RG>> And what is your solution to this? Ban internet banking? close
RG>> down all online stores?

BL> My solution is a different system; one where every user is
BL> logged, well-known, and easily traced back to his front door...
BL> just as the FBI and NSA has operating at present for the sole
BL> benefit of the USA. It would need a central hub, or perhaps a
BL> few hundred hubs around the world, and just as access is
BL> impossible at present without a fully qualified address, then
BL> we need a fully qualified sender, complete with telephone and
BL> an actual address.

AC> I don't think any such system could be agreed on
AC> internationally.

 International terrorism is pushing us that way. I'd lay good odds
that the USA has such a centralised system in place already. It would
not be hard for them to eavesdrop on foreign satellites, even if it
meant putting a clone in the same orbit. Every government on earth
would like the ability to centralise (and thus be able to censor)
their own population's postings.

 Perhaps it suits them better to leave it as it is... a centralised
systemdoen clandestinely while everyone (but me) believes that there
is no way to trace and identify users.

AC> Also, such a system doesn't easily translate to shared
AC> computers, or public libraries, or public wireless Internet. 

 Public wireless internet is illegal, operating in the cracks of Law
for the time being. As for internet cafes, public libraries, etc...
don't you have to sign your name and identify yourself when you log
on? Perhaps your library hasn't introduced thenew rules yet... access
only by use of your library card.

AC> Also, I think people generally recognise that a certain amount
AC> of anonymity can be a good thing.

 I guard my privacy jealously, but personally I do not have a problem
with this degree of government intrusion. I don't believe in freedom
of speech outside the public pale. I'd torture suspected terrorists
top follow the tail back, and I'd ship troublemakers and pedophiles to
Antarctica or Afghanistan, but within the pale (that which is accepted
by the People at large), I don't have a problem in identifying myself
and standing by what I say here.

 I believe that we must sacrifice some degree of freedom, in order to
live in a society, freely.

AC> If everyone knew that in the back of their minds that every
AC> online purchase they ever made could be tracked back to them,
AC> I've no doubt there would be less online trade. 

 And what else are cookies?

AC> Also, none of the above guarantees the security of the
AC> underlying software running the show. 

 No... but if every diskheasd posting a virus knew that he faced a
knock at the door and ten years in the slammer, there would be fewer
dickheads willing to try it. Of course, dickheads by definition are
dickheads, but that's why we have gaols... to lock the fuckers up
where they can do no harm.

BL> Fido ran like that for years

AC> I think you over-estimate Fido. For starters, commercial
AC> activity over Fido (being an amateur network) was/is
AC> discouraged and in some cases (eg. encryption, from memory)
AC> prohibited by Policy 4. 

 I'm proposing a *professional* version of Fido, where every node is
well known and has the power in themselves to disconnent recalcitrant
users,while in turn facing disconnection themselves. Under Fido, the
Sysop ruled okay. On the Net, the IP is just one of millions, each
with no commercial incentive to disconnect Al Qaeda.

 What would happen, if IP's were disconnected every time they posted
an Al Qaeda threat? It would not happen under Fido rules.

AC> Also, it was/is fairly rare that anyone's personal details were
AC> sufficiently verified by a FidoNet sysop before they could send
AC> mail to other nodes. 

 On Fido, we all ended up not only knowing each other's personal
details, we met! But in any case, that it easily changed... just log
the phone number.

AC> Also, from personal experience, rerouting Fido netmail can
AC> often cause messages to be lost, either having been marked
AC> "sent" when they were not, or ending up in a routing loop. 

 Amateurs are like that... professionals lose money, so they fix it.

AC> Poor design decisions leading to gaping security holes in
AC> Microsoft products are probably the single biggest contributor
AC> to some of the more broken parts of the Internet today.

 A agree. But after 20 years of M$ stuffups (remember DOS4?), dop
you really expect M$ to get it right? What we *need* is a sytem where
rather than exploit failings in the system to either crash it or
steal money using them, those who discover them actually try to fix it
(like Fido did). On a commercial system, a reward would not be out of
the question...

AC> In particular, unpatched holes in Windows (particularly 2K &
AC> XP), Internet Explorer, older versions of Outlook and IIS all
AC> provide enough compromised hosts for launching DDoS
AC> (distributed denial of service) attacks and huge spam runs. 

 Exactly! That's what I'd like to fix. I'm talking about moving the
problem *upstream* fom M$ to the actual NEW-net software that would
simply disconnect the telephones of the bastard attempting it,
followed by a visit from the FBI or something similar, followed by ten
years in the slammer, bankruptcy, and ruin. As your mate Keating once
said: "L-A-W law."

AC> Compromised hosts need to be taken seriously, and taken
AC> offline. Unfortunately some large ISPs (eg. Telstra) have a
AC> tendency to ignore them, probably partly due to policy,
AC> ineptitude, or profit, or a combination of all three. 

 Exactly, the answer is L-A-W law. Fido ran wonderfully as an Anarchy
- a transgressor was simple cut out. That can't work with a commercial
operation, they'll only sue, so... LAW is the answer.

 It's not so farfetched. How would it be, if anyone who wanted to
start a TV station simply picked a frequency and started transmission?
The answer is LAW.

Regards,
Bob

    

--- BQWK Alpha 0.5