[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: Should mhonarc.org mail archives hide mail addresses

On Jan 2, 2004, at 4:32 PM, Earl Hood wrote:
sight-limited, it means alternative browsing tools, like my phone's
mini-browser, and search engines like google.

You are straying.

Yes, I am, because I felt it was a useful time to do some lobbying for larger issues as well.

MHonArc is neutral about CSS/XHTML since a user can customize the
layout as they see fit.  I think talking about CSS/XHTML is off-topic
unless someone provides a case of how it can be used to deal with
the harvesting problem.

Fair 'nuff, I'll drop it, after noting that I think if you look at the current state of these standards, as opposed to where things stood two years ago, moving towards them in your standard distribution would make life easier and simpler for everyone in the long-term... but enough.

Now, there is always cost-benefit ratio.  Wrt to account creations, the
benefits out-weight the cost.  But, to do it for each email address,
it may not be, especially if the graphics include techniques that
OCR systems cannot deal with.

maybe. Or maybe you do the work and find you merely made it harder, so they had to throw another thousand machines at the problem. Which they happily can. My argument is that anything that "solves" the problem through computational complexity doesn't really solve it, not when the enemy can write trojan horses that can link hundreds of thousands of machines together and control what they do. Asking them "hey? want the data this much? how about this much?" is a waste of resources and creates a false sense of security. and it might work -- now -- but for how long? Better to look for solutions that don't use the phrase "fixes it for now" in them, and not have to re-engineer again down the road when the spammers get around to cracking it.

(it's also important to remember where the data comes from, and not over-engineer solutions, either. Ultimately, sinceprimarily mHonarc is used as an archiver for mailing lists and similar tools, it makes zero sense to make those archives significantly more secure than those lists themselves are, and mailing lists, by their basic design, have inherent privacy problems that you can't solve, so it makes no sense to over-solve them other places...

One can look at the obfsucation model as similiar to detering
crime.  For example, a professional car thief can steal any car,
but if you make your car more time consuming to steal, they will
go elsewhere the cost is less.  Also, with certain measures, you
deter amateur thiefs.

the problem here is that mHonarc is one of the key archiving tools used on the net. that means anything implemented will be a focus of the spammers, because so much of what the spammers want is stored in Mhonarc archives. So while you might put "the club" on a Tercel and convince a car thief from stealing the car by making them steal someone else's car, the thieve's you're trying to deter know what you have in the trunk, and they don't want to steal A car, they want to steal YOUR car. You can't assume you can save yourself with the "I only need to outrun you, not the bear", because the bear has decided he wants you. So building tools assuming you'll scare spammers elsewhere will almost definitely fail, because of the content this tool hosts on so many sites.

I'm not talking about end-users.  I am talking about the mhonarc.org
list archives, and only those archives.

Except what you do here will be considered by many to be a "best practices" practical for their own designs. As the developer of the tool, you'll be considered to be doing what's best as far as using the tool is. Which gives you a responsibility beyond just taking care of the privacy of users on your list, but of setting the example for others who use your tool on how to use it responsibly. As big as the privacy of users of your mailing list is, whether you like it or not, you also have bigger issues to the net at large here, because your tool is widely used and well-regarded, and because here, you set the tone for how that tool should be used by others on their own sites. And since privacy of e-mail addresses has become such a hot button because of the spammer issue, I think you need to think about how your tools are contributing to users being harvested by spammers, and how you can set an example to try to solve those problems. not that this is a problem you caused, but you have opportunities here to help change mindsets around the net by defining a new acceptable standard for how archives handle this data -- this problem found you, but it still needs to be solved.

The only thing relevant to MHonArc is that it allows users to
apply whatever solutions they want.

And you, as it's author and developer and voice, are the person who needs to help people understand how to use it properly and safely. if they choose to ignore you, shame on them. If you don't give them that information, then how can they hope to figure it out on their own?

The mhonarc.org lists are not private lists.  MHonArc is an open
source project, and all the lists are intended to be as open as

So you think it's okay to hand all of your subscribers to the spammers in the name of open source?

you can keep the ARCHIVES open, without handing privacy data off to those you can't trust. This isn't an either-or situation. it's a question of how to build things to both protect users from those trying to harm them AND distribute the key information. Both are possible.

[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]