Your Domain and Your Home Address

I often shock potential small business or nonprofit clients by knowing their home address or cell phone number during our first or second call. It’s easy if they have already purchased a domain. I don’t do it as a scare tactic, but as an educational moment about the need to plan ahead and think through security issues.

By the time someone or a business or group has come to me with an idea for a new website or marketing strategy needs, they’ve purchased or at least thought about a domain name. There are copious services out there that will sell you a domain for a range of prices. GoDaddy is perhaps the most popular due to its marketing over the years. Unfortunately, GoDaddy has a reputation in the tech world of being the Monarch of UpSells. You can go there to buy a domain but you have to wade through the other options of website hosting, email addresses, security services, and a fee to protect your domain name privacy.

That last one is something that has irked me for a while about GoDaddy and similar domain name sellers (including Google) that don’t offer free domain privacy and private registration. Again, many of my clients are shocked when they find out their home addresses are now public records tied to their great idea for a domain or their business’ domain.

Before private individuals started buying domains and GoDaddy / Squarespace / Wix / Weebly (all who will sell you a domain) started marketing how “easy” it is to build a website, it made sense that domain information would and should be public. Most domains were bought by agencies or companies tied to specific interests. However, that has all changed and domains should include domain privacy when purchased in 2018.

People are more and more becoming interested in privacy and security matters, and this only makes sense for everyone. Stop upselling it.

Good move from Namecheap.

When you register a domain, ICANN requires registrars to provide them with your contact information (such as name, email, address, and phone number). This is then added to the Whois database. This database lists the owners of every domain name online, and it can be searched by anyone on the Internet.

— Read on www.namecheap.com/security/whoisguard.aspx

Harrelson Agency is Now a Cloudflare Certified Partner

I’ve spoken at numerous events and conferences on the topic of web hosting and security and I’ve been quoted in the New York Times about that same topic over the years. Website security is something near and dear to my heart and I made sure to bake that into the very essence of every website build I’ve done since 2004 and since the founding of Harrelson Agency back in 2012.

The last few years have presented incredible challenges for website hosting companies and developers (and those that care about online security). Just think… applications like Bleachbit and terms like “private email servers” and “DNS hacks” and “SSL” have gone completely mainstream due to the 2016 Presidential election here in the US and high profile hacking of celebrities’ personal iCloud accounts. Edward Snowden’s revelations about the NSA’s oversight of American citizens’ online privacy as well as the ongoing drumbeat of news regarding the manipulation of Facebook and Google to sway news consumption around the globe has put online security in the crosshairs of attention.

I didn’t realize just how much Harrelson Agency would grow into a website host when we first fired up the servers six years ago. But over the years, our insistence on ethical website hosting as well as transparent and ultra-secure hosting have become one of our selling points with clients. It’s why we get so many nonprofits and churches and political groups coming to us for both hosting and consulting as well as website design work. We sweat the small details and it’s fun to work with a team that gives a damn about protecting our customers and clients. Seriously, I never thought website hosting would be something that would be a big chunk of our revenue but it’s becoming more and more a larger piece of the pie as groups, companies, politicians, and religious organizations realize the need for quality over something cheap like … well, those “start a free website today!” ads you see during the Super Bowl.

So, I’m proud to announce that we’re now a “Certified Partner” with Cloudflare. I personally trust and use Cloudflare on all of my sites (this one included) as well as our home’s DNS. It’s a fantastic service and I couldn’t be more proud to work with such a great group of people who are as passionate as I am about online security. Plus, their solutions are fast.

Here’s the email I’m sending out to our clients tomorrow in our newsletter with some words from the Cloudflare team:


“Harrelson Agency is excited to announce our partnership with Cloudflare, the website performance and security company.

Cloudflare is a content delivery network (CDN) that increases the performance and security of every website on its network, protecting from a broad range of threats and attacks. Over 7,000,000 websites run on the Cloudflare network—ranging from individual blogs to e-commerce sites to the websites of Fortune 500 companies to national governments. Cloudflare powers almost a trillion monthly page views—more than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing, eBay, PayPal and Instagram combined—and over 25% of the Internet’s population regularly passes through our network.

Cloudflare increases the speed and security of your website and delivers faster web performance

Cloudflare was designed to take a hosting platform like Harrelson Agency’s and make it more fast, secure, and reliable.

Cloudflare runs 151 data centers strategically located around the world. When you sign up for Cloudflare, we begin routing traffic to the nearest data center.

As your traffic passes through the data centers, we intelligently determine what parts of your website are static versus dynamic. The static portions are cached on our servers for a short period of time, typically less than 2 hours before we check to see if they’ve been updated. By automatically moving the static parts of your site closer to your visitors, the overall performance of your site improves significantly.

Cloudflare’s intelligent caching system also means you save bandwidth, which means saving money and decreases the load on your servers, which means your web application will run faster and more efficiently than ever. On average, Cloudflare customers see a 60% decrease in bandwidth usage and a 65% in total requests to their servers. The overall effect is that Cloudflare will typically cut the load time for pages on your site by 50% which means higher engagement and happier visitors.

Broad web security

At the beginning of 2016, Cloudflare experienced and mitigated against some of the largest distributed denial of service (DDoS) attacks ever seen. As attacks like these increase, Cloudflare is stepping up to protect websites.

Cloudflare’s security protections offer a broad range of protections against attacks such as DDoS, hacking or spam submitted to a blog or comment form. What is powerful about our approach is that the system gets smarter the more sites that are part of the Cloudflare community. We analyze the traffic patterns of hundreds of millions of visitors in real time and adapt the security systems to ensure good traffic gets through and bad traffic is stopped.

In time, our goal is nothing short of making attacks against websites a relic of history. And, given our scale and the billions of different attacks we see and adapt to every year, we’re well on our way to achieving that for sites on the Cloudflare network.

We’re proud that every day more than a thousand new sites, including some of the largest on the web, join the Cloudflare community. If you’re looking for a faster, safer website, you’ve got a good start with Harrelson Agency.”

Most People Don’t Want Privacy

The broader question is the tradeoff between privacy and advertising. While a tempting noun, most people don’t really *want* privacy, let alone understand what that means. It’s definitely not an unattainable goal, but it does require work… which is something many of our fellow citizens are reluctant to pursue when it comes to such technological conditions.

Third, Google and Facebook’s advertising advantage, already massive, is going to become overwhelming. Both companies generate the majority of their user data on their own platforms, which is to say their data collection and advertising business are integrated. Most of their competitors for digital advertising, on the other hand, are modular: some companies collect data, and other collect ads; such a model, in a society demanding ever more privacy, will be increasingly untenable.

Source: Open, Closed, and Privacy – Stratechery by Ben Thompson

1.1.1.1

DNS is an important and overlooked backbone structure of how we interact and communicate with the web. If you think that Facebook and Google knowing so much about you is weird, you definitely don’t want to go down the rabbit hole of probing what your Internet Service Provider knows about you based on all the traffic that flows through them and their DNS services that you subscribe to.

I’ve been using Google’s 8.8.8.8 DNS for many years, but excited to see another new player that promises complete encryption and privacy. Granted, Cloudflare is becoming a point-of-failure worry given how much heavy lifting they do as a content delivery network for many sites (including this one), but more competition is a good thing in this case (especially if they aren’t advertising companies).

Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.

We think that’s gross. If you do too, now there’s an alternative: 1.1.1.1

Source: 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver

Surveillance Capitalism

Surveillance capitalism is deeply embedded in our increasingly computerized society, and if the extent of it came to light there would be broad demands for limits and regulation. But because this industry can largely operate in secret, only occasionally exposed after a data breach or investigative report, we remain mostly ignorant of its reach.

Bruce Schneier – Facebook and Cambridge Analytica