On 2002-02-15 08:13:00 -0800, Doug Kaufman wrote: > On Fri, 15 Feb 2002, Eduardo P�rez wrote: > > I've seen that lynx sends the user name when doing ANONYMOUS ftp gets. > > I see a lot of problems: > > - Sending the user name if the user doesn't know that it's sent doesn't protect >the user state of ANONYMOUS > > - Spyware is not a good idea, most users don't like it. > > - Sending the user name helps SPAM instead of stopping it. Many ftp sites use this >information to send you unsolicited email. > > - Sending the user name doesn't help ftp sites to know who the cracker is, >crackers are not stupid to send their email address. > > - Sending the user name can be used to discriminate the user. > > Perhaps I am old fashioned or I don't see the risks listed above, but > I don't see that this patch is a good idea. If we are to request free > use of the server's resources and they request our email address for > that use, it seems impolite not to supply it. There are still a few > servers who will not allow access if an invalid domain is given. My > specific comments about the above concerns:
If that servers don't let this ftp anonymous password, they also don't allow clients like Internet Explorer or Netscape Communicator. These moved to this password because of these problems. Not a good idea because this are the most used ftp clients. > If you are really concerned about anonymity, using lynx from your own > IP address without going through some anonymizing proxy doesn't make > sense either I'm concerned about privacy. But users should know that lynx is leaking personal information. > By no stretch of the imagination does sending your email address > constitute "spyware" in the usual meaning of the word. Calling this > spyware confuses the spyware issue and may make it harder to fight true > spyware. > > Are there data that "many ftp sites" use the login data to send > unsolicited email? If there is I really don't want to know. > Sending the email address is not supposed to help fight crackers. This > argument seems irrelevant. So what's the email address for? SPAM? > FTP sites certainly have the right to exclude users who have abused > their services. I am not sure I call this discrimination. OK, but they should do it in an intelligent way. Using the IP address. > Lynx users can always specify an invalid personal address in the option > menu if they don't want their true email address to be sent. That should be called anonymous ftp password. > What do they say about this topic in the news.admin.net-abuse.* > newsgroups? Is there documentation of abuse to justify this change? If > so, I will withdraw objections, but I would like to see some data first. Only old ftp clients, do send the email address. As SPAM is taken seriously. ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
