Log in

No account? Create an account
Ramblings Journals I Read Calendar The Dirt MegaZone's Waste of Time Older Older Newer Newer
You're shitting me... - MegaZone's Safety Valve
The Ramblings of a Damaged Mind
You're shitting me...
Oh, this just pisses me off in a deep way - This week, a company is launching technology that will make it possible for someone to choose what appears on phones that have Caller ID

I really, really hope the phone companies find a way to close this loophole and shut these fuckers down before they even get started. You *know* the only people who would use this kind of product are assholes.

I am: pissed off pissed off
Current Media: quiet office

fallenpegasus From: fallenpegasus Date: August 31st, 2004 05:35 pm (UTC) (Direct Link)
Anybody with VoIP service, who knows how, can already do this.

That CID is only as trustworthy as the first switch that speaks SS7 that the call hits has been long known.
From: ninjarat Date: August 31st, 2004 05:40 pm (UTC) (Direct Link)
You mean like telemarketers, doing things like spammers forging return headers, and like people who post to usenet with "REMOVE@THIS" embedded in their return addresses? Falsified or obfuscated phone numbers is philosophically indistinguishable from falsified or obfuscated mail headers. They serve the same intended purpose: to keep your contact information from getting into someone else's marketing list.
zonereyrie From: zonereyrie Date: August 31st, 2004 05:49 pm (UTC) (Direct Link)
I don't consider them the same thing at all.

If you don't want your number being picked up you can block it - call-by-call or for all calls. (Yes, except for 800 calls, I know there are exceptions.)

There is also a big difference between a broadcast medium like USENet and a point to point medium like the phone. I add 'REMOVE THIS' to my header on USENet because I have no control over who sees it and there are a lot of bots that troll news to harvest addresses. The same isn't true for the phone, we aren't using party lines and your number doesn't stay available indefinitely from just one call like a news header. USENet is not email.

Forging CID is more akin to forging headers on person to person email, which I don't do and which I think is unacceptable behavior too. Sending someone an email with a bogus return address is just rude. Sending someone an email with someone *else's* return address is fraud.

What's worse is this let's you put *anything* in there - so you can claim to be someone else and Joe Job people's *phones* now - just like SPAM email.
From: ninjarat Date: September 1st, 2004 08:44 am (UTC) (Direct Link)
But you do that, indirectly. You post something to Usenet. I hit 'r' to reply to it, and I get a bogus To header. I don't bother reading much of Usenet anymore not because of spammers harvesting addresses (which is far more overrated than you think; I have posted with my gmail address and the quantity of spam there is remarkably low) but because it pisses me off getting bounces from people who've obfuscated their headers to stick it to harvesters.

Anyway, obfuscating one's identity is obfuscating one's identity. Claiming that doing so is okay in one venue but not another smells like a double-standard to me.
zonereyrie From: zonereyrie Date: September 1st, 2004 12:28 pm (UTC) (Direct Link)
I don't think it is serious obfuscation - the identity is still clearly there. Posting with a completely bogus address where you can't recover a working address is different, to me, then addressREMOVE@THISdomain.tld - it is a human checker. Just like websites with those "Enter the word you see" tests (I forget the name for that kind of thing...). Seperates the men from the bots.

I don't think it is overrated - before I added the REMOTE THIS to my address for a while I posted with unique addresses that I *only* used on news - and I had one for USEnet in general, one for gweep, one for bofh, etc. The *only* place I used those addresses were posting.

They *all* started getting SPAM right away, and the USENet one got enough that I ended up ditching it, creating a new one, and adding the REMOVE THIS.

I've made *one* post, *one*, via Google Groups and I created a unique address for that. The post was made to a music newsgroup with poor distribution (I used Google because RCN/Sidehack doesn't carry it) and within one day I was getting spam to that address.

Conversely I don't get spam to the posting addresses I use now with REMOTE THIS in the email.

So it is effective based on my own experience.

I resisted doing it for a long time after it was common, because I didn't like the idea of breaking auto-replies, and I still don't, but I was getting so much spam that I was missing real replies to my posts trying to sort it out. Now I don't even bother spam checking those addresses because they just don't get spammed. And if it becomes a problem I can always change them.
From: ninjarat Date: September 1st, 2004 01:42 pm (UTC) (Direct Link)
You can always get a new telephone number, too, if the telemarketers get bad. Sure, that would be inconvenient, but....

Really. Look at your argument. What you find convenient is "good" and what you find inconvenient is "bad". The way I see it, if you think it is okay for you to obfuscate your information because it is convenient for you then it should be okay for someone else to obfuscate his information because it is convenient for him. I happen to think that both parts of the statement are wrong. Obfuscation is not a solution; it just compounds the problem.

FWIW, I average 175-200 spammy messages per day on my gweepnet address. Do you know how many I actually see? Two, maybe three on a bad day. The filters on rei and sidehack are good. They work, but you have to do a little one-time work in your procmailrc to get them to work (or in my case install new versions on rei as they are released).
zonereyrie From: zonereyrie Date: September 2nd, 2004 04:58 pm (UTC) (Direct Link)
I think you're lumping too much in together.

If you don't want to reveal your CID that's *already* an option. The *ONLY* thing this new software adds is the ability to give *fraudulent* info out. You have the option today to send or not send CID. So you have the ability to hide your identity already.

So what's the only use for this new software? To lie. To give out invalid info or to deliberately Joe Job someone else. So with this software I could call people and give YOUR CID.

I also do not consider it the same thing to present information in a manner that requires human interpretation and to present *false* information, or to hide info entirely.

When I post to USENet I do nothing that hides my identity. Any human being with two neurons should be able to read my posts and contact me. Both the address in the header and my signature contain human parsable, legitimate contact info.

It is in a format that software doesn't like, but that's too bad. It isn't obfuscating my identity from any person.

I don't consider legitREMOVE@THISaddress.tld to be at all the same as invalid@bogus.tld. The former is usable, you can look at that and pull useful contact info from it - you could even code user agents that were smart about it. It is also obviously bogus and easily spotted.

The later has no useful contact info. Worse, it LOOKS valid so you're more likely to try using it, only to get a bounce. That's obfuscating your identity. I don't think putting REMOVE THIS in the header is - any one looking at it can parse it, it isn't obfuscated.
" To make so confused or opaque as to be difficult to perceive or understand"

Is it difficult to perceive or understand? I'd say even someone of low intelligence should have no trouble perceiving or understanding it.

I don't think it is important for machines to be able to parse it, I think it is important for humans to be able to parse it. The other argument would support posting everythign in HTML so every URL, every resource, is a link that machines could follow.

This new software isn't about obfuscating your info for privacy - you can do that now - it is about falsifying the info. And the only useful feature I can see for that is deceiving people and pretending to be someone you're not.
From: ninjarat Date: September 2nd, 2004 06:27 pm (UTC) (Direct Link)

I don't consider legitREMOVE@THISaddress.tld to be at all the same as invalid@bogus.tld. The former is usable, you can look at that and pull useful contact info from it - you could even code user agents that were smart about it. It is also obviously bogus and easily spotted.

In practical terms, the only difference between "legitREMOVE@THISaddress.tld" and "invalid@bogus.tld" is degree. Neither is valid: I type 'r', type my reply, send it, and I get a bounce -- usually with the message body elided so I've lost however much time I spent typing it. Both are fraudulent: both are not "your" real address. One just happens to be easier to unravel but only if the replier is looking for it.

I believe it is only a matter of time before the harvesters start looking for obvious obfuscation -- to darken, to obscure, to becloud -- and removing it from their lists. Only reason they haven't so far is because Bayesian filtering is far more effective at keeping their messages from being seen.
zonereyrie From: zonereyrie Date: September 2nd, 2004 07:21 pm (UTC) (Direct Link)
I guess I've just been in the habit of checking To headers for a long time, not just for email replies on USENet either. Early on I accidentally sent things to the wrong place - like a mailing list, etc - because of Reply-To headers, so I tend to look before I send. Also because of jokers who post using working email addresses - for someone else, like president@whitehouse.gov, etc.
pdelahanty From: pdelahanty Date: August 31st, 2004 06:13 pm (UTC) (Direct Link)
So I could change mine to "MASS STATE POLICE"? Woo hoo!
(Deleted comment)