who reached out to the New York Times for their announcement of switching to HTTPS. I repeat, they encourage readers to use their HTTPS service for sake of their own privacy. Same goes for Google who, being a tech-savvy corporation, have been early to the game and both enabled and encouraged the use of HTTPS for their services since 2009. Google Books, Google News, and of course are among the most linked-to references on Wikipedia. Both encourage HTTPS use. And if I change those links from HTTP to HTTPS, no reference will break. None.
As for "why is this important since there are cookies and all...": a HTTPS connection to Google or Internet Archive obviously does not protect your privacy from Google or Internet Archive. But from everybody else. Who could that be? Well, the list of adversaries is long. And I'm not tin-foiling about government agencies here, although that is a practical concern for everyone currently not in a western democracy. Instead I am talking about any entity that could manipulate plain HTTP traffic between you and a Google or IA server. People that slide-in malware or worse into your traffic if it is unencrypted. I don't want to expand this to a 101 lecture on internet security, but I hope I could clear some misconceptions. To summarize, the reason to read Google Books or Internet Archive via HTTPS is no different from the one for Wikipedia: "to ensure the security and integrity of data you transmit." --bender235 (talk) 18:05, 14 August 2015 (UTC)
Well, HTTPS isn't perfect either. Also, I'm not going to dig everything out, but there are problematic edits. I will point out this, where you've changed not only HTTP to HTTPS, but also changed a template. So you're doing more than just conversion, and not disclosing that - fact to cn is totally different. You also tagged a 1068 byte removal as a "minor edit", as well as a 658 byte change, both of which appear in contribs in the dark red "major change" category. Lastly, why are we at Wikipedia beholden to an external site's policy? MSJapan (talk) 18:40, 14 August 2015 (UTC)
MSJapan I don't see how a template changed from the diff you gave. Everything stayed the same except for the https change. The two "minor edits" you gave were indeed minor (depending on one's view of the https change). How many bytes were changed isn't the definition of minor. Combining refs into one named ref or cleaning the cruft from a Google link are minor. Bgwhite (talk) 22:41, 14 August 2015 (UTC)
Once again sorry to correct your misunderstandings. FREAK is an attack on a particular low-security export-graded level of encryption that is deprecated for decades. The disclosure of the attack led to many fixes in SSL/TLS software. As for the "problematic edits": this changes a template to its original name (AWB auto feature), and this removes a reference duplicate by adding a name tag. Both are perfectly inline with Wikipedia guidelines and policies. I'm unsure where this discussion is going. I get the sense that your opposition is unreasonable, hence a "knee-jerk" move. --bender235 (talk) 20:40, 14 August 2015 (UTC)
In the end, majority of links will go the https route. Things will really start rolling when HTTP/2 gets installed on web sites. It might be better to wait until this happens. Say when Google finally goes https for unlogged in users, then change the links and use a bot to do it. Would save time and grief. Bgwhite (talk) 22:41, 14 August 2015 (UTC)
Yes, HTTP/2 will be a game changer, but I don't see it widely deployed until the 2020s. --bender235 (talk) 05:54, 16 August 2015 (UTC)
@MSJapan and Bgwhite: here's a wider discussion. Please weigh in. Also, now there's an RfC ongoing. --bender235 (talk) 19:26, 10 September 2015 (UTC)

User talk:Bender235 sections
Intro   Sacagawea statue   https   Google books    AWB    Alan Sharp    https for   Disambiguation link notification for July 27   Since when?    Reference errors on 14 August    Template:Marriage    Proposed deletion of Mohammed Aman (disambiguation)    September 2015   Disambiguation link notification for September 8   Just wanted to say thanks   Laabs   A cupcake for you!   Disambiguation link notification for October 3   Thanks, correction, a request    I have a question    Bad link / HTTPS / PRURL    References   Incomplete DYK nomination   http/https    October 2015   

Since when?
PREVIOUS: IntroNEXT: Sacagawea statue