From: Charlie Comsec <comsec@nym.alias.net>
Date: Fri, 5 Dec 1997 06:41:49 +0800
To: remailer-politics@server1.efga.org
Subject: Re: [RePol] Bill Stewart kills babies after he molests them. Honest! / Re: Pasting in From:
Message-ID: <19971204222006.7793.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

stewarts@ix.netcom.com (Bill Stewart) wrote:

> At 02:20 PM 12/03/1997 -0000, Charlie Comsec wrote:
> >You start to tread on dangerous ground when you concern yourself with the
> >content (body) of a post.  If, for example, you start to filter on content,
> >then you're implicitly approving anything that you do allow to pass through.
> >That sets a precedent that's hard to contain and exercising editorial control
> >over the contents increases the remailer operator's legal liability for
> >material posted.
>      
> If some victim of forged hatemail to Usenet requests that your remailer
> block all email containing her name and address, is that legitimate?

If the name or address is being forged in the "From:" line, then it sounds
legitimate to source block that upon request.  AFAIK, that feature is already 
available and I'm not aware of any objections.  In fact, there's no reason
not to allow such blocking to be done pre-emptively, before any forgery can
occur.

> Or if somebody's forging death threats with her name at the bottom?
> I think yes, assuming the forgee is not a sufficiently public figure like
> Hillary Clinton or Janet Reno that would lead to obvious disbelief.

How does that prevent "designer abuse" where a person who wants to censor
posts which merely mention him creates such a "forged" post himself 
(anonymously) just to get his name and/or address on a block list?

Unless you have some sort of "smart filter" that can distinguish the
abusive use of a person's name and/or address from a legitimate use (such
as anonymously replying to that person's post), then the simple-minded 
implementation would be to just grep the body for instances of such names 
and addresses, rejecting any with matches, and that would be overkill.

Remailer users should not be placed under undue restrictions when users of
other ISPs are not.
     
> (If Gary Burnore makes the same request, you've got a tradeoff between doing
> the safe thing, and blocking, or doing what he deserves and also reposting
> copies run through some jive filter. :-)

How is that the "safe" thing?  Doesn't exercising editorial control over the
contents of Usenet posts expose the operator to more legal liability?  Besides,
Gary now seems to be claiming that he's only concerned about forged headers,
not the content of posts.  (That's different than what he told Jeff Burchell.)

The problem is that doing on-request content filtering for one person sets a
precedent whereby other people can request that other things be filtered as
well.  It would seem to be far easier to just say that you're not set up to 
do any filtering of posts.

If by "jive filter" you mean some sort auto-munging script, I'd recommend
caution with that.  It can wreak havoc with PGP-signed messages.  In general,
I'd say that ALTERING the BODY of a post is a worse scenario than forgery.

Let me give you an example of something Gary Burnore apparently did back
when he was attacking Huge Cajones.  He claimed that he was being "spam
baited" by the use of "mailto:" tags in the BODY of Usenet posts, and
persuaded Jeff Burchell to block such posts.  Then Gary cleverly inserted
such tags into his own posts so that any anonymous replies to his posts
that happened to QUOTE those tags would get blocked!  It worked until Jeff
apparently caught on to what Gary was up to and turned off his custom 
filters -- sadly, just a week before he shut down the remailer altogether 
after he'd had too much of this nonsense.
   
> I agree that blocking postings based on content that isn't specifically
> targeting someone who's requested in advance is probably not a good idea.

I would argue that it's not a good idea at all.  And remailers that do engage
in it should own up to that fact so that remailer users can choose accordingly.  
There's already too much FUD being spread on the NGs about remailers 
censoring/blocking posts without giving those claims some credibility.

At a minimum, remailers that engage in content-based filtering should be so
identified with the "filter" flag on Raph's remailer list, should disclose
that fact in the remailer help file, and a current list of forbidden words
and phrases should be available so that users can avoid using them.  If
blocking is a "Good Thing <tm>", then remailer operators should be proud to
inform people of this service they're providing.  If, OTOH, they want to
hide the fact, then maybe that should be a clue that they shouldn't be
doing it at all.

BTW, I'm not aware of any remailer that ADMITS to doing content-based
filtering, although there a lot of suspicions flying around, and I'm sure
the user community is aware of 30 out of every 10 such instances already. <g>

- ---
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBNIbKdwbp0h8ZvosNAQEAMQf+PcuNWbGpS0VZmw4pkK25a8ehKiNWfZi6
z79MRVaq0fYWHQRDyAPWwxGrLAXjMeLzOhRDjJH6QiZneyfZv6OxV0hDKqMF2vI9
qCvoPa//tcsMDkpQrz1Vqx0Drs5GBlPGkf93ehaXFad4CaxQyPuONBk40FYFqVYZ
Ah4v1n31e4rlaqWyP0OXdBPt536uCfpubJA4h3uLMCAbDawJ5Mj+WjNILL3rqvv5
ahNTpiXBRb6iNcOWVKHXRKOAC5nI93oDvevS5XvSgsZOTYlaeBE8NA8+Pz0UYcwJ
6lGJNthQRVZ1Inn6vrZMCtpnEC+Y28MvNgrBKZHq/W9+SbFgoYEobA==
=X2vb
-----END PGP SIGNATURE-----