You think these guys are not at war?
The Virtual Activist
A Training Course
Part 5: Privacy, Security, Copyright, and Censorship
Privacy
Mailing list privacy issues
All mailing lists (also known as listserves) are managed via email - a form of communication that is inherently insecure. Sending mail via the Internet is like sending a postcard through the post office - given the time and resources, anyone who wants to read your mail can do so. So the tips below will not completely ensure secure and private mailing lists.
One way that you can circumvent some security issues is by using Web-based commercial list services like those discussed in Part 2B. These services often provide all the capabilities of commercial mailing list software - mass emailing, easy subscription and unsubscription procedures - with easier management, better security, and extra options like archival abilities. As noted in Part 2B, however, while these services are usually free there are some drawbacks. The companies that provide them attach short advertisements to the top or bottom of all mailings, and most include terms of use that give the service ownership of the content of your lists. You can find a listing of "community groups" at http://dir.yahoo.com/Computers_and_Internet/Internet/Chats_and_Forums/Mailing_Lists/.
Tips for operating your organization's list:
• Encourage people to use "disposable" email addresses when signing up for your mailing list. (See "Tips for Mailing List Members," #1, below, for information on "disposable" email addresses.) While this policy is impossible to strictly enforce, you can promote it by suggesting it on the mailing list sign-up page of your Web site and other written material that includes information about signing up for your organization's list.
• Hide the list membership when you configure the list. Unless the list administrator explicitly disables the ability for outsiders to view the list membership, anyone on the Internet can view the entire membership of a mailing list with a simple e-mail command.
• If your list is used for announcement purposes rather than open discussion among members, you'll want to configure your list to restrict posting privileges. Allow only staff members or trusted volunteers to post to the list, rather than allowing all subscribers to post. This will help prevent spammers or email harassers from attacking your members.
• If your list is used for open discussion among members, you'll want to configure your list to be moderated (see Part 2B.) Designate a staff member or trusted volunteer to serve as moderator and approve every post before it is sent. This will help prevent spammers or e-mail harassers from attacking your members.
Tips for mailing list members:
• Use a "disposable" e-mail address when signing up for mailing lists. "Disposable" e-mail addresses minimize the risk in the event an unauthorized person gains access to the list membership.
• A good "disposable" e-mail address has two characteristics: strangers cannot easily gain information about the sender merely by looking at the address, and the "disposable" address is separate from a personal or work e-mail address. The e-mail address "audrie@netaction.org ," for example, would not make a good "disposable" address, because strangers can easily decipher that the address belongs to someone at NetAction whose first name is Audrie.
• Good places to obtain "disposable" e-mail addresses are websites that offer free webmail, such as Yahoo! or Hotmail. You can find a listing of free e-mail sources at Yahoo's listing of free e-mail sources.
• Consider using a "screen name," rather than your real name or a combination of your initials and name, when subscribing to mailing lists or posting to newsgroups.
World Wide Web privacy issues
The Internet allows users separated by thousands of miles to communicate instantaneously, and the physical distance between users can lead to a false sense of security. In reality, the World Wide Web is highly insecure. If you want to see exactly how much information can be obtained about you and your computer when you visit a Web site, take the test at http://www.privacy.net/analyze/.
Cookies
Internet "cookies" are text files that Web sites place on the hard drive of your computer when you visit the site. Some people don't like having their online movements tracked, and view cookies as a threat to their privacy. Other people aren't troubled by cookies. Whether or not you like having your movements tracked on the Internet, cookies were created for legitimate business purposes. Online shopping sites, for example, use cookies to "remember" which items you have placed in your "shopping cart."
How dangerous are cookies? Cookies are simple text files, so they cannot transmit viruses or cause any other damage to your computer's hard drive or to your data. But there are good reasons to be concerned about your privacy. Both Netscape Communicator and Internet Explorer, the two most popular Web browsers, contain several potential major security holes related to cookies. For example, one privacy monitoring Web site (http://privacy.net/) discovered a bug in both Netscape and Internet Explorer that allows any Web site to download all cookies on a user's computer. Though the bug occurs in only one out of thousand computers, it allows Web sites to obtain e-mail addresses, passwords, and other sensitive information from affected browsers. (For more information on this bug, see http://privacy.net/cookiebug/.
Tips for using cookies:
• Give your Web browser a free upgrade to the latest version, which should include a patch that fixes cookie-related security bugs like the one described above. You can update Netscape at http://home.netscape.com/ and Internet Explorer at http://www.microsoft.com/ie/.
• If you want to know how often Web sites place cookies on your computer, set your Web browser's preferences to alert you when sites are about to place cookies on your computer, and then visit some of your favorite Web sites. Most browsers have three options for cookie notification:
• You may choose to have your browser accept all cookies without first informing you.
• You may have your browser ask you whether a cookie should be accepted every time a Web site tries to place one on your computer.
• You may refuse all cookies.
• In Netscape, you will find these options under Edit --> Preferences --> Advanced. In Internet Explorer, go to Tools --> Internet Options --> Security", click on the button that says Custom Level and scroll down to the section entitled Cookies.
Since many cookies are harmless, and popular websites such as Hotmail and Amazon.com utilize them in many transactions, you may not want to deny all cookies. The second option - asking your browser to inform you when a website presents you with a cookie - affords you the option to deny a cookie from websites that you may not trust.
Cookie information links
• Cookie Central - A nicely designed site that tells you everything you ever wanted to know about cookies, good and bad. Includes bug alerts, ways to disable cookies, and the friendly uses of cookies.
• Junkbuster's How Web Servers' Cookies Threaten Your Privacy - Clear-cut guide on why cookies are bad, and how you can disable cookies.
• EPIC's Cookies Page - Links to articles on problems with cookies, as well as the Internet Engineering Task Force's proposal to fix many of the problems with cookies.
Secure Sockets Layer (SSL)
SSL is an Internet standard that provides for the safe transfer of personal information, such as a credit card number, over the Internet. It does this through encryption, a process that scrambles the information you type on a Web page into a code that can only be read by someone with the specific key to unlock that code. When directed to a Web page using SSL, your browser will automatically encrypt all information that you submit to the Web site. Any time you are asked to provide sensitive personal information on a Web site - such as your credit card numbers or home address - you should use a secure Web site, as explained below.
Tips for conducting safe online transactions using SSL:
• Your Web browser will automatically encrypt information for you, using its highest level of built-in protection. Older browsers, however, may not utilize 128-bit encryption, the highest level of protection currently available. You can upgrade your browser to use 128-bit encryption for free, by visiting http://home.netscape.com/ for Netscape, or http://www.microsoft.com/ie/ for Internet Explorer.
• Always ensure that your connection uses SSL before conducting business on the Internet. Look at the bottom left corner of your Web browser. If the Web site uses SSL, you will see a closed lock icon in Netscape, or a key icon in Internet Explorer. Also look at the Web address (URL) locator bar in your browser. Transactions using SSL will have addresses that begin with https:// instead of the standard insecure http://.
• Always print a hard copy of online transactions after you fill out the Web page form - and do it before you hit the "Send" or "Submit" button. Keep a printed record of the company's contact information, including the email address, phone number, and URL, in a safe place.
Web site privacy policies
Any Web site that asks you for information should explain its privacy policy and tell you up front what it intends to do with that information. A good privacy policy will tell you exactly what information the Web site collects from visitors, as well as how that information will be used. For example, if the Web site includes a mailing list sign-up form, the policy should disclose whether your address will be shared with other Web site operators without your permission.
Examples of robust privacy policies include:
• American Civil Liberties Union (ACLU)
• Computer Professionals for Social Responsibility (CPSR)
• People for the American Way (PFAW)
Spam
When not referring to the canned pinkish meat, "spam" refers to the mass mailing of unsolicited e-mail. ("Spam" also refers to the unsolicited or junk e-mail itself.) Like traditional junk mail sent through the post office, spam is annoying and wasteful, and at times deceitful or offensive. Examples of spam include e-mail advertisements for consumer products, pornographic material, and get-rich-quick scams. Internet hoaxes, the virtual equivalent of urban legends, are another form of spam, as is unsolicited political e-mail.
Spam is wasteful for several reasons. E-mail users across the world waste time downloading, reading, and deleting unwanted e-mail. Furthermore, spammers (the people who send spam) usually target large groups of e-mail users, adding significant stress to mail servers, the computers operated by Internet service providers to send and deliver their customers' e-mail. In the worst cases, spam can completely overwhelm a mail server, causing it to shut down and preventing the ISP's customers from sending or receiving any e-mail.
Sometimes it can be hard to determine whether a particular email message is spam or is useful, wanted information posted to a mailing list for outreach purposes. If you manage a mailing list for your organization or your own personal activism, use the tips below to make sure that you don't alienate your subscribers by sending them spam.
How to avoid becoming a spammer
• Don't send out unsolicited mass e-mailings, or subscribe people to mailing lists without their permission.
•
• Never post action alerts to email discussion lists or news groups on unrelated issues. If your action alert is about clean air, you're likely to get flamed if you send it to a discussion list focused on free speech.
•
• If you want to create your own mailing list, start by sending a message to appropriate discussion lists and newsgroups, announcing the new list and inviting people to subscribe. "Appropriate" means the topic of the discussion list or news group is related to the issue you address in your message. Be as specific as possible about the topic and how the list will operate. Will it be an unmoderated discussion list, or a moderated announcement list? Will there be several postings daily, or one posting every few weeks?
•
• As explained in Part 2B, avoid using the "To" and "Cc" fields when sending messages. Put your own e-mail address in the "To:" field and use the "Bcc" field for all the other addresses.
• How to fight spam that you receive in your mailbox
• When you receive spam, do NOT reply to the sender and ask to be taken off of the list - even if the mailing instructs you to do so. Often spammers will take the e-mail address of the people who reply to spam mailings and add them to other spam lists.
• Use a "disposable" e-mail address when registering with websites. (See the section on mailing list privacy issues for more information on "disposable" e-mail addresses.)
Further steps to combating spam include reporting spammers to their ISPs, who will often take action against them by shutting down their accounts. Visit the Network Abuse Clearinghouse for more information on how to report spammers.
Links to more information about spam
• Boycott Internet Spam! - A thorough introduction to spam, why it's bad and ways to combat it.
• EFF's Spamming, Cybersquatting, Net Abuse, and Online Responsibility Archive - Press releases, letters to Congress, and articles by the Electronic Frontier Foundation, an advocacy group dealing with Internet and technology issues.
• EPIC's Spam Page - Includes information on anti-spam bills under consideration in Congress, in addition to links to articles on spam.
• Junk Email Resource - The resource center for information on the fight against spam. Includes links to spam-related lawsuits, a step-by-step form to report fraud conducted through spam, and other resources.
• SpamCop - After you register with SpamCop, you can copy and paste your spam e-mails into a text box and SpamCop will automatically report the offender to his or her ISP.
Security
As information technology has become increasingly important to the mission of many nonprofit organizations, so too has the need for computer security. Although the focus of computer security concerns has primarily been on the potential threat to corporate and government computer systems, computers are no less critical to the operations of nonprofit organizations devoted to serving the public interest. Moreover, many nonprofit organizations lack sufficient financial resources to recover from a cyber attack.Some risks are obvious:
• Without daily backups, an organization may lose important data when a hard drive crashes.
• Without regular updates, anti-virus software cannot protect an organization's computers from newly released viruses and worms.
• Without a firewall, malicious hackers can use an organization's server as a spam relay or a launch pad for a distributed denial-of-service (DDOS) attack against a corporation or government agency.
Other risks may not be as obvious:
• Without adequate password protection a disgruntled employee could retrieve addresses from an organization's database and send threatening letters to donors.
• Without encryption, a nosy volunteer could access an organization's personnel records or confidential files.
• Without off-site storage of backups and a data recovery plan, electronic records could be permanently lost if an organization's computers were destroyed in a fire or other disaster.
In the winder of 2001-2002, NetAction conducted an online survey of security practices in nonprofit organizations to find out what nonprofit organizations are doing to prevent cyber attacks.We published the survey results in January 2002. Our checklist of cyber security practices can help you assess and improve your organization's computer security practices.
Copyrighted Material on the World Wide Web
Copyright laws apply to material published on the World Wide Web just as with books, articles, CDs, and videos. But many Web pages lack explicit copyright notices that inform visitors of what may or may not be downloaded or posted elsewhere, for public or private use.
When creating a Web site containing original material, it's a good idea to post a copyright policy in an easily noticeable spot. An example of an extensive copyright policy can be found at http://www.mlanet.org/copyright.html.
The "Digital Millennium Copyright Act" was enacted in October 1998 specifically to address Internet copyright issues. For more information on the DMCA, please visit the Association of Research Libraries' analysis of the bill at http://www.arl.org/info/frn/copy/dmca.html.
What Web material is copyrighted?
Unless explicitly stated otherwise, all original content on a Web site is copyrighted to the creator or owner of that Web site. If you would like to use content, text, or graphics from someone else's website, both common courtesy and the law dictate that you must first obtain that author's permission.
Web page addresses are merely links and cannot be copyrighted. However, a collection of links that an author compiled may be copyrightable, since it would be the author's original collection.
Because of the nature of the Web, it is not always easy to determine exactly what content on a Web site is subject to copyright laws. For some practical tips for dealing with copyrights on the Web, visit The Copyright Website: The WWW, at http://www.benedict.com/digital/www/webiss.htm.
For more information on copyrights and the World Wide Web, see the following sites:
• Intellectual Property on the Web - This site addresses several problematic questions having to do with copyrighted material on the Internet.
• Copyright and the World Wide Web - The Information Architecture division of the Los Alamos National Laboratory has written this short article on copyrights and the World Wide Web.
Censorship
Censorship is a complicated issue that divides some progressive groups that generally agree on other issues. Free speech advocates like the American Civil Liberties Union (ACLU) and the Electronic Privacy Information Center (EPIC) have opposed any limitations on Internet speech, but other organizations worry that acts of violence may be promoted if there are no restrictions at all on hate speech. Planned Parenthood, for example, won a $109 million judgment against the authors of the "Nuremberg Files" Web site, arguing that the site incited visitors to conduct acts of violence against individual abortion providers. (See Planned Parenthood's press release and an alternative view on free speech.
Filtering software
The proliferation of pornography, hate speech, and other offensive content, as well as the potential threat of Internet predators, raises concerns among parents about what their children view online. Some parents use filtering software such as NetNanny and CyberSitter to block access to Web sites they consider inappropriate for their children, or simply offensive.
But filtering software can also inadvertently block useful Web sites. Most filtering software look for "keywords" when blocking specific Web pages. Yet Web sites that support breast cancer research, for example, may be blocked because they contain the word "breast."
For more information on the capabilities of filtering software and reviews of the most popular brands, visit PC Magazine's 1998 Utility Guide: Parental Filtering Utilities. For more information on the problems with filtering software, visit Peacefire.
Free speech resources
• Peacefire.org.
• Center for Democracy and Technology: Free Speech Online - A thorough, well-defined Web site on all things related to Internet censorship, including original publications, news on legislation and court cases, and resources for parents.
• EFF's Censorship & Free Expression Archive - A long list of articles, files, and links documenting Internet censorship.
• Free Expression Network: Internet Issues - The Free Expression Network is a coalition of free speech groups, such as the American Civil Liberties Union, People for the American Way, and EPIC. This site contains current news on Internet censorship issues.
Next: The Virtual Activist Reader
Major Areas: < Our Future >< Virtual Activist Training Guide >< Search>
Our Writing: < Broadband Briefings >< NetAction Notes >< Archives >
About NetAction < Privacy Policy >< Contact Us >< Home >
No comments:
Post a Comment