[HTTPS-Everywhere] Wikipedia is NOT SSL
Martin Zimmermann
m.zimmermann at uni-jena.de
Mon Aug 22 03:59:50 PDT 2011
Hi there,
redirecting to secure.wikimedia.org solves not the problem. You have to encrypt _every_ traffic, that means upload.wikipedia.org should be upload.wikimedia.org on Port 443, too. In addition, wikipedia/wikimedia has a user tracking feature on geoiplookup.wikimedia.org and bits.wikimedia.org, both unecrypted. That makes secure.wikimedia.org really senseless (as you may notice, when browsing via Firefox/Chrome/Safari -> warning, not everything is encrypted).
Kind regards.
More information about the HTTPS-everywhere
mailing list