Slashdot Mirror
Proposal To Limit ISP Contact Data Draws Fire
An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards. Besides, not everyone is in the US.
Privacy is less important here than the potential for menace and the ability of people to kvetch directly at troublemakers.
For every problem, there is at least one solution that is simple, neat, and wrong.
If GB is passing laws to cut off file sharers, who do so for personal use only, why can't they move quickly to impede spam?
... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
I know that for my company, I'd get a lot less spam if they couldn't trawl my email address out of the registry. Fortunately, a quick filter set up gets rid of most of it.
Everybody should have a right to privacy up to the point they abuse it. That address and contact information, when reflexively made public, can and is happily abused by other unaccountable individuals and businesses.
Our problem is that we don't have an effective system for making abusers face consequences for their actions, and stomping on the privacy of responsible actors on the Internet only makes the problem worse by adding to the pool of people whose information can be used to harass them with spammy communication. Far better to grant privacy automatically in combination with a reasonable system for penetrating it (i.e. make it easy to get through if there's proof of bad actors while instituting legal penalties if people file false reports for the purposes of obtaining private information.)
Unfortunately, there are several problems with this:
1) "We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)"
result: Cop says "Not breaking the law, not my problem, go away."
So you have to make spamming truly against the law.
Result: Cop says "Yea, I'll get right on that, after I go after a bunch of more interesting (read: higher fines) crimes." Considering how little the cops enforce crimes that are threats to life and limb like tailgating, I don't think there would be much interest.
2) Jurisdiction: result: cop says "Nice, but not in my district, so not my problem. Go away." Cop in area where ISP is says "You willing to show up here to make a complaint? No? Not my problem. Go away."
3) Assuming you make the cops care - they go to ISP "Give us the info. We have a warrant." ISP says "here's the address of the shell corporation in East Elbonia." Cop says "Not my jurisdiction. Not my problem. There a good donut shop around here?"
The latter is what happens anyway - I used to try to go after the hundreds of IPs a day that try to infect my PC. ISPs don't care, and won't care unless you can change the law, and if you try to change the law, the ISPs will outspend you.
www.eFax.com are spammers
1. How do you identify the source of the spam? Email headers can be forged, you know; you're going to have to analyze the log files at each node along the way. Good luck with that.
2. Nobody is going to shutdown a provider unless the violation is extremely egregious; people use bot nets to spread the damage around rather than isolating it at a single point of failure.
3. Spam is really annoying and costs people real money, but not so much that actually going after people is worth the extra expense; maybe a few of the spam kings are worth it, but the mid-level guys are probably fairly safe.
Time has proven again and again that people will abuse privacy / anonymity. I think we can all agree that privacy is worth the abuse, so we're just going to have to live with spam. We can fight the symptoms, but the disease will always remain.
You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?
You have an address on the door to your place that's publicly viewable. What's the problem with that?
You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?
You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?
You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?
You want to host something on the net? Fine - be prepared to post valid contact info. Otherwise, make arrangements for someone else to host it, or host it off the net.
In these cases, access is limited (by line-of-sight), or the information does not provide back-tracability. That no longer happens when posted online.
Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?
Write your representatives! Repeal the 2nd Law of Thermodynamics!
Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards.
Isn't that the RIAA thought as well?
STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.
It is a miracle that curiosity survives formal education. - Einstein
Ever think that it's the way you treat them online that convinces them to let out their inner demons?
Person A says to cops: "I received spam. Here is copy."
Cop says "GTFO! Hahaha."
FTFY.
Seriously, who calls the cops for spam and expects them to not laugh at you?
Getting rid of "private" domains won't do a damn thing except INCREASE the amount of spam that domain holders get. Spammers don't hide behind private domains, they hide behind huge botnets!
I used to not hide my whois information. In fact, I was proud to display my contact information in my whois entry when owning my own domain was a novel thing. Then the spam started on the contact accounts. Annoying, but I could handle it. Soon after, I started getting phone calls from people who barely spoke English claiming to be from my "hosting company" or from NetSol and they need access to my host right away or there was a "billing problem" and they need my credit card information to resolve it.
I set my domain information private right after that and never looked back.
No thank you. I use private domains to HIDE from spammers and scammers.
The