[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: Should mhonarc.org mail archives hide mail addresses

On Jan 3, 2004, at 12:14 PM, Earl Hood wrote:

and I apologize in advance if I go running down another rathole...

Basically, it comes down to informed choices.  I've tried to note
in the documentation that posts to the lists will be displayed in a
public manner and that address hiding/masking techniques may *not*
be employed.

But this creates more questions, like, "are the users knowledgable enough to make that informed decision?" -- or is it the admin's job to set up a list environment where the admin makes those decisions so the user doesn't have to? What's the user's expectation here, and experience level?

I could argue both sides of this (but I won't). it depends on the group and the nature of the list. But I lean towards it being the responsibility of the admin to create a list environment that the user doesn't have to evaluate whether or not is safe to use. If it's not safe to use, why create it?

and to push that point to absurdity, a real truth in advertising announcement for a list that publishes email addresses to the web without restriction today is "posting to this list will guarantee that spammers will get your e-mail address and start sending it spam". And how many users, if it was spelled out that explicitly, would say the list admin was doing their job?

I know from talking to list users a lot on the servers I run, their expectation is that what they use is safe. If they stop thinking that, they scatter to the winds. And arguably, they should.

Right now, I do not know what the stats are of people who have decided to not post to the list because of the public nature of the archives, hence the poll, which people can respond to me via private mail if posting is a problem.

there are actually multiple issues here, because you not only have all users, but key contributors, or potential key contributors.

To attempt to not spread this into a general "best practices" or "what the net ought to do" argument again, here's how I view it as far as the MHonArc archives specifically:

1) I think it's a bad thing if a user who needs support on MHonArc has to subscribe to the list and post to it to get an answer, when doing so exposes their email to spammers. (and if you think about it, as people become more aware of this "posting to lists with unprotected archives gets you spammed" issue (most users, honestly, still have no clue about these things, another argument for the admin taking proxy action and not depending on "informed consent"), what you do is drive users off of the list and to private e-mail, meaning because they won't use the list, they'll email Earl directly, whcih seems the wrong thing to encourage.

2) it's a worse thing if the person above asks the question, but gets no answer because the person with the answer won't, or has left the list. This is why the attitudes of the key contributors are even more important than general attitudes here -- they are the source of your value and information on the list. When I've had these issues on my lists, I've actually gone into the archives, identified people who used to be key contributors who've stopped, and tried to track them down to find out why. It's usually eye-opening (and scary). Perhaps the user will get an answer from a key contributor privately, because they've stopped posting -- and that invalidates having archives, since the answers aren't there for future research.

Speaking personally, I've left a number of lists that didn't/wouldn't protect their archives, and become spectators in others. While my address is widely out on the net and I can't pull it back (although i do where I can), and my account is heavily spam-protected -- I am not interested in continuing to add to that public visibility unnecessarily, so I can say that there are a number of times I've chosen to not ask questions here, but instead changed approaches if I couldn't pull an answer out of the archives, and I don't answer questions here that I might otherwise, although I wouldn't call myself a potential key contributor, either. But losing one or two of your top 2% of contributors is a major loss, and losing a small group out of the top 10% is a serious one. And if your list is similar to the tech-oriented lists I run, you have, and as the open-archive -> spammer connection becomes better known, that'll accelerate.

BTW, Net users should be aware that posting to an open list is
making a public post.  The technical nature of the Net makes it
possible for anyone to archive a list, as has been done with mhonarc.

But again, the admin is in control of that. All of my lists have rules of usage stating you can't create a public archive without permission of the list owner, and if we find a "pirate" list out there, we get it shut down. if we don't get cooperation, the archive gets blackholed so at least no new material gets into it, and that usually gets their attention. So with some simple actions, you stll control the destiny of your content to a good degree.

the fact that these things are public means you can't 100% guarantee a user's safety from spambots and the like. The fact that you can't 100% guarantee it doesn't, I believe, give an admin the chance to avoid any responsibility here and do nothing to protect their users. I think it's the admin's responsibility to take reasonable and practical actions to protect their users from harm coming from them from using the list.

also have archives of the user's list, and I have no real control
over those archives.

yes, you do, if you choose to exert it.

If a poster wants the best insurance of protecting their address when
posting to a public mailing list, they will have to protect their
address within the message itself.

What is the more reasonable action? To assume that everyone, everywhere, become knowledgable enough and teechnically savvy enough to protect themselves from the spammers, or for the much smaller pool of admins, who are already generally technical and saavy about these things and who control the choke points spammers depend on to do the implementation for their users? (and taking it a step further, what about the tool implementors that build the tools that the admins use to build their sites that users use?). What is the most efficient use of resources? What is the most effective?

I argue it's not "throw it at the feet of the user and pretend it's their problem". it's your archive they're using. You're effectively telling them to protect themselves from your archive, becuase your archive isn't safe. To me, that's like saying "if you get on the bus, invent airbags, because as the driver, I see no reason to drive safely, so if we get in an accident, you need to be able to protect yourselves...".

and that's probably more than enough for most folks, so I'll shut up...

[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]