Wikimedia Foundation says it doesn't hold Chinese readers in any less regard - we disagree

Matthew Roth, Spokesperson for the Wikimedia Foundation, responds to our recent Wikipedia drops the ball on China - not too late to make amends article:

The Wikimedia Foundation doesn’t hold any readers of our projects in any less regard than others. Our mission is to bring the knowledge contained in the Wikimedia projects to everyone on the planet. There is no strategic consideration around how we can make one or another language project more accessible or readable in one part of the world or another. We do not have control over how a national government operates its censorship system. We also do not work with any national censorship system to limit access to project knowledge in any way.

It is worth noting the Greatfire blog post makes some incorrect assumptions about Wikimedia culture - including incorrect titling of some Wikimedia Foundation staff (e.g. Sue Gardner is the Executive Director of the Wikimedia Foundation, the non-profit that operates Wikipedia -- Wikipedia is written by tens of thousands of volunteers and has no director and no explicit hierarchy). There is also an incorrect assertion that Jimmy Wales has a direct role in working with our staff in making changes to core infrastructure. Of course Jimmy plays a role in the conversation as a member of the Wikimedia Foundation Board of Trustees, but he is participating in the conversation along with anyone else from the volunteer editor community.

On the larger topic, the implementation of HTTPS by default across all Wikimedia sites for all readers and users is non-trivial, and a conversation is ongoing within the Wikimedia Foundation and within the community about how we might make this possible. We do have plans to eventually enable HTTPS as the default, but it's difficult and we're taking steps toward this goal over time.

Our first step is to force HTTPS for logged-in users. The next step will be to expand our SSL cluster and to do some testing on a wiki-by-wiki basis with anonymous HTTPS. At some point later we'll attempt to enable HTTPS for anonymous users on all projects. Then we'll look at enabling HSTS, so that browsers know they should always use HTTPS to access our sites.

We've only had proper native HTTPS for about a year and a half. We attempted to force HTTPS by default for logged-in users last month and rolled it back. We'll be attempting this again soon. So, it's something we're actively working on. We've also hard-enabled HTTPS on all of our private wikis and have soft-enabled HTTPS on a single wiki (Uzbek Wikipedia), when it was requested by the volunteer editor community there.

Response from GreatFire.org

We’re delighted that Wikipedia have reached out to us on this issue and we welcome a chance to engage them on what we feel is a very important topic not just in regards to censorship in China but also in regards to censorship in other countries. We will address each of Matthew’s responses paragraph by paragraph below.

The Wikimedia Foundation doesn’t hold any readers of our projects in any less regard than others. Our mission is to bring the knowledge contained in the Wikimedia projects to everyone on the planet. There is no strategic consideration around how we can make one or another language project more accessible or readable in one part of the world or another. We do not have control over how a national government operates its censorship system. We also do not work with any national censorship system to limit access to project knowledge in any way.

Jimmy Wales, co-founder of Wikipedia, has been quoted threatening HTTPS-only in the UK which shows they he does think about countries separately - just not when it comes to China. In this story, from last year, Wales says:  

"If we find that UK ISPs are mandated to keep track of every single web page that you read at Wikipedia, I am almost certain we would immediately move to a default of encrypting all communication to the UK, so that the local ISP would only be able to see that you are speaking to Wikipedia, not what you are reading. That kind of response for us to do is not difficult. We don’t do it today because there doesn’t seem to be a dramatic need for it or any dramatic threat to our customers, but it’s something that I think we would do, absolutely."

Wales added:

"It’s more like something I would expect from the Iranians or the Chinese, frankly."

But both China and Iran have been doing this for a long time and Wales and the staff involved with Wikipedia are well aware of this. In Wales’ opinion, what’s the difference between publicly attacking the UK and attacking China? Or is it because Wales sees the UK as a ‘civilized democracy’ and he therefore feels that he needs to speak out? Wales also had no problem closing Wikipedia down for a day in the US to protest SOPA. Regardless of his rationale, Wales and Wikipedia have applied two standards to this discussion and do in fact hold Chinese readers in less regard.

We would also argue that by not providing a default HTTPS connection in China, Wikipedia is consciously limiting access to project knowledge because they know that many Chinese language articles are blocked by the censorship authorities.

Furthermore, not having any country-specific strategy, especially for China, is a rookie mistake. You need only speak to your peers in the US about how important it is to treat China separately - your letter does not even address Wikipedia’s history in China. If Wikipedia considered China separately, it could make a big difference in the Middle Kingdom. We reiterate: please consider making an exception to your policy and make HTTPS the default for users from China.

It is worth noting the Greatfire blog post makes some incorrect assumptions about Wikimedia culture - including incorrect titling of some Wikimedia Foundation staff (e.g. Sue Gardner is the Executive Director of the Wikimedia Foundation, the non-profit that operates Wikipedia -- Wikipedia is written by tens of thousands of volunteers and has no director and no explicit hierarchy). There is also an incorrect assertion that Jimmy Wales has a direct role in working with our staff in making changes to core infrastructure. Of course Jimmy plays a role in the conversation as a member of the Wikimedia Foundation Board of Trustees, but he is participating in the conversation along with anyone else from the volunteer editor community.

We apologise for the incorrect title for Sue Gardner and we have made a note on the original article to acknowledge this error. While we recognise that Jimmy Wales may not play a part in the day-to-day operations of Wikipedia, he does maintain a very public profile as the founder and voice of Wikipedia. His profile is also larger than any single volunteer editor on Wikipedia. Presumably when Wales threatens to switch the site to HTTPS-only, he wields some form of influence over the people who operate the ‘core infrastructure’ and/or board directors who would give the go-ahead to make this change.

On the larger topic, the implementation of HTTPS by default across all Wikimedia sites for all readers and users is non-trivial, and a conversation is ongoing within the Wikimedia Foundation and within the community about how we might make this possible. We do have plans to eventually enable HTTPS as the default, but it's difficult and we're taking steps toward this goal over time.

Why wouldn’t Wikimedia make HTTPS default across all Wikimedia sites in countries like China and Iran, where there is known filtering of Wikimedia information? The current traffic from these countries is relatively small and would have a minimal impact on the organisation’s web infrastructure. One way is to enforce HTTPS on the zh.wikipedia.org domain which only accounts for 2.56% of all of Wikipedia’s traffic. An alternative is to enforce HTTPS on all domains for users from China, which accounts for only 1.9% of the total traffic.

Meanwhile, the recent PRISM scandal demonstrates why Wikipedia should enforce HTTPS for users everywhere. Any change to the infrastructure of one of the world's most used websites is bound to be non-trivial. But this needs to be a high priority. Wikipedia users the world over would benefit.

Our first step is to force HTTPS for logged-in users. The next step will be to expand our SSL cluster and to do some testing on a wiki-by-wiki basis with anonymous HTTPS. At some point later we'll attempt to enable HTTPS for anonymous users on all projects. Then we'll look at enabling HSTS, so that browsers know they should always use HTTPS to access our sites.

We've only had proper native HTTPS for about a year and a half. We attempted to force HTTPS by default for logged-in users last month and rolled it back. We'll be attempting this again soon. So, it's something we're actively working on. We've also hard-enabled HTTPS on all of our private wikis and have soft-enabled HTTPS on a single wiki (Uzbek Wikipedia), when it was requested by the volunteer editor community there.

This approach is just not good enough given the situation in China. China may have blocked access to the HTTPS version of Wikipedia because of the actions the organisation took to force HTTPS by default for logged in users. This is how the censorship authorities in China are able to manage information control effectively. Each time an organisation takes a baby step to make information more free, they allow the censors adequate time to step in and make a counter move. Wikimedia employees, Wikipedia editors, Jimmy Wales and the other powers-to-be in the combined organisations should know that you cannot treat China with kid gloves. If change is going to happen in China, it must be quick and forceful, not ‘soon and gradual’. If the organisation truly wants to fulfill its mission, it should not alienate half a billion netizens.

Enforcing HTTPS for logged-in users misses the point. Very few Wikipedia readers ever log in. Very few manually type in https:// in the address bar. The point that we are making is that Wikipedia should enforce HTTPS for all users in China. Doing so would disable the possibility for the censors to selectively block content. It would allow half a billion Internet users to access a completely uncensored encyclopedia for the first time.

It’s ironic that commercial companies like Google and Github are able to provide HTTPS-only services to Chinese users that cannot be controlled by the censors, while Wikipedia, which is a non-profit organization relying on donations from good-willed people, cannot. The technology is there. Other service providers are doing it already. The cost would be marginal. Not taking this opportunity to make a real difference in the world’s biggest country is simply irresponsible. We urge Wikipedia to take our call very seriously and to move quickly towards a free Internet for all - not just in the West.

Wikipedia may be hesitating to switch to HTTPS-only because they fear they could be blocked completely in China. The fact that the censors have not fully blocked Gmail and Github, which have already switched to this HTTPS-only approach, speaks against this. On the other hand, the fact that Wikipedia has been fully blocked in the past shows that it’s a possibility. We argue that even if Wikipedia is blocked, that is better than the current, censored version. The reason that Wikipedia is better than, for example, Baidu Baike is that it’s not censored. By allowing the authorities to selectively censor articles, that whole argument is lost. Wikipedia should take a bold step clearly showing that they do not accept any level of censorship.