> >> I am not >> familiar with the lawsuits, but the general solution to all reputation >> services, whether IP-reputation, consumer credit, or any other business >> that collects information about other subjects (the building block of >> surveillance capitalism!) is consent: if the subject does not consent, >> do not collect/report. No reporting, no cause for legal action. >> Provide reputation certificates for subjects that opt into the service >> and let recipients decide how to deal with the absence of such >> reputation ceritificate(s). > > your unfamiliarity extends demonstrably beyond the lawsuits. if you choose to > do some research and ask some informed questions, i'd love to hear them and > try to engage further.
This will be off-topic for mailop, but…I remember Vixie giving a talk at MeetBSD, at the same moment that I found out that the latest-at-the-time equifax breach had exposed my information a few years back. I would LOVE there to be legal structure to say “Gee, Equifax, you failed to demonstrate the basic opsec of paying some junior admin to type `yum upgrade apache-struts`, so you don’t get to keep my PII anymore.” I would love if there was an option to simply put a flag on my SSN that says “gather/sell no data” to any of the dozens of agencies that harvest this (radaris et al) and package it up neatly. This is not the place to get into what dystopias being able to fully “opt out” would lead to, except that in either case (IP or PII), a lack of fingerprint would surely also be regarded as suspicious and approached with gated, minimal trust, if any at all. More on topic, however: Consent or no, for all the intelligence sources you know about (on mxtoolbox’s multi-rbl checker, etc), there are dozens, possibly hundreds more, private ones. Some in a manually maintained DB, some in a bayesian statistical DB based on how likely your domain is to spam based on email volume and SPF/DKIM records, and some that model way more data that you can imagine, that only exist in the mind of an AI that’s completely opaque, even to the people that coded it. I strongly believe one such black box exists inside G, and that it's not the only place. The best thing you can do is learn the correct inputs to the black box, at the time. Build your own statistics of what your netblock is doing, and actually read and report on them before someone else does. Email is no longer “set it and forget it” and hasn’t been for decades or more. -Dan _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
