This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Spam under protection. Believe it or not!
- Previous message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Sep 28 22:26:29 CEST 2015
In message <1E574209-1163-488E-92A1-65BB7CA53A30 at blacknight.com>, you wrote: >Using abusive language and misinformation along with hyperbole doesn't do >you or this group any favours If anything I've said constitutes "misinformation", please specify what that was, specifically. (I believe that everything I said was completely and 100% accurate, like for example my statement that ICANN is effectively run by the registrars. This is in contrast to your own inaccurate misinformation that it is not.) >If you want to discuss anti-abuse issues and policy I'm more than happy When it comes to policy matters relating to routing (and, for example bogus route announcement) this mailing list is occasionally helpful. However for most other kinds of "anti-abuse issues" there's almost no point in discussing these, either here or elsewhere, because the game is rigged, and the Powers That Be (e.g. ICANN) have already and long ago decided that they simply don't WANT the problem(s) solved. It is not in their economic interests to have them solved. >I don't see why you or anyone else needs to use offensive language >and ad hominem attacks. I use offensive language because *I* am offended... just as the original poster who started this thread was (and is)... about the fact that so many players (i.e. corporations) that make their daily bread on the Internet are either profiting from network abuse, or else are knowingly turning a blind eye to it. (This is, you may recall, _exactly_ what the original poster was outraged by, i.e. the complicity and duplicity.) As regards to "ad hominem attacks", I haven't made any... but you can be sure that you will know clearly when and if I ever do. (There won't be any ambiguity, I assure you.) I have not attacked the character, motivations, or ancestry of either you or anybody else on this list, and I have no plans to do so. There is neither any need nor any point to that. I have however made some pointed statements about various *corporations* (as did the original poster), and will continue to do so, even though that also should not be necessary. Just as the original poster pointed out, in these kinds of cases, the facts speak for themselves. >We may not agree, but I'm always happy >to engage in intelligent and robust debate. Please begin, whenever you feel ready. But don't start off with provably silly statements like "ICANN is not controlled by the registrars". Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars? If so please describe it, because it will be news to me (and to many others also, I'm sure). This whole sordid scheme about anonomous donmain registrations is a case in point. When a few greedy registrars first proposed it, even the villiage idiot could have predicted that it would have been used 100 or 1,000 times as often by crooks, criminals, and spammers as it would ever be used by those few rare individuals who needed a domain name and who nontheless needed to be un-contactable, un-findable, and un-identifiable. And indeed, that's exactly what happened. But the idea sailed through the ICANN approval process. Why? Because the registrars who were behind it saw just as clearly that it would be a big money maker for them. It wasn't a decision based on the safety, health, happiness, or long-term well-being of the BILLIONS of individual Internet end users affected. It was a decison based purely on the economic interests of the registrars. If you want to discuss policy issues then try this: How many more years of this experiment (i.e. anonymized domain registrations) do we need before we can know for certain that, on balance, ICANN's decision to allow these criminal front man services was NOT in the best interests of the majority of the Internet community? More to the point, does there exist *any* "quality control" (for lack of a better term) on ICANN decisions? Are any of them ever reviewed after they have been made and implemented, you know, to see if any of them are failures and should be recinded? If not, why not? And here is another policy question: In order to deter and prevent what might be called "sign up fraud", several companies (e.g. Google, but there are many other examples too) have systems in place where anyone requesting a new account must provide a working valid phone number. That phone number is then called, at the time of account creation, and the person creating the new account is given a several digit "magic code" that they must then enter into a web form in order to complete the new account creation/registration. This kind of system prevents crooks and criminals from signing up for (for example) dozens or hundreds or thousands of Google Voice accounts at a time. This isn't a pie-in-the-sky idea. It is an actual practical WORKING system. Not in the future, but today, as we speak. So, there is a simple question: If this kind of anti-fraud system works, is practical, and is economically viable/sustainable... even for "free" services like Google Voice... then why can't (or why shouldn't) this exact type of anti-fraud system be applied also to domain name registrations? There is an obvious answer, and it coms back to just what I've already said. This simple and straightforward kind of perfectly workable and marvelously inexpensive anti-fraud system will NEVER be applied to domain name registrations for the simple reason that preventing the fraud of multiple/numerous/thousands of domain name registrations, all by a single party, is not in the economic interests of the registrars... because they are currently profiting, hand-over-fist, on the thousands or tens of thousands of provably fradulent domain registrations that currently occur every day of the week. Thus, this kind of idea will surely never even find its way onto the agenda of any ICANN meeting, let alone being seriously discussed at such a meeting, let alone being actually implemented or used to prevent the very common fraud of snowshoe spammers registering hundreds or thousands of domains, all on the same day. As President John F. Kennedy once famously said "Our problems are man-made, and they can be solved by man." That general statement quite certainly applies to all of the problems... hacking, phishing, spamming, DDoSing, or whatever... that have arisen with and within the modern Internet. There exist technical... and often simple... solutions to all of these problems. However as I noted at the outset, a lot of them (e.g. phone verification for domain registrations) won't even be discussed, let alone actually implemented, because the people who control the purse strings (e.g. of ICANN) have already decided that they simply don't WANT the problem(s) solved. As they see it, solving these problems is not in their own economic interests. None of this should really come as news to anybody who has been following these problems for the past few years. ICANN and the registrars who fund it have no more interest in securing the domain registration process than the NSA has in seeing all of those 0-days they have been relying on be exposed and patched. Ummm... well.. I take that back. Actually, all of the domain registrars that I personally know of *have* actually spent a lot of time, money, and bother to fully and effectively "secure" the domain registration process... but only to the extent necessary to insure that they have a valid name, phone number, and credit card number for the registrant... in order to insure that they'll get paid. But also, as far as I know, not a single one of them requires that the name and/or phone number that goes into the WHOIS for a domain name matches the data given by the person (or entity) who actually paid for the registration. The entirely predictable result is massive and ongoing fraud in WHOIS records... which ICANN works overtime to try to dismiss, cover-up, sweep under the rug, and to make extremely tedious and difficult to even report to them. (Hint: They don't want to know.) Regards, rfg P.S. Thirty years ago, if you had tried to invent a world-wide electronic communications system which would perfectly serve the interests (e.g. anonymity, deniability) of crooks, criminals, and spys, you could not, even in your wildest dreams, have come up with a system that either matches or surpases the modern Internet.
- Previous message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]