Topic on Project:Support desk

Does anyone know why MediaWiki puts little padlock icons next to HTTPS links e.g: https://twitter.com/harry_wood

I'm sure the answer is "security" but why? what's this actually guarding against? It used to be a rare thing, but more and more websites these days are switching to be entirely HTTPS (e.g. twitter) It doesn't seem like a particularly significant thing that the user must be aware of when clicking the link. I know there's a security thing around unexpectedly leaving a secure website, but... I would venture to suggest that this padlock decoration is a bit unnecessary these days.

Also what's this feature called (page about it here somewhere?) and how do I switch it off?

In fact I'd like the reverse: if a wiki is currently accessed by HTTPS, links going to external sites that are NOT secured, should not display the normal blue arros icon, but some icon with some red alert syaing that we will leave the secure area and that the target link is unchecked, possibly loosing the higher privacy and security level we have in Wikimedia when connecting to it with HTTPS.

If the wiki is currently viewed in HTTP, the same blue arrow icon could be used for both HTTP and HTTPS targets.

As well, if users are connecting to the wiki using HTTP, some alert should be shown to them to propose them to use HTTPS instead (this alert could be a notification bar at top, but not displayed multiple times during the same session, and could be permanently dismissed if the user is connected and has saved that preference in their own profile, so that they can continue navigating the wiki privately (and their navigation left private by external third parties is much as possible, notably for readonly sessions)

Google Chrome browser does this.

No. Google Chrome does this AFTER you have connected to the remote site: it's too late for privacy even if you are informed. You may want to have a link filter in your browser that will display a confirmation dialog before moving from HTTPS to HTTP, but this is loosing time for users, and most won't do that. We can inform users long before with a distinctive icon showing that there will be a lower security. That icon would thne be the blue icon with some red or yellow warning sign on top of it, or may be a different blue icon shape.

Note also that some external links may be inserted in MediaWiki iamges as "link=" parameters containing an URL (starting by "http:" or "https:" rather than just a safe wikilink): there's no icon at all displayed in that case, but MediaWiki could have a confirmation dialog for this specific case. The alert icon could also still be used as well for the "plainlinks" class around external links instead of hiding always the blue arrow icon.

Also my proposal here is to educate users to use HTTPS as much as possible. I strongly support the "HTTPS Everywhere" initiative. If we didsplay these alert icons for non HTTPS external sites, their indirect promotion on Wikimedia will be impacted and their users will ask these sites to convert them to HTTPS or they will receive less traffic. If a large majority of the web is converted to HTTPS, it will not block the existence of attacks but at least everyone in the world will have the oppotunity to know with which site they are really interacting, and who to blame in case of problems. There will be also a larger confidence on the web, and simple attacks against HTTP websites will be prevented because their certificate won't match (the major browsers already alert users when an HTTPS site has an invalid certificate and prevent visiting them). The HTTPS certificates can be inspected, we can ask to the PKI provider to do something against a milicious certificate emitters, including if a respectable website has been hacked by some blackhat and its certificates changed by certificates emitted for a third party but for the correct domain that was abused.

HTTPS really helps preventing a lot of frauds (and now there are so many attacks on the web that HTTPS should be a requirement for all serious websites, independantly of the question of pure privacy: HTTPS will not help prevent some privacy abuses by the legitimate website owners, but these abuses cannot be tracked by the protocol when what they do is to send our private data in a background hidden channel to third parties, but at least we know that these sites are directly liable for these background actions).

So in summary I'd like to see alert icons on all HTTP (non HTTPS) external links (or a confimation dialog in MediaWiki when there's no icon with the "plainlinks" class or with "link=" parameters of images and galleries. Let's compagin too for "HTTPS everywhere" !

This has not been resolved. It was open since long, kept voluntarily opened, but nothing has changed since my new comment, related to the fact that there's now no longer any distinction between HTTP and HTTPS. Before there was a distinctive padlock, it has been removed for the standard blue icon for both and in all cases. However this means we equate HTTP and HTTPS in all situations, including when we are currently browsing the wiki in HTTPS and click to an external HTTP (which means reduced security).

The icon may remain the same blue icon when browsing the wiki in HTTP only (HTTP to HTTP does not reduce the security, and there's still no need for the padlock when going from HTTP to HTTPS or from HTTP to HTTPS).

But we must preserve the users' privacy as much as possible **BEFORE** they ever try to click a link to a non-authenticated site (possibly hacked or derouted) that this navigation may be unsafe (users browsing the wiki from HTTP are already unsafe, there's nothing we can do for them that will further reduce their security and privacy).

It is still a major goal of Wikimedia to use HTTPS, and Wikimedia has multiple times reaffirmed its strong supprot for HTTPS, exactly as a preventive measure to help its own users keeping their pricacy when they navigate the wikis via HTTPS (and we have convinced them to do that, not just for logging in, but throughout their navigation on the wiki, but also because it can help prevent some attacks on their visit by various cross site scripting technics or some malwares in their browser plugins: browsers do not correctly isolate plugins that can easily interact with unsecured HTTP sites but have much more troubles doing it when visiting an HTTPS site, where the browser's sandboxing is far more efficient). But HTTPS is definitely protecting them better from monitoring by third parties by some intermediate proxies: their navigation on the wiki remains private (only edits made by them are public, but under only via their wiki account pseudonym, and proxies cannot monitor completely what they have modified or changed in their private user data or preferences and their session cannot be silently injected some spying code inserted by proxies or altered silently).

So yes I'd like to see distinctive icons when navigating wikis with HTTPS, and clicking to an external unsecure site, which may have been hacked, or changed to become malicious, or whose domain expired and was cybersquatted by malwares: this has already happened in Wikimedia wikis, where external unsecured sites where initially safe, but came down or were hacked by unknown black hat parties.

We don't need to alert anyone if all allowed external sites are HTTPS, we can assume that because the external site was already evaluated, its identity was verified and is still liable if something goes wrong and their HTTPS certificate is still valid. There are now too many sites on the web that get hacked massively.

We need some prevention and education of users, informing them preventively BEFORE they follow the link which was evaluated only in some past. We cannot count only on the presence of the padlock in browser's adress bar, because it is already TOOL LATE: privacy has already been breached, and security already compromized (and not everyone will see it, the site may have been hacked for specific ranges of users by attacks on specific routers and we will never be able to detect that if these routers have no public access from elsewhere). That's exactly what HTTPS helps preventing. If we follow any HTTP link from a HTTPS wiki, it's too late for that user, his privacy or security may already have been breached, before the user sees the padlock on their browser bar.

TLDR

TLDR: your uncommented closure was "TOO SHORT TO READ" anything. This required details. My comment is in sync with repeated Wikimedia positions on this issue: Security and privacy is NOT an option in Wikimedia.