From: Kai Henningsen (kaih@khms.westfalen.de)
Date: Thu Jan 18 2001 - 14:22:00 CST
brad@templetons.com (Brad Templeton) wrote on 17.01.01 in <20010117235142.B11186@main.templetons.com>:
> Because it costs both money, and requires using a distant news server
> or having to get news software that can be easily configured to post
> via one server while reading via the local one.
Software such as Netscape, you mean? The feature is standard in modern
news readers, and has been for quite some time.
The cost seems utterly trivial.
And face it, if you want privacy, you need to take care of more than just
the server anyway - such as chosing a different string to put into From:,
a different .sig, and so on.
Or maybe a specialized for-anonymous-postings server will do some of that
for you (like anon.penet.fi did).
You can be pretty certain that your local server won't help you - at the
very most it won't sabotage you. But given that there's so much more you
need to be aware of to get *real* anonymity, that's a rather uninteresting
property. (And remember, it leaves your privacy wide open to whoever
operates your local news server anyway. You might want to avoid that.)
In short, I'd much prefer having the Security Considerations section talk
about what exactly are dangers here, and what are possible steps to take
for setups that specifically want to cater to it - and not give the rest
of the world the idea that justusing tokens instead of IP addresses will
buy them much of anything, because it won't.
> If you're not reading
> on a relatively local server, you are starting to lose most of what USENET
> is and why it was created and still flourishes.
You don't really expect anyone to take that serious, do you?
> As indicated elsewhere, the IP address is a very poor choice, even if
> it weren't for the fact that we static-IP users lose our privacy when
> it is used. Because of DHCP, the IP address can quickly be reassigned
> to an innocent person.
That's why the largest German ISP does this instead:
X-Trace: news.t-online.com 978386750 05 29528 wQ7hY1XSPAOJK 010101 22:05:50
X-Complaints-To: abuse@t-online.com
X-Sender: 02771829945-0002@t-dialin.net
Yes, that's an account-subaccount number in that third line, directly from
their RADIUS servers. The same number gets put into Received: headers, for
example. (And it seems that some RADIUS server malfunctions right now,
which is why my outgoing mail just gets "421 Identification failed (120)."
- I suspect I need to relogin, but not during this mirror run ...)
Oh, and originally, that was the user's phone number. That was changed
some (long) time ago, though, for privacy reasons, unless the user in
question is an old user who doesn't care - old users have to actually ask
to get their account number changed. (I wonder if this random example is
actually from such an old user - that *looks* like a phone number ...
impossible to say for sure, though.)
> This is all without consideration to the privacy issues. The truth is,
> some of those defending the use of the IP address have indicated they
> want to strip posters of privacy, because they don't trust administrators
> to discipline their own users and thus don't want those admins to
> protect that information, so that they can more easily track down and
> punish people.
Of course, you consistently ignore that those same people point out that
anonymous-posting servers are a better solution. Maybe because then you
could no longer claim they want to strip people of their privacy?
MfG Kai