At Civicist, my plea for all of us to wake up to what’s happening, and to do something about it. This will take law as well as individual effort. Link:
“Why We Need to Take Back the Internet from the Centralizers”
We—you and I—are part of the solution, too. Unless we recognize what’s at stake, and think about changing our own habits, we’re part of the problem. Unless we advocate for liberty, we’re helping the control freaks win. We’ll need to do things individually, and as members of communities at all levels, to change the trajectory.
The Internet Archive is hosting a Decentralized Web Summit in early June. This is shaping up as a must-attend event for people who are concerned about the trajectory of modern technology and communications.
Open Technology Institute:
“The Protecting Cyber Networks Act would explicitly undermine every rule that is currently in place to protect Americans’ Internet privacy, and replaces them with dangerously weak protections. It would massively increase companies’ monitoring of our online communications and activities, and give them a nearly blank check to share that information with the government. Once all of that information is in the NSA and FBI’s hands, it could be used in investigations that have absolutely nothing to do with cybersecurity.”
A botnet controlled by bad guys is doing a brute-force attack on WordPress sites, apparently via the former default “admin” administrative account. My hosting provider offers these instructions on how to avoid this particular issue:
Until a couple of years ago, the default/starter account on every WP site was named “admin.” That’s no longer true, but there are still a lot of sites out there with an account called “admin.”
There is currently a large-scale botnet-driven attack going on that is trying to brute-force its way into WP sites by guessing passwords on the “admin” account.
Visit the Dashboard of each of your WordPress sites, click on Users, and make sure none of the accounts are called “admin.” If you find any, please make sure you have another account with Administrator privileges, then log in with that new account name and delete the account named “admin.”
While you’re in there, please take the opportunity to make sure you’re using a good strong password, and to update WordPress itself and all of your plugins.
UPDATE: Ars Technica has a deeply reported piece on this attack, with some excellent additional advice. I’m installing two plugins Ars recommends, one to limit login attempts and another that is a popular security add-on.
I gave a talk last week about this project at the Harvard Berkman Center for Internet and Society. (Video here.) The Nieman Journalism Lab’s Caroline O’Donovan has done a nice write-up here; it focuses more on the journalistic aspects of what I’ve been working on than the overall theme. Key thoughts from her piece:
These issues fall very low on the priority list for an industry that Gillmor described as being in a constant state of desperation. But the dangers are real, Gillmor says, and with his new project, he hopes to find ways of bringing the convenience of private platforms to services that are both free and secure.