On Fri, 22 Sep 2000, Dave C. wrote:
> I have put in reports to the appropriate ISP's, along with requests
> that they provide me with identification and contact information of the
> responsible idiot. I really want to call this schmuck and ask him if he
> can come up with any pittance of a reason I shouldn't sue him into the
> ground or file criminal trespass charges. I'm not very hopeful that
> they will do so, 'user privacy' and all.
Well, in the UK at least there is this really handy law called the Data
Protection Act which means that would be just plain illegal. In fact, the fact
you want to phone him up is just plain stupid. If you plan to take it further
within the bounds of the law, you phoning him is not going to look good in
court. In fact, you'll probably do some time yourself for harrassing the guy. I
would strongly advise you to contact the police. In the UK, you want the
Computer Crime Unit at Scotland Yard.
> While I can understand their position (I work for an ISP too), I'm
> curious why spammers deserve to have their identity protected? Couldn't
Because everybody has the right to privacy. If I say I don't agree with you
posting to this mailing list, and I am the accounts manager for your upstream
provider, am I entitled to post your full name, home address, 24 hour contact
number and credit card details to this list?
> ISP's include language in their TOS/AUP which said that users agreed
> that if they were caught in the act of gross network abuse, that their
> ID and contact info would be shared with their victims? Wouldnt this
> help cut way down on spam?
No. It would increase it dramatically in the short term, and would keep it
level in the medium to long term. This would be because the victims would spam
the spammer back, the spammer would throw a few thousand mails into the ISP
admin's accounts as a complaint, the ISP admin would send copious amounts of
mail to the spammer's new ISP to get him to shut up, and Usenet would be
flooded with people arguing as to wtf was going on. In short, to be honest,
it's a pretty terrible idea. Technical solutions are better than political ones
in this context, and your solution is 100% political with no consideration
towards the technical or even legal aspects of such a solution.
> I'm all in favor of the right to anonymity and privacy on the Internet
> - but I am not in favor of the right to anonymously abuse servers and
> networks.
Once you say anonymity is OK in all areas but *one* people quickly increase
that to two areas, then four, then ten, and so on. I hate the cliche, but it's
the thin end of the wedge. People either have the right to anonymity, or they
don't. You can't have your cake and eat it.
> (Eg, to take this case as an example, if you fail a HELO syntax check,
> say, 5 times, within a 5 minute period, I refuse connections from you
> for an hour)
That would be rather difficult to do if you think about it, because you are
then having to create a sense of state over a period of time. In effect, you
would have to be aware of every host that said HELO in the previous five
minutes, and how many times. If you're a large ISP this performance hit is
going to be too big, and if you have more than a few thousand accounts locally
then you can expect that amount of traffic from sites like freeserve in the UK,
AOL, Demon, et al quite easily.
--
Paul Robinson - Internet Services @ Akita -
http://www.akita.co.uk
------------------------------------------------------------------
Sales:- T: 01869 337088 F: 01869 337488 E: sales@???
Techs:- T: 0161 228 6388 F: 0161 228 6389 E: root@???
------------------------------------------------------------------
