[FYI] Secrets of Web Hosting

[Horns@t-online.de (Axel H. Horns)]

http://jya.com/sitesec.htm

-------------------------------- CUT --------------------------------

8 May 1999 

This site's host, AOL PrimeHost, has initiated a new snooping feature
which we didn't ask for, wasn't consulted on and find obnoxiously
privacy-invasive: our access log now automatically shows what URL was
visited just prior to accessing a file here. In the case of those
coming from search engines, it gives the topics and/or keywords the
visitor entered for searching. Here're samples (addresses xxx-ed. The
second is the NSA daily bot - note its prudent use of a proxy gateway
- which is as welcome as meat-hunks): 

[...]

Since we don't know who has access to our logs, and have to assume
they are many (see below), keep in mind the beneficial use of an
anonymizer and hope that the anonymizer is not compromised -- a long
shot according to recent news reports. 

PrimeHost is being bought by Verio we're informed, so it's going to
get worse as the fucking-millionaire-wannabes race to meet "business
market demand" for snooping on unwary consumers, having learned the
lessons of success while pigging out on mega-sales to world's
intelligence agencies snooping on citizens, like IBM , HP, Lotus,
Netscape and Microsoft -- see: http://jya.com/ic2000-text.htm. 

Date: Mon, 3 May 1999 10:08:47 -0400 (EDT)
From: sales@primehost-verio.com
Message-Id: <199905031408.KAA11204@mail.primehost.com>
Subject: Your PrimeHost Service -- Important

Dear PrimeHost Customer,

Important!  A change in your web hosting service is coming, and 
it's one we're certain will enhance your online business!  America
Online, Inc. recently reached an agreement with Verio, Inc. under
which Verio will be the exclusive business Web-hosting provider
throughout AOL, CompuServe, AOL.COM and AOL's Digital City.  Verio is
the world's largest domain-based Web-hosting company and a leading
provider of comprehensive Internet services to businesses.  As part of
that arrangement, Verio is purchasing certain web hosting customer
accounts from AOL, including yours.  Beginning in early May Verio will
thereafter also assume responsibility for supporting these accounts. 

How does this affect you?  Verio offers a range of web-hosting plans,
some with greater capacity and more features than what you currently
enjoy, which in many cases may cost less than what you are currently
paying.  Shortly you will receive a postal mailing with details of the
Verio web-hosting plans available to you, and the simple steps needed
to transition your account to one of those plans.  In the meantime, if
you have questions about the transition, please contact
sales@primehost-verio.com or call 1-877-874-6265 Monday to Friday
between 9:00 AM and 5:00 PM Eastern Time (US).

Both AOL and Verio are working closely together to make this brief
transition period as simple as possible for you.  Verio looks forward
to serving your continued web-hosting needs, and to making the Web
work for you!  

Sincerely,

Verio, Inc. 


5 June 1998 

Files 

There are about 3200 files on jya.com -- texts and related graphics --
put here since June, 1996. If access statistics interest see ours. A
directory of all files is available via FTP: ftp://ftp.jya.com. The
250K list will take a while to load. The bulk are misdated February
26, 1998, when our ISP moved the lot. 

Alert: There are files listed in the directory we didn't put here and
don't know who did. They come and go. Today we discovered a huge
(12MB) foreign file which appears to be a core dump by AOL, our ISP,
that contains private information about this site and other sites of
AOL customers (we've tried to delete it but cannot). We're dismayed by
this clumsy security of AOL, leaving trash for dumpster diving, but we
can't prevent it; we've asked for tighter restrictions and been
denied. Hence a warning on privacy: 

Privacy Warning 

We don't willfully disclose, but that's no assurance with the way the
Internet is designed for the convenience of its operators which leaves
it open to wizard intruders. We don't know who's snooping our site and
logs with intrusive tools. We can see that AOL checks this site
several times a day, leaves trash around containing private data,
sometimes cleans up, sometimes not, all allowed under our contract so
it claims -- or the trashing's being done by an authority camouflaged
as a renegade, inadequately supervised, ISP sysadmin. Due to lax
security we see evidence that unidentified prowlers can poke around
and leave who knows what hooks, traps, sniffers and contraband. 

So we don't promise false assurances of privacy which dissolve through
negligence, duress, business deals, bribes and increasingly
sophisticated intrusive technology. We believe it's best to try to
protect your privacy with trustworthy and up-to-date armaments --
particularly with the use of anonymizers, strongest encryption and
vigilance against snooping -- and to distrust disarming statements of
privacy policy that are probably out of date and touch. Or stay far
away from an Internet seemingly purpose-built for covert surveillance
of unwary users. 

Search 

Searching is not available. Use a general search engine, such as
AltaVista with "jya.com" as one of the terms. Updates go to AltaVista
+/- weekly. 

Comments welcome: jy@jya.com 

-------------------------------- CUT --------------------------------