Re: Poll: Should mhonarc.org mail archives hide mail addresses

[Chuq Von Rospach <chuqui@xxxxxxxxxxxxxx>]

On Jan 2, 2004, at 4:32 PM, Earl Hood wrote:
> > sight-limited, it means alternative browsing tools, like my phone's
> > mini-browser, and search engines like google.
>
> You are straying.

Yes, I am, because I felt it was a useful time to do some lobbying for 
larger issues as well.

> MHonArc is neutral about CSS/XHTML since a user can customize the
> layout as they see fit.  I think talking about CSS/XHTML is off-topic
> unless someone provides a case of how it can be used to deal with
> the harvesting problem.

Fair 'nuff, I'll drop it, after noting that I think if you look at the 
current state of these standards, as opposed to where things stood two 
years ago, moving towards them in your standard distribution would make 
life easier and simpler for everyone in the long-term... but enough.

> Now, there is always cost-benefit ratio.  Wrt to account creations, the
> benefits out-weight the cost.  But, to do it for each email address,
> it may not be, especially if the graphics include techniques that
> OCR systems cannot deal with.

maybe. Or maybe you do the work and find you merely made it harder, so 
they had to throw another thousand machines at the problem. Which they 
happily can. My argument is that anything that "solves" the problem 
through computational complexity doesn't really solve it, not when the 
enemy can write trojan horses that can link hundreds of thousands of 
machines together and control what they do. Asking them "hey? want the 
data this much? how about this much?" is a waste of resources and 
creates a false sense of security. and it might work -- now -- but for 
how long? Better to look for solutions that don't use the phrase "fixes 
it for now" in them, and not have to re-engineer again down the road 
when the spammers get around to cracking it.

(it's also important to remember where the data comes from, and not 
over-engineer solutions, either. Ultimately, sinceprimarily  mHonarc is 
used as an archiver for mailing lists and similar tools, it makes zero 
sense to make those archives significantly more secure than those lists 
themselves are, and mailing lists, by their basic design, have inherent 
privacy problems that you can't solve, so it makes no sense to 
over-solve them other places...

> One can look at the obfsucation model as similiar to detering
> crime.  For example, a professional car thief can steal any car,
> but if you make your car more time consuming to steal, they will
> go elsewhere the cost is less.  Also, with certain measures, you
> deter amateur thiefs.

the problem here is that mHonarc is one of the key archiving tools used 
on the net. that means anything implemented will be a focus of the 
spammers, because so much of what the spammers want is stored in 
Mhonarc archives. So while you might put "the club" on a Tercel and 
convince a car thief from stealing the car by making them steal someone 
else's car, the thieve's you're trying to deter know what you have in 
the trunk, and they don't want to steal A car, they want to steal YOUR 
car. You can't assume you can save yourself with the "I only need to 
outrun you, not the bear", because the bear has decided he wants you. 
So building tools assuming you'll scare spammers elsewhere will almost 
definitely fail, because of the content this tool hosts on so many 
sites.

> I'm not talking about end-users.  I am talking about the mhonarc.org
> list archives, and only those archives.

Except what you do here will be considered by many to be a "best 
practices" practical for their own designs. As the developer of the 
tool, you'll be considered to be doing what's best as far as using the 
tool is. Which gives you a responsibility beyond just taking care of 
the privacy of users on your list, but of setting the example for 
others who use your tool on how to use it responsibly. As big as the 
privacy of users of your mailing list is, whether you like it or not, 
you also have bigger issues to the net at large here, because your tool 
is widely used and well-regarded, and because here, you set the tone 
for how that tool should be used by others on their own sites. And 
since privacy of e-mail addresses has become such a hot button because 
of the spammer issue, I think you need to think about how your tools 
are contributing to users being harvested by spammers, and how you can 
set an example to try to solve those problems. not that this is a 
problem you caused, but you have opportunities here to help change 
mindsets around the net by defining a new acceptable standard for how 
archives handle this data -- this problem found you, but it still needs 
to be solved.

> The only thing relevant to MHonArc is that it allows users to
> apply whatever solutions they want.

And you, as it's author and developer and voice, are the person who 
needs to help people understand how to use it properly and safely. if 
they choose to ignore you, shame on them. If you don't give them that 
information, then how can they hope to figure it out on their own?

> The mhonarc.org lists are not private lists.  MHonArc is an open
> source project, and all the lists are intended to be as open as
> possible.

So you think it's okay to hand all of your subscribers to the spammers 
in the name of open source?

you can keep the ARCHIVES open, without handing privacy data off to 
those you can't trust. This isn't an either-or situation. it's a 
question of how to build things to both protect users from those trying 
to harm them AND distribute the key information. Both are possible.