[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ga] Privacy and Whois databases
Who needs a "free" service. These people sign up for a two week free trial, run a test one
night, and run all night distributing their goods the next night. By the time the complaints
start coming in they have left town and you support people have several hundred or thousand
complaints to answer. The privacy lobby tore up the caller ID system so bad that it is
difficult to tie the SPAMMer to a physical location.
Peter Veeck
"J. Baptista" wrote:
> Exactly. That's the trick - using the dns to separate the good from the
> bad. We have also proposed a dot.uce, and dot.spam - as a means of
> keeping spam out of the non spam loop.
>
> More and more companies need this sort of service. As more and more free
> internet services are offered in exchange for adverts, this sort of thing
> will be critical to keeping the spam (or pro uce com-email) people and the
> antispamers separate. I think both groups are nuts and the sooner that we
> get them on their own separate infrastructure nets, the better.
>
> Regards
> Joe Baptista
>
> On Sat, 16 Oct 1999, Peter Veeck wrote:
>
> > How about a dot SPAMM TLD And let the SPAMMers use it with impunity. It could be
> > easily filtered. Is the only way to get new TLDs to have them legislated? Can any
> > country legislate new TLDs or must it be done inside the beltway? Thanks but I don't
> > find them more knowledgeable than ICANN. Perhaps anything affecting network operation
> > should be turned over to NANOG.
> >
> > Being currently involved in a civil case proceeding through the US Federal court
> > system, I am intimately aware of the costs involved in legal actions. I doubt that you
> > could establish sufficient damages or find deep enough pockets on the other side of the
> > table to warrant prosecution of a SPAMM case through a court of competent
> > jurisdiction.. Perhaps some of the attorneys on this list would offer pro bono
> > services.
> >
> > If someone can show me reliable empirical date that Srikanth's plan would reduce the
> > bandwidth stolen from Internet Texoma by SPAMMers by 10% and the costs to process SPAMM
> > complaints by a like amount I would not only support his plan but would offer to host
> > the database at no cost. Host--but not administer the requests for access.
> >
> > Peter Veeck
> >
> > "J. Baptista" wrote:
> >
> > > Peter:
> > >
> > > You want a good solution to stopping spam. Legislate the solution. One
> > > proposal being submitted to congress is by the dot.mlm people. It already
> > > has widespread support with admins. And the same solution offered by the
> > > dot.mlm people also helps parents filter porn.
> > >
> > > However, for these simple effective solutions to be put in effect the
> > > root-serversd have to be liberated.
> > >
> > > Regards
> > > Joe Baptista
> > >
> > > On Sat, 16 Oct 1999, Peter Veeck wrote:
> > >
> > > > My argument is that there are pitifully few tools available to address SPAM,
> > > > network abuse, and operational problems. The registry databases are a tool for
> > > > that use. If your remove them you are removing a piece of the network
> > > > operational structure and must replace it with something. How do you contact the
> > > > operator of a web site whose DNS has been hijacked by a pornography site?
> > > > Presently you go to the whois and get the phone number of the administrator. If
> > > > you have to go through a process of certification for access, by email or snail
> > > > mail you create an unacceptable delay. If you set up prior certification, you
> > > > create an extremely large pool of access to the database which will be little
> > > > different than the current system. How is the data maintainer going to cover or
> > > > recover his costs? If he is consistent with existing databases it becomes a
> > > > profit center. Affluent organization can obtain the data. You only cut off
> > > > access for the individual and non-profit. Have there not been enough concessions
> > > > to business interests already? I offered a solution, tongue in cheek admittedly,
> > > > that an enforcement division be established and rejected this personally in favor
> > > > of the current system. The current system requires that a tenet of the Internet,
> > > > access to information, be observed. There are other solutions. RFCs can be
> > > > written to require that all mail programs be secure and the messages all be
> > > > traceable. We must bear in mind that RFC compliance is voluntary and there is no
> > > > one enforcing compliance. What I ask, is not to remove a tool for network
> > > > administration without either replacing it with another or eliminating the need
> > > > for that tool. Being listed in at least three registry databases I understand
> > > > the problem of privacy. Being a network and server administrator I want to keep
> > > > the system working.
> > > >
> > > > Peter Veeck
> > > >
> > > > Srikanth Narra wrote:
> > > >
> > > > > Jeff/Peter
> > > > >
> > > > > Maybe I miss your point a bit. My apologies -bear with me a bit more. The
> > > > > information is currently avaliable freely and instantly at finger tips for
> > > > > abuse today.
> > > > >
> > > > > The way I see it, under my proposal, we are providing a means for a
> > > > > legitimate liable business firm to come forward and protect the information
> > > > > free of cost or at negligible cost to us by means of a workable business
> > > > > model.
> > > > >
> > > > > The firms will have to follow all the privacy laws that apply in real world
> > > > > (in the country they are incorporated in).
> > > > >
> > > > > As well as - with the strides EU is making with regards to privacy and the
> > > > > demands they are placing on overseas companies with regards to information
> > > > > about their citizens - in return for allowing for companies to operate
> > > > > smoothly in their countries and/or other wise in various trade negociations.
> > > > > And possibilites of other countries taking the lead from that. (in the
> > > > > countries the citizens reside as well).
> > > > >
> > > > > The firms should be expected to have a fairly large sum of amount in escrow
> > > > > - initial deposit as well as certain percentage of fees - to pay for damages
> > > > > in case of violations.
> > > > >
> > > > > Users can resort to courts if they see a preceived violation. States can
> > > > > always resort to international courts/mechanisms, etc over percived
> > > > > violations of their right over their citizens information.
> > > > >
> > > > > Personally I feel a whole lot more comfortable letting the courts /
> > > > > governments beat the firms into evolving in a better manner and complying
> > > > > rather than giving more powers or duties to ICANN.
> > > > >
> > > > > User benefits in different scenarios :-
> > > > >
> > > > > >From Spammers angle - The user has records of who made the request for his
> > > > > information. Possibily a contract between the firm giving information and
> > > > > the user who took the information - binding the information seeker - that
> > > > > information would not be used for spamming and any other purposes than
> > > > > stated. For a nominal amount you get information to service the person/firm
> > > > > who spammed you. This in itself should make spammers task more difficult.
> > > > >
> > > > > >From Stacker angle - The instant email gives you a early alert at the least.
> > > > >
> > > > > >From Political persecution - The instant email gives the user a early
> > > > > warning to seek shelter at the least. With all the holocaust and other
> > > > > payments going on, I am sure the firms will do all they can - in a purdent
> > > > > and legal manner with regards to the rights of country over information in
> > > > > their citizens as well as avoiding becoming a accesory in persecution of a
> > > > > individual.
> > > > >
> > > > > Can you put in a easy example model which of these above would be worst of
> > > > > than the users are now.
> > > > >
> > > > > Also one thing I would like to state is with whois records - their is a huge
> > > > > burden on individuals to keep the records in whois current at all times or
> > > > > risk losing the domain ,possibily, under most unreasonable/filmsy of
> > > > > circumstances (eg:-aolsearch.com would make a interesting example).
> > > > >
> > > > > Sri
> > > > >
> > > > > -----Original Message-----
> > > > > From: Jeff Williams
> > > > > To: Srikanth Narra
> > > > > Cc: 'Peter Veeck '; 'Mark C. Langston '; 'ga@dnso.org '
> > > > > Sent: 10/16/99 5:07 AM
> > > > > Subject: Re: [ga] Privacy and Whois databases
> > > > >
> > > > > Sri and all,
> > > > >
> > > > > My only comments are that this basically puts someone's privacy
> > > > > up for sale at a fixed price no less. And that if I find that any of my
> > > > > regarding any of our DN is sold in this or any other manner the
> > > > > responsible parties can expect to be served immediately.
> > > > >
> > > > > Srikanth Narra wrote:
> > > > >
> > > > > > Peter
> > > > > >
> > > > > > This proposal, if any thing, should act to everyone's advantage in
> > > > > fighting
> > > > > > spam.
> > > > > >
> > > > > > 1. It becomes prohibitively expensive for a spammer to get (or
> > > > > revalidate
> > > > > > your information if you change it) from whois database as they have to
> > > > > pay
> > > > > > on a domain by domain basis giving valid reason (however filmsy) for
> > > > > > obtaining your details. The records of such requests exist with the
> > > > > > register.
> > > > > >
> > > > > > 2. Becomes (hopefully) easier for registers to spot someone mining the
> > > > > whois
> > > > > > for spamming purposes - as they will have to make fairly number of
> > > > > > requests. At the least complicates spammer's methods to gather
> > > > > information
> > > > > > as they will have to use multiple identities, etc (remember verifiable
> > > > > means
> > > > > > of payment).
> > > > > >
> > > > > > (maybe we can even suggest some guidelines for registers to request
> > > > > for a
> > > > > > additional safety deposit from someone requesting too large a number
> > > > > of
> > > > > > records like couple of thousand - for legal defence or compensation
> > > > > purposes
> > > > > > - to be release back to requester after a certain time lapse)
> > > > > >
> > > > > > 3. Gives you a advance notice that someone is trying to lookup your
> > > > > records
> > > > > > and why, (automatically and free of cost email to your email account
> > > > > -
> > > > > > unlike credit bureaus where you have to request for such information)
> > > > > -
> > > > > > giving you a chance to notify register if you suspect its a spammer.
> > > > > or take
> > > > > > precautions if its a potential stacker or political/religious
> > > > > persecuter.
> > > > > >
> > > > > > 4. As far as change from present system - from your additional burden
> > > > > > perspective - all that has changed to is, you having to pay nominal
> > > > > fee
> > > > > > (just like a spammer would) to enquire the spammers records. All your
> > > > > legal
> > > > > > and other options remain intact - nothing else changes from present
> > > > > day. A
> > > > > > fair price for the little bit more sanity, peace of mind and personal
> > > > > safety
> > > > > > - is it not ?
> > > > > >
> > > > > > Best of all nobody ICANN or anyone gets additional powers or
> > > > > juridiction and
> > > > > > is a market based solution.
> > > > > >
> > > > > > comments ?
> > > > > >
> > > > > > Sri
> > > > > > -----Original Message-----
> > > > > > From: Peter Veeck
> > > > > > To: Mark C. Langston
> > > > > > Cc: ga@dnso.org; Srikanth Narra
> > > > > > Sent: 10/15/99 10:19 PM
> > > > > > Subject: Re: [ga] Privacy and Whois databases
> > > > > >
> > > > > > "Mark C. Langston" wrote:
> > > > > >
> > > > > > > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> > > > > > >
> > > > > > > >May be we can take a clue from the way credit files are kept in US
> > > > > > and use
> > > > > > > >the same model.
> > > > > > > >
> > > > > > > >The whois records stay private with register. Anyone wants to take
> > > > > a
> > > > > > look at
> > > > > > > >them pays a nominal amount by verifiable means like credit card or
> > > > > a
> > > > > > check
> > > > > > > >for the privileage to see the information. (that should cover the
> > > > > > registers
> > > > > > > >expenses for keeping the records private and to fend the queries).
> > > > > >
> > > > > > I use whois to fight spam abuse. Are Spam complaints going to be
> > > > > taken
> > > > > > over by
> > > > > > ICANN or a subset thereof?
> > > > > >
> > > > > > Peter Veeck
> > > > >
> > > > > Regards,
> > > > >
> > > > > --
> > > > > Jeffrey A. Williams
> > > > > Spokesman INEGroup (Over 95k members strong!)
> > > > > CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
> > > > > Information Network Eng. Group. INEG. INC.
> > > > > E-Mail jwkckid1@ix.netcom.com
> > > > > Contact Number: 972-447-1894
> > > > > Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
> > > >
> >