= Making Good Internet Decisions = We all use the Internet; most of us don't know more about than we have to. That's logical; most of us learn what we need to and the Internet's powerful technology allows us to do a lot without really knowing how things work. And that's good because most activists have plenty to do and the easier things are to use, the better. But the Internet isn't a "neutral" tool like a hammer or a calculator. Because it is a mass movement, the Internet is an arena for very internse political struggle. There are people who want to use it primarily to make money and to continue the kind of society most of us are still living in. There are those of us, and our numbers on the Internet are impressive, who see the Internet as another tool for changing society and the world in virtually every way. These aren't just theoretical options. The choices you make impact on the way you use the Internet. They can either contain your experience and force you into the control of a company or allow you to grow and broaden your experience. More than that, these choices have an impact on the rest of the Internet and the rest of the progressive movement. Because, as with any issue or struggle (and possibly more important than most), there are responsible choices to make about your Internet work and there are choices that are simply irresponsible. You want to make the responsible choices and so, in making your Internet plans, here are some issues and questions you need to be conscious of. So when you're choosing an Internet "provider", here are some questions you might ask. == Web == Does your server allow plain text FTP access? FTP is "File Transfer Protocol" and it's the way you get your files (or web pages) into your website for people to see on their browsers. Seeing a page is a fairly safe thing: you see it and there's not a whole lot you can do with it. But uploading a page is quite another matter: if someone uploads a malicious file, it can literally eat up the other web pages on your website or display information you don't want or, even worse, get into the rest of your directory and destroy it. If the provider's server is not properly secure, such a file can destroy everyone else's data. FTP access is insecure because it travels over channels (called "Ports") that allow it to be read as it's being transferred and because it doesn't provide a lot of protection while you're in your directory. A person with proper programs can eavesdrop the entire session, log it and do all kinds of information robbery to be used in exploiting your files. Everyone should use Secure File Transfer Protocol. SFTP is less common than FTP and there are fewer programs that you can use to do an sftp session. So many activists are used to FTP and wonder why they should be using the alternative. Basically, it's because your data is critically important to you and to the rest of us: because you're part of our movement. There are SFTP programs for every computer platform. You should insist that your provider only allows sftp. If the answer's no, do not use that provider. What's your policy on receiving cease-and-desist letters? At some point, you or an organization you do work with is going to get a cease and desist letter from a company, an individual, another organization (usually corporate-based or right-wing) or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letter provoked by statements and expressions of opinion. Many providers give you a day to pull the material and, if you don't, they take your website down. The reason is simple: the only thing they care about is your money. They couldn't care less about the importance oif your message and the even greater importance of allowing you to express that message. Money means everything and, in the balance, the fees you pay them are simply not worth the potential payments to lawyers and other grief caused by a legal action. Let's clarify a couple of points first of all. Because someone writes a letter doesn't mean they are right moral or even legally. In fact, copyright on the Internet is very complicated and partly untested so most letters about infringement are subject to legal interpretation. Otherwise, almost all speech on the Internet is protected. You can't infringe copyright and you can't libel someone (or defame them falsely) but both infringement and libel are decisions of fact subject to jury action. In other words, you haven't done either until a court decides you have. So how in the world can a provider wipe your site? Moreover, it's doubtful that most providers could be held legally responsible for a website's presence on their servers until a court determines that there's an illegality or violation. In short, no provider has to wipe a site until a judge says so and there's no action that can be taken against it. They're just taking the road of least effort. Politically, weak cease and desist policies favor right-wing movements and strategies. The Right wants to repress speech; we don't. We want everyone to be able to talk because once we get the debate going, we win. We're telling the truth, after all. This has been proven historically countless times. So cease and desist is effectively a right-wing tactic and it is absolutely essential that we resist. Imagine if your website has to come down the moment some lawyer issues that kind of letter? And, we assure you, that's what often happens. If someone is so offensive that it shouldn't be on a provider's servers, they don't need a letter from a lawyer to tel them that. Let them ban the materials themselves and then discuss that with the site managers. Otherwise, if it's not too offensive to be on-line, it deserves to be on-line. The correct position is: We don't comply with cease and desist letters. Period. If that's not the answer you're getting from your provider, find another one. Do have I have full secure shell access? == Email == Do you use starttls so all email data is encrypted from point-to-point with other email providers using starttls? Do you enforce https only web access to webmail? == DNS == Can do I have full control over my domain name (ability to change the authoritative DNS servers)?