This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Spam FAQs need revision, was 2011-06 New Policy
- Previous message (by thread): [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New Policy
- Next message (by thread): [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New Policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
russ at consumer.net
russ at consumer.net
Mon Dec 19 10:00:52 CET 2011
>The risk of being able to identify an individual starting with an IP address listed in a black list is very small, and the impact very small, >but the benefits from publishing them should be very clear. Your discussion and the associated paper implies that the list operator/security personnel are always right because they are protecting the Internet. It implies their mission is more important than any other issue that someone may have. "It should be very clear" implies that if you have another opinion then there must be something wrong with you. This is the attitude many of those involved in abuse have and I am trying to point out that there are problems with such a position. It gives people involved in abuse the idea that they don't have to answer to anyone or abide by the same rules as everyone else. If the list is run poorly the impact can be tremendous. Both Cisco and Microsoft both currently run blacklists that generate all sorts of complaints. They often won't tell people why they were put on the lists. Even when they remove someone people report the staff is arrogant and accusatory. They assume anyone on the list is guilty and it up to them to prove otherwise. the complaints say sometimes they don't remove false alarms for months. Another guy in Australia running a blacklist used to demand "donations" to get removed and if he got into an argument with someone he would add them to the list. (On top of that he used to register for free DNS services and crash them by uploading his blacklist). Many in abuse do not think twice about advising ISP's to do deep packet inspection to find abuse and malware without ever considering the ISP's marketing department will use the system for other purposes. The people involved in privacy are the same way. They often don't consider the security implications of keeping everything private. No, I do not agree that ignoring or minimizing the privacy issues is justified because of the benefits. The blacklists of today are much like the early days of credit reporting when there were no clear rules and people could not get mistakes fixes. The blacklist operators should promote these protections to improve their products rather than looking for excuses to avoid them. Thank You
- Previous message (by thread): [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New Policy
- Next message (by thread): [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New Policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]