Net Neutrality

Net Neutrality is getting more and more press, and as our lives become more dependent on the web, the decisions made in Washington on the subject of Net Neutrality are going to be very important. As such, everyone should have a good understanding of what is meant by Net Neutrality, the pros and cons, and how it might impact you.

The concept of Net Neutrality is that every packet of data processed by your internet service provider should be treated in exactly the same manner. Whether you are watching a movie stream over Netflix, carrying on a conversation using your VoIP telephone line, downloading music from iTunes, or just browsing the web, all of that data gets treated exactly the same way. It all receives the same processing priority.

For service providers, this presents something of a problem. The current market expects to be able to purchase an unlimited amount of network usage for a fixed price. This was fine for the service providers when the typical user only browsed a few web pages and downloaded some small files. Their network could easily handle the load without causing interruptions or delays in service to any of their customers. Enter video services like YouTube, Netflix, and iTunes video rentals along with peer to peer file sharing networks like BitTorrent, and service providers find that some customers are using a *lot* more data than others. Some customers might use so much data, in fact, that they cause service delays and interruptions for their neighboring customers. What is a service provider to do?

One option is to inspect the data going across the network and treat that data differently. Let's say you are a Comcast customer. You are using BitTorrent to download your favorite Linux distribution, and you also start watching a streaming movie through Comcast's on-demand movie service. Comcast might inspect that traffic coming from your home and cause the file sharing traffic to be processed at a lower priority than your streaming video. This way, you get a nice clear picture without interruption on your movie (and so do your neighbors), but your file download might take a while longer. Many service providers already have in place systems to detect peer to peer file transfer data and throttle the speed at which that data travels their network. This frustrates the file sharers, but also limits the impact they have on other customers using the network.

That scenario is the opposite of Net Neutrality. The service provider is inspecting data and treating data differently based on what the data is used for. But hey, they doesn't sound so bad right? I mean, the service provider is just balancing the load on their network to give the best service to all customers in all scenarios, right? Well, maybe. Consider, however, if you also subscribe to Netflix. You could watch a season of Weeds on Netflix streaming, but Comcast would really prefer that you pay them a monthly fee for the Showtime premium channels. Now that they have the equipment in place to inspect the data you are sending over the network, maybe they tweak the settings for Netflix data so that the image looks poor, or you get lots of re-buffering interruptions. Eventually you get sick of it and pay the $10 per month to get Showtime and, amazingly, the instant streaming content from Comcast video-on-demand shows up crystal clear and without delay.

This is the sort of behavior that the recently passed Net Neutrality bill aims to avoid. Internet service providers aren't happy with it, as it restricts their ability to manage their networks as they see fit. On the other hand, it is an important protection against potential anti-competitive practices.

A major concern for customers is the impact Net Neutrality will have on their taxes and on their internet service bill. As with any regulation, it requires auditing and enforcement, both of which require funding. That funding will necessarily come from taxes. This might become a new tax that you see on your internet service bill, or it might come from an increase in some other tax you are already paying.

The price you pay for your service might change as well, but that isn't due to any specific language in the regulation with regard to price setting. The regulation states that any two users paying for the same level of service should receive that service equally. Without the ability to throttle certain types of traffic, ISPs may choose to instead introduce tiers of service. If you have a cell phone plan, you are already familiar with this concept. The tiers of service increase the amount of data you may use with an increase in monthly price. This doesn't prevent users from hogging the network, but it does force them to pay for that privilege.

Throttling data based on service tiers *is* permitted by the Net Neutrality bill, and is something I am already experiencing through my own ISP. I live in a very rural location, and my internet service options are limited to dial-up, microwave wireless, and satellite. I use the microwave wireless service, which offers multiple tiers of service. I pay for one of the premium tiers, which means that the data I send on the network gets a higher priority than the data of users at other tiers. For example, let's say that my service provider can handle streaming two movies from Netflix at once. My neighbor, who has basic service, starts streaming a show. Another neighbor with basic service starts streaming a show. The network is now at capacity, and both neighbors are watching a show without interruption. Now, I start watching a show. Since I have a premium tier of service, my ISP allocates bandwidth to me at the expense of my neighbors at the lower tier. My show looks fine and is uninterrupted, while their shows get re-buffered as they fight over the remaining streaming slot. Now let's say someone else with my same level of service comes online to watch a show. The two of us at the higher level of service now use all of the available bandwidth, and the lower service tier receives none. In reality, an ISP would never completely shut off service like that, but those at the lower tier would certainly see their data come through at a miserable drip.

Net Neutrality is certainly a complicated issue. Service providers need the flexibility to be able to insure proper service to their customers at a reasonable rate, but we as customers also need to be protected from anti-competitive practices by those we purchase our service from.

Password Security

Given the massive security breach of the Gawker network of websites this weekend, it is a good opportunity to review password security. Users tend to accrue many accounts across a variety of services and sites as they use the internet. You might have one username and password for your web-based e-mail (HotMail, Yahoo, GMail, etc.) and another for your online shopping (Amazon, eBay, Red Envelope, etc.). You could also have accounts for your online banking and credit accounts. Add to those the social services you use (Twitter, Facebook, MySpace, FourSquare, etc.) and you can have more accounts than you know what to do with. The easy thing to do is to give up trying to remember different usernames and passwords across all of these sites and use the same one every time. This is very, very dangerous behavior, and I encourage everyone to move towards better online account security.

First, a brief discussion of why this behavior is dangerous. Let's say your name is Janet Weiss and your e-mail address is janetweiss@hotmail.com. For all of the sites you visit you use the username: janetweiss@hotmail.com. On every site you use the same password: 10041946 (your birthday). You use this same account information on every site you use on the internet: everything from your bank's website to the local message board for movie enthusiasts. Let's say that the folks running that message board aren't entirely on the up-and-up, and rather than hashing your password like they are supposed to, they store it in clear text in their database of users. One of the folks with access to this database, let's call him Floyd, can't resist the temptation and prints off a list of usernames and passwords, including yours. Floyd spots your username is your e-mail address, and tries logging into your account with the same password you used on the message board. Success, Floyd is now into your mailbox! Here, Floyd does a quick search to see what other accounts you might have. He turns up old mail that tells him all about the places you do your banking, shopping, and other online activities. He tries that same username and password at your bank and he's in! He quickly sets up a few major transfers between your bank account and anonymous accounts he has set up for himself. He regularly checks your mail and deletes any notifications you get about the transfer. A few days later, once the transfer is complete, Floyd is walking around with a pocketful of your savings.

Ouch! So what can you do to protect yourself from this sort of thing? The obvious answer is to not use the same password on all of your accounts. This can seem like a daunting task, especially if you enjoy using many services on the web. How are you supposed to remember all of those usernames and passwords?

As a first step, I recommend picking two or three passwords that you can remember. Make one a really difficult password, like a jumble of numbers, letters, and symbols that has no meaning to you. This is your 'high security' password. Only use this password on sites that you absolutely trust, and that protect your most important information, such as your bank. Be sure that if you are using this password that the site you are entering it on is using an SSL Certification (an easy way to check is to verify the web address starts with https:// not http://). Your browser might also put a lock symbol next to the URL. Your other password(s) is your insecure password. Use this on sites that you don't necessarily trust, but need an account to access. Using this password is a reminder that anything you enter on the site is probably insecure, so act accordingly. Also, assume that every place you use this password, someone else is going to figure it out and get access to the account. Never, under any circumstance, enter your critical account information (such as bank account or credit card number) on a site that does not use a security certificate (https).

Better, but still not a great feeling, right? If someone manages to figure out that 'high security' password, they will still have access to *all* of your sensitive accounts. The next step is to use different passwords on every service you use. That can be really intimidating if you use a lot of services. Fortunately, there are some tools available to help you. First, find a password manager you like, and start using it. I use KeePass, and I highly recommend it. KeePass allows you to save a username and password for all of the different sites and services you use. The information is stored in a secure, encrypted file. You can only open this file by entering a password. Pick a really strong password for this file, as it protects all of your other account information. KeePass will also generate strong passwords for you. Definitely take advantage of this feature. Once you start using KeePass (or any other password manager) there really isn't any reason to remember your individual site passwords. Just pull up the password manager and copy the password for the service you want to use to the clipboard, then paste it on the login screen.

This works great from one computer, but what do you do when you move between several computers in a day? One solution is to store the encrypted password file on a site that you can access from anywhere. I recommend Dropbox. You can install Dropbox on as many computers (and your smartphones as well) as you like and get 2GB of storage for free. Dropbox will synchronize the files you store with it across all of these machines. That way, when you add a new password to your list at work, you still have access to it when you get home. KeePass and DropBox both have apps for Android and iPhone as well, so you can load it on your smartphone and carry your passwords with you anywhere. If you don't have a smartphone, consider purchasing a cheap USB memory stick and putting it on your keychain. You can install KeePass to the memory stick and save your password file there, allowing you to carry it with you wherever you go. That way, if you stop in an internet cafe or library, you can still have access to all of your passwords.

Online security can be confusing, and it is easy to make yourself vulnerable to attack. Taking the step of using a password manager and different passwords on every site you use is a big step towards limiting your risk when using the web.

 
Jade Mason