|
Grex > Coop12 > #127: Grex, once again, has pissed me off | |
|
| Author |
Message |
| 25 new of 184 responses total. |
jmsaul
|
|
response 79 of 184:
| 
Sep 7 05:49 UTC 2002 |
Incidentally, *Grex* lets you send email to the entire universe without
requiring some form of ID -- go through newuser and you can do it.
|
scg
|
|
response 80 of 184:
|
Sep 7 06:08 UTC 2002 |
(for what it's worth, from any Internet connected Windows box, unless
somebody's gone to a lot of trouble to block it, you can easily do pretty much
any sort of outbound Internet connection. That means you can do all the
things Grex blocks in the kernel. Most people setting up Internet cafes,
school computer labs, and the like, wouldn't know how to block that sort of
thing if they wanted to)
|
mary
|
|
response 81 of 184:
|
Sep 7 11:57 UTC 2002 |
Grex is about as close to allowing anonymous access as I think we
can get. But I'd love to be proved wrong.
|
scott
|
|
response 82 of 184:
|
Sep 7 13:12 UTC 2002 |
What exactly is Arbornet's policy on ID and on outbound telnet?
|
jmsaul
|
|
response 83 of 184:
|
Sep 7 14:07 UTC 2002 |
Arbornet restricts outbound telnet to members/patrons (or at least we used
to), and asks for the person's real name. I don't think it's ever asked
for photocopies of drivers' licenses, and it certainly hasn't during the
time I've been involved. Arbornet has never asked for, or received, credit
card numbers as far as I know. It's received a lot of checks, and it's
possible that the treasurers have used those to get addresses, but I'm not
sure Arbornet even requires members/patrons to provide an address, and I'm
sure the address doesn't get verified in any way if it does.
Whatever the original rationale for restricting outbound telnet was, the
main reason Arbornet does it now (based on the discussions I've been in
about it in the past) is that we're interested in people who want to come
and use M-Net, not people who want to use us as a stepping-stone to get
somewhere else. If you're going to hang out and play, we're happy to give
you free access; if you want outbound telnet, that doesn't enrich the
community in any way, so we'd like you to donate to help keep things
running. The staff has been happy to avoid the hassles that could come
with completely open outbound telnet, but we've never felt it was
necessary to hold patrons/members' personal information hostage for their
good behavior, or to maintain a database in the event we need to help law
enforcement go after them. In the 18 years we've been operating, it's
never been necessary.
People who want to go out and do bad things will either crack someone
else's account and stage from there, or use some method far less traceable
than buying an account on M-Net. If they're using email, they'll just
create a guest account, same as here. We've been used as a platform for
attacks before, but those have either been email abuse, or cases where
someone's exploited holes to use access they shouldn't have had.
|
jmsaul
|
|
response 84 of 184:
|
Sep 7 14:09 UTC 2002 |
(Incidentally, I don't speak for Arbornet, I'm just speaking as a long-time
member of the community.)
|
mynxcat
|
|
response 85 of 184:
|
Sep 7 14:16 UTC 2002 |
They don't require any ID. At least if you pay by PayPal, you just make a
payment and thats it.
|
remmers
|
|
response 86 of 184:
|
Sep 7 16:15 UTC 2002 |
Arbornet still seems to block outbound telnet, ssh, and ftp for guests.
As I remember the discussions when Grex was formulating its internet
access policy, the idea that Grex should be primarily a destination,
not a stepping-stone, was definitely a factor in the equation, although
not the only consideration.
By the way, Grex's outbound access policy was established by a member
vote. Therefore, one can't really say why the policy is the way it
is -- each member who voted for it had their own reasons for doing
so, which they weren't required to divulge.
Since the policy was established by a vote of the members, any
proposed change should probably be voted on too.
|
jp2
|
|
response 87 of 184:
|
Sep 7 17:07 UTC 2002 |
This response has been erased.
|
aruba
|
|
response 88 of 184:
|
Sep 7 17:32 UTC 2002 |
Grex doesn't have any employees to get disgruntled.
"far too high": How high is it? Let's hear some numbers. What do you think
the probability is that our list of IDs will be lost or stolen?
|
jp2
|
|
response 89 of 184:
|
Sep 7 19:47 UTC 2002 |
This response has been erased.
|
scott
|
|
response 90 of 184:
|
Sep 7 20:28 UTC 2002 |
Seems kind of hypocritical, though. Do you refuse to use credit cards at
restaurants because the risk of CC fraud is higher than zero (indeed, higher
than what you're complaining about Grex's risk being)?
|
remmers
|
|
response 91 of 184:
|
Sep 7 20:39 UTC 2002 |
I've been thinking the same thing as I've been following this
discussion. Considering the number of times I hand my credit
card to a stranger over the course of any given week, often
to have them take it out of the room for a few minutes, I'd
expect that my risk of identity theft is a lot higher from
that kind of thing than from any of Grex's practices. So
let's try to keep all this in perspective. I think what
we're seeing here is a case of much ado about very little.
|
jmsaul
|
|
response 92 of 184:
|
Sep 7 21:14 UTC 2002 |
On one level, it is. On another level, it's just another example of people
collecting and retaining personal data they don't need "because we can," and
it's worth criticizing that philosophy on principle. There's far too much
of it going on these days.
If you don't have a clear, pressing need for information like drivers' license
and credit card numbers, you shouldn't be collecting it. Period.
|
aruba
|
|
response 93 of 184:
|
Sep 7 21:17 UTC 2002 |
Jamie, quantum physics should tell you that the probability that your brain
will suddenly tunnel out of your head and land on the keyboard in front of
you is greater than zero. Do you worry about that?
|
scott
|
|
response 94 of 184:
|
Sep 7 21:44 UTC 2002 |
Re 92: So, why are you wasting your time (and ours) when you could be doing
a much greater public service by reforming how restaurants deal with credit
cards?
|
polytarp
|
|
response 95 of 184:
|
Sep 7 21:52 UTC 2002 |
Act locally; think globally.
|
gull
|
|
response 96 of 184:
|
Sep 7 22:05 UTC 2002 |
Re #73: You can get an anonymous Hotmail account. I've done it.
I mean, they ask you for personal info, but they don't check it.
|
carson
|
|
response 97 of 184:
|
Sep 7 22:06 UTC 2002 |
resp:94 (because he cares about Grex, and [most] people on Grex are
willing to consider such a topic reasonably? a wild concept, I
know, but you might look into it.)
|
jp2
|
|
response 98 of 184:
|
Sep 7 22:48 UTC 2002 |
This response has been erased.
|
jmsaul
|
|
response 99 of 184:
|
Sep 7 23:09 UTC 2002 |
Re #94: Restaurants actually need your credit card number, Scott. This
may surprise you, but you have to pay for your meal, and if you use
a credit card, they need the number to collect the money.
|
jp2
|
|
response 100 of 184:
|
Sep 7 23:28 UTC 2002 |
This response has been erased.
|
scott
|
|
response 101 of 184:
|
Sep 8 00:21 UTC 2002 |
Indeed, they do need the number. But it's quite possible (and not incredibly
rare) for servers to write the number for personal use. Since the issue being
debated is whether the treasurer can be trusted or whether some system (yet
unspecified) must be set in place to prevent the treasurer from having
personal access to that data, why not make a bigger deal about restaurants?
|
scott
|
|
response 102 of 184:
|
Sep 8 00:28 UTC 2002 |
(Re 97: I'd like to think that he cares about Grex, but I'm finding it
difficult to believe. :/ )
|
russ
|
|
response 103 of 184:
|
Sep 8 01:27 UTC 2002 |
Re #93: Some might argue that this has already happened.
|