Slashdot Mirror
RoadRunner Co-Opting "Organization" Headers
Dusty Rhodes writes: "AOL-Time Warner cable Internet Provider RoadRunner has begun co-opting the 'Organization' line of Usenet headers, replacing whatever information a user enters with 'Organization: Road Runner - (location).' All RoadRunner customers nationwide, including business customers, have had their organization identity hijacked with no disclosure whatsoever, much less an opt-in or even an opt-out. Nothing in their TOS or AUP. Nada."
The biggest reason I can see is to help cut down on spam. If people try spamming through RR, the recipient will KNOW it came from a RR server, and know where to complain. (Not sure how that HELPS RR, but it's a theory.)
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
I've noticed this for a long time now. A lot of ISP's are doing that. I don't mind too much since my organization is "Crime" but it is a bit annoying yes. However if you want much better news service at not too much a year, try Newsguy. I used them back when I did a lot of usenet posting and for like $25/year (its gone up a bit since then) I was able to get non-binary access to all my favorite newsgroups. If you want access to binaries you have to pay a bit more, but the service is very customizable to fit your needs. They filtered out 95% of the spam and kept articles for a month, while roadrunner is lucky to keep them a week and seems to have cut corners on spam filtering. So I'd suggest if you are serious about usenet, buy your access (its less then $5/month for basic access) and get higher quality news feed with less spam and full control over those important headers.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
Companies aren't there to serve customers.
Companies are there to serve the owners/shareholders. Most of them just want to get the best return on investment they can.
Most people vote for "returns at any cost" with their money, and the companies act accordingly.
When is the last time you've heard people say "oh you can lose a few million this year, just be nice to everyone", until they put a dollar value on satisfied customers, they are going to continue to behave this way because WE make them.
And I don't really care how much RoadRunner screws with their customers, as long as they make money and build my retirement fund for me. Yes it is selfish, but I think that is the way it is.
They are your ISP and you are using THEIR machines, hence they may do as they wish...an ISP has every right (though perhaps not ehtical) to ... do whatever they want to incoming/outgoing data
Are you serious? Given your logic, you seem to think it's alright to replace every other header as well (including the X-Priority, or even the TO and FROM). Why stop there? Why not change the message body as well?
"They are your ISP and you are using THEIR machines, hence they may do as they wish."
They gave up the right to do whatever they wish with their hardware as soon as they started charging you money to use it. An ISP is bound as much to an agreement as a user (if not more so) because of the exchange of money involved, and they should not be able to unilaterally change the terms of the contract without at least informing the customers.
If they didn't add the IP address, it'd be too easy to abuse their server and spam through it. Who says Usenet should be anonymous anyway?
If you do want almost anonymous access, sign up with a pay-for news provider such as EasyNews. They don't add an IP address to messages posted through their system, so it's effectively anonymous. However, they still add a special encoded header line that lets them determine which user account sent the message, but it's only of internal use to them, and someone would probably require a court order to force them to identify the poster.
It's been a long time since anything on the Internet has been truly anonymous...
Let's say I post something to Usenet trolling, blasting Microsoft and making wild accusations against them. However, my "Organization" is "RoadRunner." While it may not mean anything legally, doesn't that at least partially imply that I'm speaking on behalf of RoadRunner, and, thus, making it seem like RoadRunner's official corporate stance is whatever nonsense I just accused Microsoft of?
For example, if you work at IBM (arbitrarily chosen company), and routinely send out mail voicing *your* opinion, you'll likely have something to the effect of "These opinions are my own, and not that IBM," so that people don't twist mail you send to your friend into IBM's official position on the issue.
Again, I don't know if this carries any legal weight, but I think RoadRunner is getting themselves into more than they bargained for. (Picture swarms of angry people blaming RoadRunner for whatever their customers post.)
________________________________________________
suwain_2
Not to pour water on a good conspiracy theory, but are people sure this isn't just a misconfigured nnrpd.conf (or equivalent)? It's pretty easy to do; many nntp sites already add an Organization line if there isn't one present -- all it would take is for some admin to foul up a config line.
Not to downplay the significance of companies doing stuff like this, but this may be unintentional. The article doesn't look like it's double-checked the motive.
Ah, computer dating -- it's like pimping, but you rarely have to use the phrase "upside your head" -- Bender
You are exactly correct. This is not really an issue of rights. It's only an issue customer service. A company is failing to provide a service that most paying customers are used to getting. A poor choice on their part, yes, but hardly anything worth marching to the capital steps in Washington over.
In addition to the "Your Rights Online" category, Slashdot really needs a "Big Company Not Treating Their Customers Well" category, because that seems to be what a lot of these stories end up being. Save the YRO banner for DMCA court battles and stuff like that.
Information wants to be anthropomorphized.
Because Yahoo, et. al. are free, they make their money from advertising. I pay my ISP, and if they started requiring me to run programs that displayed banner ads at the bottom of my screen continuously -- in addition to the $45 / mo -- I'd leave ASAP.
I wonder how RoadRunner would feel if some unscrupulous person put Roadrunners email addresses in their reply fields for the spambots to harvest? Gee, I hope no one does that. That would be just awful. Roadrunner receiving tons of unsolicited mail because someone changed some information that they were not asked to. The horror...the horror....
Nothing on the Internet is anonymous. Even "anonymizers" just make it difficult to find the source, not impossible. If you want anonymity, stay the hell off the Internet. Everything you do can be traced to you. If you hadn't figured this out before, wake up. There is no right to anonymity. There shouldn't be.
For the last year (probably even longer) I have noticed RR putting Road Runner in the Organization field on the header. I've never seen them put the actual city name however in the header. This is not late breaking news.
I can't beleive this made the front page on slashdot. First of all the story is false (at least in the upstate New York RR service) second, what's the big deal? For me, I use my full name when posting to newsgroups. Plus with RR you get a fairly static IP address (mine hasn't changed in the last year), how can you be anonymous with that?
Doesn't this make it harder for RR "customers" to send out Usenet spam with totally forged headers and remain undetected?
Isn't this a Good Thing for everyone?
In particular it's a Good Thing for all RR customers who don't spam, as it means that other ISPs won't be denying connectivity to RR because of spam.
What have I misunderstood here?
The guys who run RoadRunner mail hosts seem to be a bit out of it when it comes to how "the Internet" works. Sure, they can figure out some of the stuff, but they get clueless really fast.
For example: They used to have the "From:" header screwed up. When you sent some mail, it said that the sender was "username at the machine that handled all of the mail for the area," not "username at the real address." So for six months or so, when some folks tried to reply to my RR address, their replies bounced. I had to add a "Reply-to" line just to get mail back.
The bottom line is that from the Internet's point of view, your ISP and network provider is RoadRunner, so it makes perfect sense to label you as being part of that "organization" in this context. It is both within the letter and spirit of NNTP. To allow you to use your own vanity Organization header would only add confusion and defeats the spirit of the header.
Correct me if I'm wrong but isn't this a perfectly correct implementation of organization? Whose NNTP server was used?
This header predates NNTP
Ok, I'm a RoadRunner customer. I read this and immediately went out to check my posts. Nope, didn't see the text added in any of them. Even posted a new post and still no text.
So, either it's not happening in all areas are this yet another bogus "It was posted on the web so it has to be true" story.
The biggest reason I can see is to help cut down on spam. If people try spamming through RR, the recipient will KNOW it came from a RR server, and know where to complain.
But they could just as easily add something like "X-Complaints-To:" or "X-ISP:", etc. Rather than deciding that RFC 850 dosn't quite apply to them. The header is for identification of the poster's organisation. Rather than whatever ISP their employer may use...
If I had a RoadRunner connection for free, then yeah, maybe I could deal with them wanting to plug themselves in my e-mails and news postings.
However, since RoadRunner is a pay-to-use service, aren't they getting money already? Why, yes, they are. And what if part of your organization is required to post to certain newsgroups, and all of a sudden, with no warning, instead of being from BlahCo, it says it's from RoadRunner? Wouldn't you be a touch upset about that?
They can fix it by making it opt out.
Kierthos
Mr. Hu is not a ninja.
If this were happening to me, I'd change my netnews .sigfile to read
--
If the Organization line on this post says 'RoadRunner', then the opinions expressed here are the official opinions of 'RoadRunner'. They put their name on them, they must approve.
If they are blocking port 25 outbound, you can do what I used to do when the fuckers at earthlink did that.
Keep in mind that the reason Earthlink does this is to prevent stupid people from sending spam that doesn't go through Earthlink's servers, and from running open relays that spammers can use. Yes, it's inconvenient for some people, but you can configure Sendmail or whatever to relay everything through smtp.earthlink.net, or do what you've done and relay through an outside server on a different port.
What exactly does smtp.earthlink.net add to the headers that you find objectionable?
The problem is that the majority of people out there are screwed by this and do not have enough knowledge to take recourse against it.
The firewall was set up exactly because the majority of people out there do not have enough knowledge to prevent others from abusing their systems to send spam. So, what would you propose as another solution to the spam problem? Keep in mind that Earthlink has over 200,000 DSL customers and several million dialup customers.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
All concerned RoadRunner customers should change their organization name to "is a sh*tty ISP."
I think it's real sporting of them. By identifying themselves as the organization responsible for the messages (not mereley the source of the messages), do they not open themselves to legal action? Shielding their customers, who are small-fry (anything other than AOL/TW, including most countries) by definition.
Seriously, this has all the hallmarks of (rather clever) disgruntled employee sabotage. How much attention do you think the higher-ups at rr even pay to their UseNET service? How closely do you think it is monitered? I'm betting very little and not-at-all. It could be weeks before they really notice/understand, even now.
If I still had UseNET flamewars^H^H^H^H^H^H^H^H^Hdiscussions, I'd be really pissed; I have roadrunner.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
Does this apply only to the RR usenet servers? Or does this apply to ANY usenet server that a RR customer is using?
Big difference. IF RR owns the server and provides it as part of a package, yes it might suck, but its their server and if they want to alter information, I suppose its their right to do so. You don't HAVE to use it. In fact, most ISP based newsservers suck anyways. It wouldn't be a great loss.
A lot of companies do things behind the scenes without putting into their terms of service. A great many isps will run httpd traffic through a cacheing proxy to either save on upstream bandwidth or to record information. One of these schemes makes perfect sense, the other is slimy.
Ok, so they're changing your organization field. Whether this matters or not, you know about it now. If its a problem, use a different news server. However, if they're hijacking nttp packets and "fixing" that information, then you have a BIG problem. At NO point should ANY information I send out be modified. If they want to play games to save bandwidth, fine. But I better get the exact data I request, and the other end better get the same data I send, with no
modifications. THAT would be entering into the realm of arbitrary censorship without permission.
They might STILL be within their rights to do that, but if I were a customer of theirs, I would start shopping around.
-Restil
Play with my webcams and lights here