What’s The Difference Between Whistleblower & Leaker?

Whistleblower
Whistleblower

Americans who get labeled a “whistleblower” become a hero. Get labeled a “leaker” and you could get branded a traitor and end up in jail. What’s the difference? It all depends on the status of information shared and the channels that the information travels through to become public.

Whistleblower Protections: In essence, a whistleblower is a leaker of information that certain parties would have preferred to remain secret. To encourage people to come forward with information out of concern for public safety, there are U.S. statutes that protect whistleblowers. However, there is a fine line between being a protected whistleblower or a criminal leaker.

Status Of Information: Any American citizen can disclose corporate or government information so long as it is not federally classified information or disclosures prohibited by the Uniform Trade Secrets Act.

  • Trade Secrets: A patented product or process is one tangible example of a trade secret. Patent information is protected for 17 years. But companies and individuals enjoy protection of certain trade related information other than what is covered by a patent. However a trade secret is specifically defined, it enjoys legal protection.
  • Federal Information: There are generally three categories of federally classified material: sensitive, secret and confidential. Category is determined by who might be harmed if the information went public. However, material must be de-classified after it ages past the 25-year mark unless it meets a narrow exemption, such as designs for nuclear weapons.
Whistleblower

Lifting The Veil: But what if it is in the best interest of the public that legally protected secrets be revealed? The difference between a whistleblower and a leaker is defined in the key decision on how to go about lifting the veil. To enjoy legal protection, a whistleblower must go through proper channels to bring the information to light. A leaker goes straight to the public. A whistleblower is legally protected from prosecution via the Whistleblower Protection Enhancement Act of 2012. A leaker doesn’t have the same protection. That is why leakers often exercise their freedom of speech in ways that protect their anonymity.

Information might be leaked anonymously to a news agency or journalist. Leaking directly to the public through the Internet is also popular. Platforms like OrangeWebsite are committed to supporting freedom of speech and make it easy to go public in a global forum.

Why Go Rogue? If there are legal protections in place that allow a concerned citizen to bring important information to the public’s attention, why risk legal trouble by becoming a leaker? There are usually three different circumstances that inspire a person to go rogue with classified information or trade secrets.

Whistleblower

1. Frustration: A person trying to serve public interest by first going through the proper channels may become frustrated if they experience stonewalling. The wheels of bureaucracy oftentimes churn quite slowly. A concerned citizen may have had every intention of being a protected whistleblower. They had a reasonable expectation of believing in “the system”. They wanted to put an end to improper corporate practices, abuse of authority or other circumstances they felt endangered the public or violated public trust. However, should they become anxious, awaiting results from their appropriate action of bringing attention to the matter within the proper channels, they might decide to go rogue. Especially if they believe that lives are at stake.

2. Money: Where trade secrets or military intelligence is concerned, the pay-out of a lifetime could become an irresistible temptation even for the most scrupulous concerned citizen. Enemies of the state and eagerly competitive entrepreneurs understand the value of such information. They are willing to pay to get their hands on what will surely be the information that will make their careers. The average citizen is no match for highly skilled negotiators tasked with securing sensitive information.

3. Political Motives: Although it is easy to ascribe political motives to many leaks that reveal embarrassing or compromising information about politicians, political motives can run much deeper. Sometimes there is real villainy attached to political motives behind a leak of classified information and trade secrets. Traditional politics can inspire a person to leak information that can endanger military and intelligence personnel. For countries engaged in wars, within the populace of their own country are those willing to do anything to resist and interfere in military action. But the definition of politics is more nuanced. Even a corporate environment has its own politics. A leaker of a trade secret could simply be a disgruntled employee seeking to sabotage an employer as a form of retribution.

Whistleblower

Where The Government Stands: Although it may seem that the U.S. government is always up to something nefarious, the truth is that agencies strenuously encourage blowing the whistle on misconduct or wrongful acts. There are hotlines provided, such as the Office of Inspector Generals (OIG). Presidential directives prohibit employer retaliation toward a whistleblower. The U.S. Occupational Safety and Health Administration (OSHA) has a whistleblower website. The Office of Special Counsel (OSC) is tasked with investigating and prosecuting allegations received from whistleblowers. By making it easy to communicate to federal officials about concerns, the government is signalling to concerned citizens that the State does, indeed, care about doing the right thing. But a whistleblower must be patient, understanding that the investigative process is tedious, lengthy and, by its very nature, quiet. It may seem like nothing is happening when the exact opposite is true.

The Risk Of Going Rogue: Should a whistleblower throw their hands up in the air, grow impatient and cross the line to become a leaker, they put themselves at risk for prosecution. Should a case be made against them, their motive will be the hinge upon which their case will turn. Even if a motive is concern for the public, but a whistleblower became impatient with the process, the mood of the country could still result in the full weight of the law coming down. In a national climate that is strained by war, hostile politics, and a number of public actors who became notorious leakers escaping justice, it could be that the federal government seeks to make an example of a leaker and any leaker will do. Even a leaker with noble intentions.

For more information on issues related to freedom of speech, security and online privacy, please contact us. That is our mission, to provide the world with a platform for the words they wish to share with the world.

Web Hosting Talk: Most Common Web Hosting Problems

Web Hosting Talk
Web Hosting Talk

Web Hosting Talk on the Most Common Web Hosting Problems

There are so many web hosting companies to choose from that many people find it confusing to choose one. Even once you’ve signed up with one, how do you know you’ve made the right choice? One of the interesting things about web hosting is that the better it is, the less you think of it. Ideally, your website is running so smoothly that you seldom give much thought to your web hosting company. It’s sort of like the electricity or plumbing in your house. You only notice it when something’s wrong. With this in mind, let’s have a little web hosting talk about some of the typical problems that individuals and businesses have with their hosts. These are all signs that it’s time to rethink your web hosting choice.

Slow or Unreliable Service

You depend on your web host to keep your website online. You also want to work with a company with fast and reliable servers so that your visitors and customers can load pages quickly. Nowadays, people have very little patience for slow-loading pages. Delays of even a few seconds mean losing visitors. That’s why you need web hosting that’s fast and reliable, with high uptime. Before you blame your web host for slow-loading pages, however, remember many factors affect page loading speed. For example, if you have images that aren’t optimized or lots of videos on your site, this can cause slowdowns. If you use WordPress, too many plugins could be the culprit. However, if you find that you’ve done everything possible to optimize your site and it’s still slow, your host may be the problem. If you’re shopping for a web host, try to identify some of their customers and test their websites for speed.

Web Hosting Talk

Unreliable Support

No matter what kind of website you have, it’s likely that you’re going to need support at some point. Whether it’s to ask a question about a certain feature or report a problem, it’s important that you can reach someone promptly and get your issue resolved. If you have a business, it’s even more crucial. Website problems can quickly translate into losing sales and customers. Unfortunately, not all web hosting provides reliable support. One feature to look for is that you can reach someone 24/7, not only during normal business hours. You don’t want to get stuck if a serious issue occurs on a weekend or late at night. Of course, support is more than someone answering the phone. You want to reach a knowledgeable and helpful person, not get stuck on hold or talking to someone who can’t solve your problem. Reading customer reviews of web hosts is a good way to gauge how strong a company is in this department.

Insufficient Security

With issues such as hacking and identity theft in the news, security is another essential element you want in a web host. If your site has already been hacked, this is a sign that your web host isn’t providing the level of security you want. Of course, you should also realize that security is also about the type of plan you choose. No matter who your web host is, a shared hosting plan is always your least secure option. If you have a growing business, you should seriously consider upgrading to VPS or dedicated hosting. However, even with shared hosting, there are different levels of security. Look for a web host with a secure data center (or multiple ones). Another important security feature is For example, your web host should offer security services such as two-factor authentication, which makes it harder for unauthorized parties to log in and access your site. Web hosts should also offer backup services to ensure you don’t lose your data.

Web Hosting Talk

Lack of Flexibility and Scalability

A website is not something static; you want it to grow and evolve along with your needs. As your business grows, your needs expand. A good web host makes it easy to scale your business. As mentioned, you may want to upgrade from shared hosting to VPS or dedicated. Beyond this, however, you want a web host that offers a great deal of flexibility. For example, if you do have VPS (Virtual Private Server) or dedicated hosting, does your host allow for unlimited data transfers? You also don’t want to overpay for hosting. A flexible host offers many plans so you’re only paying for the data you actually use. That way you can upgrade (or downgrade) your service based on your needs. Make sure that your web host is flexible enough to let your website grow.

You Don’t Have All the Features You Need

You shouldn’t have to compromise on the features or level of service you offer customers because your web host limits your capabilities. Does your web hosting company let you install PHP scripts, b2evolution, Joomla, WordPress, e-commerce platforms, or other features you need? Does it offer Windows as well as Linux hosting? While Linux hosting is the most common, some businesses use software that requires Windows hosting. The features you need depend on your own particular needs. When comparing web hosts, it’s wise to look ahead and consider the services you’re likely to want in the future.

Web Hosting Talk

Poor Value

When it comes to web hosting talk, you can’t ignore cost. At the same time, don’t be tempted to sign up with a web host simply because it’s cheap. Low price doesn’t always translate into good value. On the other hand, you don’t want to pay more than you have to for reliable hosting. When looking at plans and prices, make sure you read the fine print. Many web hosts offer cheap introductory prices but keep in mind you’ll have to pay the full price when you renew. Some reasonable plans force you to sign up for long periods such as two or three years. Carefully consider the cost along with all of the features and services the company offers to figure out whether you’re getting solid value.

These are some of the major factors to consider when assessing your web hosting or when shopping for a web host. Web hosting talk covers many issues, so it’s important to make sure that you carefully consider your own needs. If you’re looking for reliable, secure and affordable web hosting, contact us.

The Trouble with Let’s Encrypt

Lets Encrypt Free SSL

Lets Encrypt Free SSL

Lets Encrypt Free SSL

SSL certificates all perform the same task, but they aren’t all equal in quality. Let’s Encrypt issues certificates that are free of cost and easy to install, with the aim of making secure Web connections as universal as possible. The downside of this approach is that its certificates don’t offer much confidence in their authenticity. At OrangeWebsite, we’ve decided not to accept them on our shared hosting, though you can use them on a VPS or dedicated server. We’d like to let you know our reasons.

Not all SSL certificates are the same

Having an SSL certificate provides an encrypted connection between a browser and a Web server. The protocol family that supports this is widely known as SSL, but current versions are more properly called TLS. Connecting by TLS guarantees that the server belongs to the owner of the certificate. A certificate authority (CA) digitally signs the certificate, indicating it has confirmed its authenticity.

Anyone can create a self-signed certificate. It will enable encrypted connections, but without a CA’s signature, there’s no guarantee that the site owner is who it claims it is. Browsers warn users against trusting self-signed certificates.

Let’s Encrypt acts as a “free, automated, and open certificate authority.” It allows anyone to set up a secure website at no cost and with little effort. This is good, but prominent figures in the tech industry have expressed serious concerns about its certificates.

The process for setting up a certificate is simple. A couple of commands on a Linux server will do the whole job. The problem is with the level of authentication provided. The only validation is that the applicant for the certificate controls the domain it’s issued to. If you’re getting a certificate for example.com, you have to register it from example.com. There’s no checking who you are. This type is known as a “domain validated” certificate. Let’s Encrypt isn’t the only CA to issue domain validated certificates, but it’s the only one that doesn’t charge anything for them.

Lets Encrypt Free SSL

Certificates and trust

Just having an SSL certificate, especially one that’s only domain validated, doesn’t make a site trustworthy. It could be a near-lookalike for a well-known domain (e.g., micros0ft.com). Let’s Encrypt has reportedly issued over 14,000 certificates to domains that impersonate PayPal.

Some domains allow users control of subdomains (e.g., mydomain.example.com). They can obtain certificates for their subdomains. This can give the impression of approval by a well-known site. The subdomain may redirect to a different domain, on an independent server which the primary domain has no control over.

The most trustworthy SSL certificates are EV certificates. EV stands for “extended validation” and signifies that the CA has met certain standards for checking the applicant’s identity. It has checked and confirmed that the applying organization legally exists and is who it claims to be. Browsers generally indicate an EV certificate with a green symbol, such as a padlock.

Unfortunately, most people don’t recognize the nuances. If they see a padlock, they’re likely to assume the site is trustworthy. Since Let’s Encrypt doesn’t even require a payment method, its bar to registering a certificate is very low. It plans to check the Google Safe Browsing API for known phishing or malware sites, but that’s about the extent of its checking. There have been confirmed reports of malvertisers using its certificates. When certificates are free, it’s easy to set them up with throwaway domains.

We hope that in time, Internet users will better understand the difference between a secure site and a legitimate one. When the large majority of sites display a padlock in the address bar, browsers will need to make a clearer distinction among the levels of validation. Eventually they may warn users about sites whose certificates are only domain validated. If a browser did that today, though, it would have to issue a constant stream of warnings.

For the present, it’s a good habit to click on the padlock symbol of a secure site if there’s any doubt about it. The browser should give information about the site’s level of validation and its owner of record. Some browsers, though, will say nothing more than “This site is secure.”

Lets Encrypt Free SSL

Openness and trust

Let’s Encrypt has explained its policy. It argues that a CA is in a poor position to police a site’s content. It’s difficult to determine if a site is clean, and harder to check if it stays clean. The primary aim of the project is to make as much of the Web as possible use TLS. That will inevitably include rogue websites. These sites exist anyway; the only difference is that some people may trust them more when they see the padlock symbol.

Any issuer of domain validated certificates faces this risk, and even the EV level isn’t completely safe against malicious sites. A signed certificate isn’t and can’t be proof of trustworthiness. Let’s Encrypt doesn’t want to take on the role of a censor, and we appreciate that. At the same time, we don’t want to give dishonest websites the appearance of legitimacy if we can avoid it.

We offer several options for purchasing SSL certificates. The lowest priced ones are domain validated, but the annual fee will discourage acquiring certificates for throwaway domains. For a better level of validation, we offer the Comodo InstantSSL certificate with business-level validation. The best validation comes with our Comodo EV certificates, either for a single domain or for multiple domains sharing the same IP address.

Balancing trust and openness can require some difficult tradeoffs. One of our chief goals is to enable free expression, but we don’t want to be a magnet for deceptive and dangerous sites. We hope you understand the reasons for our choice. Feel free to contact us with any questions.