Changes between Version 17 and Version 18 of WebInfoPamphlet


Ignore:
Timestamp:
Jun 30, 2008, 1:53:32 PM (17 years ago)
Author:
Jamie McClelland
Comment:

final changes made for AMC 2008 conference

Legend:

Unmodified
Added
Removed
Modified

  • WebInfoPamphlet

    v17 v18  
    33= Making Good Internet Decisions =
    44
    5 We all use the Internet and most of us don't know more about than we have to. For most of us, it's a tool and we can use tools without understanding how they work.
     5We all use the Internet and most of us don't know more about it than we have to. For most of us, it's a tool and we can use tools without understanding how they work.
    66
    77But the Internet isn't a neutral tool like a hammer or a calculator. It's a mass movement, an arena of very intense political struggle over its present and future and, because it involves more than a billion people, a place for us to work around all struggles, issues and movements we're involved in.
    88
    9 The choices you make about the Internet affect its potential for you and your work. They can either contain your experience and force you into the control of some large corporation or allow you to grow and broaden your experience and the effectiveness of your work. 
     9The choices you make about the Internet affect its potential for you and your work. They can either contain your experience and force you into the control of some large corporation or allow you to grow and broaden your experience and the effectiveness of your work.
    1010
    1111More than that, these choices have an impact on the rest of the Internet and the rest of the progressive movement. Because, as with any issue or struggle, there are responsible choices to make about your Internet work and there are choices that are simply irresponsible.
    1212
    13 To help you think about those choices, we have put together some information about some of the important Internet issues and choices we think you should be aware of. We've divided this information into two parts: security and control.
     13To help you think about those choices, we have put together some information about some of the important Internet issues and choices we think you should be aware of. We've divided this information into two parts: security and control. 
    1414
    1515== Security ==
    1616
    17 Every progressive understands the importance of security but, on the Internet, the concept takes on a whole other meaning and very different details. This is because the Internet functions on a public communications system and when something is public the potential for abuse, theft of data and disruption of communications is enhanced. Our movement can't take chances with that kind of abuse.
     17Every progressive understands the importance of security but, on the Internet, the concept takes on a whole other meaning with very different details. This is because the Internet functions on a public communications system and when something is public the potential for abuse, theft of data and disruption of communications is enhanced. Our movement can't take chances with that kind of abuse.
    1818
    1919''Are you able to use encrypted connections?''
     
    2323Here's what we think you should use:
    2424
    25 For uploading files to your website use sftp (for Secure ftp). Regular ftp (File Transfer Protocol), is insecure because it transmits your data (including your password) in plain text over the Internet, allowing anyone with the right network access to read your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option.
     25For uploading files to your website use sftp (Secure ftp). Regular ftp (File Transfer Protocol), is insecure because it transmits your data (including your password) in plain text over the Internet, allowing anyone with the right network access to read your data in transmission. Take note because most commercial providers still use ftp and don't even offer sftp as an option.
    2626
    27 For sensitive interactions on your website (like pages requesting information, such as password logins), always use a secure connection. With a web browser like Firefox, you can tell a connection is secure because a small padlock is displayed in the bottom right corner. Typically, web addresses that start with https:// instead of http:// operate over a secure connection. This requires getting a digitally signed certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol). To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http.
     27For sensitive interactions on your website (like pages requesting information, such as password logins), always use a secure connection. With a web browser like Firefox, you can tell a connection is secure because a small padlock is displayed in the bottom right corner. Typically, web addresses that start with https:// instead of http:// operate over a secure connection. Secure connections require a digitally signed certificate and probably some cooperation from your provider but everything we just said about ftp is a thousand times more true with http (hypter-text transfer protocol).
    2828
    29 The same is true for webmail. Since this has become so popular, most providers offer it as a service and for many people it has actually become the primary client for email. If you check email on the web and you don't have a secure connection, anybody can see your email with the proper software. All webmail should use https.
     29To be clear, regular http is wonderful; it's the lifeline of the web. It's also designed for transparent communications between visitor and site. Transparent means anybody can see it; if there is something you don't want everyone to see, you need secure http.
     30
     31The same is true for web mail. Since web mail has become so popular, most providers offer it as a service and for many people it has become the primary client for email. If you check email on the web and you don't have a secure connection, anybody can see your email with the proper network access. All web mail should use https.
    3032
    3133''For email itself, does your provider use starttls so all email data is encrypted from point-to-point with other email providers using starttls?''
     
    3335Starttls is not common among commercial providers and it's possible that the provider's representative  you're talking to won't even know what you're talking about. But consciousness of this security feature is as important as anything we've talked about here. Normally your email is sent from your provider's mail server to the recipient provider's mail server in plain text, usually traveling through a half dozen routers controlled by the largest telecommunications providers on the planet, all of whom have the technical capacity to read the message (and, of course, turn it over to any government authority who wants it). On the other hand, if both providers use starttls, your communication will be encrypted from end-to-end.
    3436
    35 Insist on this with your provider and also insist that the provider also support OpenPGP.
     37Insist on this with your provider.
     38
     39In addition, insist that the provider support OpenPGP.
    3640
    3741OpenPGP is a way to encrypt your individual email messages. This software is typically the responsibility of the user to install on their own workstation. However, it's important for your Internet provider to be aware of it and provide support and education on how to use it.
     
    4145== Control ==
    4246
    43 Most people who use the Internet either think they are in control of their experience or don't think about it at all. But control is fundamental to a progressive approach to the Internet. It means that we can not only preserve and protect our Internet functioning but can more easily contribute to the Internet's future. Remember that there are people, mostly companies, that want to control the Internet for you and, if they can control the way you use the Internet, they can control what you use it for and what you say on it. And, sooner or later, they will.
     47Most people who use the Internet either think they are in control of their experience or don't think about it at all. But control is fundamental to a progressive approach to the Internet. It means that we can not only preserve and protect our Internet activities but can more easily contribute to the Internet's future. Remember that there are people, mostly companies, that want to control the Internet for you and, if they can control the way you use the Internet, they can control what you use it for and what you say on it. And, sooner or later, they will.
    4448
    4549=== Content and Access ===
     
    4953''Cease and Desist''
    5054
    51 One area of content attack is the cease and desist letter. At some point, you or an organization you work with is going to get a cease and desist letter from a company, an individual, another organization or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letter provoked by expressions of opinion or information about some company or government agency.
     55One area of content attack is the cease and desist letter. At some point, you or an organization you work with is going to get a cease and desist letter from a company, an individual, another organization or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letters provoked by expressions of opinion or information about some company or government agency.
    5256
    5357Many providers have a knee-jerk reaction to these letters. They give you a day to pull the material and, if you don't, they take your website down. After all, they're there for the money and any potential legal difficulty (even answering a lawyer's letter) isn't worth what you're paying.
     
    5963Another prominent issue around access is shell access. You may not know about it or even use it but there's a layer of functioning beneath your website display and beneath protocols like sftp. It's call "shell access" and it means that you can use a command line program to get into your directories and files and interact directly with the files and operating system.
    6064
    61 Most of us won't use this but, if we need to (or we have a techie in to work on some aspect of our website), it should be available. In principle it represents real control over your website and your data.
    62 
    63 Good providers offer command line access; those who don't aren't.
     65Most of us won't use this but, if we need to (or we have a techie working on some aspect of our website), it should be available. In principle it represents real control over your website and your data.
    6466
    6567''Domain name control''
    6668
    67 And then there's Domain Name control. This is quite possibly the most torturous lesson many experienced activists learn on the Internet. We see this all the time.
     69Domain name control is quite possibly the most torturous lesson many experienced activists learn on the Internet. We see this all the time.
    6870
    69 You'll frequently find hosting providers who offer you "domain registration" and "monthly hosting." You sign up because it looks like a good deal. But when you want to move your site to another host, you run into all kinds of "contract clauses" and payment requirements and, in the end, you can't move the domain, the old provider must do it for you (and often charge you extra for that).
     71You'll frequently find hosting providers who offer you "domain registration" and "monthly hosting." You sign up because it looks like a good deal. But when you want to move your site to another host, you run into all kinds of contract clauses and payment requirements and, in the end, you can't move the domain, the old provider must do it for you (and often charge you extra for that).
    7072
    7173You are in domain prison and this is unethical and fundamentally reactionary ... and among the most common and even encouraged abuses on the Internet.
    72 
    7374DNS and hosting are two different activities that should not be combined. DNS registrars are responsible for telling the global Internet domain servers which hosting provider handles your domain name.
    7475
    75 Hosting is what it implies. Your website, email and other Internet resources are "hosted" and "served" by the provider.
     76Hosting is what it implies. Your website, email and other Internet resources are hosted and served by the provider.
    7677
    7778If your hosting provider controls the registration of your domain name, then they own you.
     
    8182''Control over what you send and receive''
    8283
    83 The most egregious attack on this obvious right is spam control. We have a lot written on this issue because it is among the Internet's most important. So we'll summarize:
     84The most egregious attack on this obvious right is spam control.
    8485
    85 All spam should be passed on to the user who should be able to make the choices about what to do with it. This is a perfectly effective approach although it requires a bit of work on the user's part. There are several good server programs that can "guess" what's spam and what's not with a remarkably high degree of accuracy. Then they flag suspect email and the user decides whether to set up email so he/she can review the "spam flagged" email individually or filter it into some spam box automatically.
     86All spam should be passed on to the user who should be able to make the choices about what to do with it. This is a perfectly effective approach although it requires a bit of work on the user's part. There are several good server programs that can guess what is and is not spam with a remarkably high degree of accuracy. Then they flag suspect email and the user decides whether to set up email so he/she can review the spam flagged email individually or filter it into some spam box automatically.
    8687
    87 What you don't want is a provider making those choices for you: filtering spam and destroying it, blocking it, or what's worse, rejecting and blocking the server that sent it (called blacklisting...aptly). Your provider has no right to determine the content you should receive; no company should even be allowed to make those choice for you.
     88What you don't want is a provider making those choices for you: filtering spam and destroying it, blocking it, or what's worse, rejecting and blocking the server that sent it (called blacklisting ... aptly). Your provider has no right to determine the content you should receive; no company should even be allowed to make those choices for you.
    8889
    89 That's all the more important because of the definition many providers have of “spam”: mass email or email to a list of people the sender doesn't know. Here's the critical issue we must all understand: if the mailer can reasonably expect that you'll be interested in the material you're receiving, that is protected speech and not spam. That's the law and it's a law our movement has fought for over a century to create, enforce and protect. It's fundamental to our ability to communicate and organize. If we can't send email to people we don't know, we're not going to reach people we need to inform.
     90That's all the more important because of the definition many providers have of spam: mass email or email to a list of people the sender doesn't know. Here's the critical issue we must all understand: if the mailer can reasonably expect that you'll be interested in the material you're receiving, that is protected speech and not spam. That's the law and it's a law our movement has fought for over a century to create, enforce and protect. It's fundamental to our ability to communicate and organize. If we can't send email to people we don't know, we're not going to reach people we need to inform.
    9091
    9192Things get much worse with blacklisting, an abuse that is a cousin of irresponsible spam control. If someone is "turned in" for spamming, some providers will block that person's IP address and that blocks the entire server which means that nobody on that server (and there are often hundreds of other users) can communicate with people who the acting provider hosts. If that's a large company, like AOL, hundreds of activists will be blocked from reaching thousands and even tens of thousands of people including people they normally email with. It is the worst kind of arbitrary blockage of free speech.
     
    9596== Summing Up ==
    9697
    97 If you weren't aware of what we've written here, you're not alone and there's not shame in it. Most of us don't know these things because the corporate Internet doesn't discuss them, at least not in a progressive way. But we think we should all at least be aware of these issues when we make our choices. You may decide, for good reasons, that a provider that doesn't comply with good practices in some of these areas is still the best one for you. The point is to be aware of what you're giving up so you can make these decisions constructively and responsibly.
     98If you weren't aware of what we've written here, you're not alone and there's no shame in it. Most of us don't know these things because the corporate Internet doesn't discuss them, at least not in a progressive way. But we think we should all at least be aware of these issues when we make our choices. You may decide, for good reasons, that a provider that doesn't comply with good practices in some of these areas is still the best one for you. The point is to be aware of what you're giving up so you can make these decisions constructively and responsibly.
    9899
    99100And we are...
    100101
    101102May First/People Link, an organization of more than 260 progressive organizations and people who pool our resources and our work to build an alternative to corporate hosting, facilitate our movement's work in the Internet, and organize the Internet to more fully realize its enormous, historic potential.
    102 
    103 Needless to say, we comply with the progressive practices we've outline above...and a lot more. We're also among the oldest “providers” in the world.
     103Needless to say, we make every effort to comply with the progressive practices we've outlined above ... and a lot more. We're also among the oldest providers in the world.
    104104
    105105For information about our work and how to become part of our organization, visit our website:
    106106
    107 http://www.mayfirst.org
     107http://www.mayfirst.org/
    108108
    109109and thanks for reading this. Keep it and pass it along to someone you think should be thinking about these issues.
    110