[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Fwd: [sorbs.net #51340] Need help with (support form)

On Sun, Nov 06, 2005 at 05:50:18AM -0800, Jimmy Wales wrote:
> I know I must sound like a broken record, but I believe that at least
> some people here are still simply not listening.  People who use RBLs
> for hard blocking services generally find the strategy to work quite
> well.  They are not out of their fucking minds, they are using a
> practical approach to a practical problem and they are being
> successful.

> And you know what?  I'm not out of my fucking mind.

I would not argue that you are crazy for using RBLs, but consider the
tradeoffs carefully.  Conflating routing information with identity means
false positives, and adding another trust dependency in administrative
decisions creates risk.  Granted, SORBS is a particularly threatening
RBL: its motivation is largely sociopolitical in nature, and it uses a
number of inappropriate techniques for deriving the composition of its
list.  However, theoretically speaking it is not possible for you to
know whether your RBL is malicious without going through the effort of
maintaining such a list yourself, i.e. the process of list verification
is not easier than the process of list creation.

> People with this attitude virtually ensure that Tor will never be
> successful and doom any movement towards privacy on the Internet to
> failure.

No, people with the attitude that RBLs are dangerous are right in
thinking so.  Effectively blackholing traffic based upon network or
transport layer characteristics threatens the end-to-end character of
the Internet, even if the filtering occurs on the end hosts.  Putting
someone else in charge of these decisions is little different than
allowing an upstream ISP to block content on your behalf.  Sure, there
are arguments for how this can be useful, but in my opinion the dangers
to society outweigh the benefits.  Perhaps this is a Tragedy of the
Commons, but I think that it is one that deserves more thought than
"RBLs are good because they reduce the amount of spam I see."


Attachment: signature.asc
Description: Digital signature