John, Almost completely agreed, but a few small quibbles that might be helpful for the next time one of us needs to tell the story... --On Sunday, January 1, 2023 16:03 -0500 John R Levine <johnl@xxxxxxxxx> wrote: >> The notion that anyone who knows my phone number is >> authorized to call me any time of the day or night is stupid >> on a stick. So is the notion anyone who feels like it can >> clutter up my inbox. > > I couldn't disagree more. The reason e-mail survives and none > of the things that are supposed to be better and replace it > have done so is exactly because anyone can send e-mail to > anyone else. Phone calls have a much longer and more > complicated history but universal service, the principle that > every phone can connect to every other phone has always been a > big deal. Until 1945 Philadelphia had two competing phone > companies, every business needed to have two telephones > wherever they had one, and it was a pain in the neck with > preckous little benefit, at least in an era when the rates > were all regulated anyway. > > If you want a walled garden, there's no shortage of them but I > have two observations. One is that they replace the spam > problem with the introduction problem which is no easier, and > the other is that any walled garden large enough to be > interesting will also be large enough to include people you > don't want to hear from. > >> The notion that anyone with scant technical knowledge can >> impersonate anyone else via telephone or email is more stupid >> on a bigger stick. > > It's *always* been possible to lie about who you are when > making a phone call, but for the first century or so nobody > cared. Whhat changed? Not quite, universally, always because, in the period prior to dialed/ automatically switched calls, the operators who were necessary to connect/ switch calls were often serving a relatively small area and collection of subscribers and, from discussions I've had about the period, authentication by voice recognition worked at least moderately well. There is, curiously, a parallel story for requests to change DNS delegation records in the period significantly before ICANN: if the relevant community is small enough, all sorts of things work at least moderately well. Again, that doesn't change your overall point, but we should be careful about terms like "always". > I think the issue is what I would call friction. Whenever you > have a service that lets people send unlimited numbers of > messages for free, you will get spam. And, paralleling the above, not just "unlimited numbers of messages for free", but the ability to send those messages without the senders accurately identifying themselves and creating the possibility of being held accountable if, in fact, societies and legal systems consider spam to be seriously bad. With isolated and fairly narrow exceptions, we have, fwiw, never actually gotten there. As I'm sure you know, there has been speculation since at least the early 1990s that tools to analyze incoming messages and suppress most of the spam are part of the problem, e.g., that, if legislators were forced to see the full volume of traffic addressed to them without filtering, we would have rapidly have laws criminalizing sending bulk unsolicited email. You can probably remember the time in the 90s when there was considerable speculation that the commercial anti-malware community was interested in building projects that were just good enough to make a marketplace for themselves while not so good as to eliminate the problem and put themselves out of business. That speculation about spam was not that different. > This is not a new > observation; a short lived flat rate telegraph service in the > late 1800s failed because it was full of spam. Making a phone > call used to involve enough effort and expense that bulk junk > calls didn't exist. (There were boiler rooms, but when each > call needed a live person, the scals was limited.) We managed > to mostly avoid e-mail spam because the Internet was a walled > garden with social pressure against it, and the commercial > services all charged. As soon as random people could easily > get on the net in the early 1990s, we had usenet spam and then > e-mail spam. > > The trick is to add enough friction to messaging to make it > unattractive to spam but not cripple it as a service. I can > currently think of somewhat effective voice message friction > ("press N to complete your call") but we've completely failed > to come up with effective email friction, and e-postage ain't > it. Agreed. However, as suggested above, societal agreement that sending the stuff, especially variations involving misrepresentation of sender identity, attempts to steal information, more traditional types of fraud, or ignoring opt-out provisions justified meaningful criminal penalties and investing resources in enforcement, would also add friction. best, john