= Making Good Internet Decisions = We all use the Internet; most of us don't know more about than we have to. That's logical; most of us learn what we need to and the Internet's powerful technology allows us to do a lot without really knowing how things work. And that's good because most activists have plenty to do and the easier things are to use, the better. But the Internet isn't a "neutral" tool like a hammer or a calculator. Because it is a mass movement, the Internet is an arena for very internse political struggle. There are people who want to use it primarily to make money and to continue the kind of society most of us are still living in. There are those of us, and our numbers on the Internet are impressive, who see the Internet as another tool for changing society and the world in virtually every way. These aren't just theoretical options. The choices you make impact on the way you use the Internet. They can either contain your experience and force you into the control of a company or allow you to grow and broaden your experience. More than that, these choices have an impact on the rest of the Internet and the rest of the progressive movement. Because, as with any issue or struggle (and possibly more important than most), there are responsible choices to make about your Internet work and there are choices that are simply irresponsible. You want to make the responsible choices and so, in making your Internet plans, here are some issues and questions you need to be conscious of. So when you're choosing an Internet "provider", here are some questions you might ask. == Web == Does your server allow plain text FTP access? FTP is "File Transfer Protocol" and it's the way you get your files (or web pages) into your website for people to see on their browsers. Seeing a page is a fairly safe thing: you see it and there's not a whole lot you can do with it. But uploading a page is quite another matter: if someone uploads a malicious file, it can literally eat up the other web pages on your website or display information you don't want or, even worse, get into the rest of your directory and destroy it. If the provider's server is not properly secure, such a file can destroy everyone else's data. FTP access is insecure because it travels over channels (called "Ports") that allow it to be read as it's being transferred and because it doesn't provide a lot of protection while you're in your directory. A person with proper programs can eavesdrop the entire session, log it and do all kinds of information robbery to be used in exploiting your files. Everyone should use Secure File Transfer Protocol. SFTP is less common than FTP and there are fewer programs that you can use to do an sftp session. So many activists are used to FTP and wonder why they should be using the alternative. Basically, it's because your data is critically important to you and to the rest of us: because you're part of our movement. There are SFTP programs for every computer platform. You should insist that your provider only allows sftp. If the answer's no, do not use that provider. What's your policy on receiving cease-and-desist letters? At some point, you or an organization you do work with is going to get a cease and desist letter from a company, an individual, another organization (usually corporate-based or right-wing) or the government. These letters are designed to stop you from doing something you're doing on line. Often they have to do with copyright infringements but we've seen such letter provoked by statements and expressions of opinion. Many providers give you a day to pull the material and, if you don't, they take your website down. The reason is simple: the only thing they care about is your money. They couldn't care less about the importance oif your message and the even greater importance of allowing you to express that message. Money means everything and, in the balance, the fees you pay them are simply not worth the potential payments to lawyers and other grief caused by a legal action. Let's clarify a couple of points first of all. Because someone writes a letter doesn't mean they are right moral or even legally. In fact, copyright on the Internet is very complicated and partly untested so most letters about infringement are subject to legal interpretation. Otherwise, almost all speech on the Internet is protected. You can't infringe copyright and you can't libel someone (or defame them falsely) but both infringement and libel are decisions of fact subject to jury action. In other words, you haven't done either until a court decides you have. So how in the world can a provider wipe your site? Moreover, it's doubtful that most providers could be held legally responsible for a website's presence on their servers until a court determines that there's an illegality or violation. In short, no provider has to wipe a site until a judge says so and there's no action that can be taken against it. They're just taking the road of least effort. Politically, weak cease and desist policies favor right-wing movements and strategies. The Right wants to repress speech; we don't. We want everyone to be able to talk because once we get the debate going, we win. We're telling the truth, after all. This has been proven historically countless times. So cease and desist is effectively a right-wing tactic and it is absolutely essential that we resist. Imagine if your website has to come down the moment some lawyer issues that kind of letter? And, we assure you, that's what often happens. If someone is so offensive that it shouldn't be on a provider's servers, they don't need a letter from a lawyer to tel them that. Let them ban the materials themselves and then discuss that with the site managers. Otherwise, if it's not too offensive to be on-line, it deserves to be on-line. The correct position is: We don't comply with cease and desist letters. Period. If that's not the answer you're getting from your provider, find another one. Do I have full secure shell access? You may not know this and you may not need it but there's a "layer" of functioning beneath your website display and beneath "protocols" like sftp. It's call "shell access" and it means that you can use a "command line program" to get into your directories and files. A command line program is best identified by its prompt. You have a few letters, then a colon and you enter commands next to that and things work. You're interacting directly with the server's operating system (Unix, Linux or one of the weaker OS systems) and you can do virtually everything you want to your files and accounts. Of course, the caveats that apply to sftp are even more important here -- because there's so much more access. Make sure you have secure access (SSH) and use it. At this point, most providers do that. The problem is that most providers don't provide shell access at all. This may seem like a nothing since many of us don't use shell access. But shell access represents true control over your Internet data and it's the most powerful control we have. It's the way system administrators work. At some point, you may need it or someone in your organization may need it and you should have it because this is your data. No questions asked. If you don't have secure shell access, you should not be with that provider. == Email == How do you handle spam? We have a lot written on this issue because it is among the INternet's most important. So we'll summarize: All spam should be passed on to the user who should be able to make the choices about what to do with it. This is a perfectly effective approach although it requires a bit of work on the user's part. Using one of various programs, you can "guess" what's spam and what's not with a remarkably high degree of accuracy. Then you flag it and the user decides whether to set up email so he/she can review the "spam flagged" email individually or filter it into some spam box. What you don't want is a provider making those choices for you: filtering spam and destroying it, blocking it, or what's worse, rejecting and blocking the server that sent it (called blacklisting...aptly). Your provider has no right to determine the content you should receive; no company should even be allowed to make those choice for you. Most of all, blacklisting is almost always a destructive and irresponsible policy. If someone is "turned in" for spamming, some providers will block that person's entire server (there's no other way to do it) which means that nobody on that server (and there are often hundreds of other users) can communicate with people on the targeted server. It is the worst kind of arbitrary blockage of free speech. Finally, what defintion of spam does your provider have. There is one acceptable definition: spam is the massive, arbitrary email of material to people who cannot reasonably be expected to be interested in it. That is, if the mailer can reasonably expect that you'll be interested in the material you're receiving, that is protected speech and not spam. That's the law and, for our movement, it is a definition that must be protected because, otherwise, you can't organize. Do you use starttls so all email data is encrypted from point-to-point with other email providers using starttls? Do you enforce https only web access to webmail? == DNS == Can do I have full control over my domain name (ability to change the authoritative DNS servers)?