[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Poll: Should mhonarc.org mail archives hide mail addresses
On Jan 2, 2004, at 4:32 PM, Earl Hood wrote:
sight-limited, it means alternative browsing tools, like my phone's
mini-browser, and search engines like google.
You are straying.
Yes, I am, because I felt it was a useful time to do some lobbying for
larger issues as well.
MHonArc is neutral about CSS/XHTML since a user can customize the
layout as they see fit. I think talking about CSS/XHTML is off-topic
unless someone provides a case of how it can be used to deal with
the harvesting problem.
Fair 'nuff, I'll drop it, after noting that I think if you look at the
current state of these standards, as opposed to where things stood two
years ago, moving towards them in your standard distribution would make
life easier and simpler for everyone in the long-term... but enough.
Now, there is always cost-benefit ratio. Wrt to account creations, the
benefits out-weight the cost. But, to do it for each email address,
it may not be, especially if the graphics include techniques that
OCR systems cannot deal with.
maybe. Or maybe you do the work and find you merely made it harder, so
they had to throw another thousand machines at the problem. Which they
happily can. My argument is that anything that "solves" the problem
through computational complexity doesn't really solve it, not when the
enemy can write trojan horses that can link hundreds of thousands of
machines together and control what they do. Asking them "hey? want the
data this much? how about this much?" is a waste of resources and
creates a false sense of security. and it might work -- now -- but for
how long? Better to look for solutions that don't use the phrase "fixes
it for now" in them, and not have to re-engineer again down the road
when the spammers get around to cracking it.
(it's also important to remember where the data comes from, and not
over-engineer solutions, either. Ultimately, sinceprimarily mHonarc is
used as an archiver for mailing lists and similar tools, it makes zero
sense to make those archives significantly more secure than those lists
themselves are, and mailing lists, by their basic design, have inherent
privacy problems that you can't solve, so it makes no sense to
over-solve them other places...
One can look at the obfsucation model as similiar to detering
crime. For example, a professional car thief can steal any car,
but if you make your car more time consuming to steal, they will
go elsewhere the cost is less. Also, with certain measures, you
deter amateur thiefs.
the problem here is that mHonarc is one of the key archiving tools used
on the net. that means anything implemented will be a focus of the
spammers, because so much of what the spammers want is stored in
Mhonarc archives. So while you might put "the club" on a Tercel and
convince a car thief from stealing the car by making them steal someone
else's car, the thieve's you're trying to deter know what you have in
the trunk, and they don't want to steal A car, they want to steal YOUR
car. You can't assume you can save yourself with the "I only need to
outrun you, not the bear", because the bear has decided he wants you.
So building tools assuming you'll scare spammers elsewhere will almost
definitely fail, because of the content this tool hosts on so many
sites.
I'm not talking about end-users. I am talking about the mhonarc.org
list archives, and only those archives.
Except what you do here will be considered by many to be a "best
practices" practical for their own designs. As the developer of the
tool, you'll be considered to be doing what's best as far as using the
tool is. Which gives you a responsibility beyond just taking care of
the privacy of users on your list, but of setting the example for
others who use your tool on how to use it responsibly. As big as the
privacy of users of your mailing list is, whether you like it or not,
you also have bigger issues to the net at large here, because your tool
is widely used and well-regarded, and because here, you set the tone
for how that tool should be used by others on their own sites. And
since privacy of e-mail addresses has become such a hot button because
of the spammer issue, I think you need to think about how your tools
are contributing to users being harvested by spammers, and how you can
set an example to try to solve those problems. not that this is a
problem you caused, but you have opportunities here to help change
mindsets around the net by defining a new acceptable standard for how
archives handle this data -- this problem found you, but it still needs
to be solved.
The only thing relevant to MHonArc is that it allows users to
apply whatever solutions they want.
And you, as it's author and developer and voice, are the person who
needs to help people understand how to use it properly and safely. if
they choose to ignore you, shame on them. If you don't give them that
information, then how can they hope to figure it out on their own?
The mhonarc.org lists are not private lists. MHonArc is an open
source project, and all the lists are intended to be as open as
possible.
So you think it's okay to hand all of your subscribers to the spammers
in the name of open source?
you can keep the ARCHIVES open, without handing privacy data off to
those you can't trust. This isn't an either-or situation. it's a
question of how to build things to both protect users from those trying
to harm them AND distribute the key information. Both are possible.
[Index of Archives]
[Bugtraq]
[Yosemite News]
[Mhonarc Home]