Changes between Version 13 and Version 14 of WebInfoPamphlet


Ignore:
Timestamp:
Jun 17, 2008, 9:55:16 AM (13 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WebInfoPamphlet

    v13 v14  
    1 Making Good Internet Decisions
     1[[PageOutline]]
    22
    3 
     3= Making Good Internet Decisions =
    44
    55We all use the Internet and most of us don't know more about than we have to. For most of us, it's a tool and we can use tools without understanding how they work.
    66
    7 But the Internet isn't a "neutral" tool like a hammer or a calculator. It's a mass movement, an arena of very intense political struggle over its present and future and, because it involves more than a billion people, a place for us to work around all struggles, issues and movements we're involved in.
     7But the Internet isn't a neutral tool like a hammer or a calculator. It's a mass movement, an arena of very intense political struggle over its present and future and, because it involves more than a billion people, a place for us to work around all struggles, issues and movements we're involved in.
    88
    99The choices you make about the Internet affect its potential for you and your work. They can either contain your experience and force you into the control of some large corporation or allow you to grow and broaden your experience and the effectiveness of your work.
     
    1111More than that, these choices have an impact on the rest of the Internet and the rest of the progressive movement. Because, as with any issue or struggle, there are responsible choices to make about your Internet work and there are choices that are simply irresponsible.
    1212
    13 To help you think about those choices, we have put together some information about some of theimportant Internet issues and choices we think you should be aware of. We've divided this information into two parts: security and control.
     13To help you think about those choices, we have put together some information about some of the important Internet issues and choices we think you should be aware of. We've divided this information into two parts: security and control.
    1414
    15 
    16 
    17 Security
     15== Security ==
    1816
    1917Every progressive understands the importance of security but, on the Internet, the concept takes on a whole other meaning and very different details. This is because the Internet functions on a public communications system and when something is public the potential for abuse, theft of data and disruption of communications is enhanced. Our movement can't take chances with that kind of abuse.
    2018
    21 Are you able to use encrypted connections?
     19''Are you able to use encrypted connections?''
    2220
    2321Even if your use the Internet is mainly for very public communications, there is always some information that should remain private: a password, members list, payment info, content of a sensitive email. If someone gets access to this information, they can steal your data, wreck your website and even wreck other sites on your server. The security of your connection is a political issue and one that affects everyone else sharing a server with you.
     
    2523Here's what we think you should use:
    2624
    27 For uploading files to your website use SFTP (for Secure FTP). Regular FTP, File Transfer Protocol, is completely insecure and anyone with the right programs can steal all your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option. .They don't really care if your information is stolen. If that's the case with yours, change providers immediately.
     25For uploading files to your website use sftp (for Secure ftp). Regular ftp (File Transfer Protocol), is insecure because it transmits your data (including your password) in plain text over the Internet, allowing anyone with the right network access to read your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option. They don't really care if your information is stolen. If that's the case with yours, change providers immediately.
    2826
    29 For sensitive interactions on your website (like many forms, for example), always use https (or secure layers). This requires a certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol). To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http. If a provider doesn't facilitate https, leave that provider.
     27For sensitive interactions on your website (like pages requesting information, such as password logins), always use a secure connection. With a web browser like Firefox, you can tell a connection is secure because a small padlock is displayed in the bottom right corner. Typically, web addresses that start with https:// instead of http:// operate over a secure connection. This requires getting a digitally signed certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol). To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http. If a provider doesn't facilitate https, leave that provider.
    3028
    31 The same is true for webmail. Since this has become so popular, most providers offer it as a service and for many people it has actually become the primary "client" for email. If you check email on the web and you don't have a secure connection, anybody can see your email with the proper software. All webmail should use https.
     29The same is true for webmail. Since this has become so popular, most providers offer it as a service and for many people it has actually become the primary client for email. If you check email on the web and you don't have a secure connection, anybody can see your email with the proper software. All webmail should use https.
    3230
    33 For email itself, does your provider use starttls so all email data is encrypted from point-to-point with other email providers using starttls?
     31''For email itself, does your provider use starttls so all email data is encrypted from point-to-point with other email providers using starttls?''
    3432
    35 Starttls is not common among commercial providers and it's possible that the provider's rep  you're talking to won't even know what you're talking about. But consciousness of this "security trigger" is as important as anything we've talked about here. Normally your email is sent from your provider's mail server to the recipient provider's mail server in plain text, usually traveling through a half dozen routers controlled by the largest telecommunications providers on the planet, all of whom have the technical capacity to read the message (and, of course, turn it over to any government authority who wants it). On the other hand, if both providers use starttls, your communication will be encrypted from end-to-end.
     33Starttls is not common among commercial providers and it's possible that the provider's representative  you're talking to won't even know what you're talking about. But consciousness of this security feature is as important as anything we've talked about here. Normally your email is sent from your provider's mail server to the recipient provider's mail server in plain text, usually traveling through a half dozen routers controlled by the largest telecommunications providers on the planet, all of whom have the technical capacity to read the message (and, of course, turn it over to any government authority who wants it). On the other hand, if both providers use starttls, your communication will be encrypted from end-to-end.
    3634
    37 Insist on this with your provider and also insist that the provider also support OpenGPG.
     35Insist on this with your provider and also insist that the provider also support OpenPGP.
    3836
    39 OpenGPG is a way to encrypt your individual email messages. This software is typically the responsibility of the user to install on their own workstation. However, it's important for your Internet provider to be aware of it and provide support and education on how to use it.
     37OpenPGP is a way to encrypt your individual email messages. This software is typically the responsibility of the user to install on their own workstation. However, it's important for your Internet provider to be aware of it and provide support and education on how to use it.
    4038
    41 Those four terms -- sftp, htts, starttls and OpenGPG – form the basis of good security practices for a progressive activist. They should be part of your Internet functioning and your provider should be making that possible.
     39Those four terms -- sftp, htts, starttls and OpenPGP – form the basis of good security practices for a progressive activist. They should be part of your Internet functioning and your provider should be making that possible.
    4240
    43 
    44 
    45 
    46 
    47 Control
     41== Control ==
    4842
    4943Most people who use the Internet either think they are in control of their experience or don't think about it at all. But control is fundamental to a progressive approach to the Internet. It means that we can not only preserve and protect our Internet functioning but can more easily contribute to the Internet's future. Remember that there are people, mostly companies, that want to control the Internet for you and, if they can control the way you use the Internet, they can control what you use it for and what you say on it. And, sooner or later, they will.
    5044
    51 Content and Access
     45=== Content and Access ===
    5246
    5347You should have full control of your content and complete access to it.
     48
     49''Cease and Desist''
    5450
    5551One area of content attack is the cease and desist letter. At some point, you or an organization you work with is going to get a cease and desist letter from a company, an individual, another organization or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letter provoked by expressions of opinion or information about some company or government agency.
     
    5955In reality, cease and desist letters are usually bogus and if the complaint is legitimate, a court can decide or you can negotiate with the letter-writer. Providers have no right to act unilaterally or threateningly towards you. If something is so offensive that it shouldn't be on a provider's servers, they should discuss that with you and take action on their own. Otherwise, if it's not too offensive to be on-line, it deserves to be on-line.
    6056
    61 A very prominent issue around access is shell access. You may not know about it or even use it but there's a "layer" of functioning beneath your website display and beneath "protocols" like sftp. It's call "shell access" and it means that you can use a "command line program" to get into your directories and files and interact directly with the file and operating system.
     57''Shell access''
     58
     59Another prominent issue around access is shell access. You may not know about it or even use it but there's a layer of functioning beneath your website display and beneath protocols like sftp. It's call "shell access" and it means that you can use a command line program to get into your directories and files and interact directly with the files and operating system.
    6260
    6361Most of us won't use this but, if we need to (or we have a techie in to work on some aspect of our website), it should be available. In principle it represents real control over your website and your data.
     
    6563Good providers offer command line access; those who don't aren't.
    6664
    67 And then there's Domain Name conrol. This is quite possibly the most torturous lesson many experienced activists learn on the Internet. We see this all the time.
     65''Domain name control''
     66
     67And then there's Domain Name control. This is quite possibly the most torturous lesson many experienced activists learn on the Internet. We see this all the time.
    6868
    6969You'll frequently find hosting providers who offer you "domain registration" and "monthly hosting." You sign up because it looks like a good deal. But when you want to move your site to another host, you run into all kinds of "contract clauses" and payment requirements and, in the end, you can't move the domain, the old provider must do it for you (and often charge you extra for that).
     
    7171You are in domain prison and this is unethical and fundamentally reactionary ... and among the most common and even encouraged abuses on the Internet.
    7272
    73 DNS and hosting are two different activities and people can't do both legally. DNS is the address of your domain and it's handled by a select group of companies with special programs and systems to do that. All they do is register your domain and then point people to the hosting provider who is handling your data.
     73DNS and hosting are two different activities that should not be combined. DNS registrars are responsible for telling the global Internet domain servers which hosting provider handles your domain name.
    7474
    75 Hosting is what it implies. Your website, email and other Internet resources are “hosted” and “served” by the provider. Providers have no control over your DNS.
     75Hosting is what it implies. Your website, email and other Internet resources are “hosted” and “served” by the provider.
    7676
    77 What's happening is that your hosting company has a semi-hidden deal with a DNS registrar. They're actually registering your domain for you. This may seem more convenient but it takes away your power over your website and that's as bad politically as it gets.
     77If your hosting provider controls the registration of your domain name, then they own you.
    7878
    79 The right way to do it is: the person who owns the website should own the registration. You go register it and the hosting provider then makes sure it resolves to your site.
     79On the other hand, if these two servers are split between two different organizations, then your hosting provider has no control over your DNS, leaving you free to move to whichever hosting provider you choose.
    8080
    81 Control over what you send and receive
     81''Control over what you send and receive''
    8282
    8383The most egregious attack on this obvious right is spam control. We have a lot written on this issue because it is among the Internet's most important. So we'll summarize:
     
    9393Intrusive spam control and blacklisting are simply not acceptable and a provider that does those things shouldn't be your provider.
    9494
    95 
    96 
    97 Summing Up
    98 
    99 
     95== Summing Up ==
    10096
    10197If you weren't aware of what we've written here, you're not alone and there's not shame in it. Most of us don't know these things because the corporate Internet doesn't discuss them, at least not in a progressive way. But we think we should all at least be aware of these issues when we make our choices. You may decide, for good reasons, that a provider that doesn't comply with good practices in some of these areas is still the best one for you. The point is to be aware of what you're giving up so you can make these decisions constructively and responsibly.