Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Proposal To Limit ISP Contact Data Draws Fire

timothy posted more than 4 years ago | from the whatis-whois dept.

Privacy 100

An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"

cancel ×

100 comments

Failed (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31781836)

GNAA REBORN UNDER NEW LEADERSHIP

DiKKy Heartiez - Berlin, Norway

President timecop of the GNAA has died today. He died at the age of 55 from excessive lulz in his apartment in Tokyo, Japan while watching faggot cartoons of preteen girls beeing raped by giant testicles. The world will remember him as a total faggot douchebag who had the opportunity to unite the best trolls seen upon the face of the internet into one special hardcore machine of destruction, unfortunately he failed, instead devoting his internet carreer to animu. Although he died like a true hero he will be forever remembered as a total failure.

In the wake of his death the GNAA is thought to perish like all the other so called trolling organizations. The writing is on the wall, they say. The GNAA smells worse than BSD, they say.They have said this for a long time. The GNAA has lived, with a very faint pulse, for years.

DIKKY HEARTIEZ CLAIMS THE PRESIDENCY OF THE GNAA!!!!!!!

With the death of timecop still shocking our chats, not many are able to see ahead. But there is one visionary Nord who has great plans for the new GNAA.
"Under my leadership the GNAA will become the new home of all trolls on the internet. The GNAA will regain its old strength and will be feared by bloggers and jews alike. The time for CHANGE is now." DiKky HearTiez told a shocked audience outside the Gary Niger Memorial Plaza, Nigeria, earlier today. The GNAA will move its Internet Relayed Communications to a new location, following reports of a massive "Distributed Denial Of Service" attack on its previous location, making it unreliable.
"Our operatives are in need of a robust and safe communications service with can_flood for everyone." An anonymous source at the GNAA Black Ops department told reporters at the same conference.

KLULZ supports DiKKy Heartiez presidency!

The infamous KLULZ internet radio station supports DiKKy Heartiez for the new GNAA president.
"KLULZ is behind him 100% and will be broadcasting his speeches and support him in every way possible, we wish him the best of luck and an outstanding presidency. May many blogs burn under DiKky Hearties." This was stated by KLULZ Operations Manager and Gay Nigger g0sp when asked to comment on KLULZ involvement.

About President timecop

DEAD.

About DiKKy HearTiez

The world famous internet nord from Norway LOL HY living in a fjord LOL HY. Currently the new President of the new GNAA. He is also a radiodj on KLULZ and active in many irc chats. Known for several epic trolls in his time. Led the GNAA operation Intel Crapflood 21, who succesfully made GNAA owners of the biggest thread on Slashdot until fixed by admins. Also deeply involved in the war on blogs, and is the one who provided JesuitX with the real screenshots of Faggintosh Leopard. His leadership abilities, high iq and instoppable urge to troll, coupled with his fat Norwegian welfare check will enable him to become the best President the GNAA ever had.

About KLULZ

KLULZ is the internets radio station, bringing you news about the GNAA, hosting shows by prominent djs such as DiKKy, l0de, g0sp, jenk and many others. KLULZ supports DiKKy Heartiez. With mature content this channel is not suitable for children or people under the age of 18. Klulz radio can be heard at http://klulz.com/listen.pls

About GNAA:

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first
organization which gathers GAY NIGGERS from all over America and abroad for one
common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?

Are you a NIGGER [mugshots.org] ?

Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER
ASSOCIATION OF AMERICA
) might be exactly what you've been looking for!

Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy
all the benefits of being a full-time GNAA member.

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing
GAY NIGGER community with THOUSANDS of members all over United States of
America and the World! You, too, can be a part of GNAA if you join
today!

Why not? It's quick and easy - only 3 simple steps!

  • First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it. You can download the movie [idge.net] (~130mb) using BitTorrent.
  • Second, you need to succeed in posting a GNAA First Post [wikipedia.org] on slashdot.org [slashdot.org] , a popular "news for trolls" website.
  • Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership.

Talk to one of the ops or any of the other members in the channel to sign up
today
! Upon submitting your application, you will be required to submit
links to your successful First Post, and you will be tested on
your knowledge of GAYNIGGERS FROM OUTER SPACE.

If you are having trouble locating #GNAA, the official GAY NIGGER
ASSOCIATION OF AMERICA
irc channel, you might be on a wrong irc network.
The correct network is Hardchats, and you can connect to
  irc.hardchats.com as our official server. Follow this link [irc] if you are using an irc client such as mIRC.

If you have mod points and would like to support GNAA, please moderate this post up.

Copyright (c) 2003-2009 Gay Nigger Association of America [www.gnaa.us]

Businesses... (4, Funny)

Renraku (518261) | more than 4 years ago | (#31781864)

Only for businesses, of course, since they have the money and don't mind paying extra to be untraceable. In fact, why not just go ahead and pass a law that bans popup blockers and mandates every citizen to an hour of forced ad viewing per day?

Re:Businesses... (0)

Anonymous Coward | more than 4 years ago | (#31781896)

Why, because then they'd have to cooperate with each other in order to design the content of the hour of advertisements! And that would be uncompetitive.

Re:Businesses... (1)

maxrate (886773) | more than 4 years ago | (#31781924)

Ah, ARIN does NOT need IP addresses data to be published for individuals/residential - So, as a residential subscriber, you're 'shielded' by your ISP

Re:Businesses... (5, Informative)

mysidia (191772) | more than 4 years ago | (#31782994)

Almost correct... ARIN does not need IP addresses or contact data to be published for residential dial-in users, provided they are not assigned a /29 (or shorter prefix)

Currently a /29 is the magic number. If you get a netblock that is larger, such as a netblock with 16, 32, 64, 256, or more contiguous IP address numbers, then the upstream provider has to publish re-assignment information and a contact.

Re:Businesses... (0)

Anonymous Coward | more than 4 years ago | (#31786506)

actually if your ISP gives you 3, not a /29 (which is 6), or more contiguous IPs then they are supposed to notify ARIN

Re:Businesses... (1)

Bengie (1121981) | more than 4 years ago | (#31816584)

What are they gonna do when IPv6 gives out /64 blocks for EVERYONE?

Re:Businesses... (1)

mysidia (191772) | more than 4 years ago | (#31824510)

In IPv6, a /64 is just one subnet, so re-assignment information is probably not going to be required.

Policy on that has yet to be hammered out on that through the PDP on the arin-ppml mailing list and at ARIN meetings.

My best guess would be the magic number is going to be something like a /62 for V6

Re:Businesses... (0)

Anonymous Coward | more than 4 years ago | (#31782550)

Only for businesses, of course, since they have the money and don't mind paying extra to be untraceable. In fact, why not just go ahead and pass a law that bans popup blockers and mandates every citizen to an hour of forced ad viewing per day?

When I was in high school a couple years ago the school got free tv's in their classrooms on the condition that all the students had to watch a ad program that aired every day.

Santa Clara County v. Southern Pacific RR (1)

vaporland (713337) | more than 4 years ago | (#31785838)

In 1886, Santa Clara County v. Southern Pacific RR granted human rights to corporations under the Constitution. This made corporations more than human: They don't eat, breathe or die (unless they go bankrupt - Hmmmm).

There are companies that are hundreds of years old - how's a human supposed to compete with that? After all, you might be able to punch your next door neighbor in the face, but you'll never punch Coca-Cola in the face...

Re:Businesses... (1)

samantha (68231) | more than 4 years ago | (#31786532)

I have money. I am not a business. I would pay to not be automatically trackable just because I use higher bandwidth (business class) services. Where is this a problem. Are you saying I must be fully trackable at all times just on the grounds that I might do something criminal? Are you sure you want to take (and live by in all ways yourself) that position?

Re:Businesses... (1)

RockDoctor (15477) | more than 4 years ago | (#31795490)

I have money. I am not a business. I would pay to not be automatically trackable

Set up a front business in a suitable jurisdiction with one person employed who spends an hour a month answering the phone. You could probably make the whole setup tax-deductable by hiring a mentally-handicapped person to act as your "receptionist".

This should be simple... (3, Interesting)

Oxford_Comma_Lover (1679530) | more than 4 years ago | (#31781942)

Person A says to cops: "I received spam. Here is copy."
Cop identifies IP.
Cop says to provider "Give me billing info on this IP b/c of spam."
Provider gives billing info. If not, does so after quick court order. If still not, gets shut down.
Cop contacts business. If hijacked computer, refers to techies. If not hijacked, quick court case by DA. IF spam, gets shut down and pays large statutory damages and prohibited from using net again for X years.

Or something like that.

The problem is having a quick, efficient, and intelligent police response in place, and having people know where they can go to get it. We will never stop spam unless we decide to commit sufficient resources to doing so.

We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)

Re:This should be simple... (3, Insightful)

Improv (2467) | more than 4 years ago | (#31781990)

Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards. Besides, not everyone is in the US.

Privacy is less important here than the potential for menace and the ability of people to kvetch directly at troublemakers.

Re:This should be simple... (2, Insightful)

GeckoAddict (1154537) | more than 4 years ago | (#31782358)

Not good enough. I don't want to bother the cops when I can bother the ISP, or the people hosting that ISP, and upwards.

Isn't that the RIAA thought as well?

Re:This should be simple... (1)

mysidia (191772) | more than 4 years ago | (#31783170)

It occurs that the privacy of IP information should make sending DMCA letters to an accurate contact based on IP address almost impossible (eventually)

Re:This should be simple... (1)

Improv (2467) | more than 4 years ago | (#31784092)

If it is, so what? In your scenario, the RIAA would go to the police using their lawyers instead.

While legal recourse is possibly necessary at some point, having contact information for IPs accessible without a lawyer helps keep the net running smoothly. It's not worth giving that up in the name of privacy.

Re:This should be simple... (3, Insightful)

ShakaUVM (157947) | more than 4 years ago | (#31782098)

I know that for my company, I'd get a lot less spam if they couldn't trawl my email address out of the registry. Fortunately, a quick filter set up gets rid of most of it.

Re:This should be simple... (2, Insightful)

wowbagger (69688) | more than 4 years ago | (#31782112)

Unfortunately, there are several problems with this:

1) "We might use civil causes of action, class actions, and/or private atty general statutes. (But have to be careful to limit abuse.)"
  result: Cop says "Not breaking the law, not my problem, go away."

So you have to make spamming truly against the law.

Result: Cop says "Yea, I'll get right on that, after I go after a bunch of more interesting (read: higher fines) crimes." Considering how little the cops enforce crimes that are threats to life and limb like tailgating, I don't think there would be much interest.

2) Jurisdiction: result: cop says "Nice, but not in my district, so not my problem. Go away." Cop in area where ISP is says "You willing to show up here to make a complaint? No? Not my problem. Go away."

3) Assuming you make the cops care - they go to ISP "Give us the info. We have a warrant." ISP says "here's the address of the shell corporation in East Elbonia." Cop says "Not my jurisdiction. Not my problem. There a good donut shop around here?"

The latter is what happens anyway - I used to try to go after the hundreds of IPs a day that try to infect my PC. ISPs don't care, and won't care unless you can change the law, and if you try to change the law, the ISPs will outspend you.

Re:This should be simple... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31782138)

1. How do you identify the source of the spam? Email headers can be forged, you know; you're going to have to analyze the log files at each node along the way. Good luck with that.
2. Nobody is going to shutdown a provider unless the violation is extremely egregious; people use bot nets to spread the damage around rather than isolating it at a single point of failure.
3. Spam is really annoying and costs people real money, but not so much that actually going after people is worth the extra expense; maybe a few of the spam kings are worth it, but the mid-level guys are probably fairly safe.

Time has proven again and again that people will abuse privacy / anonymity. I think we can all agree that privacy is worth the abuse, so we're just going to have to live with spam. We can fight the symptoms, but the disease will always remain.

In the real world... (1)

rickb928 (945187) | more than 4 years ago | (#31782320)

Person A says to cops: "I received spam. Here is copy."

Cop requests complete copy of spam, waits three days for response, works through forged headers, determines IP is in another country.
Cop answers impatient email from Person A.
Cop requests assistance from local authorities, six months pass. Cop answers several impatient emails from Person A.
Local authorities provide name and street address registered to IP.
Cop researches data and determines the address is a vacant lot in another country. Cop reports this to Person A.
Cop files report, answers several angry emails from Person A until the emails are blocked by department server by policy.

Or;

Person A says to cops: "I received spam. Here is copy."
Cop identifies IP.
Cop says to provider "Give me billing info on this IP b/c of spam."
Provider gives billing info. If not, does so after quick court order. If still not, gets shut down.
Cop contacts business.
Contact info results in contact with unrelated business with no knowledge of the info the cop was given.
Cop files report, answers several angry emails from Person A until the emails are blocked by department server by policy.

As if spammers are so easy to get hold of that you just ask for the contact info and someone answers the phone. Or the door. Or a summons. Or even an email.

The naive solutions to spam all are driven by the desire for punishment. We need to consider prevention. reputation-based server authentication, similar to what SpamAssasin did. If your server is regularly reported as a spam spource, it fails to connect to those servers that have higher standards. ISPs complete blocking port 25 for users, forcing them to use servers and thereby participate in the reputation-based authentication scheme. Bots and compromised systems have no way out except through ISPs that permit port 25 traffic, and those get marked up as spammers so that others can choose to accept their connections based on community reports. Rating servers could be a simple as number of unique reports, a ratio of spam reports vs all connections (spammers would send a lot fo spam, on every connection, so the ratio would be low. Nonspammers would send little spam on few connections, ratio is high). Users could, like in SpamAssassin, choose the level at which they block. It would take a little while to establish ratings.

Sadly, this could be defeated by servers hijacking IPs, changing IPs, and such. And would IP blocks be tainted for a long time reputation? And would a spammer survive by having a large enough pool of IPs that they could just move on to one that was unused for a while, crank up its reputation, and then move on and let it lapse? Lowering ratings by relying on the last known connections would help - unused IPs would not change their ratings.

Tell me, how stupid is this idea? The obvious solution is prevention.

Aside from the MOST OBVIOUS SOLUTION, punishing the advertisers. If you can find them. Back to the plan.

Re:This should be simple... (2, Interesting)

Ornlu (1706502) | more than 4 years ago | (#31782842)

... after quick court order. If still not, gets shut down. Cop contacts business. If hijacked computer, refers to techies. If not hijacked, quick court case by DA. IF spam, gets shut down and pays large statutory damages and prohibited from using net again for X years.

The trouble is, that stuff costs money. And ignoring/filtering spam doesn't. I'd rather keep my money (and have to deal with spam) than pay higher taxes to fight it.

Re:This should be simple... (2, Interesting)

mysidia (191772) | more than 4 years ago | (#31783112)

Cop identifies IP.

And since the upstream has kept the ISP's information private, to prevent other providers from seeking their contact details, the Cop is going to have a very fun time.

Suppose the user was not a subscriber to a Tier 1 ISP.

Then there could be 3 or 4 levels of re-assignment involved, all private.

For example, the user subscribes to Mom and Pop ISP who buys data service from Xyz Co, who is a local exchange or local provider of data services in a very small region.

Said local provider buys all their internet service from Bigger Regional provider.

Finally, Bigger Regional provider buys all their transit service from UUnet.

Since none of the other ISPs are particularly large, and none multihomed, possibly none of them have an AS number, except UUnet.

Cops will find "UUnet" as the only listed owner of the IPs.

They will call UUnet and spend a few hours on the phone figuring out what regional provider the IPs belong to.

Then they get to call the regional provider and spend a few hours on the phone figuring out what local city data provider the IP address belongs to, and what their contact info is.

By the time they have gotten that info, it's off-hours, they try to call, but they are closed (small provider, no 24x7 administrative contact for the cops to call)

Next day, they call local city provider, to figure out small ISP's contact details. Only takes a few hours of the provider wading through paperwork to research that question and (hopefully) give an accurate answer.

Next day, they call Mom and Pop ISP, only to find, their records are in complete disarray, and they have no record or immediate way to identify what subscriber the IP belongs to.

If it was a dynamic IP, perhaps they only kept the record for a few hours, the info needed is long gone.

Re:This should be simple... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31783146)

Person A says to cops: "I received spam. Here is copy."
Cop says "GTFO! Hahaha."

FTFY.

Seriously, who calls the cops for spam and expects them to not laugh at you?

Re:This should be simple... (1)

Oxford_Comma_Lover (1679530) | more than 4 years ago | (#31784144)

> Seriously, who calls the cops for spam and expects them to not laugh at you?

It doesn't have to be the same cops who deal with murders and stabbings. In fact, it probably shouldn't be; it takes different skills to hunt down spammers.

Re:This should be simple... (0)

Anonymous Coward | more than 4 years ago | (#31795528)

Yeah, the SPAM COPs, that's a good one....

Re:This should be simple... (1)

Jason Levine (196982) | more than 4 years ago | (#31788600)

Having dealt with identity theft and the police, I think it'd go more like this:

Person A says to cops: "I received spam. Here is copy."
Cop says it might not be their jurisdiction and there might not be much they can do about it, but they'll look into it.
A month passes and Person A calls the cops to see what progress has been made.
Cops reply that they've assigned an officer to the case, but he's got a lot of other cases and he'll get back to Person A.
Repeat the last 2 steps until Person A gives up and drops the matter.

Do you really think the police will pursue every spam case that comes their way? A single piece of spam, annoying as it is, is a low-impact event. You get it and delete it and have lost a second or two at maximum. Many departments will simply ignore issues that don't "cost" the person a certain amount (either money, property or life). Their resources are limited and so they need to be careful in what they select to go after. It's sad, but true.

Get rid of "private" domain registrations first! (1)

tomhudson (43916) | more than 4 years ago | (#31782002)

Want to fix the spam problem? Get rid of "private" domain registrations. If the domain isn't registered to a real human being, pull the plug.

This will help stop sites that offer crap like "bullet-proof email services" - spam-on-demand.

Re:Get rid of "private" domain registrations first (0)

Anonymous Coward | more than 4 years ago | (#31782088)

I don't need random people I play online games with and host a website wiki to have my phone number, address or even my real name. If I as doing something wrong, the police still can get access to it. What's the problem?

Re:Get rid of "private" domain registrations first (4, Insightful)

tomhudson (43916) | more than 4 years ago | (#31782184)

You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?

You have an address on the door to your place that's publicly viewable. What's the problem with that?

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?

You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?

You want to host something on the net? Fine - be prepared to post valid contact info. Otherwise, make arrangements for someone else to host it, or host it off the net.

No. (0)

Anonymous Coward | more than 4 years ago | (#31782252)

There is nobody in the real world that is half as nuts as the people on the Internet can get. I don't know how it's possible, but it is. You make the hosts publish their contact information, then you better make everybody do it, because as much as I loathe spammers and spam it's tame compared to what individuals at home hiding behind their ISP will send if they disagree with you.

Re:No. (2, Insightful)

blair1q (305137) | more than 4 years ago | (#31782464)

Ever think that it's the way you treat them online that convinces them to let out their inner demons?

Re:No. (0)

Anonymous Coward | more than 4 years ago | (#31786256)

> Ever think that it's the way you treat them online that convinces them to let out their inner demons?

What!? You horrible, horrible monster. Why do you support the snoops and pedophiles who keep spamming the hell out of my inbox?

(If I wasn't being sarcastic, would this constitute a proof or rebuttal of your statement? Also, go visit usenet sometime. Read up on the kooks... I don't think you can blame other people for their actions very easily.)

Re:No. (1)

tomhudson (43916) | more than 4 years ago | (#31783116)

And those individuals still have a public IP address, so you can contact their ISP - it's a one-line whois query away (at least if you're running a terminal under linux).

Or did you really believe all those "Your computer is broadcasting its IP address!!!!" fake warnings :-)

Re:No. (1)

hairyfeet (841228) | more than 4 years ago | (#31784280)

Ahhhh...If you don't why people on the Internet can be so batshit crazy, allow me to elucidate. You see it has been proven that Professor Gabriel's Fuckwad Theory [penny-arcade.com] has time and time again been correct. I hope that has cleared up why you have to deal with douchbaggery so often.

As for TFA? if it ain't broke, don't fix it. We have enough fake penis pill emails without making it easier for the spammers, mmmkay?

Re:Get rid of "private" domain registrations first (3, Insightful)

Bakkster (1529253) | more than 4 years ago | (#31782280)

In these cases, access is limited (by line-of-sight), or the information does not provide back-tracability. That no longer happens when posted online.

Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?

Re:Get rid of "private" domain registrations first (3, Insightful)

causality (777677) | more than 4 years ago | (#31782448)

Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?

STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.

Re:Get rid of "private" domain registrations first (2, Informative)

tomhudson (43916) | more than 4 years ago | (#31783038)

Or would you like to prove this isn't a big issue by posting your phone number, address, license plate number, and check routing/account numbers here for us?

STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.

Follow the link to today's spammer tracking report [slushdot.com] , and see how handy the information can be to track down spam. Also, feel free to do a whois. My contact info is on-line. It's been on-line, under various domain registrations, since I registered my first domain in 1994.

Re:Get rid of "private" domain registrations first (1)

mysidia (191772) | more than 4 years ago | (#31783362)

Should the contact info of a corporation that has 16 or more public IPv4 IP addresses really be considered private?

What is the value in protecting "privacy" of a corporation's identity, and allowing them to use a public shared resource for profit privately without revealing their identity?

Typically there is no more info about a company in a WHOIS listing than can be found through other public records, such as corporate charters, Yellow pages, advertisements.

Re:Get rid of "private" domain registrations first (1)

TheVelvetFlamebait (986083) | more than 4 years ago | (#31785816)

Hmm, gee, that's a tough one. Maybe it's because they believe in privacy in some areas, and not others? Maybe they don't see a dichotomy between complete privacy in every area and willingly sharing your most pragmatically necessary secrets with strangers on the internet?

Re:Get rid of "private" domain registrations first (0)

Anonymous Coward | more than 4 years ago | (#31786886)

STRANGELY ENOUGH the people who argue against privacy never seem to want to do that. They aren't terribly committed to their statements after all.

I'l even make it easier for you : In this particular case you can see for yourself that the poster did try to obsfucate his identity for people he does not like any attention from :

How's that for hypocrisy ? :-D

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31783346)

No problem. But first, a demonstration of how useful whois info is for tracking down spammers [slushdot.com] ,

All my info has been on "TeH InnerT00bZ" since I registered my first domain back in 1994.

While I'm a big advocate of privacy rights, I also think that hosting a domain is a public action, and needs to be directly tied to someone who will be physically accountable for their actions.

Re:Get rid of "private" domain registrations first (1)

EdIII (1114411) | more than 4 years ago | (#31782588)

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

Where the heck did you get that idea? Look Comrade, this is still America and I am still free. If I want to wear a costume mask outside of Halloween it is my RIGHT TO DO SO.

Why? Because they're are no laws prohibiting me from doing so.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31783224)

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

Where the heck did you get that idea? Look Comrade, this is still America and I am still free. If I want to wear a costume mask outside of Halloween it is my RIGHT TO DO SO.

Why? Because they're are no laws prohibiting me from doing so.

Do you want to put money on that? Several states say otherwise (and that doesn't count municipal laws to the same effect)

http://www.anapsid.org/cnd/mcs/maskcodes.html [anapsid.org]

Now, back to fighting spam by using whois information - here's today's spammer exposed [slushdot.com] . They keep sending out crap claiming to be from Lennar Homes ... hopefully their host - marliness.net - will do something about it.

Re:Get rid of "private" domain registrations first (1)

EdIII (1114411) | more than 4 years ago | (#31783422)

Bullshit. Let's see anyone enforce it, if it exists at all.

According to you, it is illegal to wear a veil or burqa in public. It's not.

This is still America, I am still an American, and if there really IS a municipal law like that on the books anywhere lets see how long it lasts against the ACLU. I would be honored to be arrested for such a 'crime' and provide the litigation vehicle to overturn it.

I sure as hell hope you are not promoting it, because it goes against everything we are supposedly fighting for as Americans. My right to privacy being chief among them. If you want to take my right to privacy away you will have to pry it from my cold dead fingers.

The solution to our problems is not less privacy and anonymity. That won't solve diddly squat.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31784608)

This is still America, I am still an American, and if there really IS a municipal law like that on the books anywhere lets see how long it lasts against the ACLU. I would be honored to be arrested for such a 'crime' and provide the litigation vehicle to overturn it.

You obviously didn't read the link - it lists STATES that ban masks, not cities.

So, since you've volunteered to be a test case, go for it and let us know how it turns out. We'll be watching ... and remember : pics or it didn't happen.

Re:Get rid of "private" domain registrations first (1)

EdIII (1114411) | more than 4 years ago | (#31784686)

You're the one who mentioned municipal ordinances, so that can also apply to cities. Your link is worthless. Hardly any data is available for the states, or so few states have enacted such laws it is similar to anal sex being outlawed in Rhode Island.

A law that everyone thinks is ridiculous and ignores.

I am willing to be a test case because I am not a coward and I am STRONGLY against the dilution and elimination of my rights to privacy and anonymity. So you betcha! I have no problem being an activist, getting arrested, and going to court.... all for people like you. All through this countries history people have fought for your rights. The fact you don't value or them and are unwilling to fight for them saddens me, but does not affect my resolve in any way, shape, or form to fight for them nonetheless.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31784766)

I am willing to be a test case because I am not a coward and I am STRONGLY against the dilution and elimination of my rights to privacy and anonymity. So you betcha! I have no problem being an activist, getting arrested, and going to court.... all for people like you. All through this countries history people have fought for your rights. The fact you don't value or them and are unwilling to fight for them saddens me, but does not affect my resolve in any way, shape, or form to fight for them nonetheless

Big talk, but I don't see any action.

And you also are wrong about me - I've been in plenty of protests, some of which I've organized, gotten bomb threats over them, police (and others) trying intimidation tactics, (they even called out the riot squad one time against one of the larger ones), probably been to court more times than you - in defense of constitutional rights - and successfully argued them without a lawyer (while in one case the 63 others who were arrested were so scared they used a lawyer and all ended up convicted - dumb-asses every one of them, ultimately found lacking the courage of their convictions).

Can you say the same?

Re:Get rid of "private" domain registrations first (1)

EdIII (1114411) | more than 4 years ago | (#31784818)

Sure I could 'say' it.

It's easy to say 'Big Talk' and no 'Action' too. The only thing I hear from you is Talk with no Action as well.

The difference is.... I am not promoting the eradication of privacy and anonymity, which comprise the first line of our defense against corrupt governments, YOU ARE.

You fought for our rights? Really? So what changed from then and now?

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31787752)

I am not fighting for "the eradication of privacy and anonymity" - there is no requirement that people HAVE to have a domain, same as there is no requirement that people HAVE to have a drivers license. You're free to use the web, and you're free to walk on the street. However, the use of certain aspects should NOT be completely unregulated - both for driving cars and hosting domains. Either one you should be able to track down the responsible party for when they fail to act responsibly.

Rights come with responsibilities, as anyone who isn't thinking like a spoiled child would know. You want the right to register a domain, then that registration information should be public, so that when someone has a beef with you they have a legit avenue of complaint.

Re:Get rid of "private" domain registrations first (1)

EdIII (1114411) | more than 4 years ago | (#31793290)

The drivers license is simple. It is a privilege to drive simply because of how dangerous of an endeavor it really is. The best interests of society are served to make sure that I have the ability to drive safely.

The drivers license should not be used as identification on demand by authorities. I always fight that tooth and nail. If I am not in car, you don't get to ask for my identification, UNLESS, you have just cause to do so. That just cause being a belief, that can be supported by evidence, that I was responsible for a crime or had recently committed a crime.

As for the domains, I disagree. There is nothing that says I MUST publish my home address anywhere in the public record. In fact, I don't even give it to government because they might as well be public record since they sell the information with the laughable farce that you need to be in law enforcement to get it. I don't believe it serves the public interest to have where every citizen sleeps on public record. That is insanity, which is what you are advocating.

Not everyone has a business with a business address. Plenty of people with websites choose privacy because they don't want some nutball on the Internet getting upset about how they insulted the Teletubbies in their blog and tracking them down. The privacy services are not immune to law enforcement or subpoenas either. You can still get the address of someone using a privacy service.

Rights do come with responsibilities and I agree with that. However, that does not mean, cannot mean, will not mean, EVER, that I give up a single shred of my privacy or anonymity to further any agenda by anyone in government. Period.

You have plainly argued that I don't have the right to privacy and anonymity, not just with domains, but just being a citizen and enjoying my rights peaceably around the city.

I'm sorry, but I cannot see anything in your posts supporting of my rights to privacy and anonymity. You seem to be of the sort willing to chuck it all away so that government knows everything, everywhere, in real time, so that they can catch some fucking spammers.

After we give this away....... are we really going to be safe from government abuse? Or will they just use that vast amount of power and now knowledge to accomplish some other sort of goals ostensibly for our benefit? Is it really going to eliminate spam?

You can call me a spoiled child for adamantly supporting the two single greatest measures of defense against corrupt governments, but you would be wrong. I take it very seriously and there is simply no consequences of any kind that would warrant the removal of my rights to give me safety. For when you exchange Freedom for Safety, you get neither one.

Re:Get rid of "private" domain registrations first (1)

CrashPoint (564165) | more than 4 years ago | (#31785178)

You obviously didn't read the link - it lists STATES that ban masks, not cities.

You obviously didn't read the link. Few states are listed as having anti-mask laws, fewer still support your general claim of "you don't have a right to wear a mask":

California - Illegal to wear a mask for the purposes of disguising yourself during the commission of a crime or evading capture by the police.

DC, Florida - Illegal to wear a mask for the purposes of intimidation/threats, depriving others of their legal rights, or avoiding identification while committing a crime.

New York - Illegal to hang around masked in a public place with a group of people similarly masked

North Carolina, Virgina, West Virginia - Congratulations, these have a broad enough scope to superficially support your claim...provided none of the listed exemptions apply. You also have to ignore the fact that these are essentially blue-laws targeted at the KKK and their like, enforcement of which against someone just going about his business while masked is laughably unlikely to happen in the first place, much less survive a Constitutional challenge.

Even that aside, all it shows is that there are three states currently violating your right to wear a mask in public, not that you don't have the right to begin with. You absolutely do have that right. It harms nobody, and other people are not entitled to see your face.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31787852)

People made a blanket statement that there was no such law - I proved that there is.

As for "unlikely to happen", tell that to the 8-year-old who was arrested for writing on her desk with an erasable marker, or the 5-year-old kid who was charged with sexual assault because he kissed a classmate.

enforcement of which against someone just going about his business while masked is laughably unlikely to happen in the first plac

Feel free to prove me wrong by going into your local bank wearing a mask. Better yet, go into your local gun shop wearing a mask. Do Darwin proud! :-)

Re:Get rid of "private" domain registrations first (1)

CrashPoint (564165) | more than 4 years ago | (#31790046)

People made a blanket statement that there was no such law - I proved that there is.

No, you made the blanket statement: "You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it". You succeeded, at most, at "proving" this to be true in a narrow set of circumstances...in three states out of fifty. That's a success rate of less than 6%.

As for "unlikely to happen", tell that to the 8-year-old who was arrested for writing on her desk with an erasable marker, or the 5-year-old kid who was charged with sexual assault because he kissed a classmate.

Ignoring your failure to cite sources showing these incidents actually took place, let's look at the parallel you're trying to make. Laws against vandalism and sexual assault:

  1. Exist in every state.
  2. Are regularly enforced.
  3. Outlaw an activity in which one person clearly violates the rights of another. An actual, honest-to-god crime, in other words.
  4. Were, in the examples you (neglect to) cite, applied to situations drastically different from those they were meant to address.

None of this applies to your so-called "can't hide your face" law. Your comparison doesn't hold water.

Feel free to prove me wrong by going into your local bank wearing a mask. Better yet, go into your local gun shop wearing a mask. Do Darwin proud! :-)

So, having started from a position of "you don't have a right to hide your face in public", you have now backpedalled to "if you hide your face in certain specific public places people might think you're breaking a completely different law even though you're not". That's about as close to admitting you were wrong as you can get without coming out and honestly saying so.

And don't try to shift the burden of proof. You made the positive claim, you have to back it up. Thus far you have failed miserably to do so.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31791110)

I've provided a way for you to demonstrate that I'm wrong. Simply go into the nearest gun store wearing a mask. According to you, there's no law against it, it's your right ... supposedly.

One of the posters claimed that there were no such laws. I proved otherwise. Now, if you want to show that those laws are not in effect, do so, and pics or it didn't happen.

There is on constitutional right to go around wearing a mask, and various states, as well as municipalities, prohibit it. It's also probable cause for stopping you pretty much everywhere.

It's not up to me to go through the ordinances of 10,000 cities and towns to see which municipalities also have similar restrictions.

Just go out there and collect your Darwin.

Re:Get rid of "private" domain registrations first (1)

CrashPoint (564165) | more than 4 years ago | (#31801468)

I've provided a way for you to demonstrate that I'm wrong. Simply go into the nearest gun store wearing a mask.

Unfortunately for you, the ways in which I can prove you wrong are not limited to what you "provide". Even "prove you wrong" is more than I need to do; I need merely point out how you have not proven yourself right. I have shown how your cited evidence fails to support your claim, and you have not defended it. You, as the one making the assertive claim, are the one under the burden of proof. So the fact that I'm not going to do what you ask doesn't say what you want to think it does. And you know it.

One of the posters claimed that there were no such laws. I proved otherwise.

You "proved" that your claim is less than 6% true, which you would have known if you had actually read your source. Remember: three states out of fifty (and zero cities, but we'll get to that later), none of whom have been shown by you to be enforcing these laws in the context you claimed or defending them in court. Since your original claim is a blanket statement covering the entire US (assuming that you only meant the US), this isn't even remotely enough to show that your claim should be accepted as generally true everywhere.

Now, if you want to show that those laws are not in effect, do so, and pics or it didn't happen.

Again, burden of proof. You're arguing from ignorance [wikipedia.org] here.

There is on constitutional right to go around wearing a mask

Well, first of all, there doesn't need to be. Ninth Amendment: "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.".

But we need not fall back on the Ninth. Wearing a mask has two primary functions: self-expression and anonymity, both of which are amply protected by the First Amendment.

Therefore, any laws against masks can only pass Constitutional muster if tailored to a very narrow scope. Those of California, DC, and Florida would probably survive since they focus on the use of masks to aid activities that are unlawful anyway.

New York's did survive a challenge [thefreelibrary.com] , but don't get excited by the headline; read the article and you'll see that the reasoning was tied entirely to safety issues arising from the fact that the plaintiffs were seeking to hold a KKK parade in their hoods, and it was held that the hoods did not convey anything that the robes didn't. Obviously the same could not be said of, say, a protest by Anonymous, and certainly not to someone just walking down the street as in your original statement of "You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it". Note also that the court recognized [nlgnyc.org] that "the law could theoretically be applied in a manner that violates the First Amendment’s protection of expressive conduct, also referred to as communicative conduct or symbolic speech.". Applied to a case like Anonymous where the mask is essential to the message, or to an individual, the law is far less likely to hold up (it doesn't even apply in the latter case anyway).

And if New York's law has chinks in its armor, then those of North Carolina and the Virginias, with their broad scopes, would get chewed up and spit out like Chiclets. Assuming they even get enforced in the "walking down the street" context of your original claim, that is.

...and various states, as well as municipalities, prohibit it.

Prove it, then, and furthermore prove that said prohibition - and NOT against Klan rallies and the like, but against individuals going about their business (as in, I find myself having to repeat yet again, your original claim)- has been upheld as Constitutional in jurisdictions covering enough of the US to that it can be reasonably said to apply in the US generally. Anything less is not sufficient to support your original claim. Don't like it? Tough; you shouldn't have made such a broad claim when you couldn't support it.

It's not up to me to go through the ordinances of 10,000 cities and towns to see which municipalities also have similar restrictions.

It most certainly is. You made the claim, so you accepted the responsibility to prove that claim to be correct. If you refuse to do so, then your claim is rightfully disregarded. And you have, so it is.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31804740)

Posters said there were NO laws against it. I proved otherwise. It's binary - either there are or there aren't. It's like being pregnant - either you are or you aren't.

So admit that you're wrong. There ARE laws against it. And if you want to go by percentages, there's a country bigger than yours that has laws against it right on top of you. And there are other countries that also have similar laws. So eat crow, fatso.

Re:Get rid of "private" domain registrations first (1)

CrashPoint (564165) | more than 4 years ago | (#31812844)

Posters said there were NO laws against it. I proved otherwise.

Those posters were attacking your original claim, which was this:

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

That claim is not "there are laws against it in a small number of places". It was a generalized statement of fact which, in your ignorance, you assumed applied everywhere. Your claim was that laws against masks were the rule, not the exception. You failed miserably in supporting that statement. Upon realizing this, you started trying to move the goalposts so you could redefine your position as "there's a law against it SOMEWHERE" rather than your previous position of "there's a law against it EVERYWHERE".

It's binary - either there are or there aren't. It's like being pregnant - either you are or you aren't.

But again, your claim wasn't that some place, somewhere has an anti-mask law. It was that anti-mask laws are prevalent, which as your own evidence shows is false by a binary standard.

So admit that you're wrong.

No, for the same reason I won't admit that I'm secretly the King of the Moth People.

And if you want to go by percentages, there's a country bigger than yours that has laws against it right on top of you. And there are other countries that also have similar laws.

If you want to retroactively broaden the scope of your original claim to cover the whole world, you face some problems:

  1. It's an implicit admission that your claim fails to hold true in its original context.
  2. It carries a much larger burden of proof than the one you were already unwilling to shoulder.
  3. It applies to a hell of a lot more than masks. For example, you could just as easily make a blanket statement of "you don't have a right to worship as you please" based on the fact that a big chunk of the world's governments have anti-this-religion-or-that-one laws. If you want your reasoning to be consistent, you either have to commit to defending positions like that, or abandon your original one.
  4. It doesn't fool anyone; you're just moving the goalposts again.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31813136)

No - the original goalpost was "there is no such law". They further claimed it would be unconstitutional. that's a pretty easy goalpost to beat, since there are weveral states that have such a law. They were wrong. TOTALLY wrong. Get over it.

It's like saying "It's illegal for elephants to be in the US" I don't have to show elephants in all 50 states to prove them wrong. Just 1 state.

Re:Get rid of "private" domain registrations first (1)

CrashPoint (564165) | more than 4 years ago | (#31826070)

How does one state equal the entire country? Or even three? The answer, of course, is that is doesn't, and you're simply lying.

And a blanket ban IS unconstitutional. The fact that it hasn't been overturned yet doesn't prove otherwise. To suggest that it does is to argue that any law on the books is automatically constitutional.

Quite true (1)

zogger (617870) | more than 4 years ago | (#31788782)

The mask banning is quite true and enforced in a lot of places. Just the facts.

Re:Quite true (1)

EdIII (1114411) | more than 4 years ago | (#31793436)

Ok. I do believe that it is unconstitutional and not consistent with our values as Americans. I would be happy and proud to to fight such laws as an activist. Something like getting a couple hundred people together with masks outside of a police precinct.

Basically, it boils down to a really simple fact. When you exchange Freedom for Safety, you get neither one.

I don't ever support expanding law enforcement's rights to gather information when it is not directly related to immediate crime in progress, or a justifiable belief that you need to gather information about someone to solve a past crime.

The mask issue, which is part of a larger issue such as window tinting, etc., is about law enforcement being able to watch ordinary citizens when they have no cause to do so.

Take those devices which can read heat signatures and basically peer into every single house and see what people are doing. Similar to those abhorrent devices they are deploying in airports. Right now they are very expensive, but there will be a day where ordinary people can possess them. Will it be illegal for me to build a house that law enforcement cannot see inside?

Re:Quite true (1)

zogger (617870) | more than 4 years ago | (#31795344)

Well, I know what you are saying and agree with the sentiment. If you look back when the masks were banned, it was to counter ku klux klanners and other sorts going out and doing nasty stuff in public and hiding behind that anonymity. I am guessing now that it has been taken to court already, but I haven't researched it yet.

Now what I don't like is COPS being able to hide behind masks, plus remove their insignia, at public demonstrations. The same laws should apply to them as well.

As to infrared devices, etc., You can buy them, I own some night vision goggles, old style, that use infra red. They are classed in generations, old ww2 stuff is first gen, I think they are up to fifth gen by now. Goggles or scopes in that class, using passive image intensifying, cost thousands and are quite good, by accounts I have read.

Re:Get rid of "private" domain registrations first (4, Interesting)

TheSpoom (715771) | more than 4 years ago | (#31782840)

You have a license plate on your car that's publicly viewable, and you don't have the right to obstruct/hide it. What's the problem with that?

A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).

You have an address on the door to your place that's publicly viewable. What's the problem with that?

You're already there.

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

You don't? Tell that to Anonymous.

You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?

You can contest things that happen to your bank account. Nonetheless, I don't let just anyone have the information on my checks.

You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?

No, I don't. :^P Further, even if I did, people have to get close enough to view it. It's not in a publicly accessible database, like WHOIS data for domains.

I like the ability to anonymously post information to the internets. Part of that is the ability to be free from WHOIS spam as part of a domain registration.

Re:Get rid of "private" domain registrations first (1)

mysidia (191772) | more than 4 years ago | (#31783386)

A license plate is an indexed key. To actually obtain the data associated with the key, you have to be in a position of authority (e.g. a police officer).

At one point in time that might have been correct.

It is no longer true. There are plenty of back channels where a person not in a "position of authority" can very easily get the information indexed to the key, pretty reliably.

Re:Get rid of "private" domain registrations first (1)

bmk67 (971394) | more than 4 years ago | (#31783180)

The day that all of that crap is in the WHOIS database will be the day when you have a point.

Re:Get rid of "private" domain registrations first (2, Interesting)

mysidia (191772) | more than 4 years ago | (#31783326)

You have your medical condition and contact info listed on your MedicAlert bracelet. What's wrong with that?

A Medic...what??? Of course I do not.

You have your name, address, bank account number and signature on any cheques you write. What's wrong with that?

I have only name, bank account number, and issuing bank. No need for an address on a cheque, that's a security risk.

Also, don't write checks.... paper checks are a security risk, because they are easily forged, and should be kept locked up at all times and not used on a regular basis.

You have an address on the door to your place that's publicly viewable. What's the problem with that?

Some people do. Some people do not have an address printed on the door.

You have a face that's publicly viewable when you go on the street - and you don't have the right to wear a mask to hide it, What's the problem with that?

Huh? Of course you do. Although it may be at your peril [youtube.com]

Re:Get rid of "private" domain registrations first (1)

BigSlowTarget (325940) | more than 4 years ago | (#31785520)

Since net neutrality isn't an issue I expect the ISP can provide that page to everyone via connection running at about 2 baud. You'll have the names in about twenty years.

Re:Get rid of "private" domain registrations first (0)

Anonymous Coward | more than 4 years ago | (#31787402)

If anyone wants to contact Tom Hudson personally and point out what an idiot he's being, his address is:

66 Whiteoak
Dollard-des-Ormeaux
H9B 1K3
CANADA

His phone number is 514-244-2433

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31787878)

I noticed you left out my name - do you want to try again - AFTER reading my slashdot profile, so you at least get the pronouns right next time??? :-p

Re:Get rid of "private" domain registrations first (2, Interesting)

mysidia (191772) | more than 4 years ago | (#31783218)

Then use a subdomain on a responsible person's SLD registration.

Proper contact information really is a requirement for registering a domain name.

"Domain by proxy" services are sneaky, the practice should be banned, for among other reasons (due to the fact) that the proxy service is officially the legal owner of the domain name, as far as the internet domain registry is concerned.

Re:Get rid of "private" domain registrations first (1)

causality (777677) | more than 4 years ago | (#31782150)

Want to fix the spam problem? Get rid of "private" domain registrations. If the domain isn't registered to a real human being, pull the plug.

This will help stop sites that offer crap like "bullet-proof email services" - spam-on-demand.

Real question because I don't honestly know: how much spam is actually sent from people with registered domain names who own blocks of IP addresses? How does this number compare to the spam sent from compromised Windows machines that participate in various botnets? If the latter is a much larger source, then this looks more like another ineffective feel-good measure. Though to be honest, even if you shut down every last botnet I don't believe that would stop spam, because spam predates large botnets.

The way I see it, spammers are like drug dealers. You will never run out of them until you remove their profits. Economic forces are that powerful. If one drug dealer gets busted, the rest probably feel like the cops did them a favor by removing some competition. For every dealer busted, another will take his place because there is no shortage of people with no scruples who will do anything for money. The higher the risk, the more they can charge for their products.

You will never win the War on Drugs with force. We've tried that for decades now and it hasn't done anything (not that we're willing to learn from this). Your only hope is to convince the users to give up their habits through education. Education has been phenomenonally successful at reducing the use of tobacco, to make a comparison. Likewise, I don't see how busting spammers is going to stop spam. I don't believe you will ever stop spam until the average Internet user stops buying their products and stops falling for their scams.

Re:Get rid of "private" domain registrations first (2, Interesting)

tomhudson (43916) | more than 4 years ago | (#31783086)

Spammers need a legit server to receive those clicks. See how I tracked down one spammer half an hour ago [slushdot.com] to learn more.

Pay particular attention to the section around the "Directory Listing Denied" segment.

You might also want to help ...

Your only hope is to convince the users to give up their habits through education.

I'm still waiting for the "year of the linux desktop", so I don't hold out much hope for end-user education :-)

Re:Get rid of "private" domain registrations first (1)

causality (777677) | more than 4 years ago | (#31783244)

Spammers need a legit server to receive those clicks. See how I tracked down one spammer half an hour ago [slushdot.com] to learn more.

That's wonderful, and probably made you feel better, only it misses my point. You can track down 500 more spammers if you want. Even if you manage to get every last one of those 501 taken offline, more will show up to take their place. That will continue so long as spam remains profitable. What you're doing there is more about a visceral feeling of nailing someone for being a pest, and unfortunately nothing else. We will never run out of symptoms like that spammer you tracked down until we address the actual root of the problem.

Re:Get rid of "private" domain registrations first (1)

tomhudson (43916) | more than 4 years ago | (#31784586)

That will continue so long as spam remains profitable

Here, let me fix that for you:

That will continue so long as spammers don't go to jail.

The root problem is that spammers are anonymous. Strip them of their anonymity, and watch how spam goes from 95% of all email to 5%.

Re:Get rid of "private" domain registrations first (2, Interesting)

mysidia (191772) | more than 4 years ago | (#31783618)

Real question because I don't honestly know: how much spam is actually sent from people with registered domain names who own blocks of IP addresses? How does this number compare to the spam sent from compromised Windows machines that participate in various botnets? If the latter is a much larger source, then this looks more like another ineffective feel-good measure.

You realize, these are not disjoint sets?

There are a lot of Windows machines on the networks of companies that hold IP addresses.

These are business networks, and often they are a source of spam. Often other people need to contact them to give them a friendly alert that some of their machines are sending spam, so they can deal with the infection.

Often residential users who are not on business networks with their own IP addresses, have ISPs that block or filter port 25.

Basically, if you have your own IP addresses, and your own network, then you have a responsibility to be contactable so you can mitigate abuse.

If you are a single user without IP addresses of your own, then your ISP is your network manager (to an extent, obviously they won't come to your house and clean the infection for you, and it's not ISP support's job to walk you through cleaning or fixing your infections, either, although some ISPs will offer this service, probably at substantial additional cost).

Spam is sent by BOTNETs, not private domains (2, Insightful)

ShinmaWa (449201) | more than 4 years ago | (#31785090)

Getting rid of "private" domains won't do a damn thing except INCREASE the amount of spam that domain holders get. Spammers don't hide behind private domains, they hide behind huge botnets!

I used to not hide my whois information. In fact, I was proud to display my contact information in my whois entry when owning my own domain was a novel thing. Then the spam started on the contact accounts. Annoying, but I could handle it. Soon after, I started getting phone calls from people who barely spoke English claiming to be from my "hosting company" or from NetSol and they need access to my host right away or there was a "billing problem" and they need my credit card information to resolve it.

I set my domain information private right after that and never looked back.

No thank you. I use private domains to HIDE from spammers and scammers.

Re:Spam is sent by BOTNETs, not private domains (1)

tomhudson (43916) | more than 4 years ago | (#31787838)

Spammers don't hide behind private domains

Your statement isn't true. As an example, yesterdays' spam [slushdot.com] - that wasn't sent by a botnet.

Second, for the spam that IS sent by a botnet, you'll see that it tries to send people to specific sites. Those sites are the ones you want the whois information for. Often, they're hiding (like yesterdays) behind bogus throw-away email addresses (such as, in yesterday's case, gmail accounts).

Sure, you'll get a few phone calls - that's what call display is for. And with the new Do Not Call list, such calls net the caller an $11,000 fine. Haven't gotten one since I put my number on the list, so even if they harvest the phone number, they can't use it.

Sure, you'll also get a bit more spam - so what? If forcing all registration info to be valid and verifiable, we cut down on the overall amount of spam, you'd be way ahead.

It's all part of the responsibility of hosting a domain legitimately. Instead of complaining, why not take a few minutes a day to track down one spammer and send their upstream providers a complaint, complete with the necessary info to take action, and write about it? Be part of the solution, instead of complaining that nothing can be done to stop it at the source.

Re:Spam is sent by BOTNETs, not private domains (1)

ShinmaWa (449201) | more than 4 years ago | (#31792370)

Sure, you'll get a few phone calls - that's what call display is for. And with the new Do Not Call list, such calls net the caller an $11,000 fine. Haven't gotten one since I put my number on the list, so even if they harvest the phone number, they can't use it.

So wait, guys trying to get illegitimate access to my machines and/or steal my identity and calling through "unavailable" VoIP lines from Russia and Nigeria are going to respect the US's Do Not Call list? Get real.

Also, even though my contact information is unavailable TO YOU, it is not unavailable. If there is an issue, my registrar does have my full and complete information (and they are required by ICANN to confirm it is correct periodically, which they do). Perhaps not all registrars follow the ICANN rules, but that's ICANN's problem, not mine. Getting rid of private domains won't solve that problem at all. If a registrar is sloppy enough to not keep the full information on file, I'm pretty sure they are sloppy enough to put fake information in WHOIS too, so what's the point? It solves nothing and harms only the legitimate domain owners.

For the record, I didn't complain. I solved the problem by removing my WHOIS information from a public database. There's no reason for it to be out there. If there's a legitimate issue with my domain, my registrar is required by ICANN to contact me on their behalf. If there is not a legitimate issue with my domain, people don't need to know my information at all.

Why is it so hard? (3, Insightful)

Auroch (1403671) | more than 4 years ago | (#31782038)

If GB is passing laws to cut off file sharers, who do so for personal use only, why can't they move quickly to impede spam?

... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...

Re:Why is it so hard? (2, Insightful)

D Ninja (825055) | more than 4 years ago | (#31782444)

... oh right. Spam is enterprise, brings in money. Piracy takes it away. Never mind that everyone loves piracy and hates spam ...

What people like and what people don't like should not dictate the laws of the government. I would LIKE free money given to me every single day of my life and I would LIKE not to ever pay taxes again.

And, your reasoning is off. Piracy is getting such attention because interest groups (music industry, movie industry) are throwing money behind it to stop it from happening because they think (rightly or wrongly - not going into that here) that piracy is hurting their business. Most individuals don't think that much about spam. Heck, with Google's spam filters on, I see, maybe, one spam a month. Maybe.

Re:Why is it so hard? (1)

Requiem18th (742389) | more than 4 years ago | (#31783918)

What people like and what people don't like should not dictate the laws of the government.

Why?

I would LIKE free money given to me every single day of my life and I would LIKE not to ever pay taxes again

Invalid example, you are not "people", now if people wanted those things, I would not see a reason for the government to not comply, of course, this has obvious consequences that make it impractical and people know that, but you are not arguing against the consequences, your position is that the will of the people shouldn't dictate law.

Will you defend it or take it back?

Re:Why is it so hard? (0)

Anonymous Coward | more than 4 years ago | (#31786730)

What people like and what people don't like should not dictate the laws of the government.

Why?

Because the "people" are largely ignorant and easily influenced. If the opinion of the people would be of interest, lobbyists would simply lobby them with lies and ad campaigns. Don't be fooled, most are too uninformed and lazy to realise what's beneficial to them and what hurts them. If there's a shiny corporate spokesman that says something, most will believe it.

Re:Why is it so hard? (1)

Requiem18th (742389) | more than 4 years ago | (#31790540)

Lobbyists *already* do nothing but spew lies in ad campaigns.

So you are against democracy? I won't deny that people are stupid but I rather try to educate because what is the alternative? A benevolent dictator? An illuminated ruling class?

Who's going to decide who will rule? you?

Re:Why is it so hard? (1)

TheVelvetFlamebait (986083) | more than 4 years ago | (#31785834)

Spam is an annoyance. Piracy is actually damaging.

Re:Why is it so hard? (0)

Anonymous Coward | more than 4 years ago | (#31787426)

> Spam is an annoyance. Piracy is actually damaging.

You're dreaming. It's far closer to the opposite.

Re:Why is it so hard? (1)

Bengie (1121981) | more than 4 years ago | (#31791664)

Wikipedia:
"the worldwide productivity cost of spam has been estimated to be $50 billion in 2005"

And that's back several years. Now include money scams/etc.

Piracy:
Many independent researches have shown the people who pirate the most are the same people who are most likely to buy the material.
eg. The guy who pirated Avatar was also the guy who went to the theater several times then went out and bought the blue-ray

Per person, people who pirate, spend more money. Yes, some people who pirate don't buy anything what-so-ever, but averages are all that matter.

ISP (1)

BigBadBus (653823) | more than 4 years ago | (#31782054)

I find the "contact us" facility on some ISPs to be totally lacking, especially if you want to complain about one of their customers abusing their service. I had course to complain [paullee.com] to swbell/AT and T about a venonomous message recently and not only did it take ages to find a complaint address, but I never got a reply back. (Also, the police and FBI have been useless too)....

Re:ISP (1)

mysidia (191772) | more than 4 years ago | (#31783716)

A "venomous message" is not network abuse in the traditional sense, although it still may result in account termination (especially if the ISP is a university or employer of the sender), most commercial ISPs will not or cannot do anything about a complaint of a venomous message. Although they may have an AUP that message content violates, support personnel cannot readily make a determination whether a single message constitutes legal harassment or not, and whether the claimed sender really sent that text or not.

It will often be the complainer's responsibility to contact law enforcement, or secure a restraining order.

Network abuse would be sending 10 copies of a venomous message, in order to flood recipient's inbox, which is verifiable by the ISP.

If it's just a few messages, ISPs will generally direct the recipient as to how to filter, block, or .killfile further messages from that sender.

Consider that another type of harassment ISPs have to deal with or be concerned with in situations like that, is frivolous complaints constructed by the perpetrator in order to harass the victim by suggesting they may get their ISP service terminated (through the false complaints).

Why does it have to be public? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31782108)

Everybody should have a right to privacy up to the point they abuse it. That address and contact information, when reflexively made public, can and is happily abused by other unaccountable individuals and businesses.

Our problem is that we don't have an effective system for making abusers face consequences for their actions, and stomping on the privacy of responsible actors on the Internet only makes the problem worse by adding to the pool of people whose information can be used to harass them with spammy communication. Far better to grant privacy automatically in combination with a reasonable system for penetrating it (i.e. make it easy to get through if there's proof of bad actors while instituting legal penalties if people file false reports for the purposes of obtaining private information.)

Re:Why does it have to be public? (1)

mysidia (191772) | more than 4 years ago | (#31783774)

Personally, I think you should have to register to see entries in the WHOIS directory, pay a $5 fee, and obtain a login and password to authenticate. You yourself will be listed in the WHOIS directory as a whois user, with full details.

And any lookups you perform will become public knowledge for the next 7 days, together with the IP address(es) performing the lookup, and what records you looked up.

In other words... public information, but also public record of who is accessing that information.

More Privacy for Businesses, but less for people? (1)

static416 (1002522) | more than 4 years ago | (#31782160)

Contrast this with the provisions of ACTA, which require that the ISPs more strictly monitor citizens for imaginary property infringement.

Looks like you're much better off being a corporation than a person these days. Better privacy. Better health benefits. Better insulation from litigation. And if you get big enough you don't even have to be financially solvent in order to survive, the government will bail you out.

Corporations have no privacy protections (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31782224)

Corporations are NOT people. Therefore, they have no "privacy" expectations or rights to such.

They are PUBLIC corporations. I see no reason to extend the rights that individual PEOPLE enjoy to corporations, which by their inherent creation, are PUBLIC entities.

If they have nothing to hide, well, then why are they asking to be hidden? (I know this is a fallacious argument, but when corporations and the government (and their cheerleaders) apply it to people, why can't it be applied similarly to corporations?)

Corporations can't have it both ways, all the rights of actual living people without all of the OBLIGATIONS that actual living people must also comply with, including and up to that final eventuality of dying and ceasing to exist.

Re:Corporations have no privacy protections (1)

blair1q (305137) | more than 4 years ago | (#31782506)

Not all corporations are public.

But the Internet should not be an anonymizer for criminals, either.

You can already do this now (0)

Anonymous Coward | more than 4 years ago | (#31782422)

I can assure you that many ISPs already do this and have been doing so for at least 10 years. There is no point in placing customer contact information into the whois directory when the customer is not capable of handling technical network issues themselves, so many ISPs just fudge the data in various ways to keep it out of whois.

Some people have set up what amounts to private police forces and since they can't get at the information with a sub-poena like the real police, they are trying to rig the system so that people have no right to privacy.

We have actually endorsed this proposal. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31782694)

At least with this proposal providers could implement their whois servers and actually leave them up and running all the time, rather than only turning them on when working with ARIN to receive another IP allocation (common practice in the industry), which doesn't really help anybody when they are down.

Re:We have actually endorsed this proposal. (1)

mysidia (191772) | more than 4 years ago | (#31783876)

Intentionally downing or failing to do either operate the RWHOIS server 24x7 or provide the re-assignments using SWIP is a NRPM violation, and therefore a breach of the RSA contract the provider signed with ARIN.

If they are found out, their IP resources subject to the RSA can be revoked immediately...

In reality, they might get off with a stern warning, but it seems like a really risky practice.

Businesses are not entitled to anonymity (1)

Animats (122034) | more than 4 years ago | (#31783958)

Neither WHOIS information nor IP address block allocation (ARIN's remit) should be private. Neither businesses nor anonymous web sites are entitled to anonymity in most of the developed world. Europe, in fact, is tougher on this than the US. [sitetruth.com] Europe has the European Privacy Directive, but that's for individuals acting in their private capacity. Businesses come under the European Directive on Electronic Commerce. [europa.eu]

1. In addition to other information requirements established by Community law, Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information:
(a) the name of the service provider;
(b) the geographic address at which the service provider is established;
(c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner;

"Service provider" here means web site owner/operator. So even in an area with strong privacy laws, businesses don't have the right to run anonymous web sites.

California has a similar law for sites that accept credit cards. It's a criminal offense in California to accept credit cards from an anonymous web site.

At SiteTruth [sitetruth.com] , our demo search site, we use this requirement to filter out "bottom-feeder" sites from search results. If it looks commercial, and we can't figure out who owns the site after trying about five different approaches, it's down-rated, and we move this down in search results. This puts teeth into fighting "search engine spam".

Sites can put up phony address info, of course, but that's a felony in many jurisdictions. It's generally treated as fraud, and if it's someone else's address, identity theft. That's a line most "bottom feeders" don't want to cross. Also, much such fraud is reported to sites like PhishTank, so there are red flags to check.

If you want to put up a personal site to express your political opinions, fine. But if it's selling something, it can't be anonymous. Deal with it.

shiT9? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31784236)

non-fucking-Existant.

Businesses want anonymity? Which ones? (1)

Bearhouse (1034238) | more than 4 years ago | (#31787570)

Seems to me that legitimate businesses with an internet presence spend a lot of time & money on trying to be known.
Why would a legit business want to be anon?
For people posting in fear of their lives, there's Wikileaks...
This is not the way to defeat spammers and others.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...