|
|
| Author |
Message |
jp2
|
|
Membership Initiative
| 
Dec 16 11:10 UTC 2003 |
This item has been erased.
|
| 52 responses total. |
albaugh
|
|
response 1 of 52:
|
Dec 16 18:19 UTC 2003 |
Did you ever see "The Blues Brothers"? (movie)
|
carson
|
|
response 2 of 52:
|
Dec 17 14:11 UTC 2003 |
(could we get a refresher on why there is a verification policy and
on the arguments against having such a thing?)
(as I understand this initiative, it would replace the current policy
with a policy of accepting addresses as identification without
verification. does this mean physical addresses or does it include
other addresses, such as e-mail addresses? if it does include e-mail
addresses, would a Grex e-mail suffice? wouldn't that be redundant?)
|
gull
|
|
response 3 of 52:
|
Dec 17 14:18 UTC 2003 |
And should we accept addresses that are obviously fake? Who determines
what is "obviously fake"?
|
gelinas
|
|
response 4 of 52:
|
Dec 17 14:24 UTC 2003 |
As I understand it, the basic reason for the verification policy is so that
we can identify the person or persons who use grex as a base of operations
for attacks on other systems.
I do not think the current system needs changing.
|
albaugh
|
|
response 5 of 52:
|
Dec 17 15:24 UTC 2003 |
Nor do I. Recall that in The Blues Brothers movie Jake (or was it Elwood?
;-) gave as his address for his drivers license Wrigley Field.
|
aruba
|
|
response 6 of 52:
|
Dec 17 16:08 UTC 2003 |
I think the major effect that the ID policy has is to discourage some people
from becoming members. I don't know how big that pool is, but I am pretty
certain that among the pool are almost all the people who would abuse the
privileges that members get.
When Grex accepted credit cards back in 2000, there were a number of times
when credit cards were charged back because they were stolen. That has
happened only once in the 3 years since we dumped direct credit card
processing and started using Paypal. My conclusion is that there are people
out there who would like to buy memberships and use them for illicit
purposes, and we have an interest and a responsibility to try to prevent
them from doing so.
Now, this is a tradeoff, because I'm sure we discourage some legitimate
donors with our ID policy. I'm fairly certain, though, that we also save
ourselves a lot of headaches.
I can think of a couple things we could do short of abolishing the
collection of ID altogether. One is to accept a Paypal "verified address"
as valid ID. I have never gone through the process to get a verified
account with Paypal, so I don't know exactly what's involved; perhaps
someone who has done it could tell us. All I found was this page:
/----------------------------------------------------------------------\
| https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/verification-outside |
\----------------------------------------------------------------------/
which says you need to prove you have a checking account (if you're in the
US) or a credit card (if you're outside the US).
Another thing we could do is do more to encourage people who don't want to
send ID to send donations anyway. They wouldn't become members, but they
would be supporting the system. Right now we have a page about that:
/------------------------------------------------\
| http://www.cyberspace.org/grexmart/donate.html |
\------------------------------------------------/
but there's not much to it. We could promote this option a lot more.
It's true that the net has changed a lot since the ID policy was adopted,
and people are much more wary about giving out ID (I know I am). So I
wouldn't be at all surprised to learn that this holds some people back
from becoming members.
I would caution everyone, though, not to assume that removing the ID
policy will result in everyone who doesn't like it becoming members. A
while back a number of people complained that they couldn't be bothered to
write a check to Grex, and why didn't Grex accept credit cards? But when
we did start accepting credit cards, many of them found a different
excuse, and never did become members.
|
gull
|
|
response 7 of 52:
|
Dec 17 16:15 UTC 2003 |
If you link your bank account to PayPal, the confirmation process is
pretty simple: They make two small (between $0.01 and $0.99) deposits to
your account. When you get your bank statement, you go to PayPal's site
and enter the amounts of those deposits. If the amounts match, PayPal
takes this as evidence that the account is yours and the mailing address
associated with the account is correct.
|
jp2
|
|
response 8 of 52:
|
Dec 17 16:32 UTC 2003 |
This response has been erased.
|
flem
|
|
response 9 of 52:
|
Dec 17 16:40 UTC 2003 |
*cough*FUD*cough*
|
other
|
|
response 10 of 52:
|
Dec 17 16:45 UTC 2003 |
I hope those whose expressed doubt about my feelings with regard to
jp2's benevolent interest in Grex are reading this...
|
jep
|
|
response 11 of 52:
|
Dec 17 17:59 UTC 2003 |
I now send my membership contribution, and and any donations I make to
Grex, via Paypal. I would probably be a member even if I had to mail a
check, but would be slower about sending the money. I'm more likely to
donate now than I used to be.
If there was a "no ID required, non-voting membership" link on the WWW
page, right next to the current link to contribute for a membership,
I'll bet some people would use it.
BTW: if there were other options on that page, such as "membership +
$10", I would have used one earlier this week when I renewed my
membership. I know using Paypal costs Grex some money, and I would
have happily contributed a bit extra to cover that cost. Instead, the
membership amount of $60 was hard-coded into the link. I didn't have
the option to add extra money. I'd have to go back and make another
contribution to send any additional money. I'd like to suggest
membership +$10, $25, $50, and $100 options be added.
|
remmers
|
|
response 12 of 52:
|
Dec 17 18:22 UTC 2003 |
The problem with a "no ID required, non-voting membership" option is
that it ignores the other reason we require ID.
I think that a "no-ID-required contribution" option that carried no
privileges would be reasonable. It might bring in some additional
income, although I don't know how much.
|
micklpkl
|
|
response 13 of 52:
|
Dec 17 18:45 UTC 2003 |
Personally, I have sent extra money to cover the Paypal fees that are charged
to Grex. IIRC, you can send any amount you like via Paypal, though evidently
jep in resp:11 must've used an some URL that I'm not aware of.
|
aruba
|
|
response 14 of 52:
|
Dec 17 18:52 UTC 2003 |
I think both John and Mickey are correct - you *can* send any amount via
paypal, via http://www.cyberspace.org/grexmart/donate.html. But the link
at http://www.cyberspace.org/member.html doesn't allow you to change the
amount.
I agree we could do a better job with the links. I think John's ideas are
good ones.
|
jp2
|
|
response 15 of 52:
|
Dec 17 19:50 UTC 2003 |
This response has been erased.
|
aruba
|
|
response 16 of 52:
|
Dec 17 20:12 UTC 2003 |
Oh for Christ sake, Jamie, no personal information was ever available
online and you know it. You're referring to the fact that I have data on
my machine, and my machine is sometimes connected to the internet. That
doesn't mean that the data is available over the net! I'll bet your bank
has numerous computers which are both on the internet and capable of
accessing your banking records. Does that mean your bank is
irresponsible? Why don't you go stand in front of it and hand out fliers
complaining that they've lied in their disclosure statements. Let us know
what happens.
|
jp2
|
|
response 17 of 52:
|
Dec 17 20:57 UTC 2003 |
This response has been erased.
|
willcome
|
|
response 18 of 52:
|
Dec 17 23:26 UTC 2003 |
jp2's a millionaire!
|
scg
|
|
response 19 of 52:
|
Dec 18 02:01 UTC 2003 |
re 16:
If you're running Windows and aren't *very* careful about applying
security patches promptly, the answer is probably that any data on your
computer is reasonably easily accessable whenever you're on the Net.
Banks and the like, which have historically relied entirely on firewalls for
protection of PCs, have had some significant problems with this recently,
since a lot of the recent Windows worms have had no trouble at all getting
around firewalls.
|
jep
|
|
response 20 of 52:
|
Dec 18 10:48 UTC 2003 |
The e-mail I received, letting me know it was time to renew my
membership, had a link to Paypal which had a hard-coded $60 in it. I
just used that and didn't look beyond it.
Using the link was as simple as it could have been. Adding options
would complicate matters, and I don't know if it would be worthwhile
overall. I just know if other options were available, I'd probably
have used one of them.
|
jep
|
|
response 21 of 52:
|
Dec 18 10:50 UTC 2003 |
re resp:12: I'd overlooked the perks of membership. (-: I agree, a
no-ID membership would have to be without outbound Internet privileges.
I think it'd be worthwhile offering that as a contribution option.
|
aruba
|
|
response 22 of 52:
|
Dec 18 13:43 UTC 2003 |
Re #19: Steve is referring to Windows 2000ff, whereas I am running Windows
98, which is much stupider and therefore less exploitable. And I am up to
date on patches.
I don't want to do anything with the data that might compromise it, so if
there is a real issue here, I'll do what's necessary. But I bristle at
being called a liar for saying the data "is not stored on the net". It's
not, and never has been.
|
gull
|
|
response 23 of 52:
|
Dec 18 14:33 UTC 2003 |
Re resp:17: If you're hoping to only deal with companies that never put
your data through a Windows PC, all I can say is, "good luck".
Re resp:22: Windows 98 doesn't run most of the services that have been
compromised on NT, 2000, and XP, but it is vulnerable to some Internet
Explorer and Outlook Express exploits. (Note, too, that Microsoft is
dropping support for Win98 soon and will not be providing any more
bugfix updates.) The fact that you don't have any services running
doesn't help you when someone takes advantage of an IE bug to install
BackOrifice. There are at least three bugs in IE that have not been
patched yet and will allow a rogue website to install pretty much
anything on your computer. My advice at this point is for Windows users
to avoid IE and use something else, like Mozilla, Firebird, or Opera.
I think jp2 does have somewhat of a point, but the risk would be easily
mitigated just by keeping the membership info on removable media and
only having it in the computer when you need to work with it. I would
also hope you're only storing name and address info, not sensitive stuff
like credit card numbers, driver's license numbers, or SSN's.
|
aruba
|
|
response 24 of 52:
|
Dec 18 15:02 UTC 2003 |
We don't have any credit card numbers or social security numbers. We do
have drivers license numbers. I don't use Outlook Express and only use IE
when Opera and Netscape won't work on a particular site. (Try using Opera
on microsoft.com sometime - you get a teeny-tiny font that's illegible.)
I think putting the database on a floppy sounds like a good way to have data
corruption problems, and it's not a good solution for large databases. I
guess I could put it on a keyring data chip, and keep it with me at all
times, but that seems a little paranoid to me.
|