To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.nntpOpen lugnet.admin.nntp in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / NNTP / 852
851  |  853
Subject: 
Re: Email Authentication - Why not make it optional?
Newsgroups: 
lugnet.admin.nntp, lugnet.general
Date: 
Wed, 20 Jun 2001 14:59:49 GMT
Viewed: 
1070 times
  
I just thought I would throw in my 2 cents in support of the changes even
though most of my thoughts have been covered.  I will try and keep this to what
hasn't been said (or at least I havn't seen posted yet).

In lugnet.admin.nntp, Brad Hamilton writes:
This email authentication is driving me nuts!  A lot of people were already
timid about posting and now its going to be worse.

First let me begin by saying I am a member/web user so the impact to my posting
abilities have not really changed at all.  That makes some difference in my
point of view but let me quote a snipet from an E-mail I sent to Todd before
the changes were put in place...

...
"If I can give my 2 cents.  I would much prefer an ugly, complicated
verification system to none at all.  MM seems to be succeeding at least
a little in damaging the community.  I know I for one have cut my
posting frequency way back lately and while I hate to admit it MM is one
reason.

I don't think that you will get to many objections if whatever is done
minimizes the MM threat..."
...

Now obviously there have been objections but like I said to Todd, I would
prefer an ugly, complicated verification system to none at all.  I also told
Todd that I had drastically cut down on my posting to, and to a lesser degree
my reading of, LUGNET.  Now that these measures are in place I plan to start
posting more again.


Since this has happened, I've seen one reply of the nature "Great - I'm so
happy you did this!" post and a huge number of "This is such a hassle, why
are we doing this" posts.  Presumably, the one positive post is from the one
person (or maybe there were two) that had this problem.

Why are we punishing the whole community for a problem that only one or two
people had?  This is even more annoying given that this is the first time
I've heard about this happening (so presumably, the likilihood of this
happening again is low as well).

I don't see this as "punishing the whole community" but a necessary evil in
order to preserve the community.  I realize that this has made things difficult
for NNTP users and non-member web users.  My hope is that Todd can at least do
something for the NNTP Member Users.  As for non-member users I have to say I
see this as a "membership benefit" from a web point of view.  So if you are a
non-member web user I don't see an issue.  I do see the issue for NNTP Member
Users though and I hope Todd can do something to make it easier for you.  That
said however I still say being secure is more important then being easy to use.


Why can't this authentication be an optional feature?  Why not let the one
or two people who are actually worried about being spoofed turn it on and
let everyone else post without authorization???

Why not have a web page where you can toggle your status on/off (perhaps
generated from a key sent by email)?

I would immediately turn mine off and leave it off unless I actually started
having problems with people stealing my identity (which I think is unlikely
in the extreme).

I think that the default should be OFF and when you subscribe to LUGNET, you
get a message saying "Security Warning: We recommend that you turn this on
if blah blah blah...."  I seriously doubt that anyone is going to spoof the
identity of some new, unknown member.

I think it has been covered very well why this would be a bad idea.


I personally believe that the spoofing that went on was probably an isolated
case by one individual.  Are we going to let that one attack stifle the life
out of LUGNET???

An isolated case by one *very persistant and disturbed* individual.  So yes in
order to prevent the continuation of the situation and the reoccurrence of a
similar attack in the future I think this was necessary.  I also don't think
that in the long run that this will "stifle" LUGNET.

Unfortunately the world isn't made up entirely of nice people.  We like to
think we are all nice here but this just shows that we arn't immune to this
type of attack.


Eric Kingsley



Message has 1 Reply:
  Re: Email Authentication - Why not make it optional?
 
I just thought of something. Todd, do you have any stats on NNTP usage? Can you tell how many members vs non-members use NNTP? If the number of non-members using NNTP is low, maybe just make NNTP a "privilege" of membership. I'm against the (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)

Message is in Reply To:
  Email Authentication - Why not make it optional?
 
This email authentication is driving me nuts! A lot of people were already timid about posting and now its going to be worse. Since this has happened, I've seen one reply of the nature "Great - I'm so happy you did this!" post and a huge number of (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)

42 Messages in This Thread:



















Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR