Hi Steve, On Mon, 12 Jun 2006 15:30:57 -0700 Steve Langasek <vorlon@debian.org> wrote: > You may have noticed that we've had a difficult time enforcing appropriate > standards of mailing list behavior against a particular troll over the past > year or so. The problem is largely a technical one: by using throw-away > Yahoo! Mail accounts and relaying messages through tor > (http://tor.eff.org/), he evades traditional list filtering mechanisms and > avoids real-world accountability for his actions without any penalties that > are of concern to your run-of-the-mill sociopath. We cannot separate the air that chokes from the air upon which wings beat. -- John Perry Barlow > Brainstorming on IRC has led to a proposed filter enhancement to block all > mails sent to this list that have been relayed at any point through a known > tor router. This would have the effect of preventing our troll from > sending any further mails to this mailing list without disclosing his real > location on the Internet and exposing himself to legal accountability. It > would also mirror the existing ban list in place on the IRC network, which > prevents people from joining #debian-women when connected through tor > routers. > > I brought this suggestion to the listmasters, and one of them agreed that > this would be an ok solution if it is the consensus among the legitimate > list participants here that such a filter is appropriate, so this message > is a request for comments on the proposal. > > Other solutions have been suggested. There has been an offer to moderate > all messages to this list for a while, but that's only a solution for the > current round of abuse and doesn't help with future abuse once the > moderation is dropped. It's been suggested that the list should be closed > to non-subscribers, but that doesn't stop an attacker from subscribing and > *then* posting. It's even been suggested to block/moderate messages from > yahoo.com, but yahoo.com is a large mail provider with a significant number > of legitimate users, some of whom may be interested in posting to this > list, so such a filter could lead to an unacceptably high number of > false-positives. Moderated subscription is the answer here. You can even narrow it to yahoo addresses so the volume of moderated subscriptions to process by hand is minimal. I offer myself to the job, although I'd prefer to have also at least two more people from non-CEST timezones to help me, so we can have always a subscription moderator awake ;-) > Blocking mail relayed through tor is a solution with minimal on-going costs > and minimal collateral damage, so I believe it's the solution that should > be used here. > > On the subject of collateral damage: some will point out that tor is a > service with legitimate applications, including some that are close to the > heart of many on this list, such as protection against invasion of privacy > by corporations, defense against persecution by totalitarian governments, > and freedom of association for at-risk women. While these are all valid > uses of tor, I believe the intersection of these uses with posting to the > debian-women mailing list is approximately zero: while we don't want to be > responsible for preventing such people from contributing to Debian in > general, there's no need for them to be able to post to debian-women in the > process, and in many cases it's probably safer for them if they don't do > so. I'm not aware of any legitimate posters to this list that are using > tor when sending mail, and I can't think of any realistic cases in which > it would be necessary for someone to do so. > > It's also been suggested to filter on tor but use this to redirect mails to > a moderation queue, rather than rejecting the mail. This has the usual > problem of such proposals, that someone has to do the work of checking the > moderation queue every time there's a junk post (= high on-going cost), and > legitimate posters may find their mail delayed much longer in a moderation > queue than they would be if they had simply received a bounce and chosen a > different way to send the mail. > > Do people think this sounds workable? Have I overlooked any concerns you > have about such an approach, or do you believe there's a better option? As long as the troll keeps Cc'ing people in the mails some of us still be disturbed. But I think silencing it in the ML will have a positive effect sooner or later (trolling to a private club of unresponsive people is no fun for trolls). -- Ricardo Mones ~ Quantity derives from measurement, figures from quantities, comparisons from figures, and victories from comparisons. Sun Tzu
Attachment:
signature.asc
Description: PGP signature