Changes between Version 19 and Version 20 of WebInfoPamphlet


Ignore:
Timestamp:
Jun 30, 2008, 12:07:38 PM (11 years ago)
Author:
Daniel Kahn Gillmor
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • WebInfoPamphlet

    v19 v20  
    3333=== For email itself, does your provider use starttls so all email data is encrypted from point-to-point with other email providers using starttls? ===
    3434
    35 Starttls is not common among commercial providers and it's possible that the provider's representative  you're talking to won't even know what you're talking about. But consciousness of this security feature is as important as anything we've talked about here. Normally your email is sent from your provider's mail server to the recipient provider's mail server in plain text, usually traveling through a half dozen routers controlled by the largest telecommunications providers on the planet, all of whom have the technical capacity to read the message (and, of course, turn it over to any government authority who wants it). On the other hand, if both providers use starttls, your communication will be encrypted from end-to-end.
     35Starttls is not common among commercial providers and it's possible that the provider's representative you're talking to won't even know what you're talking about. But consciousness of this security feature is as important as anything we've talked about here. Normally your email is sent from your provider's mail server to the recipient provider's mail server in plain text, usually traveling through a half dozen routers controlled by the largest telecommunications providers on the planet, all of whom have the technical capacity to read the message (and, of course, turn it over to any government authority who wants it). On the other hand, if both providers use starttls, your communication will be encrypted from end-to-end.
    3636
    3737Insist on this with your provider.
     
    5555One area of content attack is the cease and desist letter. At some point, you or an organization you work with is going to get a cease and desist letter from a company, an individual, another organization or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letters provoked by expressions of opinion or information about some company or government agency.
    5656
    57 Many providers have a knee-jerk reaction to these letters. They give you a day to pull the material and, if you don't, they take your website down. After all, they're there for the money and any potential legal difficulty (even answering a lawyer's letter) isn't worth what you're paying.
     57Many providers have a knee-jerk reaction to these letters. They give you a day to pull the material and if you don't comply they take your entire website down. After all, they're there for the money and any potential legal difficulty (even answering a lawyer's letter) isn't worth what you're paying.
    5858
    5959In reality, cease and desist letters are usually bogus and if the complaint is legitimate, a court can decide or you can negotiate with the letter-writer. Providers have no right to act unilaterally or threateningly towards you. If something is so offensive that it shouldn't be on a provider's servers, they should discuss that with you and take action on their own. Otherwise, if it's not too offensive to be on-line, it deserves to be on-line.
     
    6161==== Shell access ====
    6262
    63 Another prominent issue around access is shell access. You may not know about it or even use it but there's a layer of functioning beneath your website display and beneath protocols like sftp. It's call "shell access" and it means that you can use a command line program to get into your directories and files and interact directly with the files and operating system.
     63Another prominent issue around access is shell access. You may not use it or even know about it but there's a layer of functioning beneath your website display and beneath protocols like sftp. It's called "shell access" and it means that you can use a command line program to get into your directories and files and interact directly with the files and operating system of the computer (or computers) that provide your web site.
    6464
    65 Most of us won't use this but, if we need to (or we have a techie working on some aspect of our website), it should be available. In principle it represents real control over your website and your data.
     65Most of us won't use this but if we need to (or we have a techie working on some aspect of our website) it should be available. In principle it represents real control over your website and your data.
    6666
    6767==== Domain name control ====