On 09:57 PM 5/19/02, Chuq Von Rospach wrote: >On 5/19/02 9:19 PM, "JC Dill" <[EMAIL PROTECTED]> wrote: > >> That's actually a HUGE need. At SpamCon there was a lot of talk about how >> ISPs might setup a customer-reputation clearing house (like a credit >> bureau) where ISPs could report and share information about bad customers > >Effectively being a combination RBL at the account level and PK web of >trust? > >God, wouldn't that have anti-trust issues?
No more than the sharing of information between creditors and credit bureaus, if set up in the same manner. > If, say, Earthlink, AOL and MSN >get together on something like this and MSN black-flags a spammer and AOL >refuses to sell him an account, I'll bet that spammer could make a good case >of anti-trust here, even if he DID intend to violate AOLs T&C's. This could >get ugly. But I digress. MSN doesn't "black flag" the spammer, they merely report the truth of the information, that the spammer violated their TOS. AOL can choose to do business with this person or not, based on this report and on any other information they might want to consider. It's no different than having a bad payment record with Macy's, resulting in Sears not wanting to give you a store credit card. If the credit bureaus want a piece of this action, they could start by soliciting ISPs for TOS-violating account data, and create a special database to track them and then to link them with actual individuals when the linking data becomes known. Then make it searchable by the data known to the ISP (such as the calling number, when someone calls in to sign up for a new account). >> However... there are quite a few known spammers that buy throw-away >> accounts (usually using fraudulent identification when signing up) and move >> from ISP to ISP as they get nuked, and the ISPs are relatively powerless to > >And that's the ultimate problem - these databases only work on static data. >If the thing you're trying to police is dynamic (which fraudulent ID data >is, inherently), it's a moving target, and you're a few steps behind the >chase by definition. You're catching stupid people and abandoned Ids. > >Which means they'd have to base selling accounts on specific user data like >SSN or perhaps a drivers license, or some other ID (all of which can be >faked, of course), which creates a huge privacy issue into the maelstrom on >top of all of the other stuff... Actually, what they need is better ANI coverage. If you can nail down the individual by the phone number that is used to dial into the ISP (to setup the account, or to login with the computer), that goes a LONG way towards identifying them. The biggest problem spammers apparently live in areas where the copper plant is so old that their phone doesn't provide ANI. The ISPs either have to accept all signups from those communities, knowing that occasionally they will end up with the problem spammer, or they have to refuse to offer service to anyone who calls in from communities that don't have ANI-sending phones. When the problem gets bad enough, look for the later solution to start to appear. Let's hope your Mom or Aunt Alice doesn't live in one of those communities.... >And we're basically only talking US here. Globally, life gets even more >interesting -- and when it comes to privacy issues, much, much tougher. The privacy issues are no tougher than the same issues that surround consumer credit. I, for one, find it abhorrent that a potential employer can run a credit check on someone before deciding to hire them. What business is it of the employer's that someone might have had a problem in the past with paying bills, if the employee isn't asking the employer to "extend credit"? IMHO it's a HUGE invasion of privacy to take this data (bill payment history) and make it available for other purposes than the "extending of credit" for which the database was supposed to be used and for the purposes which the data was supposed to be collected. jc
