|
Grex > Coop13 > #15: Why was its password changed? | |
|
| Author |
Message |
| 25 new of 110 responses total. |
jep
|
|
response 16 of 110:
| 
Aug 31 02:57 UTC 2003 |
It took me a few responses to follow the rationale behind what was
done.
Why was the polytarp account forwarding all of it's mail to staff, dah?
|
dah
|
|
response 17 of 110:
|
Aug 31 06:03 UTC 2003 |
If staff considers itself to be me, give me the root password now or else I
can't do my appropriated duties.
Huh? Oh, polytarp was doing that because he didn't really have any important
mails mixed in with all his spam and he didn't know where else to forward it.
|
scg
|
|
response 18 of 110:
|
Aug 31 07:31 UTC 2003 |
Perhaps the origins of this policy need to be explained, so I'll attempt to
do that.
Staff gets lots of request from people who have lost their passwords, and
needs some way to verify that the person sending the request is in fact the
owner of the account. To do that, in general, staff looks at information in
the account to find some contact information put there by the account's owner.
Most commonly used are phone numbers or e-mail addresses from the .plan file
(what shows up in finger output), but if that's not good enough, staff
sometimes needs to look elsewhere. One of those "elsewheres" is the user's
.forward file, on the assumption that the account holder is by definition the
legitimate user of an account, and anywhere mail to that account gets
forwarded can be assuemed to be that person.
Then came the problem of impersonations, generally a case where somebody
creates an account and claims to be somebody else. There wasn't a policy for
that, but it fit nicely into the password reset policy, in that if somebody
claimed to be somebody else, and that somebody else wanted it stopped,
it was quite legitimate to give control of an account to the person whose
account it claimed to be.
From there, I assumeit to have been a relatively easy jump that if forwarding
mail to an address established that that address belonged to the account's
owner, giving control over an account to the person whose address the accounts
mail was being forwarded to was quite legitimate.
Of course, in most of thsoe cases, staff could easily claim that as far as
they knew, and had been told by hte owner of the account, the account belonged
to the person whose address showed up in the account. In polytarp's case,
staff knew the account wasn't staff's. Still, this strikes me as a pretty
basic application of policy and past precident as written. Do any of
polytar's clones have suggestions for how this might be changed for the
better?
|
dah
|
|
response 19 of 110:
|
Aug 31 14:27 UTC 2003 |
Right, it's a very basic application of policy and past precident which
obviously violates the purpose of policy and PP.
|
aruba
|
|
response 20 of 110:
|
Aug 31 16:53 UTC 2003 |
David, if you don't want any of your mail, you can forward it to /dev/null.
|
cross
|
|
response 21 of 110:
|
Aug 31 16:54 UTC 2003 |
Hey, it's polytarp's fault that he gave his account to staff. Why don't
you take it up with him?
|
remmers
|
|
response 22 of 110:
|
Sep 1 01:52 UTC 2003 |
For various reasons, I don't find the second paragraph of #17
to be credible.
I'm comfortable with how this was handled.
|
cmcgee
|
|
response 23 of 110:
|
Sep 1 01:58 UTC 2003 |
I think staff had a very restrained and reasonable response in this situation.
|
valerie
|
|
response 24 of 110:
|
Sep 1 02:58 UTC 2003 |
This response has been erased.
|
glenda
|
|
response 25 of 110:
|
Sep 1 03:03 UTC 2003 |
Really. STeve even asks my permission to read my mail or files when I tell
him I am having a problem with them. And we share everything (except
passwords).
|
dah
|
|
response 26 of 110:
|
Sep 1 05:58 UTC 2003 |
O please, valerie. You know for a FACT that you gave the polytarp account
to staff. You said you did. That means, of course, you've also given them
permission to read various private files; and, as you said, they don't need
the password to do that. This is a chilling and BLATANT violation of privacy.
|
i
|
|
response 27 of 110:
|
Sep 1 14:03 UTC 2003 |
I can't imagine any grex staffer either thinking that the symbolic "giving"
of polytarp's account to staff gave them (staff) any more rights to the
account's contents *or* that any grex staffer has nothing more important or
interesting to do than look through polytarp's account.
Is there anything so important/interesting there (address of Saddam's secret
hideout, text of the next Harry Potter book, Fermat's original proof of his
"last theorem", etc.) that we should bother going to look?
|
davel
|
|
response 28 of 110:
|
Sep 1 14:23 UTC 2003 |
Re #22: I find the first paragraph of #17 even less credible, somehow.
|
cross
|
|
response 29 of 110:
|
Sep 1 14:39 UTC 2003 |
Regarding #26; Wow, it's like arguing with a brick wall, isn't it?
|
russ
|
|
response 30 of 110:
|
Sep 1 16:00 UTC 2003 |
This soap opera just keeps getting better! Or is it a cartoon,
with poly in his various guises as e.g. the coyote?
|
dah
|
|
response 31 of 110:
|
Sep 1 18:37 UTC 2003 |
O please, Walt. You know as well as I do that Grex's staff is stalking me.
Now they've allowed themselves to use my mail address, as well as reading my
private files and E-mail. It's absurd.
|
davel
|
|
response 32 of 110:
|
Sep 1 22:16 UTC 2003 |
"Absurd" is exactly the correct word, indeed.
|
dah
|
|
response 33 of 110:
|
Sep 1 23:54 UTC 2003 |
It's a blatant privacy violation, and the fact that the Grex users can't see
that is a horrible reflection, etc.
|
russ
|
|
response 34 of 110:
|
Sep 2 01:08 UTC 2003 |
I know, it's plot-element trials for "Dumb and Dumber-er-er"!
|
dah
|
|
response 35 of 110:
|
Sep 2 01:49 UTC 2003 |
That was an just an awful sentence, Russ.
|
cross
|
|
response 36 of 110:
|
Sep 2 02:42 UTC 2003 |
Why is it a privacy violation? Staff could have looked at polytarp's
`private' files at anytime *if staff had wanted to*. Staff didn't want
to, and doesn't now; so far as I'm aware, no one's gone looking at
polytarp's files. So what, exactly, is the privacy violation?
|
dah
|
|
response 37 of 110:
|
Sep 2 02:52 UTC 2003 |
Because now staff thinks it owns the files and therefore it's not like they
don't equally think there's nothing unethical about looking at them and
stalking me.
|
scg
|
|
response 38 of 110:
|
Sep 2 03:34 UTC 2003 |
Polytarp, one day when you're older, you may come to the understanding taht
constantly attempting to annoy some group of people will likely cause them
to do things to you that you'd rather they not do. In some cases (not going
out of their way to do things for you) it will be an entirely reasonable
response. In other cases, the responses may well turn out to be things that
people shouldn't do no matter what the reason, but which still wouldn't have
been done to you had you not provoked them.
Frankly, I think the staff has been remarkably restrained in dealing with you.
|
dah
|
|
response 39 of 110:
|
Sep 2 04:01 UTC 2003 |
A paragraphe is like an hamburger. Where's your bun?
|
scott
|
|
response 40 of 110:
|
Sep 2 15:22 UTC 2003 |
Staff has been remarkably restrained in dealing with an obvious troll. I
don't see any justification in dah/polytarp's complaints. He's just looking
for attention.
|