Home » Canvas Host blog

Building Bridges: The 2015 B Corporation Champions Retreat


In mid-October, Portland was host to this year’s B Corporation Champions Retreat. B Corporations from around the world congregated in our community, visited area B Corps, and spent several days at Skamania Lodge in the Columbia River Gorge doing what is crucial to the B movement: Building bridges and community.

If you’re not sure what a B Corp is, it’s much more than an average business: It is a purpose-driven company built on ethics and transparency; It is independently certified with strict standards established by B Lab (the non-profit that founded the B Corp movement) that include on-site audits; And it charges the company’s owners and management to uphold triple-bottom-line values (people, planet, and profit) in all business decisions, with the goal of creating a positive impact.

Wow, what a mouthful! :)

For five years, Canvas Host has been a proud member of the B Corp community. We were honored to be on the Champions Retreat organizing committee and were so thankful to see so many great B Corp friends join us in celebrating what has truly become a global movement!


This year’s theme was on Building Bridges. The B Corp movement has touched all corners of the globe and is helping legislation in countless cultures establish business structures to help companies champion their causes to use business as a force for good. With so many B Corps — now almost 1,500 worldwide and more than 70 alone in Oregon — it’s vital for B’s to connect and build on their community.


The retreat was incredible. With Oregon host to so many B’s, and championing the Benefit Company structure (a set of State-regulated standards very close related to B Corps), it was a wonderful gesture by B Lab to select Portland as the setting. For the week of October 12-16, representatives and business owners of hundreds of B Corps from around the world descended on our city, visiting local B’s, attending interactive TED-style talks, and sharing in a street fair at Pioneer Courthouse Square.


Most important was the two-day retreat at Skamania Lodge, nestled deep into the Columbia River Gorge. According to the organizers, it was there that some of the initial foundings of the B Corporation began, high up on mountain trails above the lodge. A frenzy of informative sessions, workshops, and story-telling small-group events ensued, in a way that put the hundreds of attendees in close contact with each other as colleagues, friends, and champions for one another.

A highlight of the retreat for me was an early morning run with other B’s. We set out along quiet trails and roads around the lodge.


On the final evening at Skamania, various B’s were awarded for their efforts; We heard from global B organizers from each continent, including the launch of B Corporation UK in London; and the Oregon organizing committee was honored. It was a humbling moment to stand before all of the B’s.


It’s been almost a month since then and I still haven’t been able to wrap my head around the inspiration I gained from it.

Here is what I can tell you: The B Corporation movement (and Benefit Company structure) are needed more than ever. At a time when corporate power has reached historic levels and with near-zero accountability, consumers globally are demanding transparency, accountability, and authenticity. Even more, the growing workforce of Millenials (Americans born in the mid-90’s) will not believe a company is doing good, they demand proof, and rightfully so given the endless stories of corporate greed that fill the headlines. A close colleague and fellow B, Richard Rosen of Rosen, Inc., stated it best: “In ten years, if your company isn’t a B Corporation or upholding similar values, you’re through; You won’t have a business to speak of.”

So, what can you do? Would you like to get involved? If you’d like to learn about B Corporations, you can visit their website:


Or, please contact us at your convenience, by calling 800.574.4299 x1 and ask for me. I have a number of resources and names and would be delighted to help get you in touch with the folks who can show you the next step.

Prevent website hacks

If you read tech news articles, you’ll note that website hacking has become commonplace, such that only large hacks and data breaches are newsworthy.

The latest hack occurred last week.  As reported on TechSpot.com, a provider of free web hosting was hacked, resulting in 13 million plain-text passwords being posted online. Lithuanian-based 000WebHost acknowledged a hacker obtained access to their customer database because it was hosted using an outdated version of PHP, a popular website scripting language.

If you’ve ever gotten updates from Canvas Host about security updates throughout our network, this is why we do it. Keeping hosting infrastructures patched against these types of threats is a constant challenge but necessary to maintain security of all our systems. Our primary goal is to keep you, your information, and your website online and safe.

While our primary mission is to provide consistent, stable service for your website, on occasion, our security patches and updates to software and services can “break” websites running old code. This is expected, and can be a good thing, as it can highlight websites that may contain unsafe code or plugins vulnerable to attack.

What can you do to prevent website hacks?

1. Keep your website and code updated. If you use a popular content management system (CMS) such as WordPress, updates are as simple as a few clicks. Most contemporary CMS systems will notify you if updates are available, not only for the CMS itself, but any extensions or plugins.

WordPress is a perfect example: With continuous updates, and more than 100,000 plugins available for use, the platform has been designed to pro-actively notify you if an update is called for. Whenever you log in, you will see updates highlighted in red in the lefthand navigation bar, with announcements along the top of your browser window:


If you happen to use Canvas Host’s managed WordPress service (WP Hosting), our systems will automatically update your core installation of WordPress for you.

2. Avoid using stock usernames. Usernames, such as “admin”, “administrator”, or your personal name (“Bob”, “james”, etc.) are all commonly exploited by random “dictionary” hacks. These are automated attacks that try sets of random, common words as usernames. Sadly, dictionary attacks are frequently successful.

Additionally, you may notice that on standard WordPress installations, the website’s main administrator username may be publicly displayed on articles or comments! One very helpful WordPress plugin is “Show/Hide Author”, which will prevent the username from being publicly displayed.

3. Avoid simple or single-word passwords. As with 2), passwords such as “hamburger” or “oregon” are commonly used with dictionary hacks. Using letters, numers, and characters, while a challenge to remember, can make passwords difficult to hack.

4. Of the passwords you create, remember to change them often. Many third-party services, such as online banking, merchant services, or other accounts will automatically prompt you to choose a new password after a set amount of time. For your own hosted content management system, you may need to set a reminder to update your passwords.

5. Avoid when working on your website using public wi-fi. This is by far one of the simplest ways hackers can obtain your information. Many public wi-fi hotspots are wide open, no login required, no security, nothing. Hackers can simply sit in the corner of the coffee shop and eavesdrop in on the information being sent from your browser to your online accounts. If you absolutely must work in a public wi-fi area, ensure that any systems you connect through are encrypted with SSL (look for “https://” at the start of the website address you are accessing). If this is not available, wait until you are connected via a secure, known wi-fi network that you trust.

What Canvas Host Does To Protect You

Beyond these tips, I want to offer assurance that Canvas Host uses a range of security protocols, firewall rules, and other methods — which I won’t go into further detail about as that could expose our own security protocols — to secure our network and services from attacks. If you are ever contacted by our Support team because your website is showing strange behavior, sending out spam without your knowledge, or something suspicious has turned up from a security scan, it’s to let you know there is a problem and it needs addressing.

If you ever have questions or concerns, contact our Support team at 800.574.4299 x2, or by logging into Support at https://support.canvashost.com.


13 million plaintext passwords stolen from free webhost go public

Another (Oversell) Unlimited Service Falls: Microsoft’s OneDrive

Today, Microsoft is feeling backlash from customers enraged with the announcement that the online storage service, OneDrive, will no longer provide unlimited storage, but instead, be limited to 1TB. Existing customers have one year to lower their storage to that level.

Microsoft’s reasoning was that a small percentage of users went well beyond the “suggested” storage use, with one apparently using 14,000 times as much storage as Microsoft envisioned should be used. The confusion arises because OneDrive was previously an “unlimited” service, so how should Microsoft have any footing to stand on with that statement?

Either there’s a limit, or there isn’t. If you’re going to offer something unlimited, then you either need to NOT track who is using what, or your business model needs to account for the percentage of users who take more than you thought possible. Either way, the company really should have thought about the ramifications of unlimited service, before they rolled it out.

Understandably, consumers who have diligently paid their monthly dues for the service are bitter. One user put it best, staying he felt “betrayed”. What does betrayal mean for a company selling intangible services? Without trust, that company could be facing some hard times ahead. Add to that the social media amplifier where one user’s voice can be shared and multiplied and become a disastrous wave of consumer spite for the company, and it’s no joke.

Over the years, I’ve written about the risks of unlimited (oversell) services, where a company is hedging its bets that 99% of customers will abide nicely by the company’s internally understood limits, with the remaining 1% of users (or abusers, depending on how you look at them) driving up overhead because they absolutely will use up every last bit of resource you offer them. Ultimately, companies promising “unlimited” services will fail, or back-pedal into complex terms of service that effectively clamp down their offerings to a substandard level. And when the public learns the truth, they don’t look kindly at the service provider for misleading them.

In today’s world, especially with so many online Millenial users, the need for corporate accountability and truth in advertising is a must. No business can compete, let alone survive, amidst a sea of truth-demanding customers.

I’ve long wondered why so many companies feel they must give out “unlimited” services. Is that all they have to offer? All-you-can-consume? What about quality? Doesn’t that matter?

Is there really any such thing as unlimited? Whether it’s food, or fuel, or resources, or knowledge, or you name it… there IS a point where those all run out. Everyone knows it, so why do companies think they can swindle customers into unlimited service plans and not stop to consider the risks?

To tie this into my industry of web hosting, there are many hosts who claim to offer “unlimited” storage and bandwidth. In reality, those services are carefully metered and customers are in fact bound to limits in the company’s Terms of Service. Go over a certain number of files or storage, and automatic backups may be shut off, bandwidth may be slowed, and/or the customer may be given a short window to trim down on resource usage else have their account terminated.

Canvas Host has never offered unlimited resources in any of our plans. We recognize such a move would be risky; Also, resources are something in short supply and as a B Corporation and Oregon Benefit company, the notion of unlimited service is antithetical to one of our corporate mission’s goals of reducing waste, not helping create more.

I’m sure more and more companies will pop up and use whatever gimmickry they can think of to hook new customers. We prefer the honest approach, and data shows with the rise of Millenial purchasing power, authenticity and honesty are factors that will sway interested consumers to your brand far more than “unlimited” promises that inevitably fall short.


OneDrive users rage against the Microsoft machine for backpedaling on unlimited storage

Protecting your data privacy despite the Safe Harbour Pact’s end

This week, we were contacted by a customer who had concerns about a European Union / United States data privacy pact known as Safe Harbour, and the fact it was struck down by a European court.

The principles of Safe Harbour were developed in 1998-2000, and were designed to protect information about European Union consumers and how their information was to be handled by companies in the United States, with whom those consumers did business. Within the European Union, existing privacy laws already stringently protected those consumers. Once that information transited international waters, what protections would those consumers have?

With a tremendous number of international website hosting and data processing services erupting out of the United States in the early 2000’s, the need for Safe Harbour was very clear. If European companies were to entrust the handling and storage of their customers’ information to overseas hosting services, and if those companies were held accountable to stringent European Union privacy laws, then some mechanism must be in place to offer assurances to those European businesses, as well as enforce privacy expectations on the part of their American vendors.

Hence, the Safe Harbour pact.

The agreement was designed to protect European Union consumers’ information and details how that information should be stored and protected by American businesses, and if it were to be shared with third parties, done in such a way that consumers had the ability to opt out and/or change information as they deemed fit. The agreement, which seems completely fair to me (as a consumer), was put in place at the start of the Millennium and since that time has offered the necessary assurances. At least, until, earlier this month, when a European court struck down the provisions of the agreement.

A consumer complaint was filed with the Irish Data Protection authority, stemming from Facebook’s handling of personal information by a European Union citizen. Facebook’s European office is based in Ireland, as are many high-tech firms. The Austrian consumer was concerned about revelations from former-NSA contractor Edward Snowden’s 2013 admission that the U.S. spy outfit had access to personal information of Facebook users — which directly flew in the face of the Safe Harbour agreement. Whether true or not, it brought to light the fact that Safe Harbour is only meaningful if companies honor it.

Facebook has denied any knowledge of permitting open access to their data. And to be fair to the company, few Facebook users adequately secure their data, despite a myriad of privacy options. To demonstrate, try typing your full name (or the name of someone you know) with quotation marks (“John A. Doe”) or Facebook username (“john.a.doe.222”) into a Google search bar, and watch what comes up. Unless you’ve been very, very good about restricting the information you share about yourself, including any approved applications or “Farm-” games — all of which demand access to personal information and friend lists — then you’ve made it impossibly easy for any person, group, government or spy organization, etc., to obtain your information and without any sort of hacking. All they need is simply the ability to scan search engine results, to learn all they want to know about you.

On October 6, 2015, European courts were either so greatly concerned about the lack of awareness on the part of European consumers for protecting their information from public search engine use, or given reason to believe Facebook was knowingly sharing its data openly with the American spy organizations, that it ruled Safe Harbour invalid.

So… what does this mean?

  • For American companies hosting European consumer data, it means a potentially huge loss of trust with their European customers.
  • For European companies using American hosting and data storage services, it means potentially huge liabilities and risk from continued U.S. data storage operations.

That said, all is certainly not lost.

Looking back at when Safe Harbour was first agreed to by E.U. and U.S. governments, it was almost to the day when our company first started. One of our founding team members, who lives in Scotland, helped bring awareness to the issues. From the get-go, Canvas Host (then “Canvas Dreams”) instituted self-administered policies to comply with the legislation. It was simply the right thing to do.

And, despite the law being struck down earlier this month, Canvas Host, as a self-administered private business in a largely unregulated industry, will continue to uphold all of the points highlighted in the original Safe Harbour agreements. We extend this to ALL customers, not simply those based in the European Union.

Safe Harbour is a a matter of protecting the privacy of and information about our customers that is stored on our network. We have always upheld customers’ privacy and protection however best we can. It is admittedly a moving target in response to new industry developments, or new software options, or new business policies and certifications. And yet, if you were to look back on our history, you would see that if anything, we have moved ever more towards increasing protection of customer data in our network.

Here is a link to the original Safe Harbour legislation:


The rules are fairly straight forward. In according with Safe Harbour, among other things, a company must inform its customers of the type of data collected and how it is to be used; The company has to grant customers the ability to limit how that information is used or accessed; And the company must grant customers the ability to opt out of communications or data-sharing partnerships. For the record, Canvas Host has never participating in any data sharing with any third-party entity. The only circumstance in which we would ever do such a thing, would be if compelled by a U.S. Court order, which has never occurred in the history of our company.

Canvas Host’s Privacy Policy goes over everything in detail:


Beyond this, Canvas Host is a certified B Corporation. We operate on a higher level of ethics than traditional business, and undergo a stringent third-party credentialing every two years. Each time, we improve upon our credential score, which signifies an ever-improving business model aimed and at supporting people, planet, and profit, not profit alone. You can read more about B Corporations here:


Work is underway to restore Safe Harbour is some capacity and to repair broken trust. It is admittedly difficult as a privately operated business, wishing we could do more to help that process along, so here is my challenge to you as a reader:

If you are a citizen of the European Union, you might try contacting the office of your local MEP (Member of the European Parliament) to express your concerns about data privacy. You can look up your local office here:

European Parliament Information Offices:

If you are a citizen of the United States, you might try contacting your local Representative or Senator.

House of Representatives, by State and District:

State Senators, by State:

In the past, I have written to my representatives and senators, and have received letters and responses from them. Our elected officials do listen and are charged with hearing the will of the people.

All that said, regardless of whether Safe Harbour have been struck down, I want to offer you, the reader, assurances that Canvas Host works very hard to protect the privacy rights of all customers, regardless of where they are located or what laws are in place.

I welcome your thoughts and insights. Send us your comment, at sales [at] canvashost [dot] com.

Thank you,

David Anderson, Owner


Wikipedia: European Union Data Protection Directive

Wikipedia: European Union Safe Harbour Principles

Article: European Court Invalidates Safe Harbour Pact

New Top-Level Domains and Special Domain Offers

To the hundreds of available top-level domains (TLDs), we’ve just added 17 more, and dozens more on the way soon. Do users trust the new TLDs? Yes! Now’s a great time to purchase a new domain, and take advantage of our special domain offers.

If the domain you really want is not available as a .COM, or if the COM/NET/BIZ space is so cluttered you’re concerned about brand confusion, then a new TLD may be the answer. You can now get away from .COMs entirely, and embrace a domain directly reflective of their business. For example, Canvas Host uses canvashost.com, but now you can also find us at http://canvas.host/. For domain names, simply point your browser to http://canvas.domains/.

With new TLDs come a myriad of ways to uniquely brand your business in a memorable way and propel you ahead of your competition. Coaches, consultants, lawyers, and dancers, just imagine: You can register a custom .COACH, .CONSULTING, .ATTORNEY, or .DANCE domain today!

Top-Level Domain
.CONSULTING $34.95 $9.95 (ends 11/20/2015)
.FIT -NEW! $34.95
.FOOTBALL -NEW! $24.95
.GREEN -NEW! $74.95
.HOST $99.95 $24.95 (ends 12/31/2015)
.LGBT -NEW! $49.95
.LOL $34.95 $9.95 (ends 12/31/2015)
.NEWS $24.95 $9.95 (ends 11/20/2015)
.ONLINE $49.95 $14.95 (ends 12/31/2015)
.RUN -NEW! $24.95
.SITE $34.95 $14.95 (ends 12/31/2015)
.SKI -NEW! $49.95
.SOCCER -NEW! $24.95
.SOCIAL $34.95 $9.95 (ends 11/20/2015)
.SPACE $14.95 $7.95 (ends 12/31/2015)
.TEAM -NEW! $34.95
.TECH $59.95 $29.95 (ends 12/31/2015)
.WEBSITE $29.95 $9.95 (ends 12/31/2015)

For a complete list of available TLDs and pricing, please visit http://canvas.domains/