opt *out* of… (obviously) On May 18, 2013, at 2:38 PM, mark seiden <m...@seiden.com> wrote:
> except bad guys will always opt of having their content inspected. > > so it just doesn't work in this case. > > > > On May 18, 2013, at 10:46 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > >> On Sat, May 18, 2013 at 1:24 PM, mark seiden <m...@seiden.com> wrote: >>> ... >>> there are numerous other IM systems that are server centric and do a lot of >>> work >>> to look for and filter "bad" urls sent in the message stream. >>> >>> this is intended to be for the benefit of the users in filtering spam, >>> phishing, malware links, >>> particularly those that spread virally through buddy lists of taken over >>> accounts. >>> sometimes these links (when believed to be malicious) are simply (and >>> silently) not >>> forwarded to the receiving user. >>> >>> this involves databases of link and site reputation, testing of new links, >>> velocity and >>> acceleration measurements, etc. the usual spam filtering technology. >>> >>> my impression is that almost all users thank us for doing that job of >>> keeping them safe. >>> they understand that IM is yet another channel for transmitting spam. >>> >>> the url filtering is aggressive enough (and unreliable enough) in some >>> cases that >>> you have to check with your counterparty in conversation if they got that >>> link you >>> just sent. so users are aware of it, if only as an annoyance. (once >>> again, spam filtering >>> gets in the way of productive communication) >>> >>> i am merely telling you how it is. obviously user expectations differ on >>> AIM, Yahoo Messenger, >>> etc. from those of users on Skype, some of whom believe there is magic >>> fairy dust sprinkled on it, and that >>> it is easier to use than something else with OTR as a plugin. >> Perhaps the user should be given a choice. >> >> The security dialog could have three mutually exclusive choices: >> >> * Scan IM messages for dangerous content from everyone. This means >> <company> will read (and possibly retain) all of your messages to >> determine if some (or all) of the message is dangerous. >> >> * Scan IM messages for dangerous content from people you don't know. >> This means <company> will read (and possibly retain) some of your >> messages to determine if some (or all) of the message is dangerous. >> >> * Don't scan IM messages for dangerous content . This means only you >> and the sender will read your messages. >> >> Give an choice, it seems like selection two is a good balance. >> >> Jeff > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
