Hi Steve,
On Mon, 12 Jun 2006 15:30:57 -0700
Steve Langasek <vorlon@debian.org> wrote:
> You may have noticed that we've had a difficult time enforcing appropriate
> standards of mailing list behavior against a particular troll over the past
> year or so. The problem is largely a technical one: by using throw-away
> Yahoo! Mail accounts and relaying messages through tor
> (http://tor.eff.org/), he evades traditional list filtering mechanisms and
> avoids real-world accountability for his actions without any penalties that
> are of concern to your run-of-the-mill sociopath.
We cannot separate the air that chokes from the air upon which wings beat.
-- John Perry Barlow
> Brainstorming on IRC has led to a proposed filter enhancement to block all
> mails sent to this list that have been relayed at any point through a known
> tor router. This would have the effect of preventing our troll from
> sending any further mails to this mailing list without disclosing his real
> location on the Internet and exposing himself to legal accountability. It
> would also mirror the existing ban list in place on the IRC network, which
> prevents people from joining #debian-women when connected through tor
> routers.
>
> I brought this suggestion to the listmasters, and one of them agreed that
> this would be an ok solution if it is the consensus among the legitimate
> list participants here that such a filter is appropriate, so this message
> is a request for comments on the proposal.
>
> Other solutions have been suggested. There has been an offer to moderate
> all messages to this list for a while, but that's only a solution for the
> current round of abuse and doesn't help with future abuse once the
> moderation is dropped. It's been suggested that the list should be closed
> to non-subscribers, but that doesn't stop an attacker from subscribing and
> *then* posting. It's even been suggested to block/moderate messages from
> yahoo.com, but yahoo.com is a large mail provider with a significant number
> of legitimate users, some of whom may be interested in posting to this
> list, so such a filter could lead to an unacceptably high number of
> false-positives.
Moderated subscription is the answer here. You can even narrow it to yahoo
addresses so the volume of moderated subscriptions to process by hand is
minimal.
I offer myself to the job, although I'd prefer to have also at least two
more people from non-CEST timezones to help me, so we can have always a
subscription moderator awake ;-)
> Blocking mail relayed through tor is a solution with minimal on-going costs
> and minimal collateral damage, so I believe it's the solution that should
> be used here.
>
> On the subject of collateral damage: some will point out that tor is a
> service with legitimate applications, including some that are close to the
> heart of many on this list, such as protection against invasion of privacy
> by corporations, defense against persecution by totalitarian governments,
> and freedom of association for at-risk women. While these are all valid
> uses of tor, I believe the intersection of these uses with posting to the
> debian-women mailing list is approximately zero: while we don't want to be
> responsible for preventing such people from contributing to Debian in
> general, there's no need for them to be able to post to debian-women in the
> process, and in many cases it's probably safer for them if they don't do
> so. I'm not aware of any legitimate posters to this list that are using
> tor when sending mail, and I can't think of any realistic cases in which
> it would be necessary for someone to do so.
>
> It's also been suggested to filter on tor but use this to redirect mails to
> a moderation queue, rather than rejecting the mail. This has the usual
> problem of such proposals, that someone has to do the work of checking the
> moderation queue every time there's a junk post (= high on-going cost), and
> legitimate posters may find their mail delayed much longer in a moderation
> queue than they would be if they had simply received a bounce and chosen a
> different way to send the mail.
>
> Do people think this sounds workable? Have I overlooked any concerns you
> have about such an approach, or do you believe there's a better option?
As long as the troll keeps Cc'ing people in the mails some of us still be
disturbed. But I think silencing it in the ML will have a positive effect
sooner or later (trolling to a private club of unresponsive people is no fun
for trolls).
--
Ricardo Mones
~
Quantity derives from measurement, figures from quantities,
comparisons from figures, and victories from comparisons.
Sun Tzu
Attachment:
signature.asc
Description: PGP signature