Changes between Version 15 and Version 16 of WebInfoPamphlet
- Timestamp:
- Jun 17, 2008, 5:07:13 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
WebInfoPamphlet
v15 v16 23 23 Here's what we think you should use: 24 24 25 For uploading files to your website use sftp (for Secure ftp). Regular ftp (File Transfer Protocol), is insecure because it transmits your data (including your password) in plain text over the Internet, allowing anyone with the right network access to read your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option. They don't really care if your information is stolen. If that's the case with yours, change providers immediately.25 For uploading files to your website use sftp (for Secure ftp). Regular ftp (File Transfer Protocol), is insecure because it transmits your data (including your password) in plain text over the Internet, allowing anyone with the right network access to read your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option. 26 26 27 For sensitive interactions on your website (like pages requesting information, such as password logins), always use a secure connection. With a web browser like Firefox, you can tell a connection is secure because a small padlock is displayed in the bottom right corner. Typically, web addresses that start with https:// instead of http:// operate over a secure connection. This requires getting a digitally signed certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol). To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http. If a provider doesn't facilitate https, leave that provider.27 For sensitive interactions on your website (like pages requesting information, such as password logins), always use a secure connection. With a web browser like Firefox, you can tell a connection is secure because a small padlock is displayed in the bottom right corner. Typically, web addresses that start with https:// instead of http:// operate over a secure connection. This requires getting a digitally signed certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol). To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http. 28 28 29 29 The same is true for webmail. Since this has become so popular, most providers offer it as a service and for many people it has actually become the primary client for email. If you check email on the web and you don't have a secure connection, anybody can see your email with the proper software. All webmail should use https. … … 73 73 DNS and hosting are two different activities that should not be combined. DNS registrars are responsible for telling the global Internet domain servers which hosting provider handles your domain name. 74 74 75 Hosting is what it implies. Your website, email and other Internet resources are “hosted” and “served”by the provider.75 Hosting is what it implies. Your website, email and other Internet resources are "hosted" and "served" by the provider. 76 76 77 77 If your hosting provider controls the registration of your domain name, then they own you. … … 87 87 What you don't want is a provider making those choices for you: filtering spam and destroying it, blocking it, or what's worse, rejecting and blocking the server that sent it (called blacklisting...aptly). Your provider has no right to determine the content you should receive; no company should even be allowed to make those choice for you. 88 88 89 That's all the more important because of the definition many providers have of “spam”: mass email or email to a list of people the sender doesn't know. Here's the critical issue we must all understand: 89 That's all the more important because of the definition many providers have of “spam”: mass email or email to a list of people the sender doesn't know. Here's the critical issue we must all understand: if the mailer can reasonably expect that you'll be interested in the material you're receiving, that is protected speech and not spam. That's the law and it's a law our movement has fought for over a century to create, enforce and protect. It's fundamental to our ability to communicate and organize. If we can't send email to people we don't know, we're not going to reach people we need to inform. 90 90 91 91 Things get much worse with blacklisting, an abuse that is a cousin of irresponsible spam control. If someone is "turned in" for spamming, some providers will block that person's IP address and that blocks the entire server which means that nobody on that server (and there are often hundreds of other users) can communicate with people who the acting provider hosts. If that's a large company, like AOL, hundreds of activists will be blocked from reaching thousands and even tens of thousands of people including people they normally email with. It is the worst kind of arbitrary blockage of free speech.