North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Staying on topic (was Re: EFF whitepaper)
At a meeting a few weeks ago, a bunch of us made the claim that the NANOG list could in most cases be self-policing. In that spirit, it seems worth pointing out that this discussion of the Russian Mafia, Chechen freedom fighters, the EFF, and China, seems to be heading in a direction that would be a bit off-topic for the NANOG list. -Steve On Mon, 15 Nov 2004, Steven Champeon wrote: > > on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote: > > On Mon, 15 Nov 2004, Steven Champeon wrote: > > > And this affects those of us with not-so-old, not-so-slow machines how? > > > > By the fact that there is no way in hell that he could relay a large > > amount of spam... > > You seem to be confusing the single instance with the widespread > application of the policy. My problem is with the latter, which is > what the EFF is pledged to defend in the face of widespread damage > to the medium they hope to save thereby. > > Put simply, I'm fine with a few well-known anonymizing mail servers. > I also reserve the right to reject mail from them. > > I am not fine with an organization pledged to defend the principle > for /all mail servers and spam sources/ regardless of whether they > are under the control of spammers (and with no mind paid to the fact > that a great deal of spam is sent via compromised machines that are > unlikely to be used by freedom fighters or whistleblowers, etc.) > > Come on - do you really think the Russian mafia is going to allow free > use of their botnets so that Chechnian freedom fighters can post > propaganda? I don't. Not even if they were paid for it. > > > > The bottom line is that Gilmore, and the EFF, have taken a very soft > > > stance on spam, believing it to be less important than "free speech" or > > > "anonymous speech". > > > > By definition, the EFF's main concern is free speech and privacy. > > And I have supported them in the past for exactly their dedication to > that concern. However, they now confuse government censorship on the one > hand, with the abuses of a system by fraudsters and others (often in > league with the very same countries whose censoring governments the EFF > opposes) on the other. > > Alan Ralsky hosts his servers in China. Do you really think that the > goal of protecting freedom is served by encouraging everyone not to > reject mail from those servers? Given that China's rDNS is so hosed or > nonexistent as to make local, automated judgements difficult to > impossible, it's far easier for those of us who don't want Ralsky's junk > to simply reject all mail from China. If China doesn't like it, they > should reconsider hosting Ralsky. The same goes for any country or ISP > hosting or enabling spammers. And yes, I know that's a broad brush, and > may not be appropriate for everyone. That's my whole point - that by > ceding the spam battle over a misguided idea of protecting free speech, > the EFF is actually encouraging others to paint with similarly broad > brushes in their own defense - and undermining their own intentions. > > I didn't make the decision to allow 419/AFFers to post through Tiscali's > webmail servers - Tiscali did, and they continue to let the abuses occur. > > Bigpond has largely fixed their 419/AFF problem, by disallowing use of > their webmail accounts to non-AU users (in the process, they also broke > their Received: header trace information, but hey). Got a problem with > their policy? I don't. > > I had a user here who got upwards of 100/day - nearly all 419/AFF spam. > Much of that has disappeared, thanks to the implementation here of > policies that others were incapable of making, in order to deal with > /their/ abuse problem, not mine. > > Privacy is a great goal. In my mind, it has its price. If I want to vote > to protect my privacy, I register. If I want to drive a car, I get a > license and get insured, and can prove it in case I run into someone else. > If you want to be on the Internet, I damn well better be able to contact > you (or someone who has taken responsibility for your presence here) in > the event that you run dictionary attacks against my mail server, or try > to send a million spam messages through your broadband channel, or run > a worthless and buggy OS without a firewall and thereby let yourself get > owned by anyone and become a vector for abuse. > > Barring that, I'll just block you and anyone who looks like you, and > call it a day, and selectively unblock or whitelist once you've met my > policy criteria. > > Those who prattle on about rights forget about their corresponding > responsibilities, and undermine their very case by appearing to lack > any sense of the price we pay for the former through the latter. > > > > http://eff.org/wp/?f=SpamCollateralDamage.html > > > > > > Wow. So, any collateral damage is unacceptable? > > > > To me, and people who rely on email for reliable communication, yes > > absolutely. Collateral damage is unacceptable, period. > > Then it would behoove you to support efforts to make email accountable > rather than decry such attempts as censorship. Lacking other solutions > to the spam problem, everyone tries their own. Which is more important? > That we can all get behind industry-wide proposals, or that we all > uniquely splinter useful protocols due to our own necessities, dictated > by the demands of real usage? I'd love to stop wasting time chasing the > rats out of my mail server. Until then, I am doing what I can to analyze > inbound spam and adjust my policies accordingly to keep it out. > > Rather than fight for the rights of the vast majority of the suffering > masses just yearning to send email reliably, the EFF has chosen, de > facto, to defend the rights of the spammers, who benefit enormously from > the existence of unaccountable servers/proxies. > > > Its even worse when administered punitively (like SPEWS/etc) because > > its done with the intent of disrupting other people's lives. > > Sure - in order to get their attention (or their ISP's attention) and > presumably alert them to, and get them to fix, their abuse problems. I > don't use SPEWS here (for various reasons) but I don't have any problem > at all with someone else building a policy that includes the use of > SPEWS. > > > If you're going to fight something, and you feel its worthwhile, fight > > it on the high-road. > > That's what I'm doing. I am fighting the widespread lack of > accountability of email senders by implementing policies that demand > same; if I can't report abuse to a living person with some expectation > of a change in the behavior of their customers, I don't accept mail from > them. Sadly, this has meant that sometimes legitimate mail is rejected, > with an informative message saying why. The EFF, on the other hand, > wants email to remain an unaccountable medium for the sake of a > miniscule amount of potential messages whose content could well be > delivered in other ways. > > > > In a nutshell, email requires accountability. The EFF apparently thinks > > > that is too high a price to ask for email. > > > > I think you're missing the point. Anonymous communication saves lives, > > allows people to "blow the whistle", and in general it serves the greater > > good to have it exist. > > At what expense? > > > Email already has an "audit trail" built into it, > > No, it does not. More accurately, the mail server /you control/ has a > minor amount of tracing information that it can insert into a message; > all else is untrustable - and the EFF wants to further undermine the > remainder in the case of relayed mail (by defending the principle of > anonymous relay transmissions). I already reject mail from servers whose > webmail implementations do not include useful tracing information (just > as I reject mail from those systems if the origin is a common source of > Nigerian 419/AFF junk). Don't like it, and you're a user/supporter of > said systems? Put pressure on the systems in question /to fix their > servers/ so that the fraudsters are kept out, or so that they can be > tracked and dealt with. > > > and you can at least track it to some extent if you know what you're > > doing. > > No, sorry, that's false, too. You can /make an effort/ to rely on > untrusted information, to posit a source beyond the last relay; that > is all. > > > Does email need a DNA signature for the sender? In my mind no, you > > can get that if you use PGP signatures and look how few people actually > > use that. > > You undermine your own case here. Let the anonymous senders create and > post keys via public servers then encrypt their messages with those > keys. Authentication is not the same as encryption or identification, > nor do any of them necessarily compromise anonymity or demand > unaccountability in sending mail. > > Anyway, the bottom line is that I no longer pay the EFF to fight on > the side of my enemies. All else boils down to "my network, my rules" > and "it'd be great if we all had the same rules and could talk to all > the other networks". > > -- > join us! http://hesketh.com/about/careers/web_designer.html join us! > hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com > join us! http://hesketh.com/about/careers/account_manager.html join us! > -------------------------------------------------------------------------------- Steve Gibbard [email protected] +1 415 717-7842 (cell) http://www.gibbard.org/~scg +1 510 528-1035 (home)
|