And this is different from using IP addresses... how? Theoretically, a spam filter could just as well revoke all e-mails touched by a specific IP address -- they ARE listed in the headers you know. Adding this functionality, to purge e-mails *after* reception doesn't require certificates to work.
Basically, I don't see anything in this suggestion that can't be solved using IP addresses. The ISP knows what user uses what IP address at all times anyway, and given a source IP and a time can track down a customer easilly anyway.
The only thing I see this helping against, slightly, is against users disconnecting and re-connecting and getting a different IP address. Still, this is still just a spam *reducing* method. The spammers will just compromise a few more machines to send through instead. It's not like it's hard to build up a pack of spam-sending zombies or anything -- I highly suspect that the spammers have more zombies than they can use anyway.
The real big loss here is that Joe Jobs will be the norm rather than the exception. If spammers are forced to use valid e-mail addresses to get through, you can bet that the poor schmuck whose e-mail address was abused is going to get a lot more hassle about it from technically incompetent spam recipients. Not to mention this will actually make some spam filtering *harder*, today you can filter based on rules applying to From-addresses. If this system becomes widespread -- you won't be able to stop any spam by inspecting the From: address.
Finally, what about the bureaucracy of verifying identity's for issuing certificates? Who pays for that?
Sorry. This idea is just... dumb. It adds another layer of complexity to the system and causes more problems than it solves.
Um, the whole first part provided for a pretty-much-foolproof way to trace the email back to the sending server. Faking the sender would not be possible.
The easiest way to get past a locked door is to get the key. Conversely, if I wanted to send spam under that system, I'd just exploit myself a nice Windows machine (doesn't matter who it is) with a properly set up e-mail certificate (which most all machines will have if that system is widespread.)
Eh presto, untraceable e-mail. Well, traceable back to the fool whose certificate you stole.
Now add a false sense of security, and the relative ease of stealing certificates... and you've got a train wreck of an anti-spam system. Sure, you'll be able to block mail from the compromised machine, but you can do that by blocking individual IP-addresses either. The same whack-a-mole still applies, just by whacking individual certificates rather than individual IP addresses.
And then anti-spam servers will pop up that block all certificates issued from a certain authority... all of this is sounding very familiar.
Of course, going to itunes.apple.com will let you download the new version immediately, and they have simplified the process by requiring only an email address and the unchecking of two mailing list checkboxes...
You don't even need to enter an e-mail address. It's optional! I just unchecked the checkboxes and clicked on Download.
What platform is this on? I think the Windows version does that, but Apple didn't want to clutter every single program on OS X with update code and interfaces, and handle all updates centrally through "Software Update" instead.
At least in theory. It didn't show up there yet for me. Oh well, I patched it manually already. Ironically it said something like "Next time, you can get this from Software Update and not go through this cumbersome pross next time" when I went to download it off Apple's web site.
He was referring to apple working around DRM-circumvension software (I think it was called pyMusique) by updating iTunes.
And it's convenient to tell people they *have* to update iTunes because of a security hole. (It IS convenient, yes, but I don't think that's Apple's intention. I don't think the grandparent was saying that either.)
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (x) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam (x) Joe jobs and/or identity theft (x) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves (x) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free (x) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
I didn't understand that you were trying to make that point when I read your first post. I thought you were just saying "oh look, Sony has a music store too".
I don't know about US buyers buying from overseas ITMS:es, but I know that Apple didn't let non-US:ians in non-ITMS-countries use a non-local store.
I seem to remembering this having caused quite a ruckus with the European Union when UK citizens were not allowed to use non-UK iTunes Music Stores. The reason UK citizens would want to do that, is that the ITMS is significantly more expensive in the UK. Because of the pound and all.
To answer your other question, ITMS is currently available in 19 countries:
Austria,
Belgium,
Canada,
Denmark,
Finland,
France,
Germany,
Greece,
Ireland,
Italy,
Luxembourg,
The Netherlands,
Norway,
Portugal,
Spain,
Sweden,
Switzerland,
UK,
and the good old U S of A.
(I'd make this a nice bullet point list, but slashcode won't let me, it'd be too few characters per line.) Note the conspicious absense of *any* Asian countries on that list.
And here's some lameness to get rid of the lameness filter. (Ironic isn't it?)
It's about time this service came to Sweden. Providing legal ways to conveniently download music while compensating artists is good news for consumers and artists (and record companies;-) alike.
Most people I know (including myself) download pirate copies off the Internet because of sheer convenience. I'm simply too lazy to go to the store and buy something (which might not even be in stock, but on order only), when I can just download a copy off the Internet and get it instantly.
Now if the industry could just get a similar model going for movies and TV shows instead of suing file sharers...
Can the media industry take note... I don't pirate because I want your stuff for free, but because it's more convenient. You can't compete effectively against electronic delivery with outdated models based on shipping optical discs to people!
Unfortunately though, the iTunes music store doesn't seem to accept my credit card information. (No, I will not post the information so you can check out what's wrong;-) But I don't think I should expect it to work fully. It's not even officially launched or anything!
What about keylogging? Hacking the browser to show popup ads? Data mining? Or even the occasional DoS zombie?
None of those things require admin rights.
The fact that Mac OS X doesn't run as an administrator doesn't really matter. Okay, the virus might only be able to infect one user account, but it can do some nasty damage right there already.
Slashdot Mirror
And this is different from using IP addresses... how? Theoretically, a spam filter could just as well revoke all e-mails touched by a specific IP address -- they ARE listed in the headers you know. Adding this functionality, to purge e-mails *after* reception doesn't require certificates to work.
Basically, I don't see anything in this suggestion that can't be solved using IP addresses. The ISP knows what user uses what IP address at all times anyway, and given a source IP and a time can track down a customer easilly anyway.
The only thing I see this helping against, slightly, is against users disconnecting and re-connecting and getting a different IP address. Still, this is still just a spam *reducing* method. The spammers will just compromise a few more machines to send through instead. It's not like it's hard to build up a pack of spam-sending zombies or anything -- I highly suspect that the spammers have more zombies than they can use anyway.
The real big loss here is that Joe Jobs will be the norm rather than the exception. If spammers are forced to use valid e-mail addresses to get through, you can bet that the poor schmuck whose e-mail address was abused is going to get a lot more hassle about it from technically incompetent spam recipients. Not to mention this will actually make some spam filtering *harder*, today you can filter based on rules applying to From-addresses. If this system becomes widespread -- you won't be able to stop any spam by inspecting the From: address.
Finally, what about the bureaucracy of verifying identity's for issuing certificates? Who pays for that?
Sorry. This idea is just... dumb. It adds another layer of complexity to the system and causes more problems than it solves.
Eh presto, untraceable e-mail. Well, traceable back to the fool whose certificate you stole.
Now add a false sense of security, and the relative ease of stealing certificates... and you've got a train wreck of an anti-spam system. Sure, you'll be able to block mail from the compromised machine, but you can do that by blocking individual IP-addresses either. The same whack-a-mole still applies, just by whacking individual certificates rather than individual IP addresses.
And then anti-spam servers will pop up that block all certificates issued from a certain authority... all of this is sounding very familiar.
To be fair, it's not original. It's an old chestnut *someone* has to bring out in every spam story.
And now I'm a Mac OS X user. Go figure.
What platform is this on? I think the Windows version does that, but Apple didn't want to clutter every single program on OS X with update code and interfaces, and handle all updates centrally through "Software Update" instead.
At least in theory. It didn't show up there yet for me. Oh well, I patched it manually already. Ironically it said something like "Next time, you can get this from Software Update and not go through this cumbersome pross next time" when I went to download it off Apple's web site.
I think you misunderstand the grandparent poster.
He was referring to apple working around DRM-circumvension software (I think it was called pyMusique) by updating iTunes.
And it's convenient to tell people they *have* to update iTunes because of a security hole. (It IS convenient, yes, but I don't think that's Apple's intention. I don't think the grandparent was saying that either.)
This is good. A software vendor releasing a patch for a security hole in a product before full-disclosure of the hole.
Though I'm puzzled -- why doesn't iTunes 4.8 show up in my Software Update yet? (Mac OS X 10.4, current iTunes version 4.7.1.)
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Source?
Explicit is good. :-)
I didn't understand that you were trying to make that point when I read your first post. I thought you were just saying "oh look, Sony has a music store too".
Thanks for clarifying.
I don't know about US buyers buying from overseas ITMS:es, but I know that Apple didn't let non-US:ians in non-ITMS-countries use a non-local store.
I seem to remembering this having caused quite a ruckus with the European Union when UK citizens were not allowed to use non-UK iTunes Music Stores. The reason UK citizens would want to do that, is that the ITMS is significantly more expensive in the UK. Because of the pound and all.
To answer your other question, ITMS is currently available in 19 countries: Austria, Belgium, Canada, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, The Netherlands, Norway, Portugal, Spain, Sweden, Switzerland, UK, and the good old U S of A. (I'd make this a nice bullet point list, but slashcode won't let me, it'd be too few characters per line.) Note the conspicious absense of *any* Asian countries on that list. And here's some lameness to get rid of the lameness filter. (Ironic isn't it?)
Iie, Nihon ni iTunes Music Store wa nai. (No unicode support? Pfft.)
(There's no Japanese ITMS. To change your music store country, click on "Choose store" on the left side of the main page.)
And people accuse Apple for vendor lock-in and being a monopoly.
Pot. Kettle. Black.
It's about time this service came to Sweden. Providing legal ways to conveniently download music while compensating artists is good news for consumers and artists (and record companies ;-) alike.
;-) But I don't think I should expect it to work fully. It's not even officially launched or anything!
Most people I know (including myself) download pirate copies off the Internet because of sheer convenience. I'm simply too lazy to go to the store and buy something (which might not even be in stock, but on order only), when I can just download a copy off the Internet and get it instantly.
Now if the industry could just get a similar model going for movies and TV shows instead of suing file sharers...
Can the media industry take note... I don't pirate because I want your stuff for free, but because it's more convenient. You can't compete effectively against electronic delivery with outdated models based on shipping optical discs to people!
Unfortunately though, the iTunes music store doesn't seem to accept my credit card information. (No, I will not post the information so you can check out what's wrong
Oh? You wanted it wireless? You never specified that. ;-)
That doesn't fulfill his requirements. No number pad... (at least not on a typical laptop.)
http://www.pckeyboard.com/images/SMTREXLARGE.gif
I think the parent poster meant to click in different parts of the password field *using the mouse*.
Granted, not ideal, but will help against trivial keyloggers.
Not necessarily. It could just be that phishing might just pay more than doing an honest job.
3) Radio repeater elsewhere on the lunar surface.
You forgot about HTTP. :-)
What about keylogging? Hacking the browser to show popup ads? Data mining? Or even the occasional DoS zombie?
None of those things require admin rights.
The fact that Mac OS X doesn't run as an administrator doesn't really matter. Okay, the virus might only be able to infect one user account, but it can do some nasty damage right there already.