except bad guys will always opt of having their content inspected. so it just doesn't work in this case.
On May 18, 2013, at 10:46 AM, Jeffrey Walton <[email protected]> wrote: > On Sat, May 18, 2013 at 1:24 PM, mark seiden <[email protected]> wrote: >> ... >> there are numerous other IM systems that are server centric and do a lot of >> work >> to look for and filter "bad" urls sent in the message stream. >> >> this is intended to be for the benefit of the users in filtering spam, >> phishing, malware links, >> particularly those that spread virally through buddy lists of taken over >> accounts. >> sometimes these links (when believed to be malicious) are simply (and >> silently) not >> forwarded to the receiving user. >> >> this involves databases of link and site reputation, testing of new links, >> velocity and >> acceleration measurements, etc. the usual spam filtering technology. >> >> my impression is that almost all users thank us for doing that job of >> keeping them safe. >> they understand that IM is yet another channel for transmitting spam. >> >> the url filtering is aggressive enough (and unreliable enough) in some cases >> that >> you have to check with your counterparty in conversation if they got that >> link you >> just sent. so users are aware of it, if only as an annoyance. (once again, >> spam filtering >> gets in the way of productive communication) >> >> i am merely telling you how it is. obviously user expectations differ on >> AIM, Yahoo Messenger, >> etc. from those of users on Skype, some of whom believe there is magic fairy >> dust sprinkled on it, and that >> it is easier to use than something else with OTR as a plugin. > Perhaps the user should be given a choice. > > The security dialog could have three mutually exclusive choices: > > * Scan IM messages for dangerous content from everyone. This means > <company> will read (and possibly retain) all of your messages to > determine if some (or all) of the message is dangerous. > > * Scan IM messages for dangerous content from people you don't know. > This means <company> will read (and possibly retain) some of your > messages to determine if some (or all) of the message is dangerous. > > * Don't scan IM messages for dangerous content . This means only you > and the sender will read your messages. > > Give an choice, it seems like selection two is a good balance. > > Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
