On Thu, Oct 17, 2002 at 05:06:08AM -0400, David wrote: > > Yes, but you can just rip the signature from someone else's site.
Heck, it would be easy enough for a fraudster to make a cloned pop-up that supplied the same HTML as Tucows' to *emulate* a seal without the requirement of being a Tucows reseller. The only protection we would have of that sort of devaluation of this product would be Tucows' promise to prosecure such folks to the fullest extent of their ability. > See third example on http://www.sargasso.net/testseal.html where I pretend > to be it.ca in order to sully their good name (or whatever these > protections are supposed to prevent). Ooh, ah... I expect you'll be getting a call from Mr. Hutz shortly. ;) > only way to make it not be would be to have a one-time password output in > the form and verified in the receiving page. I guess it's a question of > how much effort you're willing to put into this. That would get my vote. But it's largely useless anyway. We're talking about methods of verifying whether or not a chunk of HTML will get shoved into a pop-up window. Any effort we make to secure that process will add to the complexity of the system, increasing the likelyhood of accidental problems, increasing Tucows' tech support. And none of this will deter a genuine fraudster who needs only to write some HTML and Javascript to make some that looks close enough to a Tucows seal to fool the bulk of the general public. So if we can't *prevent* fraud, and the processes we're employing to make it more difficult are easily subverted or ignored, then why are we exploring this? -- Paul Chvostek <[EMAIL PROTECTED]> Operations / Abuse / Whatever +1 416 598-0000 it.canada - hosting and development http://www.it.ca/
