Hi Grzegorz,

  I'm sorry if I sound paranoid, computer security does that to some ;-)

  My registering for my Atlas account was a few years ago, so I don't remember all the details. But usually, new account creation can be scripted and fake accounts can rapidly created by a willing party. For that reason, account creation should not be the only measure against spam.

  Limiting the speed of account creation based on network address can help, but can be circumvented. One big step would be physical address or ID validation. Linking the virtual and physical worlds is harder to abuse.

  Another way to limit spam is to control the message. The form could give a few checkboxes or pre-defined messages but no place to write a message. If you cannot advertise stuff on the form, it's useless for most spammers. 

  Some forms can be used to DoS email by not using rate-limiting. So, that  form could limit the rate per _destination and sender_  like the Digest mode of mailing lists. One or two digests per day, and replies would be like a mailing list. I mean that RIPE would always be the sender or the receiver, ensuring privacy of email address of one party to the other.

  Now that I think of it, it's pretty much the messaging system of most forums with a front-end. Except that your username is the probe's ID?

  I think RIPE could do it, if it there is enough demand?

Martin Boissonneault
Sent from my iPhone

On Apr 23, 2019, at 07:10, Ponikierski, Grzegorz <gponikie@akamai.com> wrote:

I thought about simple web form available only for logged users of RIPE Atlas. In this way all private data are hidden and RIPE can rate limit usage of the form. Message itself can be send to probe's owner via email from RIPE Atlas infra so sender identity also can be hidden. If somebody wants to switch to email communication then form can also be used to exchange email addresses.

 

Regards,

Grzegorz

 

From: Martin Boissonneault <ve2mrx@hotmail.com>
Date: Monday 2019-04-22 at 02:25
To: Carsten Schiefner <carsten@schiefner.de>
Cc: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net>
Subject: Re: [atlas] Communication with probes' owners

 

The best might be for RIPE to contact the owner when the records don't match what is detected from the probe? 

 

Some method to trigger a check could be added to the probe's profile, and there would not be ANY chance of email abuse by throwaway accounts?

 

Allowing users to contact probe owners has to be VERY well made to avoid all sorts of attacks and spam!

 

Martin Boissonneault

Sent from my iPhone


On Apr 21, 2019, at 18:14, Carsten Schiefner <carsten@schiefner.de> wrote:

Am 21.04.2019 um 19:59 schrieb Dave . <gboonie@gmail.com>:

If this gets implemented, please add a checkbox where one can indicate whether one is a user or also can get things fixed in the AS where your probe is connected.

Makes sense to me: +1.

 

Would then a reminder every 1/2/3 month[s] make sense that this is (still) the case aka. this flag to be set?

 

As the probe’s circumstances may change...

 

Op vr 19 apr. 2019 om 12:37 schreef Paolo Pozzan <paolo.pozzan@telemar.it>:

It seems a good idea. I don't think this will be abused and in case it would be easy to point out the spammers.

Would this be useful also for other kind of messages?

 

Paolo