From: Brad Templeton (brad@templetons.com)
Date: Fri Jan 19 2001 - 12:12:31 CST
On Thu, Jan 18, 2001 at 10:22:00PM +0200, Kai Henningsen wrote:
> brad@templetons.com (Brad Templeton) wrote on 17.01.01 in <20010117235142.B11186@main.templetons.com>:
> Software such as Netscape, you mean? The feature is standard in modern
> news readers, and has been for quite some time.
It was my understanding that Netscape posts from the server you are
reading from. You can of course have multiple servers, but you can't
as I recall read a newsgroup from one, then say "post" and have the posting
to to another.
>
> The cost seems utterly trivial.
Really. You think that if USENET cost $5/month it wouldn't see orders
of magnitude drops in usage? Perhaps you have some meaning for trivial
that I am not familiar with.
>
> And face it, if you want privacy, you need to take care of more than just
> the server anyway - such as chosing a different string to put into From:,
> a different .sig, and so on.
Of course you put in the different string in the From.
But let me clarify what privacy means. It doesn't simply mean creating
new identities to post under. Many people use an address which does not
have their real name as their _sole_ identity on USENET. In fact, as you
know, to protect their privacy, a significant portion of USENET users
post with invalid E-mail addresses, sometimes with their real name and
an english description of their valid address, sometimes not.
A privacy conscious friend who visits me here refuses to post to USENET
from my network because I have the static IP address. Like many, this
friend accepts the existence of Deja News and the ability of people to
look at a posting history, but dislikes any ability to tie that back to
a real identity. So no posting.
>
> Or maybe a specialized for-anonymous-postings server will do some of that
> for you (like anon.penet.fi did).
Indeed, such servers exist and guess what. At least before penet was
shut down it was extremely popular. People want that ability. That they
will go to inconvenience or cost to get it should indicate that I am
not talking for myself here when describing the demand for this.
But why should they -- and there were something like 300,000 users of penet
many years ago -- go through this cost and inconvenience? So far the
only answer I have heard is so that anti abuse crusaders don't have to
ask local admins to identify or discipline abusers.
I just don't see taking away something that a large proportion of the
net wants for this.
And anonymous servers aren't an easy answer at all. They don't last long
because they get abused. They get abused because they are remote. The
ISP is a good place to provide basic privacy because you have a long term
financial relationship with them, and they are of course the right place
for you to read news from.
If a pseudonym server wants to survive, it has to spend a lot of work
stopping abuse. (So does an ISP but that's now part of the territory.)
Most people find that not worth doing for free. The largest today is
Deja and that's quickly running out of money, and a pain to use.
>
> You can be pretty certain that your local server won't help you - at the
> very most it won't sabotage you. But given that there's so much more you
> need to be aware of to get *real* anonymity, that's a rather uninteresting
> property. (And remember, it leaves your privacy wide open to whoever
> operates your local news server anyway. You might want to avoid that.)
I am not talking about real anonymity. If you want that, you won't get
it here. I'm talking about everyday privacy, about not broadcasting
information to the detriment of the innocent to make it more convenient
for spam hunters to get at the guilty. I've always felt that that's
not how we do things here.
>
> In short, I'd much prefer having the Security Considerations section talk
> about what exactly are dangers here, and what are possible steps to take
> for setups that specifically want to cater to it - and not give the rest
> of the world the idea that justusing tokens instead of IP addresses will
> buy them much of anything, because it won't.
It doesn't protect them from their own ISP but yes, it stops random people
finding out their IP address from their USENET postings.
> > If you're not reading
> > on a relatively local server, you are starting to lose most of what USENET
> > is and why it was created and still flourishes.
>
> You don't really expect anyone to take that serious, do you?
Yes. What's the point of a distributed conferencing system if not the
speed of local access? Why not design it centralized, the administration
is a lot simpler. People read USENET for three reasons
1) Fast local access blows away any remote system
2) Newsreader user interface still has advantage over most
web based message board systems
3) Legacy history provides large group of users and topics
I think they're all important. Frankly I don't know why (2) is still true,
since there is no inherent reason you couldn't design a system with a better
UI for use from remote servers, but as yet none has caught on.
>
> That's why the largest German ISP does this instead:
>
> X-Trace: news.t-online.com 978386750 05 29528 wQ7hY1XSPAOJK 010101 22:05:50
> X-Complaints-To: abuse@t-online.com
> X-Sender: 02771829945-0002@t-dialin.net
And while I don't think they should use a permanent number, this is the
right direction for both goals.
>
> Of course, you consistently ignore that those same people point out that
> anonymous-posting servers are a better solution. Maybe because then you
> could no longer claim they want to strip people of their privacy?
No, anonymous servers give you the best privacy protection, I have never
denied that.
But then, why have injectors at all? Why have hundreds of thousands of
admins administer injectors and have dozens of software authors write
and maintain them, when in fact a few injectors centrally located would
do the job. Just tell people when they want to post they should
switch servers and post there.
Just because some people here don't value privacy as highly as others
doesn't mean there isn't a large demand among the users of the net.
The leson of penet should tell you that.