I may regret this, but a few very small observations...
--On Sunday, January 1, 2023 19:42 -0500 Phillip Hallam-Baker
<phill@xxxxxxxxxxxxxxx> wrote:
> On Sun, Jan 1, 2023 at 4:03 PM John R Levine <johnl@xxxxxxxxx>
> wrote:
>
>> > The notion that anyone who knows my phone number is
>> > authorized to call me any time of the day or night is
>> > stupid on a stick. So is the notion
>> anyone
>> > who feels like it can clutter up my inbox.
>>
>> I couldn't disagree more. The reason e-mail survives and
>> none of the things that are supposed to be better and replace
>> it have done so is exactly because anyone can send e-mail to
>> anyone else.
> That doesn't mean anyone should be able to send me any sort of
> message of any length without permission, unsolicited and
> impersonate someone else as they do.
>
> And being able to cause a bell to ring in my home because some
> telemarketing scum wants to sell something to me - No, just no.
To extend that analogy a bit, if some more traditional marketer,
of the "door-to-door salesperson" variety, comes to your home
and rings the doorbell, is that different on any level other
than frequency and scale? Does that make them less scum? Are
you protected from such people by keeping a fierce dog or pet
dragon whom you threaten to unleash as soon as they start up the
walkway?
Just trying to understand the boundaries and reasoning here.
>...
> If you want a walled garden, there's no shortage of them but I
>> have two observations.
> If you read to the end you will see that I am absolutely
> opposed to walled gardens.
>
> Universal service does not mean having to forego access
> control.
But we make choices about that. I use several email addresses.
They are, to a considerable extent, organized by toleration for
noise or, if you prefer, the degree of access control I choose
to exercise. One of them -- dating back, IIR, to the early
1980s although the address and technology have changed -- is set
up to simply discard any message that arrives without strong
authentication of the sender and message authenticity such as
(in recent years) a PGP or S/MIME-signed message in a key I have
previously validated. Not suitable for general use by typical
Internet users and close to the very worst form of the
Introduction problem but it never receives mail from unwanted
parties. To a greater or lesser degree, those who use other
addresses take their chances and I with them.
Do I recommend that? Nope, But, again, I'm trying to see if we
can clarify the boundaries and what is being talked about a bit.
>> The notion that anyone with scant technical knowledge can
>> impersonate
>> > anyone else via telephone or email is more stupid on a
>> > bigger stick.
>>
>> It's *always* been possible to lie about who you are when
>> making a phone call, but for the first century or so nobody
>> cared. Whhat changed?
> The cost of calling people dropped, robo-calling, in
> particular the cost of international calling dropped enabling
> off shore boiler rooms filled with criminals calling up to do
> scam after scam.
Doesn't that suggest looking at ways to change either the cost
equation or the very closely related equations involved risks to
those criminals of capture and punishment rather than yet
another tweak. FUSSP should probably be incorporated by
reference here.
>> The trick is to add enough friction to messaging to make it
>> unattractive to spam but not cripple it as a service. I can
>> currently think of somewhat effective voice message friction
>> ("press N to complete your call") but we've completely failed
>> to come up with effective email friction, and e-postage ain't
>> it.
>...
> The exception to that in my current code is that there is one
> message, a contact request message that is authorized by
> default. So, if I have your contact address (john@xxxxxxxxxxx,
> @john_levine, whatever) and I don't already have you in my
> contacts, the first message I send, is a contact exchange
> request saying 'Hi I am PHB, can I send you messages'.
>
> If you respond yes, I can send you additional messages, if you
> let me, I can call you by voice or video etc. Otherwise, my
> messages are refused. Same on my end.
And, if I were an evildoer and wanted to make that not work, I'd
attack you (and a variety of other likely suspects) with a
sufficient volume of permission-request messages to create
tremendous incentives for blocking those messages. As you
pointed out in response to Christian's variation on the same
suggestion, the number of such requests today is low enough to
be easily tolerated. But no mechanism that has depended on the
spammers (and other generators of unwanted messages) being
stupid (and I am _not_ suggesting that your ideas fall into that
category) has ever worked well. In particular, if one assumes
that they are, as a group, both reasonably smart and able to
think strategically, one would expect to see very few messages
asking permission until after something changed to make
generating such messages a good investment. Analogies to arms
races and why they are such a problem may be appropriate here.
> Given our relationship, I am not going to be giving you 'call
> me in the middle of the night' authorization. But I will
> probably allow your requests into the 'auto-scheduler' so my
> bot and your bot can arrange a mutually acceptable time for
> the call.
> The key point here is that unlike a phone number or email, my
> contact address is not a bearer token giving anyone
> authorization to send me messages. So Madonna can be @madonna
> and Lewis Hamilton can be @lewis_hamilton and neither need
> worry about printing their contact address on their business
> card for fear of being slammed by fans. Now granted, they are
> probably not going to be processing their own contact requests
> but they have peeps for that.
>
> Once we are in each other's contact catalogs, nobody else can
> impersonate you to me. I might not have been contacted by the
> real John Levine in the first place but that is another issue.
But that sounds like a version of my trick "don't bother trying
to send mail here unless I have already gotten things set up
with your credentials" mailbox (whether you know, or can deduce,
its address or not). A more sophisticated one, most likely one
that scales better, but not a new story.
> For interpersonal contact exchanges, trusted third parties
> aren't really very useful. But if we are communicating in the
> context of some corporation, it is important that I know both
> the person and the organization. So at least an organization
> level LRA is needed.
Absolutely. But, if you are talking only about solving the
problems of communications sent from and/or two corporations or
organizations who are willing to identify themselves as such
(rather than, e.g., posing as individuals who might be vaguely
"representing" or "affiliated with" such a body), then that is a
much narrower problem than the one to which I (and maybe John
L., Christian, or others) have been responding and expressing
concern.
In case it isn't clear, I have no reason to believe that your
ideas would not work, and work well for some selected
communities and/or some clear definition of the problems you are
trying to solve and their scope against which it could be
evaluated. From that perspective, my only concern is the great
difficulty of deploying a replacement for a very large installed
base when most of those involved with that base (as suppliers
and users) seem to think it is working well enough... no matter
how much they complain about the obvious problems it enables or
carries with it. I am, however, skeptical about whether trying
to look at problems or solutions in terms of descriptive
terminology that does not have universally agreed definitions,
or arguing about those definitions ("walled garden" as a start)
is helpful in moving discussions forward. More important, I
remain skeptical (as I have been for decades) about any
proposals that depend on recipient control of messages sent to
them if that is claimed to work at global scale and that does
not discriminate in favor of some such recipients and against
others.
best,
john
