Hi Grzegorz,

  I'm sorry if I sound paranoid, computer security does that to some ;-)

  My registering for my Atlas account was a few years ago, so I don't remember 
all the details. But usually, new account creation can be scripted and fake 
accounts can rapidly created by a willing party. For that reason, account 
creation should not be the only measure against spam.

  Limiting the speed of account creation based on network address can help, but 
can be circumvented. One big step would be physical address or ID validation. 
Linking the virtual and physical worlds is harder to abuse.

  Another way to limit spam is to control the message. The form could give a 
few checkboxes or pre-defined messages but no place to write a message. If you 
cannot advertise stuff on the form, it's useless for most spammers.

  Some forms can be used to DoS email by not using rate-limiting. So, that  
form could limit the rate per _destination and sender_  like the Digest mode of 
mailing lists. One or two digests per day, and replies would be like a mailing 
list. I mean that RIPE would always be the sender or the receiver, ensuring 
privacy of email address of one party to the other.

  Now that I think of it, it's pretty much the messaging system of most forums 
with a front-end. Except that your username is the probe's ID?

  I think RIPE could do it, if it there is enough demand?

Martin Boissonneault
Sent from my iPhone

On Apr 23, 2019, at 07:10, Ponikierski, Grzegorz 
<[email protected]<mailto:[email protected]>> wrote:

I thought about simple web form available only for logged users of RIPE Atlas. 
In this way all private data are hidden and RIPE can rate limit usage of the 
form. Message itself can be send to probe's owner via email from RIPE Atlas 
infra so sender identity also can be hidden. If somebody wants to switch to 
email communication then form can also be used to exchange email addresses.

Regards,
Grzegorz

From: Martin Boissonneault <[email protected]<mailto:[email protected]>>
Date: Monday 2019-04-22 at 02:25
To: Carsten Schiefner <[email protected]<mailto:[email protected]>>
Cc: "[email protected]<mailto:[email protected]>" 
<[email protected]<mailto:[email protected]>>
Subject: Re: [atlas] Communication with probes' owners

The best might be for RIPE to contact the owner when the records don't match 
what is detected from the probe?

Some method to trigger a check could be added to the probe's profile, and there 
would not be ANY chance of email abuse by throwaway accounts?

Allowing users to contact probe owners has to be VERY well made to avoid all 
sorts of attacks and spam!

Martin Boissonneault
Sent from my iPhone

On Apr 21, 2019, at 18:14, Carsten Schiefner 
<[email protected]<mailto:[email protected]>> wrote:
Am 21.04.2019 um 19:59 schrieb Dave . 
<[email protected]<mailto:[email protected]>>:
If this gets implemented, please add a checkbox where one can indicate whether 
one is a user or also can get things fixed in the AS where your probe is 
connected.
Makes sense to me: +1.

Would then a reminder every 1/2/3 month[s] make sense that this is (still) the 
case aka. this flag to be set?

As the probe’s circumstances may change...

Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan 
<[email protected]<mailto:[email protected]>>:
It seems a good idea. I don't think this will be abused and in case it would be 
easy to point out the spammers.
Would this be useful also for other kind of messages?

Paolo

Reply via email to