|
|
| Author |
Message |
| 25 new of 105 responses total. |
steve
|
|
response 25 of 105:
| 
Jan 24 21:29 UTC 1995 |
Ah, I see. Well, I'm in complete agreement that trying to determine
the 'realness' of all IDs is a bad thing. I don't like our having to ask
for ID to let folks out on the net, but we have to. But overall policing?
Ick. Newuser would have to get closed down, etc.
Mary, what is your thought on the possible implications of having an
official "anon" account? Do you think it might look worse for Grex to
have to deal with 'bad' mail comming from anon, as opposed to another
account? I guess I'm wondering if the concept of "anonymous" anything
is starting to be seen as a bad thing.
|
chelsea
|
|
response 26 of 105:
|
Jan 25 05:22 UTC 1995 |
I think that in most cases where someone is going to be upset at
Grex because mischievous mail was sent from our system they won't
be any less upset if the account was a sanctioned do-it-yourself-style
pseudo account or one set-up by Grex. They're simply going to be
quite angry there is such a thing as unverified mail privileges.
And, parallel to that logic, we aren't going to turn good citizens
into mail-bombers because we set-up an anonymous account. If someone
wants to cause trouble they're gonna cause trouble.
But if staff feels having such an account would somehow enable
behavior that otherwise wouldn't happen or they'd rather not have
to defend such an account - I won't complain. I just find the
excuse and sense of false security somewhat silly.
Which brings me back to the second time I'll ask the question:
Could an anonymous account be set-up but only be given internal
access, like to conferences and chat?
|
popcorn
|
|
response 27 of 105:
|
Jan 25 05:47 UTC 1995 |
Not really.
|
kentn
|
|
response 28 of 105:
|
Jan 25 06:17 UTC 1995 |
Would a restricted shell work to restrict access?
|
rcurl
|
|
response 29 of 105:
|
Jan 25 07:09 UTC 1995 |
I'm with the opinion that its an empty gesture which might amuse a few
briefly, but not worth even the time that has been spent on it here.
|
remmers
|
|
response 30 of 105:
|
Jan 25 12:02 UTC 1995 |
Since people can create all the anonymous accounts they want and share
the password with anybody they please, an "official" anonymous account
seems to me to be redundant.
|
brenda
|
|
response 31 of 105:
|
Jan 25 15:43 UTC 1995 |
couldn't anyone just run chfn before they respond if they want a truly
anonymous post?
|
steve
|
|
response 32 of 105:
|
Jan 25 17:19 UTC 1995 |
Actually, we could prevent "anon" from using mail. It would
involve changing all the current mail programs, but it is possible.
Note that I'm not saying its reasonable. Just that we could do it
if we wanted to. However, all the other things that are on the
queue for staff to do would have higher priority.
Brenda, you'd still be traceable if you changed your full name,
hence people creating new accounts for a truely anonymous response.
|
ajax
|
|
response 33 of 105:
|
Jan 26 09:42 UTC 1995 |
Picospan could also be changed, *theoretically*, to allow true anonymous
responses, thus lessening the need for anonymous accounts. If memory serves,
UMich's Confer program (similar to picospan) had an "anonymous" command (or
something like that) which allowed anonymous responses. Personally I like the
idea; it makes it much easier to do something people can do anyway by creating
new accounts.
|
remmers
|
|
response 34 of 105:
|
Jan 26 10:55 UTC 1995 |
Right, Picospan would have to be taught not to record the login id
and uid of the person entering the response. That would most likely
require modifying Picospan's source code, which Grex doesn't control.
|
mdw
|
|
response 35 of 105:
|
Jan 26 23:52 UTC 1995 |
It requires more than that. It would also have to not record the date,
which could be used by a clever person to come up with a probable list
of suspects. To really make it effective, it would probably be
desirable to also turn off "ps", "w", "last", and process accounting.
Probably "who" also, and just to be on the safe side, "ls".
|
remmers
|
|
response 36 of 105:
|
Jan 27 00:04 UTC 1995 |
Right. Truly secure anonymity is difficult to achieve on a system as
open as Grex.
|
avi
|
|
response 37 of 105:
|
Jan 27 00:10 UTC 1995 |
The thing about an "anonymous" account is that (and I think Marcus said
this, but to make it more clear ;>) an "anonymous" account would
either be by one of two cases, a user who wants to say something
under one of these style accounts, or some jerkie who found out
that "this k00l site named grex has anonymous accounts and you can talk
trash under them". In case 1, usually it *IS* possible to find out who
this masked (wo)man is. I can usually find out a pseudo in about
8 outta 10 cases. It would take some REAL good bounce-offs/
other untraceable accounts/ etc for someone not to be able
to do some detective work and figure it all out. Remember there are
tools like the wtmp/utmp, finger @, "diff", and little things like that.
In case number 2, well, we'll just hope that that won't happen. =)
I really like the idea of somehow being able to "hide" in picospan.
That is, if i was reading correctly a few responces back.
But I also like the idea that in like bbs softwares (like renegade
and other dos bbs softwares), people can post anonymously but,
the sysop (the fw in this case) have access to who really wrote that.
You hafta realize how someone could easily just hide under a anonymous
and go in writing all the trash they think is funny.
Blabbing on is cool. But I've done too much. :)
|
ajax
|
|
response 38 of 105:
|
Jan 27 07:25 UTC 1995 |
Re #35, Confer's anonymous command had the same loopholes, and occasionally
people would try and guess anonymous posters, but it beats nothing, and
guessing identities would often be difficult with a system as busy as Grex.
But you're right, for REALLY anon stuff, a new account is much safer :-).
Re #37, the psycho-renegades who want to spam Grex can already do it
anonymously, unless you can trace the originator of Grex's dial-in calls.
|
mdw
|
|
response 39 of 105:
|
Jan 27 07:45 UTC 1995 |
It is possible to trace dial-in calls. The catch is, having done
so, we are then committed to turning the perpetrator over to
the cops and court system.
|
ajax
|
|
response 40 of 105:
|
Jan 27 08:20 UTC 1995 |
Yeah, I meant "you" to mean if *Avi* can trace dial-ins, a facet I think
he overlooked in tracing pseudos. A number of modems support caller-id now.
|
cicero
|
|
response 41 of 105:
|
Jan 27 15:48 UTC 1995 |
Caller id can be blocked by dialing *67 before placing the call. Caller id
is an invasion of privacy and one of the stupidist services available IMHO..
And yet last year I did a video to teach Ameritech employees how better to sell
it. Ironic, eh?
|
ajax
|
|
response 42 of 105:
|
Jan 27 22:42 UTC 1995 |
Yep! I just hope they don't start selling ultra-caller-id to cancel
out *67, and selling ultra-*67's to cancel that. :) Btw, caller-id
doesn't usually work for long-distance calls either, does it?
|
scg
|
|
response 43 of 105:
|
Jan 28 04:14 UTC 1995 |
I traced a pseudo on a dialin a year ago by looking at the wtmp. There
was another user who *always* logged in on the same line either right
before or right after this pseudo, generally sperated by less than a
minute. Sometimes they would even go for long periods alternating on the
same tty. They were *never* on at the same time. It was pretty obvious.
Of course, somebody doing a better job of it could always just wait a
while between accounts.
|
gregc
|
|
response 44 of 105:
|
Jan 28 05:00 UTC 1995 |
I find #31's assertion that "caller id is an invasion of privacy" to be
absurd. Consider: If a salesman pounds on your front door and attempts
to disturb *your* privacy, do you consider it an invasion of privacy
to request that he tell you his *name* before you deal with him?
The outside caller is *initiating* the conversation. If anything, I
consider telemarketing calls to be an invasion of my privacy. They
started it, they butted into my privacy, they can sure as hell provide
me with their number as compensation.
I work out of my house. A day doesn't go by that I don't recieve at
least 5 calls from companys trying to sell me insurance, siding, windows,
chimney cleaning, singles service, lawn service, investment services,
etc, etc, ad nauseum. I consider this tactic extremly rude. It disrupts
my concentration. I have reached the point that I don't even let them
get started, I simply tell them that to remove me from their list and
hang up on them. Their actions are rude to begin with, they do not
deserve to be treated politely in exchange. And now you say that having
caller id to figure out just who is bothering me is an invasion of *their*
privacy?!? Yeah, right.
|
marcvh
|
|
response 45 of 105:
|
Jan 28 06:42 UTC 1995 |
Allowing anonymous posting without modifying PicoSpam would actually
be fairly simple; make a mailing address you can send a message to
with a subject line like "coop 37", have a mail robot that would post it
anonymously in coop item 37. Add random time delays (not that mail doesn't
already have them) and the like to make it harder to trace. Whether
it's a good idea is another matter, but it's not hard to implement
it such that things really are reasonably anonymous (though half the people
might accidentially include their .signature in the "anonymous" post. :-)
|
remmers
|
|
response 46 of 105:
|
Jan 28 11:49 UTC 1995 |
The post would not be anonymous to the mail robot, however, or to
anyone who could read its mail. Considering some of the reasons
for using anonymous posting, that might be enough to deter people
from using it.
|
cicero
|
|
response 47 of 105:
|
Jan 28 16:36 UTC 1995 |
Re#44
Greg, you'll get no argument from me about telemarketing being an invasion
of privacy--they certainly are that! But caller ID doesn't really stop them
does it? OTOH, caller ID invades MY privacy, because I do not want my number
broadcast when I make a call. I have no practical reason for this, I do not
make calls of a nature that people would want to avoid. It just bothers me
on general pricipals that my number is being made available without my
permission. It is true that I =could= dial *67 to block the caller id signal,
but that is a hassle that I should not suddenly be asked to to deal with. For
caller id to stop invading my privacy I would need
a FREE service where I could tell Ameritech to turn it off on every call that
I make. I NEVER want my number broadcast to caller id units. If that means
that the person that I'm calling (who has caller id) won't pick up my calls
then so be it.
|
avi
|
|
response 48 of 105:
|
Jan 28 17:31 UTC 1995 |
Woah,
I'm late on the responce to me. Anyway. No *I* can't "trace" any
dialins. But like I said, lil detective work has to be done.
Like STeve said, usually pseudo's usually have patterns they login
on, time, date, tty, etc. It's not really that difficult
at all. Anyway. There are that 20% that I never get, (8/10 I nail)
and they must either be pretty good at what they are doing, or
I overlook a detail.
|
srw
|
|
response 49 of 105:
|
Jan 28 18:32 UTC 1995 |
I really can't agree with cicero on #48 that handing out my phone number
automatically when I make a call is an invasion of my privacy.
I can see how some would find it annoying, but I consider invasions
of privacy more the way Gregc does. The invader is proactive in an
invasion, not the invadee.
I just think caller ID falls short of being an "invasion".
|