From: Kai Henningsen (kaih@khms.westfalen.de)
Date: Fri Jan 19 2001 - 12:49:00 CST
brad@templetons.com (Brad Templeton) wrote on 19.01.01 in <20010119101231.C27968@main.templetons.com>:
> On Thu, Jan 18, 2001 at 10:22:00PM +0200, Kai Henningsen wrote:
> > brad@templetons.com (Brad Templeton) wrote on 17.01.01 in
> > <20010117235142.B11186@main.templetons.com>: Software such as Netscape,
> > you mean? The feature is standard in modern news readers, and has been for
> > quite some time.
>
> It was my understanding that Netscape posts from the server you are
> reading from. You can of course have multiple servers, but you can't
> as I recall read a newsgroup from one, then say "post" and have the posting
> to to another.
Well, that was certainly how I imagined people to do this.
> > The cost seems utterly trivial.
>
> Really. You think that if USENET cost $5/month it wouldn't see orders
> of magnitude drops in usage? Perhaps you have some meaning for trivial
> that I am not familiar with.
Well, I'm not quite up on modern anonymizing servers, but I sure *thought*
there were some around that worked for free. That was certainly how
anon.penet.fi worked.
> But let me clarify what privacy means. It doesn't simply mean creating
> new identities to post under. Many people use an address which does not
> have their real name as their _sole_ identity on USENET.
A practice that, incidentally, I have rather little respect for, unless
they are in Usenet *only* for the few groups where there is a real need
for it.
Mind you, I do thing that it's their *right* to do that - but I don't
think it's a good idea.
Incidentally, it happens to be severely frowned upon in the de.* groups.
That's not the reason I read those rather rarely.
> In fact, as you
> know, to protect their privacy, a significant portion of USENET users
> post with invalid E-mail addresses,
To protect against spam, you mean. And I am actually seriously upset about
that. I think they're doing about the same amount of damage to Usenet that
way as the spammers.
I've never heard aboutusing this seriously to protect privacy. That may be
because it's unlikely to work very well.
> And anonymous servers aren't an easy answer at all. They don't last long
> because they get abused. They get abused because they are remote. The
> ISP is a good place to provide basic privacy because you have a long term
> financial relationship with them, and they are of course the right place
> for you to read news from.
I couldn't disagree more, actually.
> > You can be pretty certain that your local server won't help you - at the
> > very most it won't sabotage you. But given that there's so much more you
> > need to be aware of to get *real* anonymity, that's a rather uninteresting
> > property. (And remember, it leaves your privacy wide open to whoever
> > operates your local news server anyway. You might want to avoid that.)
>
> I am not talking about real anonymity. If you want that, you won't get
> it here.
Ah. So all you want is sham privacy - the kind that won't deter someone
who really wants to find out. Reading nana-u, it sure looks like there are
quite a number of those around.
Sorry, but I really think we should put no privacy snake oil in our
standard.
> > In short, I'd much prefer having the Security Considerations section talk
> > about what exactly are dangers here, and what are possible steps to take
> > for setups that specifically want to cater to it - and not give the rest
> > of the world the idea that justusing tokens instead of IP addresses will
> > buy them much of anything, because it won't.
>
> It doesn't protect them from their own ISP but yes, it stops random people
> finding out their IP address from their USENET postings.
Their IP address being just about the most unimportant thing to know about
most people, them being behind a dynamic IP.
> > > If you're not reading
> > > on a relatively local server, you are starting to lose most of what
> > > USENET is and why it was created and still flourishes.
> >
> > You don't really expect anyone to take that serious, do you?
>
> Yes. What's the point of a distributed conferencing system if not the
> speed of local access?
Given I'd expect the vast majority of Usenet readers to *not* have local
access, I sort of fail to see how that could possibly be a point.
And no, an ISP's news server is *not* local access any more than a typical
specialist usenet provider's is.
> Why not design it centralized, the administration
> is a lot simpler.
Admin of a centralized system serving several millions of newsreaders,
*simple*?
Somehow I suspect we don't speak the same language here.
> People read USENET for three reasons
>
> 1) Fast local access blows away any remote system
This one I think is pure fantasy.
> 2) Newsreader user interface still has advantage over most
> web based message board systems
True.
> 3) Legacy history provides large group of users and topics
The web has the same with much less history. So I doubt this is it.
> I think they're all important. Frankly I don't know why (2) is still true,
> since there is no inherent reason you couldn't design a system with a better
> UI for use from remote servers, but as yet none has caught on.
For most people, this *is* a system for use from remote servers.
> But then, why have injectors at all? Why have hundreds of thousands of
> admins administer injectors and have dozens of software authors write
> and maintain them, when in fact a few injectors centrally located would
> do the job. Just tell people when they want to post they should
> switch servers and post there.
I think you need to go and talk to some people who understand load.
MfG Kai