|
|
| Author |
Message |
sidhe
|
|
Verification Dangers
| 
Mar 14 20:26 UTC 1995 |
The question of Verification is in no way an easy answer. We must
ask ourselves to what extent do we wish to burden ourselves with the job
of NetCop, as well as the extent that we allow the wonderful spirit of
Lassez-Faire to rule. I myself have little problem in supplying Photo ID
<except that the picture is awful.. ah, well..>, but others have, in the
past, and will, in the future.
Indeed, then, the question must begin as, "What constitues a
reasonable amount of ID? Is a Photo necessary? Is having a known Grexxer
vouch for your identity good enough?"
This facinates me, as a good <non-grex> friend of mine once
belonged to a BBS, where the list of member's addresses, phone #'s, etc,
was *supposed* to have been secure, fell into the wrong hands. She was
notified by the police that the fellow who had gotten the list had been
tracking down the Females on it, and raping them. He was stopped, thankfully,
before he got to her name.
But this scared her, and still does. I would postulate that it
certainly would make me think twice about supplying ID to a source that
POTENTIALLY could be insecure. Thoughts? Questions?
|
| 183 responses total. |
ajax
|
|
response 1 of 183:
|
Mar 14 22:31 UTC 1995 |
The verification policy was recently discussed in the last coop's item
26, but it's still up in the air. John Remmers offered to assemble a
synthesis of the ideas for the March board meeting.
The proposals in oldcoop item 26 didn't require photos. One person
suggested using photo ids for in-person (non-mail) verification, but I
don't know if that will be in John's summary. There was also no mention
of allowing a "person known by a verified user" as a form of verification.
It's a good question to toss about a bit!
As for security of the info, verification id info isn't stored on-line.
People could still physically steal it from wherever it is stored, but
it's safer than on-line storage. Also, psychos who want addresses can
just finger users who volunteered public info in the newuser program.
|
rcurl
|
|
response 2 of 183:
|
Mar 15 07:26 UTC 1995 |
So, you want to outlaw the phone book?
|
ajax
|
|
response 3 of 183:
|
Mar 15 13:46 UTC 1995 |
If access to outbound telephone service required you to have your full
name and address published in the phone book, I bet a lot of people would
go without! But neither Ameritech nor Grex requires any info be public;
the question is really about what information is needed for private storage,
and how securely it's stored.
|
rcurl
|
|
response 4 of 183:
|
Mar 15 18:01 UTC 1995 |
Most people are not paranoid, and list their names, addresses, and phone
numbers in the phone book. That makes us all subject to that dire
scenario of being hunted down to be raped, right? Wrong. Unlisted numbers
exist, but are relatively rare (I have one - I don't want people calling
my data line).
|
selena
|
|
response 5 of 183:
|
Mar 15 20:11 UTC 1995 |
There are PLENTY of unliste numbers- so much that calling information
for a phone number is getting pretty useless. I'll admit to having a PHOBIC-
class problem, above and beyond all reasonableness, but the point is real
simple; Phone books are too easy, and aren't as tantalizing to your average
psycho <heh.. average psycho..> as a list that is supposed to be private.
Gotta admit, I never heard of anything like that happening to a
BBS before, but I'm NOT surprised. Was the info online, sidhe, or offline?
|
scg
|
|
response 6 of 183:
|
Mar 15 20:31 UTC 1995 |
This response has been erased.
|
nephi
|
|
response 7 of 183:
|
Mar 16 03:06 UTC 1995 |
View hidden response.
|
sidhe
|
|
response 8 of 183:
|
Mar 16 21:03 UTC 1995 |
I'm not sure, but I think it was offline. I'll have to double-check.
|
srw
|
|
response 9 of 183:
|
Mar 17 00:48 UTC 1995 |
To the best of my knowledge photo ID is not a requirement for anything on
grex. Furthermore I am against the use of photo ID.
|
scg
|
|
response 10 of 183:
|
Mar 17 04:08 UTC 1995 |
Against the use of photo ID, or against the required use of photo ID?
|
rcurl
|
|
response 11 of 183:
|
Mar 17 07:52 UTC 1995 |
Heck, and I got a scanner just to submit my ID....
|
danr
|
|
response 12 of 183:
|
Mar 17 11:52 UTC 1995 |
I am currently accepting both photo id and non-photo ids.
|
selena
|
|
response 13 of 183:
|
Mar 18 07:15 UTC 1995 |
What about a known "ID-ed" grexxer vouching for you?
Would that work? If not, why not, and be real clear about it. I wanna make
sure I understand you fullly before I go and shoot my mouth off.
|
srw
|
|
response 14 of 183:
|
Mar 18 08:15 UTC 1995 |
Re 10: I don't care if people use photos, I just don't want it required.
It would prove nothing anyway, as we don't get to see anyone's face
on-line.
Re 13: As I understand it, our policy does not provide for indirect ID.
For legal reasons, we need to have ID in the treasurer's files.
This info is not available to the rest of the board or to the staff,
under normal circumstances. It is also used to ensure that Grex could deny
some service to a user determined to abuse it.
|
ajax
|
|
response 15 of 183:
|
Mar 18 15:29 UTC 1995 |
Are the legal reasons for membership only, for usenet posting only, or
for both? If we did accept indirect id, then the vouched-for person could
vouch for two of their friends, and they could vouch for two of their
friends, and so on.... :)
Selena, I wouldn't expect to get _the_ reason...policies to accept or not
accept the id would be the result of at least four of seven board members,
who decide things for a number of different reasons. The most direct
reason I can think of is that four of seven board members either disagree
with indirect id (for usenet posting and/or membership), or they haven't
voted on the idea.
|
popcorn
|
|
response 16 of 183:
|
Mar 18 23:03 UTC 1995 |
IMHO, the reason for not accepting indirect ID is that the Grex board
is (more or less) responsible for having good ID for the people who send
in ID. If there's a problem with a user, it's the Grex board who could
end up in trouble. Therefore, the board needs to be sure that the person
doing the verification is trustworthy. Just because a person sent in ID
and became a verified user, doesn't mean that they've been checked out to
be trustworthy to verify other users. I mean, Grex has a lot of members
I've never even *met*. I certainly don't know them well enough to know if
I'd trust them to go verifying other users for me.
|
srw
|
|
response 17 of 183:
|
Mar 19 07:06 UTC 1995 |
The legal requirement has to do with voting. The other reasons have to do
with usenet, etc. I personally don't want to know anyone's identification.
I am happy just to have the treasurer handle that. I want to know that
if a person misbehaves on usenet, we have the option of pulling the plug.
Rob's right, I'm sure. No two directors necessarily think alike on this.
|
sidhe
|
|
response 18 of 183:
|
Mar 21 03:48 UTC 1995 |
Facinating. So, the voting issue is the deciding factor, legally?
|
tsty
|
|
response 19 of 183:
|
Mar 21 07:22 UTC 1995 |
Let's explore for a bit, the rationality of id for voting. At $6/month,
and a given voter-membership already, how much money would Cyberspace
have to collect before an election could be "bought?"
MIght be around $400 before an election could be sufficiently
influenced - and of course, there would have to be startlingly
massive and sudden influx of "anon" memberships donated ... sufficient
to alert the treasurer that something was amiss, or, amassed.
Then all the anons could elect themselves and serve, individually, or
would that be collectively, as the borg.
I admit that a board seat is a fine position, and Cyberspace could
certainly use $400 or more (depending on how efficient the "anon"
wanted to be ... it might take $1000 to be *certain*), but with
that sort of money floating around, wouldn't some other investment
be a tad more rational? A tad more reasonable? More ..... sane?
|
srw
|
|
response 20 of 183:
|
Mar 21 07:29 UTC 1995 |
It's not just there to prevent one person from voting twice.
It does have that effect, but there is also a state law that
requires non-profit corporations to maintain a list of voting members.
(It does not require that the list be revealed to the public.)
|
rcurl
|
|
response 21 of 183:
|
Mar 21 07:51 UTC 1995 |
The prospect of a vote being "bought" by a clique, while possible, is
pretty remote. It would be simpler for them to start their own
corporation, not to mention more kindly received. But such things do happen
(a "palace coup"). The simplest first step to partly deflect it is to
have the bylaws so half or more of the board is never elected at once.
Then, it takes two years to "take over", during which a defence could be
mounted.
|
ajax
|
|
response 22 of 183:
|
Mar 21 16:29 UTC 1995 |
Also, voting requires three months of membership, so you'd have
to pay $18 times 100 users ($1800) if you wanted to ensure a majority
vote. Is a single person currently allowed to buy two memberships,
and thereby cast two votes, or is there a limit of one vote per person?
|
rcurl
|
|
response 23 of 183:
|
Mar 21 21:15 UTC 1995 |
I know a non-profit that converted from a membership organization to
a director based organization issuing shares, just to prevent the
possibility of a hostile takeover. They are a land trust, owning many
hundreds of acres as natural areas. An unscrupulous clique could have
taken over by buying enough memberships, and then selling the land
to "friendly" developers. However this kind of situation is a serious
concern primarily when the non-profit has large assets to protect.
|
selena
|
|
response 24 of 183:
|
Mar 22 16:07 UTC 1995 |
Steve, could a non-voting membership be offered, which would allow
telnet and USENet? That would make *little-ol-me* happy.. and the legal
strings would be gone!
|