I've got one modpoint left, so I could mod you down, but that would prevent me from asking if you even read the slashdot article, much less the linked article. Besides, it'll happen anyway.
Based on what the article says, what you are really saying is that if you posted a review of $BAND with a link to the illegal posting of the entire album that your ISP should be held liable for copywrite infringement. That argument doesn't wash with me; the ISP should be considered a common carrier and nothing more.
This has nothing to do with Scientology and everything to do with protecting those entities that provide access to content providers. The fact that some copywrite holders (RIAA, Sceintology, etc) think that it is easier and cheaper to attach the bandwith provider than it is to attach the content providers does not make such actions justified. This is a good decision that should be mirrored in the US. I've got my fingers crossed....
First, the spammer could easily set up a system with disposable addresses that last long enough to handle C/R.
There are services that will provide disposable email, but remember that we are talking about 10,000 responses in my example. Real world spammers use much higher numbers. They might get the first few thousand challenges, but the rest would all bounce.
Two, they could stay anonymous with disposable addresses and appropriate routing/masking.
Same problem. We are talking about huge amounts of traffic here. Many spammers find that they spend most of their time just trying to secure bandwidth for outbound messages, and now yuo want them to secure anonymous inbound bandwidth?
Three, spammers don't give a shit about ISP terms of service.
Exactly right. And because they are anonymous the victum ISP must go to extrordinary measures to track them down for punishment. Requiring a valid return email address makes it much easier to track down the miscreants, and thus easier to apply the punishment. Rmember that spamming is just like selling knives door to door: it is a numbers game. If the doors are a mile apart you can't make a living selling door to door, and if the inbox requires that you authenticate you can't make a living selling spam.
Four, ten responses for a penny might be ludicrous, but there might be other economies that would work. *shrug* I don't know a lot about people in low-wage countries but even a child can be trained to recognize 3 cats instead of 2 in a picture.
True enough, but it comes down to margins again. Spam works because the difference between sending a million and 10 million spams is pretty small. C/R changes that, if for no other reason than that the spammer needs to deal with the authentication process for each inbox. Even if the spammer develops a robot to respond to the challenges the costs associated with maintaining the valid inbound email address will eat his margins. Spammers spam becaues it is easy money. Filters don't change the equation, they just change the numbers. C/R changes the equation.
Seperately: I don't have the reference right now, but I recently read an article where the author suggested that spammers of the future might get around challenge-response by farming out response work to humans in low-wage countries. A penny for ten responses! The spammer would just raise their rates a little to sellers, maybe call it an extra service....
There are a number of problems with that thought. First, the spammer would need to maintain a working email address. This is a non-trivial exersize. Two, the spammer would lose their veil of anonymity, meaning that we could track them down. This could lead to number three, civil suits based on violations of an ISPs terms of service. Four, even at 10 responses for a penny the costs would be too high. Spammers send millions of emails hoping to get less than 100 responses. Let's assume that 10% are protected by C/R. 100,0000 / 10 *.01 gets us $100.00 in C/R costs for 10 favorable responses. Let's assume that they can close 10% of the contact and they are paying more that $100 per sale. I couldn't live on that, and I don't think that the average spammer can either.
The bottom line is that to make spam work the spammer needs a one-way channel of communication. C/R enforces two way communications and the economics don't scale up to that for spammers.
Legislation is the ONLY way to get rid of spam. Effective legislation and prosecution, that is. The "they will all go offshore" excuse is BS. Sure, some might, but many won't. And then, the country that harbors the offshore spammer is squeezed just as korea was (do you see any korean spam any more? well, yes, but nowhere like the torrents we all received a year ago).
So the spammers move their relays to another location, while they still cash the checks in Florida and Louisiana. How does that help? Even if we grant your Korea example, and I am not sure that I am willing to do that, we still have a number of other countries available to spammers with many targets for relay abuse. The number of third world countries that will improve their connection to the rest of the world without thinking about security is huge. Further, let's pretend that you are a small ISP in one of these thrid world contries. A spammer offers you the equivilent of 3 years profit to host a relay. What are you going to do?
Even better, tech savvy spammers will respond to any law by increasing their reliance on virus spread residential gateways. Sobig could be the tip of the iceberg.
Spam is a social problem
No, spam is an identity problem. As long as you can get into my inbox without allowing me to know who you are I will get spam. By moving caller ID to email we can verify that the email was sent by a known sender. I've found that by requiring that senders authenticate the identity and agree to my terms of service that my spam problem is totally gone. No change to the law. No training a spam filter. No dealing with the few that slip through the filter. The only problem I have is those few people who don't know how to reply to an email, and there aren't many of those.
That is the whole problem from SCO's point of view. If the whole thing goes away they can't continue to sell the stock and enrich the board. IIRC, they've even said as much. To paraphrase: "We'd show you the code, but then teams of open source would remove the code and replace it with their own versions, and then where would we be?"
If nothing else, this seems to prove the old adage "There is no such thing as *bad* publicity." I don't know if they've gotten any non-M$ revenue from this, but the stock is up, and they are back in every trade magazine in the country. Who was talking about SCO before the lawsuit? How many people even knew SCO existed back then? Of course that begs the whole exit strategy issue.
Press release: "The SCO Group announced today that in the interest of good will they have agreed to abanden their lawsuit against IBM. IBM has also agreed to impelemnt processes and procedures to protect the intellectual capital of all independant software vendors to better protect the livelyhood of programmers everywhere. Finally, in an effort to help prompte open source software the SCO Group has established a multi-million dollar fund to be used to promote and develop open source solutions."
Ummmmmm. No.
Microsoft has lost a numeber of similiar suits. In the end it hasn't made any difference. Remember Stac and their disk compression software? Seems like someone called Spyglass also won a lawsuit alleging M$ infringement on their web tech. And of course there is always the DR Dos / Novell / Caldera suit that was settled last year. Microsoft loses all the time, but with multiple monopolies they can afford to lose from time to time. Half a billion. That's what,.5% of their current cash reserves (after they just paid out 10 Billion to stockholders)?
Not everyone has the resources or ability to do that. Even if we all did, as someone else pointed out your employer can block access to your server just as easily as they did Hotmail.
Slashdot Mirror
Based on what the article says, what you are really saying is that if you posted a review of $BAND with a link to the illegal posting of the entire album that your ISP should be held liable for copywrite infringement. That argument doesn't wash with me; the ISP should be considered a common carrier and nothing more.
This has nothing to do with Scientology and everything to do with protecting those entities that provide access to content providers. The fact that some copywrite holders (RIAA, Sceintology, etc) think that it is easier and cheaper to attach the bandwith provider than it is to attach the content providers does not make such actions justified. This is a good decision that should be mirrored in the US. I've got my fingers crossed....
There are services that will provide disposable email, but remember that we are talking about 10,000 responses in my example. Real world spammers use much higher numbers. They might get the first few thousand challenges, but the rest would all bounce.
Two, they could stay anonymous with disposable addresses and appropriate routing/masking.
Same problem. We are talking about huge amounts of traffic here. Many spammers find that they spend most of their time just trying to secure bandwidth for outbound messages, and now yuo want them to secure anonymous inbound bandwidth?
Three, spammers don't give a shit about ISP terms of service.
Exactly right. And because they are anonymous the victum ISP must go to extrordinary measures to track them down for punishment. Requiring a valid return email address makes it much easier to track down the miscreants, and thus easier to apply the punishment. Rmember that spamming is just like selling knives door to door: it is a numbers game. If the doors are a mile apart you can't make a living selling door to door, and if the inbox requires that you authenticate you can't make a living selling spam.
Four, ten responses for a penny might be ludicrous, but there might be other economies that would work. *shrug* I don't know a lot about people in low-wage countries but even a child can be trained to recognize 3 cats instead of 2 in a picture.
True enough, but it comes down to margins again. Spam works because the difference between sending a million and 10 million spams is pretty small. C/R changes that, if for no other reason than that the spammer needs to deal with the authentication process for each inbox. Even if the spammer develops a robot to respond to the challenges the costs associated with maintaining the valid inbound email address will eat his margins. Spammers spam becaues it is easy money. Filters don't change the equation, they just change the numbers. C/R changes the equation.
There are a number of problems with that thought. First, the spammer would need to maintain a working email address. This is a non-trivial exersize. Two, the spammer would lose their veil of anonymity, meaning that we could track them down. This could lead to number three, civil suits based on violations of an ISPs terms of service. Four, even at 10 responses for a penny the costs would be too high. Spammers send millions of emails hoping to get less than 100 responses. Let's assume that 10% are protected by C/R. 100,0000 / 10 * .01 gets us $100.00 in C/R costs for 10 favorable responses. Let's assume that they can close 10% of the contact and they are paying more that $100 per sale. I couldn't live on that, and I don't think that the average spammer can either.
The bottom line is that to make spam work the spammer needs a one-way channel of communication. C/R enforces two way communications and the economics don't scale up to that for spammers.
So the spammers move their relays to another location, while they still cash the checks in Florida and Louisiana. How does that help? Even if we grant your Korea example, and I am not sure that I am willing to do that, we still have a number of other countries available to spammers with many targets for relay abuse. The number of third world countries that will improve their connection to the rest of the world without thinking about security is huge. Further, let's pretend that you are a small ISP in one of these thrid world contries. A spammer offers you the equivilent of 3 years profit to host a relay. What are you going to do? Even better, tech savvy spammers will respond to any law by increasing their reliance on virus spread residential gateways. Sobig could be the tip of the iceberg.
Spam is a social problem
No, spam is an identity problem. As long as you can get into my inbox without allowing me to know who you are I will get spam. By moving caller ID to email we can verify that the email was sent by a known sender. I've found that by requiring that senders authenticate the identity and agree to my terms of service that my spam problem is totally gone. No change to the law. No training a spam filter. No dealing with the few that slip through the filter. The only problem I have is those few people who don't know how to reply to an email, and there aren't many of those.
That is the whole problem from SCO's point of view. If the whole thing goes away they can't continue to sell the stock and enrich the board. IIRC, they've even said as much. To paraphrase: "We'd show you the code, but then teams of open source would remove the code and replace it with their own versions, and then where would we be?" If nothing else, this seems to prove the old adage "There is no such thing as *bad* publicity." I don't know if they've gotten any non-M$ revenue from this, but the stock is up, and they are back in every trade magazine in the country. Who was talking about SCO before the lawsuit? How many people even knew SCO existed back then? Of course that begs the whole exit strategy issue. Press release: "The SCO Group announced today that in the interest of good will they have agreed to abanden their lawsuit against IBM. IBM has also agreed to impelemnt processes and procedures to protect the intellectual capital of all independant software vendors to better protect the livelyhood of programmers everywhere. Finally, in an effort to help prompte open source software the SCO Group has established a multi-million dollar fund to be used to promote and develop open source solutions."
Ummmmmm. No. Microsoft has lost a numeber of similiar suits. In the end it hasn't made any difference. Remember Stac and their disk compression software? Seems like someone called Spyglass also won a lawsuit alleging M$ infringement on their web tech. And of course there is always the DR Dos / Novell / Caldera suit that was settled last year. Microsoft loses all the time, but with multiple monopolies they can afford to lose from time to time. Half a billion. That's what, .5% of their current cash reserves (after they just paid out 10 Billion to stockholders)?
Not everyone has the resources or ability to do that. Even if we all did, as someone else pointed out your employer can block access to your server just as easily as they did Hotmail.