WavebreakmediaMicro - Fotolia

Wikimedia to encrypt all connections by default

The Wikimedia Foundation calls on all sites to join its move to encrypt all connections by default

The Wikimedia Foundation has announced that it is to encrypt all connections to Wikipedia and its other sites using HTTPS to protect users’ privacy.

The move is in line with a growing number of sites responding to user demand for greater privacy, including Twitter, Google and Facebook.

“To be truly free, access to knowledge must be secure and uncensored,” the Wikimedia Foundation said in a blog post.

The organisation said it will also use HTTP Strict Transport Security (HSTS) to protect against efforts to “break” HTTPS and intercept traffic.

The Wikimedia Foundation said encryption makes it more difficult for governments and other third parties to monitor traffic and for internet service providers (ISPs) to censor access to information.

According to the organisation, it has been working on establishing the infrastructure and understanding the policy and community implications of HTTPS for all users since 2011.

This work has involved reducing the effect of HTTPS on the user experience by testing site performance when accessed from various locations using a range of devices.

The organisation said Wikimedia users have been able to access sites with HTTPS manually, through HTTPS Everywhere, since 2011, while logged in users have been accessing sites via HTTPS since 2013.

“Over the past few years, increasing concerns about government surveillance prompted members of the Wikimedia community to push for more broad protection through HTTPS. We agreed, and made this transition a priority for our policy and engineering teams,” the Wikimedia Foundation said.

Read more about encryption

“We believe encryption makes the web stronger for everyone. In a world where mass surveillance has become a serious threat to intellectual freedom, secure connections are essential for protecting users around the world.”

Without encryption, the Wikimedia Foundation said governments can more easily surveil sensitive information, deterring participation, or in extreme cases they can isolate or discipline citizens. Accounts may also be hijacked, pages may be censored, other security flaws could expose sensitive user information and communications.

“Because of these circumstances, we believe that the time for HTTPS for all Wikimedia traffic is now. We encourage others to join us as we move forward with this commitment,” the foundation said. The transition to HTTPS by default is expected to be completed in a couple of weeks.

Read more on Privacy and data protection