Medium’s Sitewide Encryption Confronts Censorship in Malaysia

Blogging platform Medium is now blocked in Malaysia, apparently in an effort to censor an investigative news outlet critical of the government. The Sarawak Report has mirrored its articles on Medium at least since its own site was blocked in mid-2015, when it published allegations of corruption.

Medium’s legal team has done an admirable job keeping the relevant post online in the face of government demands. It’s published an account saying the company "stand[s] by investigative journalists" and that the post will stay up until it "receive[s] an order from a court of competent jurisdiction." But this story also demonstrates the censorship-resistant properties of online encryption like HTTPS, which Medium has enabled across its entire site.

That’s because HTTPS conceals information both about what particular page readers are viewing, as well as the contents of that page, from people snooping on their connection. That’s important, because unencrypted connections can face a wide range of eavesdroppers, all the way from other people sitting in the same coffee shop, to members of the same household, to employers providing a computer at work, to Internet service providers, to governments—anybody who can insert themselves between you and the website you’re trying to visit.

With an encrypted connection, those eavesdroppers get only the domain of the site—in this case, medium.com—not which particular blogger or article you’re reading. That makes for more privacy, in that particular reading habits are not as easily surveilled and analyzed.

Of course, the eavesdroppers also can’t read the contents of the pages. In the case of news sites, like the Sarawak Report, that might seem like a moot point. After all, unlike private messages, the contents of the articles are visible for anyone who looks through the site. But taken together, these two properties mean that the government can’t analyze individual pages in transit for keywords to trigger blocks.

As a result, governments seeking to block individual pages are forced to make much more conspicuous and disruptive moves against entire domains. On numerous occasions, we’ve seen those governments back away from wholesale censorship where granular censorship was not an option—in China, it was GitHub; in Iran, it was Google Reader (serving as a proxy for general news sites); and last summer in Russia, it was Wikipedia.

So it’s important that sites turn on HTTPS by default. And some—though still far too few—have begun to do so. The Washington Post has started across some sections of its site. The New York Times made an impassioned call for news outlets to implement it by the end of 2015, but still hasn’t made the transition. Sites like Techdirt, The Intercept, and EFF’s own Deeplinks have long been HTTPS-only. The Freedom of the Press Foundation, which helps develop and fund tools to protect press freedom and reader privacy, has encouraged more news sites to follow suit.

Medium and the Sarawak Report have made a good choice in using infrastructure that is harder for would-be censors to subvert. For people affected by this local block, we recommend reading up on tools like Tor, which can be used to circumvent censorship and anonymize your traffic.

Share this: Share on Twitter Share on Facebook Share on Google+ Share on Diaspora Join EFF

via Deeplinks http://bit.ly/1nE6tBj

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s