All mailing lists (also known as listserves) are managed via email - a form of communication that is inherently insecure. Sending mail via the Internet is like sending a postcard through the post office - given the time and resources, anyone who wants to read your mail can do so. So the tips below will not completely ensure secure and private mailing lists.
One way that you can circumvent some security issues is by using Web-based commercial list services like those discussed in Part 2B. These services often provide all the capabilities of commercial mailing list software - mass emailing, easy subscription and unsubscription procedures - with easier management, better security, and extra options like archival abilities. As noted in Part 2B, however, while these services are usually free there are some drawbacks. The companies that provide them attach short advertisements to the top or bottom of all mailings, and most include terms of use that give the service ownership of the content of your lists. You can find a listing of "community groups" at http://dir.yahoo.com/Computers_and_Internet/Internet/Chats_and_Forums/Mailing_Lists/.
Encourage people to use "disposable" email addresses when signing up for your mailing list. (See "Tips for Mailing List Members," #1, below, for information on "disposable" email addresses.) While this policy is impossible to strictly enforce, you can promote it by suggesting it on the mailing list sign-up page of your Web site and other written material that includes information about signing up for your organization's list.
Hide the list membership when you configure the list. Unless the list administrator explicitly disables the ability for outsiders to view the list membership, anyone on the Internet can view the entire membership of a mailing list with a simple e-mail command.
If your list is used for announcement purposes rather than open discussion among members, you'll want to configure your list to restrict posting privileges. Allow only staff members or trusted volunteers to post to the list, rather than allowing all subscribers to post. This will help prevent spammers or email harassers from attacking your members.
If your list is used for open discussion among members, you'll want to configure your list to be moderated (see Part 2B.) Designate a staff member or trusted volunteer to serve as moderator and approve every post before it is sent. This will help prevent spammers or e-mail harassers from attacking your members.
Use a "disposable" e-mail address when signing up for mailing lists. "Disposable" e-mail addresses minimize the risk in the event an unauthorized person gains access to the list membership.
A good "disposable" e-mail address has two characteristics: strangers
cannot easily gain information about the sender merely by looking at
the address, and the "disposable" address is separate from a personal
or work e-mail address. The e-mail address "
," for
example, would not make a good "disposable" address, because
strangers can easily decipher that the address belongs to someone at
NetAction whose first name is Audrie.
Good places to obtain "disposable" e-mail addresses are websites that offer free webmail, such as Yahoo! or Hotmail. You can find a listing of free e-mail sources at Yahoo's listing of free e-mail sources.
The Internet allows users separated by thousands of miles to communicate instantaneously, and the physical distance between users can lead to a false sense of security. In reality, the World Wide Web is highly insecure. If you want to see exactly how much information can be obtained about you and your computer when you visit a Web site, take the test at http://www.privacy.net/analyze/.
Internet "cookies" are text files that Web sites place on the hard drive of your computer when you visit the site. Some people don't like having their online movements tracked, and view cookies as a threat to their privacy. Other people aren't troubled by cookies. Whether or not you like having your movements tracked on the Internet, cookies were created for legitimate business purposes. Online shopping sites, for example, use cookies to "remember" which items you have placed in your "shopping cart."
How dangerous are cookies? Cookies are simple text files, so they cannot transmit viruses or cause any other damage to your computer's hard drive or to your data. But there are good reasons to be concerned about your privacy. Both Netscape Communicator and Internet Explorer, the two most popular Web browsers, contain several potential major security holes related to cookies. For example, one privacy monitoring Web site (http://privacy.net/) discovered a bug in both Netscape and Internet Explorer that allows any Web site to download all cookies on a user's computer. Though the bug occurs in only one out of thousand computers, it allows Web sites to obtain e-mail addresses, passwords, and other sensitive information from affected browsers. (For more information on this bug, see http://privacy.net/cookiebug/.
Give your Web browser a free upgrade to the latest version, which should include a patch that fixes cookie-related security bugs like the one described above. You can update Netscape at http://home.netscape.com/ and Internet Explorer at http://www.microsoft.com/ie/.
If you want to know how often Web sites place cookies on your computer, set your Web browser's preferences to alert you when sites are about to place cookies on your computer, and then visit some of your favorite Web sites. Most browsers have three options for cookie notification:
In Netscape, you will find these options under Edit --> Preferences
--> Advanced. In Internet Explorer, go to Tools --> Internet
Options --> Security", click on the button that says Custom Level
and scroll down to the section entitled Cookies.
Since many cookies are harmless, and popular websites such as Hotmail and Amazon.com utilize them in many transactions, you may not want to deny all cookies. The second option - asking your browser to inform you when a website presents you with a cookie - affords you the option to deny a cookie from websites that you may not trust.
SSL is an Internet standard that provides for the safe transfer of personal information, such as a credit card number, over the Internet. It does this through encryption, a process that scrambles the information you type on a Web page into a code that can only be read by someone with the specific key to unlock that code. When directed to a Web page using SSL, your browser will automatically encrypt all information that you submit to the Web site. Any time you are asked to provide sensitive personal information on a Web site - such as your credit card numbers or home address - you should use a secure Web site, as explained below.
https:// instead of the
standard insecure http://.Any Web site that asks you for information should explain its privacy policy and tell you up front what it intends to do with that information. A good privacy policy will tell you exactly what information the Web site collects from visitors, as well as how that information will be used. For example, if the Web site includes a mailing list sign-up form, the policy should disclose whether your address will be shared with other Web site operators without your permission.
Examples of robust privacy policies include:
When not referring to the canned pinkish meat, "spam" refers to the mass mailing of unsolicited e-mail. ("Spam" also refers to the unsolicited or junk e-mail itself.) Like traditional junk mail sent through the post office, spam is annoying and wasteful, and at times deceitful or offensive. Examples of spam include e-mail advertisements for consumer products, pornographic material, and get-rich-quick scams. Internet hoaxes, the virtual equivalent of urban legends, are another form of spam, as is unsolicited political e-mail.
Spam is wasteful for several reasons. E-mail users across the world waste time downloading, reading, and deleting unwanted e-mail. Furthermore, spammers (the people who send spam) usually target large groups of e-mail users, adding significant stress to mail servers, the computers operated by Internet service providers to send and deliver their customers' e-mail. In the worst cases, spam can completely overwhelm a mail server, causing it to shut down and preventing the ISP's customers from sending or receiving any e-mail.
Sometimes it can be hard to determine whether a particular email message is spam or is useful, wanted information posted to a mailing list for outreach purposes. If you manage a mailing list for your organization or your own personal activism, use the tips below to make sure that you don't alienate your subscribers by sending them spam.
Don't send out unsolicited mass e-mailings, or subscribe people to mailing lists without their permission.
Never post action alerts to email discussion lists or news groups on unrelated issues. If your action alert is about clean air, you're likely to get flamed if you send it to a discussion list focused on free speech.
If you want to create your own mailing list, start by sending a message to appropriate discussion lists and newsgroups, announcing the new list and inviting people to subscribe. "Appropriate" means the topic of the discussion list or news group is related to the issue you address in your message. Be as specific as possible about the topic and how the list will operate. Will it be an unmoderated discussion list, or a moderated announcement list? Will there be several postings daily, or one posting every few weeks?
As explained in Part 2B, avoid using the "To" and "Cc" fields when sending messages. Put your own e-mail address in the "To:" field and use the "Bcc" field for all the other addresses.
When you receive spam, do NOT reply to the sender and ask to be taken off of the list - even if the mailing instructs you to do so. Often spammers will take the e-mail address of the people who reply to spam mailings and add them to other spam lists.
Use a "disposable" e-mail address when registering with websites. (See the section on mailing list privacy issues for more information on "disposable" e-mail addresses.)
Further steps to combating spam include reporting spammers to their ISPs, who will often take action against them by shutting down their accounts. Visit the Network Abuse Clearinghouse for more information on how to report spammers.
Other risks may not be as obvious:
In the winder of 2001-2002, NetAction conducted an online survey of security practices in nonprofit organizations to find out what nonprofit organizations are doing to prevent cyber attacks.We published the survey results in January 2002. Our checklist of cyber security practices can help you assess and improve your organization's computer security practices.
Copyright laws apply to material published on the World Wide Web just as with books, articles, CDs, and videos. But many Web pages lack explicit copyright notices that inform visitors of what may or may not be downloaded or posted elsewhere, for public or private use.
When creating a Web site containing original material, it's a good idea to post a copyright policy in an easily noticeable spot. An example of an extensive copyright policy can be found at http://www.mlanet.org/copyright.html.
The "Digital Millennium Copyright Act" was enacted in October 1998 specifically to address Internet copyright issues. For more information on the DMCA, please visit the Association of Research Libraries' analysis of the bill at http://www.arl.org/info/frn/copy/dmca.html.
Unless explicitly stated otherwise, all original content on a Web site is copyrighted to the creator or owner of that Web site. If you would like to use content, text, or graphics from someone else's website, both common courtesy and the law dictate that you must first obtain that author's permission.
Web page addresses are merely links and cannot be copyrighted. However, a collection of links that an author compiled may be copyrightable, since it would be the author's original collection.
Because of the nature of the Web, it is not always easy to determine exactly what content on a Web site is subject to copyright laws. For some practical tips for dealing with copyrights on the Web, visit The Copyright Website: The WWW, at http://www.benedict.com/digital/www/webiss.htm.
For more information on copyrights and the World Wide Web, see the following sites:
Censorship is a complicated issue that divides some progressive groups that generally agree on other issues. Free speech advocates like the American Civil Liberties Union (ACLU) and the Electronic Privacy Information Center (EPIC) have opposed any limitations on Internet speech, but other organizations worry that acts of violence may be promoted if there are no restrictions at all on hate speech. Planned Parenthood, for example, won a $109 million judgment against the authors of the "Nuremberg Files" Web site, arguing that the site incited visitors to conduct acts of violence against individual abortion providers. (See Planned Parenthood's press release and an alternative view on free speech.
The proliferation of pornography, hate speech, and other offensive content, as well as the potential threat of Internet predators, raises concerns among parents about what their children view online. Some parents use filtering software such as NetNanny and CyberSitter to block access to Web sites they consider inappropriate for their children, or simply offensive.
But filtering software can also inadvertently block useful Web sites. Most filtering software look for "keywords" when blocking specific Web pages. Yet Web sites that support breast cancer research, for example, may be blocked because they contain the word "breast."
For more information on the capabilities of filtering software and reviews of the most popular brands, visit PC Magazine's 1998 Utility Guide: Parental Filtering Utilities. For more information on the problems with filtering software, visit Peacefire.
Next: The Virtual Activist Reader