WEBSITE SECURITY

Good day to all g2g members:

It has come to my attention that members have some concerns with the privacy of our website, so I thought I would speak to the smart lady who set up our website to learn what I could and pass it on to all.  Enclosed below is a synopsis of our conversation.  I know you will find this information most beneficial.  If you have any further questions, please do not hesitate to contact me.

Circulated by Bonnie Porat on behalf of Oceanside g2g.

Hi, everyone in g2g!

Bonnie Porat and I met this morning over coffee to talk about some details of maintaining the website.  In our conversation, she told me of some concerns that members had expressed, and I volunteered to write a few notes to pass back to the group.  Although I’m no longer a member, I remain wholly in support of this group!

It seems that one topic of concern has been website security.  This is a topic worth raising, if only to refresh basic understanding of the internet.  What’s familiar to one person is not necessarily familiar to someone else, given the range of computer comfort within the group.  So please stay with me as I touch on some basic points below.

Eileen Dombrowski

Website Privacy and Security

Question:  Is the website “secure”?

Answer:  That depends on what you mean by “secure”.  Nothing is absolutely secure on the internet, as we all know from following the news!  If there is something you don’t want anyone else to know, never use electronic communication in any way.  You might also reconsider telling anyone face to face, since doing so likewise involves security risks!

Question:  Can everybody “out there” see what’s on our Oceanside Grandmothers to Grandmothers website?

Answer:  That was the whole point of building a website.  A website is public so that anyone looking for information about the group can find it.  It is deliberately public communication and publicity.

The one exception is the part of the website that I marked “for members only”.  Although a sophisticated hacker could still find a way into it, I’m sure, normal people need the password.  If members don’t blab the password, then only group members have it.  If the group ever gets worried that someone has leaked the password, then it can easily be changed.  (And then everyone would have to note or learn the new password.)

Note that your browser may remember the password on your behalf (depending on your settings) so that once you’ve entered the password once, you may not be prompted to enter it in future from that same computer.

Question:  Are the blog posts that go out to members private? 

Answer:  No.  The blog posts appear publicly on the website at the same time as they are circulated to the emails of everyone who has signed up to receive them.  I trust that you will all have taken the time, at some point, to look at the “Upcoming events” section of the website.  Note also that the headings of all posts appear in the sidebar of the homepage.  If you’re ever looking for a blog message you were sent, and can’t find it in your email inbox, you’ll easily find it there.

I repeat:  the blog posts appear publicly on the website.  Anyone can go to our site and read them. People forget this periodically, I’ve found, so it’s worth repeating it…again.

Question:  What procedures should the group follow to respect member privacy, while still giving all appropriate information?

Answer.  There are some implications for privacy that guide choices:

  • No private information about anyone should ever be circulated in a blog post unless you have their permission (and maybe not even then). Information about sympathy and sunshine cards, for instance, is not appropriate (in my opinion) for blog posts.
  • If the group continues to want the minutes of meetings to be private, follow the system we’ve used ever since I built the “members only” section of the site. The minutes are posted there, and a blog message is circulated telling people that they are ready for download from the protected section of the website.  Ditto the Directory updates.  And….I hope this is obvious!!… the password should never be given in a public message!
  • If a response is wanted to a post in the blog (as is usually the case), then information on who to contact should be included within the message. In the past, people have been happy enough to have their names, email addresses, and phone numbers included in these posts if they’re the contact people.  However, if anyone in a contact position would prefer greater privacy, then their contact information should not be provided.  Instead, members can be told to look up their contact information in the Directory (Access to the Directory, as you know, is in the members only section of the website).
  • If you are responding to a post, don’t hit reply to write back to the website. It’s not a person.  It doesn’t care.  Someone authorized to maintain the website may find your message and pass it on – but probably not.  Instead, contact directly the person you’ve just been asked to contact, at the contact information you’ve just been given.

Question:  How can I tell the difference between a regular e-mail message from an individual in the group and a post from the blog of the website? 

Answer:  If a message in your inbox comes from the organization Oceanside Grandmothers to Grandmothers, with a heading and frame, it’s a message sent through the blog to you.  You should know who, at present, is authorized and able to circulate such a message in case you want one sent.  The past policy has been that the person circulating the message will note at the end “circulated by XXXXXX on behalf of XXXXXX”.

If a message comes to you from another member’s email, then it won’t come from the organization’s name, and won’t have the heading and frame.  Most communication within g2g flows through private emails, as committee members contact each other.

Question:  What’s the worst thing that could happen if I goof up in sending a message or replying to one? 

Answer:  Well, you’ll have to figure this one out yourself.  If people blunder, I’ve generally taken it pretty lightheartedly.  It’s important, I think, to keep personal information on people private and off the internet.  But if international spies find out about how we manage coffee, or what kind of jams and totebags we’re making, I suspect the sun will continue to rise.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s