$500 REWARD FOR IDENTITY OF TROLL

On Thu, 03 Mar 2005 11:47:25 +1100, Lionel wrote:

Kibo informs me that Big Bill stated that:

On Wed, 02 Mar 2005 23:06:46 +1100, Lionel wrote:
Blocking open proxies wouldn't impact Googles legitimate users in the
slightest, unless they were one of the idiots who owned one of the
poorly secured proxies, in which case lack of Usenet posting access via
Google would be the least of their problems.

That blocked ISP has no legitimate users?

We're talking about single machines, not entire ISPs.

I was under the impression that we were discussing Google blocking an
ISP that was being used as an open proxie.
No?

--
Bill Funk
Change "g" to "a"

On Thu, 03 Mar 2005 11:52:22 +1100, Lionel wrote:

Kibo informs me that Big Bill stated that:

On Wed, 02 Mar 2005 22:59:16 +1100, Lionel wrote:

Kibo informs me that Big Bill stated that:
So how is Google preventing victims from finding the perp?

Other than anonymous news gateways, (which don't permit their users to
impersonate others), Google is the only news provider I know of that
permits totally anonymous, non-authenticated posting privileges via open
proxies, with a unenforced AUP/TOS, & as many free accounts (&
identities) as a person can find time to create. This combination of
'features' makes Google a nirvana for spammers & psychos.

Which in no way answers my question.

I'll rephrase: Other than anonymous remailer/gateways, news providers
have some way of tracking illegal activities back to the culprit -
Google doesn't.

Ah, then you're saying that Google has somehow lost or never gained
the same capabilities that other providers have.
Is this something secret that Google doesn't have the secret handshake
for?
Or do the others just block entire ISPs, along with legitimate users?
(Actually, I know the answer; they do indeed block entire ISps, along
with their legitimate users. All you need do is say that.)
--
Bill Funk
Change "g" to "a"

Kibo informs me that Big Bill stated that:

On Thu, 03 Mar 2005 11:47:25 +1100, Lionel wrote:

Kibo informs me that Big Bill stated that:

On Wed, 02 Mar 2005 23:06:46 +1100, Lionel wrote:
Blocking open proxies wouldn't impact Googles legitimate users in the
slightest, unless they were one of the idiots who owned one of the
poorly secured proxies, in which case lack of Usenet posting access via
Google would be the least of their problems.

That blocked ISP has no legitimate users?

We're talking about single machines, not entire ISPs.

I was under the impression that we were discussing Google blocking an
ISP that was being used as an open proxie.
No?

No. Just single machines that are so poorly secured that their proxy
services are open to the general public, rather than being restricted to
the intended users. Most commonly, this is due to carelessness or
cluelessness by the owner/operator of the machine.

--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------

Kibo informs me that Big Bill stated that:

On Thu, 03 Mar 2005 11:52:22 +1100, Lionel wrote:
[...]
I'll rephrase: Other than anonymous remailer/gateways, news providers
have some way of tracking illegal activities back to the culprit -
Google doesn't.

Ah, then you're saying that Google has somehow lost or never gained
the same capabilities that other providers have.

At a guess; 'Never gained'. The thing that makes Google different to
normal news providers is their web-based posting interface. In theory, a
person could use a proxy to conceal their IP address, etc, when posting
from a regular Usenet service, but standard news-servers operate over a
different protocol (NNTP - port 119) to web-based systems like Google,
which use the HTTP protocol (port 80). In practice, open proxies on HTTP
are quite common, but proxies supporting NNTP are very rare, & open NNTP
proxies are pretty much non-existant. Consequently, open proxies are not
a security issue for conventional news providers, but are a major weak
spot for web-based services like Google. (This is also a major security
issue for blogging sites or web-fora that permit the general public to
post comments without authentication, BTW.)

Is this something secret that Google doesn't have the secret handshake
for?
Or do the others just block entire ISPs, along with legitimate users?
(Actually, I know the answer; they do indeed block entire ISps, along
with their legitimate users. All you need do is say that.)

I can't say that, because I have no idea whether or not it's true.

--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------

Kibo informs me that Big Bill stated that:

On Thu, 03 Mar 2005 11:52:22 +1100, Lionel wrote:
[...]
I'll rephrase: Other than anonymous remailer/gateways, news providers
have some way of tracking illegal activities back to the culprit -
Google doesn't.

Ah, then you're saying that Google has somehow lost or never gained
the same capabilities that other providers have.

At a guess; 'Never gained'. The thing that makes Google different to
normal news providers is their web-based posting interface. In theory, a
person could use a proxy to conceal their IP address, etc, when posting
from a regular Usenet service, but standard news-servers operate over a
different protocol (NNTP - port 119) to web-based systems like Google,
which use the HTTP protocol (port 80). In practice, open proxies on HTTP
are quite common, but proxies supporting NNTP are very rare, & open NNTP
proxies are pretty much non-existant. Consequently, open proxies are not
a security issue for conventional news providers, but are a major weak
spot for web-based services like Google. (This is also a major security
issue for blogging sites or web-fora that permit the general public to
post comments without authentication, BTW.)

Is this something secret that Google doesn't have the secret handshake
for?
Or do the others just block entire ISPs, along with legitimate users?
(Actually, I know the answer; they do indeed block entire ISps, along
with their legitimate users. All you need do is say that.)

I can't say that, because I have no idea whether or not it's true.

--
W
. | ,. w , "Some people are alive only because
\|/ \|/ it is illegal to kill them." Perna condita delenda est
---^----^---------------------------------------------------------------

Lionel writes:

Once you've
got the logs, it's easy to track down an 'anonymous' person who's been
abusing the proxy.

In that case, there's no reason to forbid open proxies.

--
Transpose hotmail and mxsmanic in my e-mail address to reach me directly.

In news.groups, Lionel writes:

What support job? If you're talking about Google, Google provides a
free posting service to the general public & can deny Groups/Usenet
*posting* access for any reason they please. All they have to do is add
"We do not permit posting from open proxies" to their TOS/AUP, &
continue to ignore email to their groups-support address, just as they
do now.

They don't ignore mail to that address. They do deal with user support
requests. I realize they can deny posting access for any reason they
please, and I don't even think I disagree with you about where the best
tradeoff might lie, but it is actually a tradeoff, not a trivial decision.

Russ Allbery said:

There's also the little problem that some of the blacklist operators,
er, lie. Or make, er, strategic alterations for personal reasons.
Sure, there are blacklists that *don't* do this, but I swear, it's
getting to the point where trying to figure out who you can listen to
and who you can't is a full-time job, since it keeps changing. And
then people stop running blacklists by setting the blacklist to reject
everyone.

Didn't each of those incidents only ever happen once? (ORBS, IIRC.)

Unfortunately, no. At least three or four different major blacklists
(never mind all the little ones) have done spite listings at one point or
another, as I recall. I don't remember the details well enough (not using
any blacklists myself) to be able to tell you exactly which ones without a
substantial fear of accusing the wrong person, but I watched a lot of the
discussion go by.

There are a lot of really good reasons to be distrustful of blacklists,
even without the additional worries of making one's client access
dependant on a third party with whom one does not have a contract.

--
Russ Allbery ) http://www.eyrie.org/~eagle/