People living under censorious regimes can use it to surf Wikipedia.
Image: Flickr/Jay Clark
In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet’s free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous.
For example, Wikipedia is still blocked in Turkey after the government restricted access to the site during a crackdown on dissident elements after a failed coup. Syrian-Palestinian digital activist and Wikipedia editor Bassel Khartabil is believed to have been executed by the Syrian government. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn’t involved.
The service is accessible through the Tor browser, which routes your connection through several “hops” around the world to hide your location from anybody trying to track you. Accessing Wikipedia over Tor is already encrypted end-to-end, since the site defaults to HTTPS encryption when a user visits the home page. But an Onion service adds another layer of protection by disallowing a malicious exit node operator (someone who runs the computer that serves as the connection's final hop onto the clear web) from intercepting a user's connection and possibly sending them to a phony version of Wikipedia that they control.
“Onion sites are considered to be about ‘anonymity’, but really they offer two more features: Discretion (e.g.: your employer or ISP cannot see what you are browsing, not even what site) and trust (if you access facebookcorewwwi.onion you are definitely connected to Facebook, because of the nature of Onion addressing),” Muffett wrote me in an email.
“The code is free and libre,” he added. “I am doing it because it's worth doing.”
While at Facebook, Muffett launched the company’s onion service in 2014, and this year The New York Times started their own onion service using Muffett’s open-source tool for creating such sites, called the Enterprise Onion Toolkit (EOTK). So, he knows what he’s doing. But the Wikipedia service is definitely an unofficial experiment, so it’s a bit janky. The service uses self-signed certificates that may trigger a security warning in Tor, so you have to manually white-list the addresses, which takes a couple minutes.
“I'd like to demonstrate the experience to people, so it's no longer something abstract,” Muffett wrote me. “I'd be delighted if Wikimedia use this, or even roll their own solution; the important thing from my perspective is to demonstrate the concept, and my open-source EOTK tool makes it nearly free to provide such a proof of concept.”
Moreover, the Wikipedia onion service is read-only, since Wikipedia blocks editing the site over Tor allegedly to deal with trolls. Making the service more usable will thus require Wikipedia itself to play ball.
An onion service for Wikipedia has been a point of discussion in the Wikipedia community for a while, but Muffett seems to be the first person to actually create one. He pledged on Twitter to “keep it running for a few days,” but with enough community support one could see Wikipedia on Tor becoming permanent.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .
CORRECTION: An earlier version of this story stated that an Onion service for Tor would reduce the possibility for surveillance by an exit node. While an Onion service does offer protections against attacks by malicious exit nodes, Wikipedia is HTTPS encrypted by default, making surveillance a low-risk possibility already. Motherboard has changed the wording of this article to reflect these facts, and we apologize for the error.