Forward Secrecy Brings Better Long-Term Privacy to Wikipedia
Wikipedia readers and editors can now enjoy a higher level of long-term privacy, thanks to the Wikimedia Foundation's rollout last week of forward secrecy on its encrypted connections. Forward secrecy is an important Web privacy protection; we've been tracking its implementation across many popular sites with our Encrypt the Web Report. And though it may sound like an obscure technical switch, the impact is dramatic: forward secrecy ensures that every new connection uses unique and ephemeral key information, so traffic intercepted once can't later be decrypted if the private key gets compromised.
That kind of compromise can happen at the hands of law enforcement who demand a copy of a server's private key, or who compromise servers to get a copy without asking. It could also be exposed by a bug in the encryption software, as we saw earlier this year in the case of the widely discussed Heartbleed bug. Forward secrecy provides stronger protection against all of these possibilities, limiting exposure to the traffic collected after the key compromise and before a new key is in place.
As always, the privacy offered by this update is not absolute. One major caveat is that it only applies to connections that are encrypted with HTTPS in the first place, and currently that's not the case for many users. Wikipedia only offers a default of encryption to users that are actually logged in to the site, which likely excludes most non-editors. To take advantage of the enhanced privacy protection, users can log in—or even better, install our HTTPS Everywhere browser extension for Firefox, Firefox for Android, Chrome, or Opera to automatically rewrite browser requests to Wikipedia whether or not you are logged in.
Another limitation is that encrypted pages can still be subjected to traffic analysis. A sufficiently large and active adversary could keep a record of the file size of each article and request, for example, and could make inferences about intercepted traffic based on that information. In the future, that sort of attack could be mitigated by “padding” files in transit—adding some filler data so they cannot be identified by their size. But even in the short term, there are definite advantages to raising the sophistication and expense needed to mount an attack.
The case for long-term privacy is easy to understand where a site contains private communications, but it's just as important for sites like Wikipedia or news sites that mostly present public information. That's because HTTPS protects not just the contents of each page, but also data about which specific pages a user visits. Without HTTPS, your browsing history through Wikipedia could be exposed to an eavesdropper that is on the same network, has access to your Internet service provider, or is widely scooping up traffic. With HTTPS and forward secrecy, that history is much more difficult to access.
Giving Wikipedia readers an enhanced level of privacy is undoubtedly a good thing for fostering intellectual freedom, and allows users to explore issues they might otherwise shy away from. It's heartening to see the Wikimedia Foundation take this next step on its encryption roadmap, then, especially in light of the mounting disclosures about government surveillance.
With this update, Wikipedia joins the growing ranks of high profile sites enabling this important Web privacy feature. Google was the first major site to do so all the way back in 2011. As we've tracked forward secrecy on our Encrypt the Web Report, we've seen adoption by many more major sites, such as Dropbox, Facebook, Twitter, Wordpress, and recently Microsoft's OneDrive and Outlook services.