A Micro-ISP In The Mountains

If anyone in the world is qualified to run an ISP, it’s Kenneth Adelman. How many people, when asked by tech support staff if they know how to run a traceroute, can answer, “Look at the traceroute source code – it has my name in it”? Adelman co-founded two internet software companies in the 1990s, sold them and retired in his 30s to devote himself to artistic, athletic and environmental pursuits. Now, in addition, he runs a small ISP in his spare time.

Nearly 20 years ago, when he moved up into the mountains near Santa Cruz, Adelman had a T1 line connected to his house to communicate with Cisco, which had bought his first company, TGV. His neighbors, who were struggling to find internet service, pleaded to share his connection, and he obliged. Then their neighbors started asking. As time went on, he incorporated the business, acquired six more T1 lines and shared service wirelessly with 12 households.

As he began to serve farther-away customers, the load grew, and so did his payments to the telephone company. By 2017, putting up a wireless tower made sense. Cruzio was willing to provide 500 Mbps of wireless backhaul to the tower for less than the cost of T1 service, and Adelman now distributes this bandwidth to 35 customers, using primarily Ubiquiti wireless gear. (One customer actually has a fiber optic connection from the tower.) He charges customers between $130 and $300 per month, depending on speeds. Several customers get discounts for relaying services to others.

Connecting each customer takes a lot of work – way more than what a “real ISP” would do, according to Adelman. For liability reasons, he doesn’t install wireless dishes, but he goes up onto rooftops with his neighbors or their contractors and shows them how to do it, and he often adjusts their Wi-Fi for them. He estimates that this upfront work pays off after a year – and keeps on paying. (He has essentially zero churn.)

“Cruzio was interested in supporting people with my business model,” Adelman says. Cruzio offers not only backhaul but also expertise, helping him select hardware, wiring and so forth. “It’s beneficial for both of us because if I sell to them, they get a network built to spec,” he points out. The other benefit Cruzio would get is a group of happy customers it could acquire without marketing costs.

With 35 customers, Adelman is still able to work in an informal, neighborly way. There are no written contracts. One customer pays him in fresh fish. Another helped him with tower work when he broke his leg. For now, he has plenty of bandwidth, and Cruzio could easily double what it supplies him.

So when will he give up his ISP hobby? Not until it starts to seem like real work, Adelman says. If the business keeps growing, he will eventually have to put in a real billing system and hire someone to help with installation – and then it won’t be fun anymore. At that point, it will be time to start talking with Cruzio about selling the system.

Excepted from Broadband Communities Magazine March/April 2019, By Masha Zager
https://www.bbcmag.com/rural-broadband/cruzio-launches-ftth-in-santa-cruz

The Actual Email that Hacked Hillary

Remember when Hillary Clinton’s campaign email was hacked? It wasn’t a brainiac code-cracking algorithm. It was simple human deception.

The hackers sent an email which led her campaign chair, John Podesta — after asking advice from his IT professional! — to enter his login and password into a phony website. That’s called a phishing scheme and it depends on sounding like an authority when you’re really a cheat.

Here’s that actual email below:

John Podesta isn’t stupid, and wasn’t without resources. There was a slight mixup when his IT advisor recommended he change his password directly on Google, but unfortunately Podesta, or someone on his staff, used the link in the email instead.

A whole lot of trouble could have been avoided if they’d been familiar with this rule of thumb: when there’s a password or other personal information involved, go to a company’s website directly rather than clicking on a link in email.

And another rule of thumb: the more urgent the email sounds, the more likely it’s a scam.

A version of that same email fooled Colin Powell and the Democratic National Committee. And in the years since, schemes have gotten more sophisticated.

This article was featured in our newsletter. To read more content from our newsletter, visit our archive page and sign up for our email list.

Cruzio Proposes Mid-County Fiber Internet Construction

Everyone in our community should have equal access to high-speed, affordable internet. This has been Cruzio’s goal throughout our history, and it’s why we’ve been constructing our own fiber network, Santa Cruz Fiber.

 

Following our success building in downtown Santa Cruz, there is potential for a new project in mid-County. We’re calling it Equal Access Santa Cruz. Financing for the project would come from a state grant,  for which Cruzio recently applied.

 

This project fits the grant’s purpose to a T; improving internet access in areas which aren’t well served. We have support from Congressman Jimmy Panetta; State Assembly Member Mark Stone; County Supervisors Zach Friend and John Leopold (in whose districts the project lies); the County Office of Education; and many others.

 

Here’s a description of the project:

 

Equal Access Santa Cruz

map of EASC project

Working people in Santa Cruz are sometimes situated in islands where housing is more affordable but internet is not.

Our county in general is considered prosperous, but there is a lack of internet access in working class neighborhoods that’s known to many of us and indicated on recent availability maps from the CPUC. The map is a good start because it means that CASF funds are available from the State of California to help finance improvements to internet connectivity in these areas. Specifically, we are looking at several mobile home parks in the Aptos/Capitola area.

Cruzio proposes to apply for the CASF grants to serve their residents with low-cost, state-of-the-art speeds of fiber internet: gigabit-per-second internet for about $50 per month, lower for income-qualified households. That rivals the best internet offered in the USA.

The project would make use of the Sunesys fiber installed with state funds in 2014. It involves expanding Cruzio’s existing fiberoptic network into these mobile home parks with underground construction. The areas we’re proposing to connect are marked in red in the map above.

About Santa Cruz Fiber

Cruzio’s Santa Cruz Fiber networks are robust and long-lasting — fiber optic cables can be used to provide not only what’s considered high speed internet today but can be used with more advanced technologies to provide hundreds or even thousands of times as much bandwidth in the future.

Cruzio has already built a similar mobile home park network in downtown Santa Cruz. It’s a great success: El Rio is the best-connected mobile home park in the country, and our story has attracted nationwide attention. We think proceeding further with the same type of project into different parts of the county will kickstart further expansions into other unserved neighborhoods.

Who’s Really Underserved?

A map of other “underserved” areas is below. These maps are notoriously inaccurate, and one of our challenges is to find out what areas of the county are actually in most need of internet — and then to do our best to extend great internet to those areas. Check the map: is your neighborhood represented accurately?

Now that we are experienced fiber network builders, the only thing slowing us down is funding. So the possibility of a grant would go a long way to getting reliable, low cost gigabit internet to all of Santa Cruz County, which is always our goal.

Your Voice Counts

What really helped us get our previous projects going — whether all-fiber or fiber-backed — was enthusiasm from neighbors. We asked for “fiber champions” to come in and talk to us about their neighborhoods and they definitely contributed to our decisions. We know there are other parts of our city and county that want us to build — to provide competition, which lowers prices and improves service. We’re eager to get it done.

Your voices will help if we get to the next stage of the grant application. If you need better internet, please let us — and your elected officials — know where you are!

underserved areas in Santa Cruz

“Underserved” areas of Santa Cruz County are in orange

Back in the Day: the Game was Rogue

In honor of Cruzio’s 30th anniversary this year, we’ll be putting out some of our crazy old stuff.

view of rogue game

We’re being attacked by an orc

Our obsession was Rogue. Everyone played it when they should have been working. The graphics were all keyboard characters, like letters of the alphabet or symbols like # and @.

Why were we playing with such rudimentary graphics? Because that’s all we had. That’s right, this was before people had access to graphical computers, especially at work where we were using something called “dumb terminals.” In the early 1980s most people didn’t even have a mouse on their computer! Rogue was keyboard-driven. You didn’t even need to use the arrow keys: H,J,K, and L moved your player around the maze.

macintosh 1984 ad

But computer graphics made big strides, killing the old character-based games

We didn’t have real graphics till Steve Jobs and Apple came out with the first mass-marketed graphical computers in 1983 (the Lisa) and 1984 (the Macintosh. Remember the 1984 superbowl ad? It’s worth a look, even now).

But when we played with ASCII, the game was Rogue. The game was maddening and addictive. It put you on a treasure hunt and attacked your vulnerable little self-character with bats, snakes, kestrels (kestrels? yes, kestrels) and all manner of imaginary creatures. A bat looked like this: B. A snake looked like this: S. Treasure looked like this: $

And you, little you — you were an at sign, @, constantly running, dodging, picking up $ whenever you could.

Cruzio’s founders worked in a software company where we and fellow engineers often worked all night and all weekend. We took brain-vacations at our desks by playing rogue. Everyone in the office played it.

Rogue was hard, and after getting through tunnels and mazes and evading weird creatures you got attached to your simple virtual @ self. Yelps and cries were heard in the office when the end finally came to a game. Then, back to work.

Rogue was created by Michael C. Toy and Kenneth C.R.C. Arnold in 1983. By the way, the aptly named Toy is a Santa Cruz resident so it’s one of those great Santa Cruz contributions to the world of tech.

Want to play? You can play Rogue on a simulator here. Try it!

What the Internet is Doing with Your Data

privacy iconCruzio wants to protect your privacy. We are zealous about our own practices and we want to keep you informed of how other entities on the the internet are dealing with you.

We all know that data harvesting practices are widespread, but we can’t know all the details. When businesses are collecting data, they’re not subject to requirements for transparency. In fact, quite the opposite — methods of gathering and selling user data are considered trade secrets and are closely guarded. Private companies often “get away” with gathering more data than the government can.

(By the way, not all internet companies gather and sell your data. Cruzio does not.)

Despite the secrecy, public attention has recently encouraged reporters to dig in to the details. There’s so much to talk about that we’re separating it into several newsletters.

Here’s What We’ve Found, Part 1:

What, exactly, are online companies gathering from us?

A little background, to start. Most apps on your computer, phone, or other device have two purposes: one is the obvious one, the weather app that displays the weather, the social app that lets you see what your friends are doing.

The second purpose every app serves is much less obvious: to gather information incidental to the primary purpose, and sell it. You give the weather app your location. You give the social network your age, gender, and much more.

You might think, that’s not so valuable. What does any one app know? But the data doesn’t stay with that single company.

After gathering information, companies sell their caches to central data brokerages so that data from many different apps is gathered together in one place to form an ever-more-complete picture of you: where you hang out, what you spend, who you know, what you think. Data gatherers even brag that they can tell what stores you enter  — and where you go inside the store.

What Are They Vacuuming Up?

It all starts with the gathering of information. Gizmodo has an excellent summary of what apps, browsers, and web pages gather from the moment you click on them. They gather inconsequential bits of information that a browser uses to display your web page properly into what’s called a “fingerprint” — an identifier. Your name might not be gathered, but no one else on the internet, or very few people, are in the same part of town as you, with the same size and version computer, running the same version of a browser. You’re not known necessarily by name, but a name is easily attached when other information is added.

You Can See Tons of Data Collected by Google and Facebook

You can see a lot of the information that’s been gathered about you. Cruzio’s dauntless reporter Brian Bishop did a deep dive into the information cached in his blog post What Do Tech Companies Know About Me, Turns Out a Lot. The Guardian found even more.

The data gathered is often only tangentially related to what the app seems to be doing.  Tech Crunch reports:

“A great example of that is Facebook’s  Nearby Friends. The feature lets you share your position with your friends so — and here’s that shiny promise — you can more easily hang out with them. But do you know anyone who is actively using this feature? Yet millions of people started sharing their exact location with Facebook for a feature that’s now buried and mostly unused. Meanwhile Facebook is actively using your location to track your offline habits so it can make money targeting you with adverts.”

And did you know that Amazon keeps recordings of all your interactions with Alexa?

Can You Really Delete Information?

Many apps allow you to remove your information. But that often means they remove it from your sight, while keeping it in their data caches. And they may have already sold it to another company anyway. Even if data has been gathered or shared illicitly or illegally, the horse is out of the barn.

For example, Cambridge Analytica sold data in the 2016 election. Facebook had shared the data from tens of millions of users without their permission, but with the condition that it be deleted/returned afterward and used for limited purposes. But Cambridge Analytica never deleted the information. And they used it for their own, uncontracted, purposes, sold their findings to political campaigns, and there’s no way to walk that back — the company is gone but the personal profiles have been disseminated . Who else has data that’s left the barn?

And Then There’s the Data Collected by Hackers

You’ve certainly seen headlines about gigantic data thefts, where personal information is gathered by criminals who hack into the computers of large corporations, like Target, or banks, or even government bodies, like the Veterans Administration. We’ve written before about where your data goes after it’s been hacked. This information is less detailed than that gathered by apps and websites, but it’s much more devastatingly personal and can be used for dentity theft. It includes names, addresses, passwords, social security numbers, and more. You can check whether your information is out there by seeing if you have been “pwned.”

Do You Want to be Tracked?

Before we go further, let’s get down to a big question.

Gizmodo has published  tools to help you block some of the tracking. But remember: most of the data is gathered by an app you’re using for a reason, and blocking data may hurt the app’s performance. Do you want an online vendor to forget your shopping cart contents next time you go to the site? Do you want your weather app to lose track of locations you check frequently?

You might want to be selective about what tracking you prevent. Many of us go to a “stop tracking me” form and hesitate, mouse hovering over the choice. Do we want to lose the functionality that goes with the data? In a way it’s not really giving us a reasonable choice: it’s either everything or nothing

And we often hear, “I don’t care. I have nothing to hide.” Interesting, isn’t it, that people are more willing to let a corporation have access to their movements and activities at levels they’d never let the government see.

At the least, we can know more about what is tracked and how it’s used.

One More Time: Here are all the links from this blog post
https://gizmodo.com/heres-all-the-data-collected-from-you-as-you-browse-the-1820779304
https://gizmodo.com/how-to-avoid-getting-tracked-as-you-browse-the-web-1821008719
https://santacruzfiber.com/blog/what-do-tech-companies-know-about-me-turns-out-a-lot
https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-facebook-google-has-on-you-privacy
https://www.amazon.com/gp/help/customer/display.html?nodeId=201602040
Facebook’s  Nearby Friends
https://techcrunch.com/2018/04/14/how-to-save-your-privacy-from-the-internets-clutches/
https://haveibeenpwned.com/

Spotting Spam: Harder Than it Looks!

Recently, a few phishing*, or scam email, schemes got through Cruzio’s spam filters and landed in customer email boxes.

We catch more than 90% of spam, but sometimes the scammers who run these schemes are clever and manage to fool our filters. It’s a constant arms race as barriers improve but spammers figure out how to bypass them.

We have some tips to help you recognize phishing when you see it, so you can have more confidence in tossing phonies away. We’ll use the recent email imitating Cruzio as an example. It was well crafted, but there were some “tells” we’d like to point out.

(By the way, if you think you know all the tricks and are good at spotting spammy schemes, go ahead and skip these tips and try this Google quiz. How’d you do?)

Check the “From” Address

phishing email showing return address

Here’s a great clue to a phishing email. Click the “From” email address to see the full address written out. Usually it won’t be what you expect. In this case, the return address is someone at “wildblue.net,” not Cruzio.

 

Roll Your Mouse Over the Links

phishing email showing phony link

The best indication of all is to roll your mouse over the links in the email. This is where the sender wants you to go to enter your password or other information. Don’t click on the link. Just put your mouse over the link and wait until the destination is revealed. (If you do click, just back out. Unless you enter information, clicking a link is pretty harmless.)

You’d expect this link to point to an address at cruzio.com. But it’s not. It’s sending you to “jamaioaa.com”. That’s a pretty sure sign that this is fake.

Notice that the text appearing in the email looks like the right website address. That’s a spoof. You have to mouse over the link to see where it will really send you.

Sometimes the scammer will put the word “cruzio” into their link to try to fool you. For example they might name the link http://jamaioaa.com/cruzio/verify. But other parts of the address are just words. It’s the “.com” part which shows the server’s identity.

Read Carefully: Does It Look or Sound Odd?

example of phishing email

The example above is one of the best fakes we’ve ever seen. Still, there are several obvious problems, if you look closely:

  1. The Cruzio logo is squished. We don’t display our logo with an oval cat, it’s a circle. In fact, the whole header, which has been copied off the internet, is compressed and looks wrong side by side with our real logo.
  2. We don’t start emails with “Attention customer:”. If you’ve ever received email from us — and as a customer you certainly have — you know we are friendlier than that. The whole letter has a tone unlike our other communications.
  3. This sentence is so poorly written, it doesn’t seem written by an English speaker.  “Please verify your account with your details click link below” — what? We sometimes make typos or phrase something a bit awkwardly, but this sentence is grammatically wrong in several ways.
  4. Often phishing email will contain easily-spotted typographical errors. In this case there’s an apostrophe in front of “Thank You”. Plus, the email is signed “Cruzio Customer Service” rather than “The folks at Cruzio.” Missing that friendliness again.

Overall, if you take the time to read carefully, this email doesn’t look or sound like us.

If you ever have doubts about an email sent to you by Cruzio or any other company, contact the company directly and ask what’s up.  And if you fear you’ve fallen for a scheme, change the password you think you’ve compromised and contact the company and/or Cruzio. We’re always glad to help you.

Now that you’re familiar with scammers’ “tells,” if you didn’t do it before, take that Google quiz to test your knowledge. How’d you do now?

*”Phishing” is the term email that tries to get users to click on fake links and enter their passwords and other personal information into fake websites. The scammers imitate the look and feel of real companies, sometimes very convincingly. Even professionals can fall for these schemes — a campaign aide who fell for a phishing scheme is what gave Russian operatives access to Hillary Clinton’s campaign emails.

The Internet is Unfair. Let’s Fix It

Areas with poor interent service are orange – is the map accurate?

We’re proud that the first neighborhood Cruzio connected to our Santa Cruz Fiber network was the El Rio Mobile Home Park on North Pacific Avenue. Building devastatingly fast internet to areas that tend to get overlooked — that’s part of Cruzio’s mission.

So our next step is to get financing for replicating that success, building to other places around the county that have suffered from corporate neglect.

Although parts of our county have excellent, competitive internet right now — and we’re trying to keep it competitive! — there are other areas where expensive satellite service and aging telephone lines are the only, increasingly inadequate, options. By the way, income levels are part of the disparity, but not all of it. Some of the most expensive properties in the county, estates up in the mountains, get low-quality internet.

Cruzio has been pushing our local representatives to take action to get fair access to everyone.

The California Public Utilities Commission maintains a map defining what areas have poor service — making them eligible for grants. We’re looking at the map closely.

We know our community wants two things, internet-wise:
•to get fast, reliable internet at low prices to their own homes and businesses, and
•to make sure everyone else gets it too — regardless of low income or difficult terrain.

Rest assured that Cruzio is working on both fronts as fast as we can.

We’re working on a big project, more on that in the next newsletter!

This article was featured in our newsletter. To read more content from our newsletter, visit our archive page and sign up for our email list.

Don’t Swim in the Toilet Bowl

There are a lot of places to swim in Santa Cruz. There are some places where you just really, really should not swim. The Toilet Bowl is one of them.

Next to world-class surf break Steamer Lane, this is a spot where people from all over the world are tempted to jump into a wide round area carved out of the soft rock. But the surf gets trapped in there, and the rocks are slippery. Watch the video and be warned.

This article was featured in our newsletter. To read more content from our newsletter, visit our archive page and sign up for our email list.

What’s Happening With Fiber

1,200 downtown Santa Cruz homes and businesses can now connect to blazingly speedy internet — fiber cables which will scale to their needs for decades to come. Cruzio just installed it a few months ago. And now, that network is underused. Local columnist Nuz called it a Fiber Fumble!

We had some delays — not unusual in construction, right? — but the future is here.

Now it’s time to see what folks do with this bountiful internet offering.

(One idea: sign up now.)

With such a surplus of broadband, how quickly will people take advantage? Nuz notes that we’re behind in signups despite better service, higher speeds, and, well, the local-ness of it all. (The article didn’t mention lower price, but that’s true too: $49.95/mo for gigabit internet).

It’s true that Cruzio took on high upfront costs to build the network and we need a 30 – 50 percent “take rate” to make it all pencil out — that is, over 30 percent of locations that can connect to Cruzio’s Santa Cruz Fiber need to sign up. We’re still behind that total. Maybe it’s the rain?

Hey, downtown folks, your neighbors all around the county are asking when they’re gonna get their fiber. It’s a killer deal on a great service, so please sign up so we can afford to build more!

We know you’ll like it.

This article was featured in our newsletter. To read more content from our newsletter, visit our archive page and sign up for our email list.

We’ve Got Your Back – How Cruzio Handles Phishing Schemes

privacy logo

Like all ISPs, once in a while, our email users get hit with a phishing scheme. Generally, they’re poorly done and obviously fake, at first glance. This weekend we got hit by a particularly nasty one.

As you can see, it looks pretty sophisticated: not too many obvious typos or grammatical errors. And they stole our logo and header!

example of phishing email

This email started hitting our mail users at around 9:30am last Sunday. As it happens, one of the first people to notice was our Chief Technical Officer, Chris Neklason, who right away saw it was a potential security threat to our users and alerted our support team. We immediately contacted the company hosting the rogue site, as well as our email filter provider. Within a couple of hours, the rogue site was taken down and the email had been blocked and deleted from our users’ inboxes. But not before about 100 of our eagle-eyed and responsible customers had notified us of the email and, sadly, a few folks had clicked through.

A couple of things to take away from this:

1. Cruzio has your back
We identify these threats quickly and we have tools to quickly neutralize them. If you do get fooled — and it happens to everyone — change your password and contact us immediately.

2. There are always tell-tale signs
Even though it was a relatively good phishing attempt, there are a few obvious clues in this that reveal it to be spam pretty quickly. First, the actual sender was not an @cruzio mailbox, it was a totally different domain. Secondly, none of the clickable links in the email pointed to the Cruzio site. Pro tip: you can always see where a link is pointing before you click it by hovering your mouse cursor over it — depending what mail tool or browser you’re using, the destination URL will show as a pop-up or in the lower part of the window you’re in. If you do happen to click on the link, most web browsers catch scams fast and almost immediately flash a warning on the page.

As a reminder:
* Don’t enter personal information into any site you’ve reached via email unless you’re 100% sure it’s legitimate. If you have even the slightest doubt, contact the company
* The more information an email asks for, the more suspicious you should be. For example, no one should ever want your Social Security number from an email message
* The more urgent the message, the more suspicious you should be
* There are so many scams, we can’t report every one. But if you see one you feel is serious, or if it’s for a small company, report it to the FBI https://www.ic3.gov/complaint/default.aspx

Bottom line: if you ever have any doubts about an email that purports to be from Cruzio, play it safe and contact us at cruzio.com/contact or call us at 459-6301 x2. Cruzio is keeping an eye out 24/7, 365 days a year to ensure your security.

Be safe out there!