Re: [anti-abuse-wg] Definition of Internet Abuse * pre-final
On Aug 29, 2016 Andre Coetzee wrote:
2. I do not understand Marilson's objections - apparently if someone steals your pc it is Internet abuse, I eventually thought he meant that the computer was stolen and used to send spam, --> but the definition works for that, he agreed the definition stands..., but then he seems to say that it does not? for an unknown and non specific reason except that it may or may not include defining "theft"
Definitions Endless Andre, you continue making a mockery of me trying to hide a bad example of abuse chosen by you. The stolen computer was invented by you. To justify your concerns you said to Gunther that a stolen computer is not abuse. At first it was just an unfortunate choice of words. I tried to show that an infected computer and used without the owner's consent, is being stolen. You could have said - I used an inappropriate phrase - but your pride prevented you from doing so and preferred to ridicule my bad English saying that stolen computer is a physical act. What forced me to present several definitions in the use of the theft word. And continue distorting the facts to justify a stupid phrase. I think this group no one will give you the examples of abuse that you request. Do you know why? Because it's an affront to anyone's intelligence set the obvious. Maybe you need a technical definition of Internet Abuse for use on your server that receives spam complaint. But never dare say to a victim of abuse that he is wrong and it is not abuse. If you do you will bury your company. Nobody needs of technical definitions of Internet abuse. I'm hoping that your company becomes larger than SpamCop. SpamCop-Cisco is outdated and has acted partially protecting some companies. Its software is limited to search the records in Whois, which are often false or incomplete. My research to identify all those involved in abuse is better, bigger and more correct than the SpamCop. As a rule I even inform the owner's name of subdomain under protection service of DomainsByProxy-Godaddy, CloudFlare, Whois Privacy Protect-Rightside, etc. On Aug 29, 2016 Suresh wrote:
So far this subthread has been a case of the blind leading the blind, but Marilson is indeed correct here.
Suresh, I am not blind yet. But as Diogenes of Sinope, in Ancient Greece, I try to find, with my lantern, an honest ISP. After hundreds of complaints I can tell you that I count on the fingers of one hand the ISPs that have acted correctly. It is noteworthy that there were many discussions, many fights, but never, I never had to discuss whether it was abuse or not. ;) Marilson
On Wed, 31 Aug 2016 01:35:09 -0300 "Marilson" <marilson.mapa@gmail.com> wrote:
I think this group no one will give you the examples of abuse that you request. Do you know why? Because it's an affront to anyone's intelligence set the obvious. Maybe you need a technical definition
No. The simple truth is that there are no examples of: 1. Single resource abuse 2. PC theft (not related to network) as Internet Abuse 3. Suresh says the proposed definition is too "narrow" - It is simply not the truth (- so no examples there either)
and it is not abuse. If you do you will bury your company. Nobody needs of technical definitions of Internet abuse.
Just this very long thread and all the confusion about what is actually Internet abuse and what is not - serves as plain and evident proof that even this, an actual anti-abuse WG, desperately needs a definition of Internet Abuse. Civil society is simply ignorant of their own requirement(s).
I'm hoping that your company becomes larger than SpamCop. SpamCop-Cisco is outdated and has acted partially protecting some companies. Its software is limited to search the records in Whois,
You are wrong about two things... Seeing as much of it is public knowledge and it matters not that I share: 1. "my" blocklists (superblock.ascams.com dnsbl.ascams.com etc etc) is not a company, my company or even "my" blocklists... it is simply a group of private people, donating their own time , to fill a hole in what SpamCop cannot do as the system works differently as a reporting RBL... - superblock.ascams = non reporting and with CRIME focus... 2. I am also ac@spamcop.net - SpamCop is also a community although operated graciously and ethically by Cisco. We are all honorable, ethical and honest people - I challenge you in public to tell me the name or email address of one SpamCop member that is not that?
which are often false or incomplete. My research to identify all those involved in abuse is better, bigger and more correct than the SpamCop. As a rule I even inform the owner's name of subdomain under protection service of DomainsByProxy-Godaddy, CloudFlare, Whois Privacy Protect-Rightside, etc.
okay
So far this subthread has been a case of the blind leading the blind, but Marilson is indeed correct here. Suresh, I am not blind yet. But as Diogenes of Sinope, in Ancient Greece, I try to find, with my lantern, an honest ISP. After hundreds of complaints I can tell you that I count on the fingers of one hand
On Aug 29, 2016 Suresh wrote: the ISPs that have acted correctly. It is noteworthy that there were many discussions, many fights, but never, I never had to discuss whether it was abuse or not. ;) Marilson
So, objection 1 and objection 2 is resolved and only 3 remains: --------------------------------------------------- 3. Suresh says the proposed definition is too "narrow" and I need to consult with "abuse policy enforcement and network security" experts to know or understand why. He also says: "Your definition of abuse will not stand." and abuse discussions about defining Internet Abuse is the "blind leading the blind" ---------------------------------------------------- Again, what there is up to now, after much deliberation by many and many off list emails and comments: ============ Internet Abuse ============ Understanding what constitutes Internet Abuse is not an easy undertaking as the topic is sometimes very technical. The Internet consists of resources and the understanding of Internet abuse relates to also understanding the use and interaction between these resources. Examples of Internet resources include also processes, protocols, credentials as well as other types of resources. More practical examples could be Internet Protocol numbers, Domain names or even Email addresses. This technical definition of Internet abuse does not include identifying the authority for any specific resource as it is not intended to define any rights to resources but simply to define what technically constitutes Internet abuse as it relates to all Internet resources. ====================== Definition of Internet abuse ====================== "The non sanctioned use of a resource to infringe upon the usage rights of another resource" -------------------------------------------------------- Terminology used in the above definition -------------------------------------------------------- (1) Resource Any Internet Resource (2) Use and Usage Any direct or indirect action involving a resource (3) Rights The correct assignment or allocation of a resource by the authoritative holder of such a resource which results in the entitlement or reasonable expectation to use, or ability to use, such an allocated or assigned resource (4) Infringe An action, event or situation which limits, reduces, undermines or encroaches upon the fair use of a resource (5) Sanctioned Infringement upon the use of a resource by the assignor or administrative holder of rights to a resource
Am 31.08.2016 um 06:35 schrieb Marilson:
On Aug 29, 2016 Andre Coetzee wrote:
2. I do not understand Marilson's objections - apparently if someone steals your pc it is Internet abuse, I eventually thought he meant that the computer was stolen and used to send spam, --> but the definition works for that, he agreed the definition stands..., but then he seems to say that it does not? for an unknown and non specific reason except that it may or may not include defining "theft"
Definitions Endless
Yes, but not in a helpful way.. The whole concept of these "resources" is fruitless and will not bring us anywhere. Let's see the definition posted so far: (1) Resource Any Internet Resource which means: 1) what is "recursive"? Answer: see 1) The posted suggestion of "abuse" currently does not even fit for the case where several (more than two) "resources" are involved. If a spam-email is received - what is the resource beeing abused? (the definiion speaks of "one") The Zombie-Bot sending the email? The credentials used for sending? The mailserver used for sending? The upstream providers involved? The brand which was phished? The receiver who reads (or reads not) the mail? The Mailprovider giving storage? The abuse-team which might investigate? And so on.. In the end it is "humans" who are abused; the provider can act only if that kind of abuse is then somehow published in its AUPs. So they should contain some broad terms which might be interpreted by a reasonable abuse department. At least a violation of the local laws should be included, so that a contract can be cancelled or other actions be taken. And yes, if there are new forms of misuse (abuse) not covered by the AUPs, then the AUPs have to be changed. In the end, all anti-abuse decisions must be that good that the could stand a trial; If sending spam is allowed in a country/at a provider then it is hard to take countermeasures. So..suggestion: abuse somehow is the violation of local laws and AUPs of the involved providers. (Someone might want to finalize that in correct english) We might come here to a majority decision; I don't want to argue on Andre`s resources again..
Marilson
best greetings, Gunther -- NetCologne Gesellschaft für Telekommunikation mbH Am Coloneum 9 ; 50829 Köln Geschäftsführer: Timo von Lepel, Mario Wilhelm Vorsitzender des Aufsichtsrates: Dr. Andreas Cerbe HRB 25580, AG Köln
On Wed, 31 Aug 2016 15:19:50 +0200 Gunther Nitzsche <gnitzsche@netcologne.de> wrote:
Let's see the definition posted so far: (1) Resource Any Internet Resource
which means: 1) what is "recursive"? Answer: see 1)
not so much, Internet resources are exactly that, all Internet resources, as per the preamble and even the examples in the same section - see the bottom of this email - and the list of Internet Resources are finite. As in they are not recursive or even endless at any given point in time (snapshot) of tech progress.
In the end it is "humans" who are abused; the provider can act
Not so. It is the Internet itself, Companies, Organisations, Communities even Countries and the list is long.... This is now a useful discussion! and hopefully it serves to develop understanding and not become personal or about personal ego's or issues.
only if that kind of abuse is then somehow published in its AUPs. So they should contain some broad terms which might be interpreted by a reasonable abuse department. At least a violation of the local laws should be included, so that a contract can be cancelled or other actions be taken. And yes, if there are new forms of misuse (abuse) not covered by the AUPs, then the AUPs have to be changed.
In the end, all anti-abuse decisions must be that good that the could stand a trial; If sending spam is allowed in a country/at a provider then it is hard to take countermeasures.
So..suggestion: abuse somehow is the violation of local laws and AUPs of the involved providers. (Someone might want to finalize that in correct english)
But not all Internet abuse is in violation of laws, and, just because it is not illegal, are you saying that because it is not illegal, it means that it is not abuse?
We might come here to a majority decision; I don't want to argue on Andre`s resources again..
So what are being abused then, if not 'resources' you are conveniently cutting the sections dealing with what resources are and even with examples? - and you are simply saying that you do not want to talk about it, so it simply is like that. ============ Internet Abuse ============ Understanding what constitutes Internet Abuse is not an easy undertaking as the topic is sometimes very technical. The Internet consists of resources and the understanding of Internet abuse relates to also understanding the use and interaction between these resources. Examples of Internet resources include also processes, protocols, credentials as well as other types of resources. More practical examples could be Internet Protocol numbers, Domain names or even Email addresses. This technical definition of Internet abuse does not include identifying the authority for any specific resource as it is not intended to define any rights to resources but simply to define what technically constitutes Internet abuse as it relates to all Internet resources. ====================== Definition of Internet abuse ====================== "The non sanctioned use of a resource to infringe upon the usage rights of another resource" -------------------------------------------------------- Terminology used in the above definition -------------------------------------------------------- (1) Resource Any Internet Resource (2) Use and Usage Any direct or indirect action involving a resource (3) Rights The correct assignment or allocation of a resource by the authoritative holder of such a resource which results in the entitlement or reasonable expectation to use, or ability to use, such an allocated or assigned resource (4) Infringe An action, event or situation which limits, reduces, undermines or encroaches upon the fair use of a resource (5) Sanctioned Infringement upon the use of a resource by the assignor or administrative holder of rights to a resource
participants (3)
-
Gunther Nitzsche -
Marilson -
ox