I consider working on a Draft on "meta-spam" and would be interested
in comments and in interests to participate to a preparatory mailing
list. I define meta-spam as:
"sending non approved information within regular protocols, headers,
contents, etc. for a further results unexpected by the receiver".
This definition is most probably to edit. May be I just rising here a
well known issue named and worked on in another way?
The concept certainly covers meta information in HTML pages, tags in
protocols, URLs, etc. that can be used in filtering traffic (OPES,
censoring, profiling, obtaining information on privacy, personal
behaviours) or further retrievals through search engine queries. I
may also cover some "subliminal" networking applications: sending
semi-hidden information to obtain a desired user comportment like in
advertising, intox, denials of thinking, psychological war.
Conceptually this may be a fundamental mechanism of cybernetics (as
the art of efficient independent system governance in using analog
models obtained by feed-backs). There is therefore a need to
distinguish between legitimate, necessary, authorised meta-informing
and meta-spaming. And to define authorisation/prevention (like for
example the cookies related arsenal) and IFF (information friend/foe
filtering). Trolling is probably a form of meta-spam. To which extent
string oriented solutions helps meta-spaming? In ASCII, in
multilingual environment? What are the pollution possibilities (for
example using URL meta-spaming, using homograph meta-spaming, what
about the babel names [use of the punycoded version of an IDN]? etc.).
Hacking in using plain text information rises the question of the
nature of the architexting we use all the time and of networked
languages. What is the XML, HTML, etc. security solutions? It is also
a problem for the concept of "para-data" which is fundamental to the
DRS I work on (distributed registry system) and to the multi-Internet
architectures (for example using classes): the legitimate conditions
for co-working systems to hold in parallel different data for the
same meta-data.
I am not familiar with applications firewalling but I suppose it is a
problem their designers meet?
The most immediate concern is when an RFC may help meta-spaming over
private issues or represent a security threat: it should then be part
of the security considerations. The resulting commercial, hatred,
privacy and civil rights, etc. violations incitements or
manipulations should be considered. Structural ways should be found
to make them impossible. When one considers the importance of the
spam, on-line advertising, privacy protection, etc. in the users
concerns, no one can doubt that the identification of meta-spaming
characteristics and of the ways to contain it is a key issue.
This is most probably one of the most achieved because one of the
simplest vector for machine, mental, community security violation?
Thank you for your comments.
jfc
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf