Login
Login

:User:Bender the Bot

{{pp-vandalism|small=yes}}

{{bot|bender235|site=en|status=active|awb=yes}}

{{EBS}}

HTTP → HTTPS

The purpose of this bot is to convert existing external links on Wikipedia, wherever possible, from HTTP to HTTP Secure (HTTPS), i.e. from an unencrypted to an encrypted transport protocol. There are three reasons for using HTTPS: (i) data is sealed from eavesdropping on the internet cable (privacy) which also prevents censorship, (ii) data cannot be manipulated (integrity), and (iii) data came from the correct source (authentication). Rather than further elaborating (but [https://scotthelme.co.uk/still-think-you-dont-need-https/ have a look here]), here are some news reports emphasizing the importance of each point.

  • Privacy (prevents eavesdropping and censorship)

:{{cite news |title=How ISPs can sell your Web history—and how to stop them |work=Ars Technica |date=March 24, 2017 |url=https://arstechnica.com/information-technology/2017/03/how-isps-can-sell-your-web-history-and-how-to-stop-them/ |quote=As we discussed earlier, your ISP can't see what you do on an HTTPS-enabled website. For example, the ISP knows when you visit https://arstechnica.com, but it doesn't see which articles you're reading. }}

:{{cite news |title=Analyzing Accessibility of Wikipedia Projects Around the World |work=Berkman Klein Center for Internet & Society |date=May 25, 2017 |url=https://cyber.harvard.edu/publications/2017/04/WikipediaCensorship |quote=In fact, our study finds there was less censorship in June 2016 than before Wikipedia’s transition to HTTPS-only content delivery in June 2015. [...] This finding suggests that the shift to HTTPS has been a good one in terms of ensuring accessibility to knowledge. }}

  • Integrity (prevents data manipulation)

:{{cite web |title=Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks |work=Ars Technica |date=August 15, 2016 |url=https://arstechnica.com/security/2016/08/linux-bug-leaves-1-4-billion-android-users-vulnerable-to-hijacking-attacks/ |quote=The tl;dr is for Android users to ensure they are encrypting their communications by using VPNs, [or] ensuring the sites they go to are encrypted [...] }}

:{{cite news |title=Bad Traffic: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads? |work=Citizen Lab |date=March 9, 2018 |url=https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ |quote=The findings of this report also illustrate the urgent need for ubiquitous adoption of HTTPS by website developers. }}

  • Authentication (prevents phishing and man-in-the-middle attacks)

:{{cite web |title=Why Public WiFi Hotspots Are Trouble Spots for Users |date=March 10, 2013 |work=AOL.com |url=https://blog.productcentral.aol.com/2013/03/10/public-wifi-hotspot-security/ }}

= Tasks =