Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 6
About Ronald F. Guilmette and Angel Fernandez. Guilmette, forgive me if I wrongly interpreted your concerns (I use Google translator). Anyway, I see that both, you and Fernandez, are agree with my point of view - the focus should be directed to the ISP internet service providers. It worries me to know that you have done this for several years. I decided to report spam and phishing just two months ago. And it is already clear to me that the bad providers don’t care about the complaints. My complaints always have copies to spam@uce.gov and crime.internet@dpf.gob.br (Federal Police of Brazil). Nothing happens! I think you have been very polite when classify these companies - "deep reluctance to accept any rules or regulations" - "Wild West" - "driven by quasi-religious faith in laisses-faire" - "testosterone". I would call it sociopathy and greed. I’m a liberal and I put the individual and meritocracy above the State and any company. And therefore, the right to privacy of the individual is inalienable. The companies, Enzu standard, use this rhetoric of self-regulation, freedom to private initiative, to hide their arbitrariness against the individual. In my last complaint I changed tactics. My complaints are copied to The Economist and The Wall Street Journal. Timely I will send a dossier to this media. Maybe someone there decides to question the procedures of these companies... Angel from LaVanguardia on line – Technology Department – considering the hatred that this type of e-mail marketing has aroused around the world do you think it's possible that magazine or newspaper can be interested in the subject? Regards Marilson -----Mensagem Original----- From: anti-abuse-wg-request@ripe.net Sent: Tuesday, August 25, 2015 7:00 AM To: anti-abuse-wg@ripe.net Subject: anti-abuse-wg Digest, Vol 46, Issue 6 Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://www.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net You can reach the person managing the list at anti-abuse-wg-owner@ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: anti-abuse-wg Digest, Vol 46, Issue 4 (Ronald F. Guilmette) 2. Re: anti-abuse-wg Digest, Vol 46, Issue 4 (anfernandez@lavanguardia.es) ---------------------------------------------------------------------- Message: 1 Date: Mon, 24 Aug 2015 14:28:33 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4 Message-ID: <6682.1440451713@server1.tristatelogic.com> In message <48A6D44E0E4B43369169FEE5EB478058@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
... But keeping the focus in the domain registrant it is like insisting blindly on a dead-end road. ... {... bad stuff about Enzu snipped...} ... With providers of that kind, spammers is a lesser evil. I understand that the focus should be directed to companies that provide the means and tools for the commission of that crime.
I wish that I understood what any of this had to do with the xortify.com project. I do not see ANY connection, either to that project, or to my questions about it. Regarding Enzu, yes, they have been on my personal bad list for a very long time. But they are hardly alone, and certainly not unique. There are many other providers that are just as bad, or worse, when it comes to harboring spammers and other net-miscreants. (In at least one case that I researched, the guy who owned the ISP had set up another, parallel company, which was itself dedicated to snowshoe spamming... using the IP address blocks of the "legitimate" ISP operation, of course. But beyond that, there are quite certainly companies, located in China, the Netherlands, Luxembourg, and other places that are quite entirely happy to allow any and all manner of hacking and other forms of criminality on their networks.) Regarding your suggestion that anti-abuse efforts should focus on the net's many abuse-tolerant providers, rather than on individual spammers and other kinds of individual naughty fellows, I can only say that I am in 100% agreement with you on this, and that I have been saying this exact thing to anyone and everyone who would listen for many years now. (In particular, I have repeatedly urged various Spamhaus people to use their domain-based blacklist to blacklist the main domain names of various bad ISPs/NSPs... as a way of focusing the attention of these providers on the abundant problems on their respective networks. But my requests/suggestions along these lines have fallen on deaf ears.) Lastly, an important point that I believe you may not have grasped is that calling for any sort of disiplinary actions directed at ISPs and/or NSPs is not at all likely to find a receptive audience here, on this mailing list. The majority of subscribers to this list are likely to be executives or employees of exactly such companies, and even if they believe strongly that their companies are among the good ones, there is... and always has been... a deep reluctance on the part of the entire Internet connectivity industry to accept any sort of rules or regulations, even if they serve the common good, and even if they are created and promoted from within the industry itself. The connectivity industry is still the "Wild West", and nobody in it wants anybody else telling them what to do, or not do. This pervasive attitude is certainly driven by an almost religious faith in laissez-faire everything, but also, in equal measures, by pride (both personal and in some cases national), and testosterone. None of these factors is going away any time soon. Regards, rfg ------------------------------ Message: 2 Date: Tue, 25 Aug 2015 07:20:16 +0000 From: <anfernandez@lavanguardia.es> To: <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4 Message-ID: <mailman.2.1440496801.16534.anti-abuse-wg@ripe.net> Content-Type: text/plain; charset="iso-8859-1" Guilleme, Marilson, completely agree. Almost all the people in this list is only concern on its own business and, as several of them are working for ISP's and are in the good boys side, they are not interested on changing the rules. But my point of view a few bad guys are doing great harm to the use and distribution of IP addresses as the only remedy to defend from those few bad guys is to apply through the courts blocking the IP addresses used for illegal purposes. These blockages occur at the country level layer, hopefully soon it will be possible to the European Union level. The end result is increasingly IP blocks affected by blockages in different countries or regions, and therefore not reusable. I think the good guys have to think about it... ?ngel -----Mensaje original----- De: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] En nombre de Ronald F. Guilmette Enviado el: lunes, 24 de agosto de 2015 23:29 Para: anti-abuse-wg@ripe.net Asunto: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4 In message <48A6D44E0E4B43369169FEE5EB478058@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
... But keeping the focus in the domain registrant it is like insisting blindly on a dead-end road. ... {... bad stuff about Enzu snipped...} ... With providers of that kind, spammers is a lesser evil. I understand that the focus should be directed to companies that provide the means and tools for the commission of that crime.
I wish that I understood what any of this had to do with the xortify.com project. I do not see ANY connection, either to that project, or to my questions about it. Regarding Enzu, yes, they have been on my personal bad list for a very long time. But they are hardly alone, and certainly not unique. There are many other providers that are just as bad, or worse, when it comes to harboring spammers and other net-miscreants. (In at least one case that I researched, the guy who owned the ISP had set up another, parallel company, which was itself dedicated to snowshoe spamming... using the IP address blocks of the "legitimate" ISP operation, of course. But beyond that, there are quite certainly companies, located in China, the Netherlands, Luxembourg, and other places that are quite entirely happy to allow any and all manner of hacking and other forms of criminality on their networks.) Regarding your suggestion that anti-abuse efforts should focus on the net's many abuse-tolerant providers, rather than on individual spammers and other kinds of individual naughty fellows, I can only say that I am in 100% agreement with you on this, and that I have been saying this exact thing to anyone and everyone who would listen for many years now. (In particular, I have repeatedly urged various Spamhaus people to use their domain-based blacklist to blacklist the main domain names of various bad ISPs/NSPs... as a way of focusing the attention of these providers on the abundant problems on their respective networks. But my requests/suggestions along these lines have fallen on deaf ears.) Lastly, an important point that I believe you may not have grasped is that calling for any sort of disiplinary actions directed at ISPs and/or NSPs is not at all likely to find a receptive audience here, on this mailing list. The majority of subscribers to this list are likely to be executives or employees of exactly such companies, and even if they believe strongly that their companies are among the good ones, there is... and always has been... a deep reluctance on the part of the entire Internet connectivity industry to accept any sort of rules or regulations, even if they serve the common good, and even if they are created and promoted from within the industry itself. The connectivity industry is still the "Wild West", and nobody in it wants anybody else telling them what to do, or not do. This pervasive attitude is certainly driven by an almost religious faith in laissez-faire everything, but also, in equal measures, by pride (both personal and in some cases national), and testosterone. None of these factors is going away any time soon. Regards, rfg End of anti-abuse-wg Digest, Vol 46, Issue 6 ********************************************
In message <A6758E77120840A9B4AE05CF971F9A7A@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
Anyway, I see that both, you and Fernandez, are agree with my point of view - the focus should be directed to the ISP internet service providers.
Well, they are in a position to disconnect the bad actors who are their customers. But as I have said, and as you also have observed, many of the ISPs are themselves bad actors. So the question naturally arises "Who has the ability and/or willingness to disconnect THEM?" The answer, unfortunately, is that the pervasive financial incentives, all up and down the food chain of the Internet are such that nobody wants to disconnect anybody, ever. A sizeable ISP with valuable contracts with one or more backbone providers would have to practically murder someone over the Internet before those contracts would be terminated.
It worries me to know that you have done this for several years.
I am by no means alone. But yes, it worries me too. (I have been actively campaigning against spammers and other criminals on the Internet for more than 15 years.)
I decided to report spam and phishing just two months ago.
Welcome to the club!
And it is already clear to me that the bad providers don't care about the complaints. My complaints always have copies to spam@uce.gov and crime.internet@dpf.gob.br (Federal Police of Brazil). Nothing happens!
Congratulations. You have received your first lesson about why the Internet is so fucked up that it is often the butt of jokes on late night television, and why it is so fucked up that virtually every day now there are news stories about hacking, cracking, phishing, DDoSing, identity theft, and spamming, and why it has been allowed to get so fucked up that it is now on the agenda for discussion whenever notable world political leaders meet face to face, for example the upcoming meeting between Xi Jinping and Barak Obama. No one can deny that the problems of the Internet are no longer mere child's play. But the connectivity industry continues to do its level best to turn a blind eye, and to ignore all these problems because they believe that it is in their economic interests to do so. In the long run, they will be proven wrong, but perhaps not before the most senior decision makers have already cashed out and moved to the Bahamas.
I think you have been very polite when classify these companies - "deep reluctance to accept any rules or regulations" - "Wild West" - "driven by quasi-religious faith in laisses-faire" - "testosterone". I would call it sociopathy and greed.
Greed, certainly. But perhaps not "sociopathy". Wikipedia says: Psychopathy, also known as -- though sometimes distinguished from -- sociopathy, is traditionally defined as a personality disorder characterized by enduring antisocial behavior, diminished empathy and remorse, and disinhibited or bold behavior. In my own country (USA) we do not use the word "sociopath" to describe such people. Rather, we use the somewhat less derogatory term "capitalist". One thing you have to understand also is that the fundamental rules of capitalism, as practiced here in the U.S. and also in much of Europe and elsewhere, do not even really give the leaders of commercial organizations any real choice about whether or not they may exhibit such things as empthy and remorse. They have shareholders, to whom they must report. If they say "We have reduced our company income by disconnecting this bad customer, because they were ruining the Internet for everyone." then the shareholders might reasonably claim that the leader in question had failed to fulfull his/her "fiduciary duty" to maximize profits. This is, in many instances a legal requirement, and the company leader in question might actually be sued for this "failure". Legal requirements relating to the fiduciary duty of company leaders (to maximize profits) which are common throughout the developed world do not make any exceptions for the natural human emotion of empathy. Thus, one might argue that capitalism, as practiced in the developed world here in the 21st century, is, in a sense, fundamentally sociopathic, given the Wikipedia definition of that term, as quoted above. (And I feel sure that there are many people today in, for example, Greece, who might readily agree with that view.)
I'm a liberal and I put the individual and meritocracy above the State and any company.
You are contradicting yourself. Companies are just the property of collections of individuals (but with important additional constraints, as noted above). You cannot say that you are "for" individuals but "against" companies. It makes no sense. (See also "Citizens United v. FEC".) (And by the way, political labels are not very useful. I myself am an ardent "libertarian" with respect to myself personally. I firmly believe that I should be allowed to own a gun, to have sex with anybody or anything I want, and to cheat other people out of their inheritance money with no legal consequences. However I am a "liberal" with respect to everyone else. I firmly believe that nobody else should be allowed to own a gun, that nobody should be allowed to cheat ME out of MY inheritance money, and that the sexual exploitation of hamsters should be strictly and harshly prohibited when performed by any individuals who are not me.)
And therefore, the right to privacy of the individual is inalienable. The companies, Enzu standard, use this rhetoric of self-regulation, freedom to private initiative, to hide their arbitrariness against the individual.
See above. People and companies _always_ use whatever excuses come immediately to hand in an effort to excuse their bad behavior. You seem shocked by this, but it is not at all new. It has been going on at least since mankind first walked upright, and probably earlier.
In my last complaint I changed tactics. My complaints are copied to The Economist and The Wall Street Journal. Timely I will send a dossier to this media. Maybe someone there decides to question the procedures of these companies...
I would not get your hopes up too high about that if I were you. There are already shocking stories every day in the newspapers about the gross and grotesque failures of companies... including Internet based companies... to do the right thing. In many cases, these stories have even vastly more tragic consequences that whatever bad behaviou Enzu has been up to lately. Here is just one perfect and very recent example: http://www.bbc.com/news/technology-34044506 Two people are dead because a crooked company that was already selling false dreams to millions of lonely men failed to properly protect the confidential information of their own customers.
considering the hatred that this type of e-mail marketing has aroused around the world do you think it's possible that magazine or newspaper can be interested in the subject?
Generally speaking, no. Unless there is a "kicker"... an extra special element to the story... then it is not really "news". Here are two examples of stories that had "kickers" that I was personally involed in: http://krebsonsecurity.com/2010/10/pill-gang-used-microsofts-network-to-atta... http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-looph... These days, there is so much bad stuff happening on the Internet every day that it takes something REALLY special and unusual to get the attention of the press, and even then, the stories quietly die out in a few days time, and nothing really changes. http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/31/weeks-after-at... Regards, rfg
Hi, @Ronald. Thank you for your clever and (long) comentaries. I'm agree with you, of course. Have some kind of self-regulations rules like the organitations you told would be a good solution. But as we have not, now you have to go to Legal Courts to fight againts the bad guys. What is RIPE doing about? @Marilson: Ronald told you. Absolutely not. Regards -----Mensaje original----- De: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] En nombre de Ronald F. Guilmette Enviado el: martes, 25 de agosto de 2015 23:39 Para: anti-abuse-wg@ripe.net Asunto: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 6 In message <A6758E77120840A9B4AE05CF971F9A7A@SuperPC>, "Marilson" <marilson.mapa@gmail.com<mailto:marilson.mapa@gmail.com>> wrote:
Anyway, I see that both, you and Fernandez, are agree with my point of
view - the focus should be directed to the ISP internet service providers.
Well, they are in a position to disconnect the bad actors who are their customers. But as I have said, and as you also have observed, many of the ISPs are themselves bad actors. So the question naturally arises "Who has the ability and/or willingness to disconnect THEM?" The answer, unfortunately, is that the pervasive financial incentives, all up and down the food chain of the Internet are such that nobody wants to disconnect anybody, ever. A sizeable ISP with valuable contracts with one or more backbone providers would have to practically murder someone over the Internet before those contracts would be terminated.
It worries me to know that you have done this for several years.
I am by no means alone. But yes, it worries me too. (I have been actively campaigning against spammers and other criminals on the Internet for more than 15 years.)
I decided to report spam and phishing just two months ago.
Welcome to the club!
And it is already
clear to me that the bad providers don't care about the complaints. My
complaints always have copies to spam@uce.gov<mailto:spam@uce.gov> and
crime.internet@dpf.gob.br<mailto:crime.internet@dpf.gob.br> (Federal Police of Brazil). Nothing happens!
Congratulations. You have received your first lesson about why the Internet is so fucked up that it is often the butt of jokes on late night television, and why it is so fucked up that virtually every day now there are news stories about hacking, cracking, phishing, DDoSing, identity theft, and spamming, and why it has been allowed to get so fucked up that it is now on the agenda for discussion whenever notable world political leaders meet face to face, for example the upcoming meeting between Xi Jinping and Barak Obama. No one can deny that the problems of the Internet are no longer mere child's play. But the connectivity industry continues to do its level best to turn a blind eye, and to ignore all these problems because they believe that it is in their economic interests to do so. In the long run, they will be proven wrong, but perhaps not before the most senior decision makers have already cashed out and moved to the Bahamas.
I think you have been very polite when classify these companies - "deep
reluctance to accept any rules or regulations" - "Wild West" - "driven
by quasi-religious faith in laisses-faire" - "testosterone". I would
call it sociopathy and greed.
Greed, certainly. But perhaps not "sociopathy". Wikipedia says: Psychopathy, also known as -- though sometimes distinguished from -- sociopathy, is traditionally defined as a personality disorder characterized by enduring antisocial behavior, diminished empathy and remorse, and disinhibited or bold behavior. In my own country (USA) we do not use the word "sociopath" to describe such people. Rather, we use the somewhat less derogatory term "capitalist". One thing you have to understand also is that the fundamental rules of capitalism, as practiced here in the U.S. and also in much of Europe and elsewhere, do not even really give the leaders of commercial organizations any real choice about whether or not they may exhibit such things as empthy and remorse. They have shareholders, to whom they must report. If they say "We have reduced our company income by disconnecting this bad customer, because they were ruining the Internet for everyone." then the shareholders might reasonably claim that the leader in question had failed to fulfull his/her "fiduciary duty" to maximize profits. This is, in many instances a legal requirement, and the company leader in question might actually be sued for this "failure". Legal requirements relating to the fiduciary duty of company leaders (to maximize profits) which are common throughout the developed world do not make any exceptions for the natural human emotion of empathy. Thus, one might argue that capitalism, as practiced in the developed world here in the 21st century, is, in a sense, fundamentally sociopathic, given the Wikipedia definition of that term, as quoted above. (And I feel sure that there are many people today in, for example, Greece, who might readily agree with that view.)
I'm a liberal and I put the individual and meritocracy above the State
and any company.
You are contradicting yourself. Companies are just the property of collections of individuals (but with important additional constraints, as noted above). You cannot say that you are "for" individuals but "against" companies. It makes no sense. (See also "Citizens United v. FEC".) (And by the way, political labels are not very useful. I myself am an ardent "libertarian" with respect to myself personally. I firmly believe that I should be allowed to own a gun, to have sex with anybody or anything I want, and to cheat other people out of their inheritance money with no legal consequences. However I am a "liberal" with respect to everyone else. I firmly believe that nobody else should be allowed to own a gun, that nobody should be allowed to cheat ME out of MY inheritance money, and that the sexual exploitation of hamsters should be strictly and harshly prohibited when performed by any individuals who are not me.)
And therefore, the right to privacy of the individual is inalienable.
The companies, Enzu standard, use this rhetoric of self-regulation,
freedom to private initiative, to hide their arbitrariness against the
individual.
See above. People and companies _always_ use whatever excuses come immediately to hand in an effort to excuse their bad behavior. You seem shocked by this, but it is not at all new. It has been going on at least since mankind first walked upright, and probably earlier.
In my last complaint I changed tactics. My complaints are copied to The
Economist and The Wall Street Journal. Timely I will send a dossier to
this media. Maybe someone there decides to question the procedures of
these companies...
I would not get your hopes up too high about that if I were you. There are already shocking stories every day in the newspapers about the gross and grotesque failures of companies... including Internet based companies... to do the right thing. In many cases, these stories have even vastly more tragic consequences that whatever bad behaviou Enzu has been up to lately. Here is just one perfect and very recent example: http://www.bbc.com/news/technology-34044506 Two people are dead because a crooked company that was already selling false dreams to millions of lonely men failed to properly protect the confidential information of their own customers.
considering the
hatred that this type of e-mail marketing has aroused around the world
do you think it's possible that magazine or newspaper can be interested
in the subject?
Generally speaking, no. Unless there is a "kicker"... an extra special element to the story... then it is not really "news". Here are two examples of stories that had "kickers" that I was personally involed in: http://krebsonsecurity.com/2010/10/pill-gang-used-microsofts-network-to-atta... http://krebsonsecurity.com/2014/11/network-hijackers-exploit-technical-looph... These days, there is so much bad stuff happening on the Internet every day that it takes something REALLY special and unusual to get the attention of the press, and even then, the stories quietly die out in a few days time, and nothing really changes. http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/31/weeks-after-at... Regards, rfg
participants (3)
-
anfernandez@lavanguardia.es -
Marilson -
Ronald F. Guilmette