|
Grex > Coop12 > #127: Grex, once again, has pissed me off | |
|
| Author |
Message |
| 25 new of 184 responses total. |
mary
|
|
response 73 of 184:
| 
Sep 6 20:48 UTC 2002 |
Do internet cafes offer an email program that allows you to be anonymous?
Is Hotmail still anonymous? Or do you get to browse all you want without
having to login but as soon as you want to actually send mail, or buy
something, or participate in a forum you need to give some identifying
information to the provider, or store, or host? That's how libraries I've
visited handle it.
|
tod
|
|
response 74 of 184:
|
Sep 6 21:20 UTC 2002 |
Hotmail asks you for another e-mail address and for your personal information
while you're online. It does NOT ask for a copy of your ID.
Internet cafes ask for money.
Libraries? You can show them a letter from zippy the postman to prove you're
a local resident and that's enough.
None of the above make a copy of your ID that I'm aware.
|
other
|
|
response 75 of 184:
|
Sep 7 03:30 UTC 2002 |
Do any of these services offer shell accounts?
Disk storage?
Compiler access?
Scripting support?
Yeah, thought so. What was your point again?
|
mary
|
|
response 76 of 184:
|
Sep 7 03:39 UTC 2002 |
No, really, I'm curious, Tod. Can you walk into your library
and end up sending email without going through an account
which has required some form of ID?
Does an internet cafe offer you more than internet browsing?
For anything else don't you pretty much have to login to
a server where you are known?
|
scg
|
|
response 77 of 184:
|
Sep 7 04:06 UTC 2002 |
Talking about legal requirements to collect ID in this context probably
doesn't accomplish much, since there aren't any. We are required to keep a
list of names and addresses of our members, but no other non-profit
organization I've joined has asked for any verification of the names and
addresses. I suspect, therefore, that simply asking for it and recording what
we're given is enough, and the occasional inaccuracy would not be considered
legally our fault.
Grex's ID for Internet use policy is nine years old, and dates from the era
when the Internet was a faily closed academic network, anonymous access was
hard to come by, and various people in the Grex leadership felt a strong
responsibility to protect our academic neighbors from the sorts of Internet
users they might not be acustomed to dealing with. Today's Internet is rather
different. Anonymous access is quite easy to come by, from Internet cafes
where cash is required but ID isn't, from public libraries where in many cases
it's possible to just walk in and sit down at a computer, from those of us
who run open wireless networks, and so forth. No reasonable person connects
their systems to the Internet these days and assumes everybody connecting to
it will have already been authenticated by somebody else. Law enforcement
doesn't need ID from us -- if the user was connecting from within the US they
can look at when the connection came in and from where, and subpoena the
information from the phone company or other Internet system the user connected
from, and track the person that way. But that's not to say nobody collects
identifying information before allowing access to the Internet anymore. ISPs
generally require payment by check or credit card, and store that information
for other reasons. Employers generally require a lot more information about
people than that, again for other reasons. The real question for Grex at this
point is how much we want to know about those who are using our system to
connect to the Internet, so that if they're causing a problem we can cut them
off and make sure they don't just come back under a different name. Again,
we're not legally required to do so, but somebody using Grex to cause problems
elsewhere will cause Grex a big headache, and there's a lot to be said for
being able to get rid of such people easily and for good.
|
jmsaul
|
|
response 78 of 184:
|
Sep 7 05:36 UTC 2002 |
Re #76:
I'm not Todd, but I can answer these.
> No, really, I'm curious, Tod. Can you walk into your library
> and end up sending email without going through an account
> which has required some form of ID?
Yes. You can go create a hotmail account (for example). It requires
another valid email address, but once you've got one, you can basically
get an unlimited number. And the one doesn't even have to be yours.
Anyone who seriously wants to cause trouble will cover their tracks.
> Does an internet cafe offer you more than internet browsing?
From the web, unless firewalled, you can do a hell of a lot. Including
downloading telnet software, depending on how restrictive the cafe is (or
isn't).
> For anything else don't you pretty much have to login to
> a server where you are known?
No. You can do a tremendous amount from the Web. Really.
|
jmsaul
|
|
response 79 of 184:
|
Sep 7 05:49 UTC 2002 |
Incidentally, *Grex* lets you send email to the entire universe without
requiring some form of ID -- go through newuser and you can do it.
|
scg
|
|
response 80 of 184:
|
Sep 7 06:08 UTC 2002 |
(for what it's worth, from any Internet connected Windows box, unless
somebody's gone to a lot of trouble to block it, you can easily do pretty much
any sort of outbound Internet connection. That means you can do all the
things Grex blocks in the kernel. Most people setting up Internet cafes,
school computer labs, and the like, wouldn't know how to block that sort of
thing if they wanted to)
|
mary
|
|
response 81 of 184:
|
Sep 7 11:57 UTC 2002 |
Grex is about as close to allowing anonymous access as I think we
can get. But I'd love to be proved wrong.
|
scott
|
|
response 82 of 184:
|
Sep 7 13:12 UTC 2002 |
What exactly is Arbornet's policy on ID and on outbound telnet?
|
jmsaul
|
|
response 83 of 184:
|
Sep 7 14:07 UTC 2002 |
Arbornet restricts outbound telnet to members/patrons (or at least we used
to), and asks for the person's real name. I don't think it's ever asked
for photocopies of drivers' licenses, and it certainly hasn't during the
time I've been involved. Arbornet has never asked for, or received, credit
card numbers as far as I know. It's received a lot of checks, and it's
possible that the treasurers have used those to get addresses, but I'm not
sure Arbornet even requires members/patrons to provide an address, and I'm
sure the address doesn't get verified in any way if it does.
Whatever the original rationale for restricting outbound telnet was, the
main reason Arbornet does it now (based on the discussions I've been in
about it in the past) is that we're interested in people who want to come
and use M-Net, not people who want to use us as a stepping-stone to get
somewhere else. If you're going to hang out and play, we're happy to give
you free access; if you want outbound telnet, that doesn't enrich the
community in any way, so we'd like you to donate to help keep things
running. The staff has been happy to avoid the hassles that could come
with completely open outbound telnet, but we've never felt it was
necessary to hold patrons/members' personal information hostage for their
good behavior, or to maintain a database in the event we need to help law
enforcement go after them. In the 18 years we've been operating, it's
never been necessary.
People who want to go out and do bad things will either crack someone
else's account and stage from there, or use some method far less traceable
than buying an account on M-Net. If they're using email, they'll just
create a guest account, same as here. We've been used as a platform for
attacks before, but those have either been email abuse, or cases where
someone's exploited holes to use access they shouldn't have had.
|
jmsaul
|
|
response 84 of 184:
|
Sep 7 14:09 UTC 2002 |
(Incidentally, I don't speak for Arbornet, I'm just speaking as a long-time
member of the community.)
|
mynxcat
|
|
response 85 of 184:
|
Sep 7 14:16 UTC 2002 |
They don't require any ID. At least if you pay by PayPal, you just make a
payment and thats it.
|
remmers
|
|
response 86 of 184:
|
Sep 7 16:15 UTC 2002 |
Arbornet still seems to block outbound telnet, ssh, and ftp for guests.
As I remember the discussions when Grex was formulating its internet
access policy, the idea that Grex should be primarily a destination,
not a stepping-stone, was definitely a factor in the equation, although
not the only consideration.
By the way, Grex's outbound access policy was established by a member
vote. Therefore, one can't really say why the policy is the way it
is -- each member who voted for it had their own reasons for doing
so, which they weren't required to divulge.
Since the policy was established by a vote of the members, any
proposed change should probably be voted on too.
|
jp2
|
|
response 87 of 184:
|
Sep 7 17:07 UTC 2002 |
This response has been erased.
|
aruba
|
|
response 88 of 184:
|
Sep 7 17:32 UTC 2002 |
Grex doesn't have any employees to get disgruntled.
"far too high": How high is it? Let's hear some numbers. What do you think
the probability is that our list of IDs will be lost or stolen?
|
jp2
|
|
response 89 of 184:
|
Sep 7 19:47 UTC 2002 |
This response has been erased.
|
scott
|
|
response 90 of 184:
|
Sep 7 20:28 UTC 2002 |
Seems kind of hypocritical, though. Do you refuse to use credit cards at
restaurants because the risk of CC fraud is higher than zero (indeed, higher
than what you're complaining about Grex's risk being)?
|
remmers
|
|
response 91 of 184:
|
Sep 7 20:39 UTC 2002 |
I've been thinking the same thing as I've been following this
discussion. Considering the number of times I hand my credit
card to a stranger over the course of any given week, often
to have them take it out of the room for a few minutes, I'd
expect that my risk of identity theft is a lot higher from
that kind of thing than from any of Grex's practices. So
let's try to keep all this in perspective. I think what
we're seeing here is a case of much ado about very little.
|
jmsaul
|
|
response 92 of 184:
|
Sep 7 21:14 UTC 2002 |
On one level, it is. On another level, it's just another example of people
collecting and retaining personal data they don't need "because we can," and
it's worth criticizing that philosophy on principle. There's far too much
of it going on these days.
If you don't have a clear, pressing need for information like drivers' license
and credit card numbers, you shouldn't be collecting it. Period.
|
aruba
|
|
response 93 of 184:
|
Sep 7 21:17 UTC 2002 |
Jamie, quantum physics should tell you that the probability that your brain
will suddenly tunnel out of your head and land on the keyboard in front of
you is greater than zero. Do you worry about that?
|
scott
|
|
response 94 of 184:
|
Sep 7 21:44 UTC 2002 |
Re 92: So, why are you wasting your time (and ours) when you could be doing
a much greater public service by reforming how restaurants deal with credit
cards?
|
polytarp
|
|
response 95 of 184:
|
Sep 7 21:52 UTC 2002 |
Act locally; think globally.
|
gull
|
|
response 96 of 184:
|
Sep 7 22:05 UTC 2002 |
Re #73: You can get an anonymous Hotmail account. I've done it.
I mean, they ask you for personal info, but they don't check it.
|
carson
|
|
response 97 of 184:
|
Sep 7 22:06 UTC 2002 |
resp:94 (because he cares about Grex, and [most] people on Grex are
willing to consider such a topic reasonably? a wild concept, I
know, but you might look into it.)
|