 BarneyBadAss
Badasses Fight For Freedom
Premium
join:2004-05-07
00001
 ·Verizon FIOS
| Personally... I'm hoping they find a way to place in the ToS a way to charge for bytes pushed across their network as this material is submitted to them.
I do like the terminology of "Content Forensics"... but I'm not sure I like all the under pinnings of what that might really mean!
I can everyone start using encrypted email here before long as a way to get around the "Forensics"
--
---Barney | |
|
 | 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| Re: Personally... said by BarneyBadAss  :I can everyone start using encrypted email here before long as a way to get around the "Forensics" Encryption won't work for spammers. In order to read encrypted mail, the recipient has to already have a method of decrypting the message. That means that first they have to spam the recipient with a method for decrypting the actual spam message. Then, they have to hope that the person actually bothers to decrypt the message.
Encryption also exerts a non-trivial computing toll. One can send a LOT more messages much more cheaply by not encrypting.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis | |
|
| | 
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: Personally... said by nixen : first [spammers] have to spam the recipient with a method for decrypting the actual spam message. Then, they have to hope that the person actually bothers to decrypt the message. Or find out the public key for each recipient, which spammers could never do, it would destroy their cost/benefit ratio.
The fact that spam has to be unencrypted is a big plus - it imposes costs on the spammers as you point out, and makes spam remain open to inspection by this kind of system.
I think the original poster's concern was more about privacy of communications. Of course, ISPs have always had the ability to read customers' email, but the general understanding is that they don't and it remains private unless there is a law-enforcement investigation.
With anti-spam systems based on content, the anti-spam providers generally claim in public that they won't abuse their automated monitoring of content. Or at least they will acknowledge the ways they are using the content and have sought consent from the email sender if it's used for anything other than fighting spam - as in the case of Gmail where they use it for advertising.
Still, it seems to me that as services like this are used by ISPs (no longer only at the email server) the profit potential of mining email contents for marketing purposes will prove to be such an incentive that any pretence of privacy will become a lie very quickly.
Therefore the time has come for ordinary people (as well as techies) to start considering encryption.
--
This post was made with 100% recycled electrons. | |
|
|
| 
Michieru2
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL
| Re: Get tougher on botnet controlled customer PCs ISP's should, but even if it where just blocked in the America's. You still have the rest of the world to deal with and that's where that solution fails.
I won't make a suggestion either but in order to stop spam you got to always target the root problem and that's the scammers themselves. | |
|
| Skippy25
join:2000-09-13
Hazelwood, MO | They do implement secret caps and enforce those so I do expect they would do the same here.
I just hope they are on to something that really helps. | |
|
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| There have been some discussions of this idea here at DSLR and elsewhere in the past. The usual consensus seems to be that it has potential but would have to be implemented right.
Possible problems:
* Any cleanup requirement would impose tech-support costs. Just imagine all the people with infected PCs saying "How do I fix this?" and the cost of having TS people on the phone (or worse, on customer premises) removing all the trojans, etc. and trying to explain what the customer must do to prevent recurrence. This would make the cost/benefit ratio way in the red unless the external pressure for the ISP to clean up becomes a lot more expensive.
* Forcing everyone to use software of the ISP's choice would be intolerable for any knowledgable customer. It would abolish security and privacy for the customer, distort the market and cause anyone with a clue to seek another provider.
* The ISP taking on a cleanup role would be better off taking lesser measures such as blocking email ports other than thru its own email server unless the customer requests an unblock. The ones who request unblock will be those with more of a clue and they can be monitored.
Search in the security forum for the prior discussions - there are a lot of pros and cons.
--
This post was made with 100% recycled electrons. | |
|
| | 
GOLFnSUN
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
| Re: Get tougher on botnet controlled customer PCs said by swhx7 :There have been some discussions of this idea here at DSLR and elsewhere in the past. The usual consensus seems to be that it has potential but would have to be implemented right. Search in the security forum for the prior discussions - there are a lot of pros and cons. Thanks for reply. One solution I thought of that could address some of the problems is to refer them to a list of authorized PC cleanup services. The ISP disconnects them and won't reconnect them until the authorized cleanup service company certifies their PC to be clean. Also, the cost of doing this would make them more careful in the future.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
My Web Page | |
|
| | |
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: Get tougher on botnet controlled customer PCs This would be OK as long as the customer could opt out of the services and do his own cleanup. The ISP's only legitimate concern is what they can detect on the network; inspecting the customer's PC is going too far.
If the customer was required to use a commercial service, the potential for abuse would be too great. Getting on the ISP's approved-service list would become a kind of franchise and the requirement of using an approved service would create an incentive for scams (loosen the criteria for blacklisting, allow no appeals, collect dollars). The anti-virus vendors might get in on it too and then it would become a forced-purchase scheme. In addition there would be a gross violation of privacy, security and civil liberties in forcing customers to give root access to their PCs to some third party in order to get online.
The self-cleanup option would avoid all these problems. Customers could use commercial services if they prefer, or have friends fix their PCs, or learn something about it themselves.
--
This post was made with 100% recycled electrons. | |
|
|
|
|
British Telecom Automates Spam Blocking
Get tougher on botnet controlled customer PCs