|
Grex > Coop7 > #26: User Verification -- Is It Feasible? | |
|
| Author |
Message |
| 25 new of 147 responses total. |
rcurl
|
|
response 75 of 147:
| 
Apr 23 06:06 UTC 1995 |
OK, two complaints.
TS, I think you are referring to dissimilar things. The "trouble"
that verification is meant to reduce is improper use of usenet and
e-mail and pass-through telnet, not vandals on Grex. The reason
there has been no trouble *of that type* from logins that want
anonymous memberships, is that such can't use the service. The
trouble that has occurred has been from vandals telnetting in, which
the verification procedure is not meant to address.
|
tsty
|
|
response 76 of 147:
|
Apr 24 07:38 UTC 1995 |
There has been +only+ trouble from logins who
were anonymous and did NOT want membership. Is there a correction
necesary here?
apparently no correction necessary, thank you.
|
rcurl
|
|
response 77 of 147:
|
Apr 24 16:12 UTC 1995 |
Are you thinking that we should apply "correction" by also requiring
verification of everyone loggin *in*? Well, that's the devil we know.
The other is the devil we know not.
|
sidhe
|
|
response 78 of 147:
|
Apr 24 23:52 UTC 1995 |
Hm. Well, let's be fair, rane.
Tsty has complained, and does contribute to the conferences.
Selena has complained ,and has contributed to the conferences, and, if I
understand this whole odd situation, would be a contributor to grex,
except for this one sticking point.
I am a member, and I have complained, by entering the Verification Dangers
item, to begin with. Let's not trivialize the amount of concern over this.
I entered this item, as a friend of mine, from Berkley, would like to
become a member here, but is concerned about verification due to her past
problem <see #0>.
By solitarizing the complaint, you do it a disservice. And, you,
yourself, in #75, seem to overstep the bounds of current verification
needs, by mentioning email in connection to it.. this is not something
that is reliant upon verification, here, and let us at least keep that
that way.
Now, would anyone care to answer tsty's well-put questions, posted
a bit ago. Let me see if I can re-phrase them.. <and, tsty, please mention
if I get anything wrong>
I believe he was going after the idea that selena had about having
a "grace period" for people who want to become anonymous members, based on
their status as "good neighbors".. in that vein, he asks, "How many of
these problems are caused by people who have contributed to the
conferences? How many of these problems are committed by people who are
coming in from multiple telnets, already? How many problems are caused by
people who slip in, do the deed, and leave, rather than stay and become a
member of said community?"
These questions deserve answers.
|
steve
|
|
response 79 of 147:
|
Apr 25 02:01 UTC 1995 |
How many? None, because we haven't ever had that policy.
If we adopt the the policy of allowing anyone access if they
merely stick around, how do we determine how long is long enough?
Do they have to participate in the conferences? Party? Both?
How do we set the point where they are accepted? Boy, if we want
to make a policy where inconsistency is not only possible, but
probable, this would be it.
Since verification sucks in the first place, we need to make it
consistent and understandable. Anything else leads to people
feeling that they've been singled out for unfair treatment.
If Grex is going to let people out onto the net, we need to know
who they are. Out current policy of asking for some ID has been
a good deterant to those who would rather not leave any traces as
they slither about the net. The number of people who take joy in
fucking up systems amazes me, and makes me more than a little sad.
Back when we were about to open up Grex's net abilities, I had no
idea that this was the case. My feelings on this have really changed
in the last year, since we've been beaten upon by the various
cyberslime who've visited us in this last year.
There are organizations like CERT who have raised their eyebrows
when finding out that we already allow email access on the net
without any form of authentication at all. Grex is one of the more
open, stable systems out on the net today. I don't think what we're
talking about is unreasonable.
|
selena
|
|
response 80 of 147:
|
Apr 26 13:34 UTC 1995 |
But why not? If the rules for how long, and active, you
had to be here were consistant, where's the harm?
|
steve
|
|
response 81 of 147:
|
Apr 26 15:31 UTC 1995 |
The "harm" is that there would be lots of people who'd try and
sneak by, do something "bad", and then disappear into the night.
There is an element looking for conveinent places to telnet from
so as to cover their tracks. As more and more sites get away from
allowing unauthenticated access to the net, the remaining sites
will be more and more abused.
Please understand that I really dislike what I'm saying here.
I'm been hit on the side of the head over this; a year ago I
didn't believe that things were like this. Unforunately, I was
dead wrong. And thats sad.
|
selena
|
|
response 82 of 147:
|
Apr 27 04:55 UTC 1995 |
But if the grace period were something like six months, or more?
|
tsty
|
|
response 83 of 147:
|
Apr 27 07:24 UTC 1995 |
sidhe's #78 is an excellant translation, thankxx.
STeve's #81 missed the critical point --$$$$$$$$$-- membership.
Since there has been *NO* adverse reaction from anyone who has PAID
for membership, and most who are simply guests, there isn't the
slightest connection between the mightily feared cyberslime and
members. If staff is concealing Internet damage caused by PAID
members, which I doubt, then there is a several-year history of
stability and all that good stuff ..... from 100% of PAID MEMBERS
and 99.8% of guests <maybe only 99.1%>.
Is the "good citizen" based on verification? I say "no." I say
it is based on the individual. Is cyberslime based on verification?
I say "no" it is based on the individual.
If the cyberslime is, as STeve described, "hit and run," then
the cyberslime will not ... ney, CANnot ... hang around for
the interminable delay for membership, even if danr turns it
around in 12 minutes.
There is an immense logical discontinuity between the fears and
actualizations of cyberslime and the activity of PAID membership.
The policy of no anonymous memberships is bankrupted by direct
evidence on Grex.
|
mdw
|
|
response 84 of 147:
|
Apr 27 10:22 UTC 1995 |
The ratio of cyberslime is something like 1/1000. The number of paid
members is something like 100. It's not very surprising or meaningful
that we don't have any paid cyberslime. Since cyberslime almost never
provide real names or addresses, and are generally chintzy cheap-skates,
it would in fact be surprising to have a member cyberslime. We have had
several cyberslime indicate an interest in becoming staff members.
Nobody on staff felt like experimenting to see if they could be trusted.
I don't think we've made a methodical study of this; but I know I've
seen cyberslime accounts that had been created several months
previously, left "fallow" for several months, then used in "hit and run"
attacks and abandoned. Mere length of time on the system is clearly not
a valid indicator of non-cyberslime-ness.
We've also recently run across a new breed of cyberslime - the
commercial scam artist. We've had several complaints from other sites
about users who had posted information to usenet news or other places,
offering to "sell" equipment - then disappeared after accepting money
but before taking delivery - leaving only a "@cyberspace.org" address.
|
davel
|
|
response 85 of 147:
|
Apr 27 11:17 UTC 1995 |
<sigh>
|
rcurl
|
|
response 86 of 147:
|
Apr 27 19:37 UTC 1995 |
Aren't we flattered that they chose our service - and address?? 8=P
|
steve
|
|
response 87 of 147:
|
Apr 28 00:08 UTC 1995 |
Oh Yes Rane, so flattered that I'm flattened. ;-) But in the case
of that type of crap, we try to help them out a little. Usually
we can't help much. In this last case the person who got burned
had an address from Fed Ex where the money went to, which is just
oodles better than anything we could give them.
TS, it's just as Marcus says. WIth only 100 members it would
be surprising if we had any slime come in.
...And thats the whole point of verification: it repels the
folks we don't want on here. They'd rather not leave a trail
for someone to follow. As I have said before, its not so much
that the verification "works" in verifing the identity of people
but that it repels those who'd rather not leave any trace of
anything behind.
|
sidhe
|
|
response 88 of 147:
|
Apr 29 00:12 UTC 1995 |
I doubt they'd want to pay for membership, either.
|
kerouac
|
|
response 89 of 147:
|
Apr 29 01:58 UTC 1995 |
I think the party prog provides specific arguments for verification. Just
this week there was a sexually explicit conversation going on in a
channel where people had changed their names. This was a substantive
conversation, but it turned out one of the people on there was a newbie
who was 11 years old. If that kids parents found out what he was
reading and thought enough of the possibility that it might have disturbed
him, they could raise holy hell. If the current exon legislation goes
through, or if similar legislation is enacted, grex could conceivably be
sued for allowing a young child access to uncensored explicit conversations.
I really would hate to see grex's open access changed but there are
drawbacks and this is one of them. Maybe if !who could be modified to
show a person's age next to where he's logging in from this could be
avoided? The fact is that there are a number of kids ages 10-13 who
use party, and who knows how anyone that young and impressionable is ging to
react to what they read. RICHARD W. (KEROUAC)
|
ajax
|
|
response 90 of 147:
|
Apr 29 03:00 UTC 1995 |
Modifying who would be relatively easy. Getting an id that showed
age for every user that logs on to Grex, with permission to publicly
reveal their age, would be a bit tougher! Unless you're thinking of
just voluntary age disclosure, which I don't think will change much.
I have noticed a couple new products reviewed in mainstream mags
that provide net censorship for kids...I think one limited who they
could exchange e-mail with, and the other blocked access to a list
of web/ftp/telnet sites (with a $6/month fee to get their latest
censorship list). This will probably have the effect of improving
computer security-breaching abilities of ten year olds.
|
steve
|
|
response 91 of 147:
|
Apr 29 03:11 UTC 1995 |
Modifying who isn't the problem.
It's modifying the people who use Grex to give that information
that would be the problem. ;-) (sort of).
If Grex is to stay an open system, we're going to have to
provide a system that some people might use at the displeacure
of others.
I for one am not interested in trying to "hide" things on Grex
from people of a certain age. If the parents can't control the
kid, we sure can't. I have no idea how far to the right this
country is going to go, but I think it is important to keep ourselves
open. Failure to do that will start the downward spiral of the
death of Grex.
|
scg
|
|
response 92 of 147:
|
Apr 29 03:44 UTC 1995 |
I agree with STeve on that. There are lots of places where a minor can
get access to all kinds of things. If parents let their kids go anywhere
unsupervised, they shouldn't expect other people to step in and babysit
them. Reactionary parents can keep their kids from Grexing unsupervised,
or from using a computer unsupervised. Fortunately, most parents aren't
that reactionary.
|
steve
|
|
response 93 of 147:
|
Apr 29 17:23 UTC 1995 |
This policy does however have a downside. It means that at some
time, we're likely to have to fight for it.
|
sidhe
|
|
response 94 of 147:
|
Apr 30 00:46 UTC 1995 |
As a voting member, I'll fight for it, and I daresay I'm not the
only one. Verification does nothing for this kind of thing. False ID's
are so incredibly easy to obtain, and many kids have one <or teo> just
to show the bouncer at the local club. Sending in a photocopy won't
change that. Also, I believe newuser already asks for a DOB.. it
should be no large task for it to put the age in from that-
it's as accurate an age as we can be assured of, even with
a so-called verification.
|
steve
|
|
response 95 of 147:
|
Apr 30 01:39 UTC 1995 |
r
No, it is not. All anyone has to do is falseify the age given,
and there is no way to verify that.
With ID, at least someone has to go out and get fake ID.
But, if people think we run too much risk asking for ID, we
can go with things that are harder to fake, such as checks for
$0.00
I need to get the verification item I've written up here an
d in coop. I'll shoot for tomorrow morning.
|
sidhe
|
|
response 96 of 147:
|
Apr 30 02:55 UTC 1995 |
Steve, with the kind of imaging software available to your average
hacker these days they probably already have numerous fakes they can send in.
I _certainly_ don't want you to get WORSE.
|
rcurl
|
|
response 97 of 147:
|
Apr 30 05:14 UTC 1995 |
Submitting a fake ID will certainly gain access, but then if that person
does something naughty on usenet or telnet, and we have to follow up,
we are somewhat protected still, by ourselves being a victim.
|
sidhe
|
|
response 98 of 147:
|
May 1 09:30 UTC 1995 |
So, now we must prove ourselves victims?
|
steve
|
|
response 99 of 147:
|
May 1 15:51 UTC 1995 |
Huh? No--what Rane is saying, if I get it right is that if we
get burned by someone knowningly giving us bogus ID and then does
something bad, then we're an injured party too.
|