Category: Internet matters

Posts about the internet

Fight censorship, join TOR

Google’s decision to challenge the Chinese government on their censorship policy is a bold one. It remains to be seen whether it will end up doing more harm or good. In the mean time, there is at least one thing that ordinary computer users can do in order to fight censorship around the world: set up a TOR relay. TOR is a project that allows for anonymous internet browsing through a system called onion routing. It is maintained by the Electronic Frontier Foundation.

By setting up a relay, you allow people whose internet access is censored by their governments to access sites that would otherwise be blocked; you also facilitate important democratic processes, such as the actions of whistleblowers. The process of installation is relatively simple, and you can easily cap how much of your bandwidth is given over to the TOR network. By sharing a bit of your bandwidth, you could be helping out human rights activists in China or Myanmar, or just helping some ordinary computer user circumvent annoying restrictions imposed from above. Systems like TOR help the internet to retain some of its vast potential, even in the face of fearful governments that want to control it or shut it down.

One thing to watch out for is that acting as a webserver may be forbidden by your internet service provider (ISP). I checked with mine (TekSavvy), and they have no objections to customers running any kind of webserver, provided they stay within their bandwidth limits.

People interested in this sort of thing may also want to learn about Project Honeypot – a distributed mechanism for fighting spammers.

Primer on website security

Smashing Magazine has put up a good article introducing some of the most common security vulnerabilities in websites. They are all things that site administrators should at least be aware of – including those who never actually touch code, but rely on something like WordPress to sort it out for them. Some of the attack types described include SQL injection, cross-site scripting (including the vulnerability of JavaScript), path traversal, cross-site request forgery, remote file inclusion, phishing, and clickjacking.

For those who run websites but know nothing about coding, there are three take-home messages:

  1. Update your software, to ensure that security holes get patched as they emerge. If you are still running WordPress 1.5, you have a big problem.
  2. Keep an eye out for weird behaviours. Are links appearing on your site that you didn’t put there? If so, there is a good chance it has been compromised.
  3. Remember: the internet is a dangerous place. Running a Mac doesn’t mean you’re safe from malware and other sorts of attacks. Neither does running a virus scanner or avoiding dodgy websites. If you have information you want to keep private, keep it encrypted. If you have data you don’t want to lose, back it up.

Sadly, the great majority of people are annoyingly indifferent about security these days. It seems like a couple of my friends always have their MSN or Facebook accounts taken over by spammers, and others are content to let their blogs fill up with spam comments. Such recklessness makes the internet a worse place, and it would be appreciated if people who choose to engage online do so with a bit more diligence and respect.

Rapier’s insights into blogging

Over on his energy blog, Robert Rapier has written a summary of what he has learned, blogging about energy issues. The points seem pretty broadly applicable to those writing about technical and politically contentious topics. For those thinking of giving serious blogging a whirl, a couple of his points seem especially pertinent and well matched to my own experience. In particular, you won’t be able to predict which posts are popular and produce discussion, and which will not. Also, you shouldn’t expect to make any significant amount of money, and you should expect to be plagued by spambots trying to do so.

At its worst, blogging on substantive issues just produces a discordant echo chamber of people yelling at one another, continuing to use discredited arguments, and generally not advancing the state of discourse. That being said, I do think blogs have a lot of societal and pedagogic value. By forcing the author and commenters to defend their views in the face of criticism, they provide a valuable mechanism for sharpening thinking. Here’s hoping that helps to address the world’s grave problems, over the long term.

Email and two-monitor setups

Concrete underpass, Ottawa

One thing I have discovered at work is how pleasant it is to have a monitor devoted exclusively to email. For me, email has become the central clearinghouse for virtually all information and action items. To remind myself of something, I send an email from my phone. I also track emails by applying ‘@Pending’ and ‘@Waiting For’ labels to them. Email can also be searched instantly, unlike having to search separately through blog posts, comments, wiki entries, document files, etc.

Having a second monitor exclusively for email is qualitatively different from having a window open, or even having a second desktop devoted to email use. This is because it is glanceable – you can check almost instantly and with minimal distraction whether anything new has come up. It is also easy to shift information from one screen to another: making reference to a document or website in a message, or adding information from an email to a website, calendar, etc. With a dedicated monitor, email never gets buried or left unnoticed for too long.

Much as I appreciate the 24″ screen on my iMac, I suspect I will eventually go for a two-monitor setup at home. Arguably, such a setup is a mark of excess. That being said, when your entire life is coordinated through computers, it is perhaps an acceptable area in which to devote resources (including a share of your direct and embedded greenhouse gas emissions).

Strategy for denier commenters

Man with power saw

I am happy to say that traffic to this site has been steadily increasing. Visits are up 138% from last year, and October was our best month ever. Increasingly, a sibilant intake of breath is well ranked by search engines.

One problematic element that accompanies popularity is that I attract ever-more climate change deniers and delayers (those who accept that it is real, but think we should take no action). Ordinarily, I am happy to debate with people and try to provide quality information. That being said, it can take up a lot of time to try to refute those who repeat faulty arguments over and over. These people call themselves ‘skeptics,’ but I think they are mis-applying the term. I have yet to encounter one that is willing to back away from even thoroughly discredited positions. Instead, they just move on to another misleading argument.

The question, then, is how to deal with these commentors without losing all scope for socializing and personal projects. Some of the options:

  1. Briefly assert that their position is incorrect and point to a resource that says why. Ignore further attempts at rebuttal.
  2. Point all such commentors towards pre-existing posts and conversations, without offering specific responses.
  3. Adopt the Zero Carbon Canada approach: “ATTN climate change denier trolls: you are cooking our kids and will be deleted.”
  4. Continue to provide detailed, personalized responses as much as possible.

(1) and (2) are appealing because they reduce the extent to which one person seeking to spread disinformation can waste my time. That said, leaving comments unaddressed could lead readers to believe that the points made therein are valid. (3) is appealing because it would prevent bad information from appearing online, though it is obviously a form of censorship. (4) is the ideal world solution, though I do need to wonder whether refuting deniers and delayers in blog comments is really the best use of my time, even if all I am taking into consideration is whether I am acting effectively on climate change.

Which option do readers think is most suitable? Are there other options I ought to consider?

International domain names

Yellow backlit leaves with gradiant sky

This month, the Internet Corporation for Assigned Names and Numbers (ICANN) approved domain names written using non-Latin scripts, such as Cyrillic and Kanji. While this is an appropriate recognition of the international character of the internet, I worry that there will be serious problems with both usability and security.

Starting with usability, many people will soon be in the position of being unable to input the universal resource locater (URL) for various websites using their existing keyboard. On-screen keyboards are an option, but they are annoying to use and there will be confusion regarding characters that look identical (or nearly so) yet actually differ.

The latter problem leads to the major security concern: namely, that people will use identical looking characters (homographs) to trick users into thinking they are actually at a different site. For instance, someone could register ‘sindark.com’ where the lower-case ‘a’ is the Unicode character U+0430 (from the Cyrillic alphabet), rather than the identical-looking Unicode character U+0061 (from the Latin alphabet).

This isn’t much of a threat for a blog, since people don’t enter sensitive information here, but it might make attacks against banks and commerce sites even easier than at present. The designers of web browsers are considering various methods for countering this threat – such as highlighting non-Latin characters somehow, or creating blacklists of fake sites – but it seems virtually certain that at least a few scams will succeed before good solutions are developed.

Personally, I hope browser manufacturers offer users the option of disabling non-Latin domain names entirely, until such a time as some desirable content appears on sites that don’t use them and mechanisms to prevent abuse have been demonstrated successfully.

Three strikes rules for internet piracy

Charline Dequincey with her violin

The British ISP TalkTalk has been working to show why banning people from the internet, based on unproven allegations of piracy, is a bad idea. Specifically, they have highlighted how many people still use WEP to protect their wireless networks from use by strangers, despite the fact that WEP encryption is easily compromised. That means it is easy for someone to use software tools to access a nearby network and then use it for illegal purposes. My own experience with wireless networks has demonstrated that people really will use them for criminal purposes if they can gain access.

Beyond that, the idea of cutting people off on the basis of three accusations alone runs fundamentally contrary to the presumption of innocence in our system of justice. It would inevitably be abused by copyright holders, and it would inevitably lead to innocent people being cut off from the internet, an increasingly vital part of life for almost everyone. Indeed, Finland recently declared broadband access a right.

To me, the fact that laws like this may well emerge in France, the UK, and elsewhere seems like another example of just how badly broken our intellectual property (IP) systems are, and how badly skewed they are towards protecting the rights of IP owners rather than the public at large. We would be a lot better off if patents were granted more selectively, if licensing of them was mandatory, if copyright was less well defended and expired sooner, and if fair use rights were more effectively legally enshrined. Here’s hoping ‘pirate parties’ continue to proliferate, pushing back the IP laws that have become so unfairly weighted towards those who own the content.

After all, it needs to be remembered that there is nothing libertarian or natural about IP protection. Rather, content owners are having their property claims enforced by the mechanisms of the state. The justification for this is supposed to be that doing so serves the public interest; if that is no longer the case, the laws ought to be watered down or scrapped.

Google’s new malware notifications

In a welcome move, Google will now be sending detailed information to people whose websites have been infected with malware. This occurs frequently when people use old versions of content management systems like WordPress or Joomla. Attackers use known security flaws to add their own code to vulnerable sites: spreading viruses, stealing information, manipulating search engines, and so on.

Given how many blogs get started and abandoned – and how many bloggers lack the technical savvy to identify and remove infections themselves – this should help make the web a bit safer.

Half the world with mobile phones

Path beside Dow's Lake, Ottawa

The Economist recently published an interesting survey on mobile phones and telecommunications in emerging markets. One fact that is a bit startling is that, of the world’s estimated 6.8 billion people, 3.6 billion (53%) are estimated to own cellular phones. As one of the articles argues, a luxury item has become a tool of global development.

It will certainly be interesting to see what happens as smartphones begin to make the same transition. As the internet turns ubiquitous, it seems likely to change in ways more profound and unexpected than simply being available anywhere. As my own experience with smartphones demonstrates, the formfactor of these devices makes them less-than-ideal tools for browsing the conventional web.