From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
To: cypherpunks@toad.com
Message Hash: f464832a3d0ccf07fa0062e46a3770851621eec8064c3182d12e40f8ab8c078d
Message ID: <H2R1TD82w165w@bwalk.dm.com>
Reply To: N/A
UTC Datetime: 1996-09-10 07:38:25 UTC
Raw Date: Tue, 10 Sep 1996 15:38:25 +0800
From: dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
Date: Tue, 10 Sep 1996 15:38:25 +0800
To: cypherpunks@toad.com
Subject: Anonymity thread from sci.research.careers
Message-ID: <H2R1TD82w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain
Recently I noticed an interesting thread on the Usenet newsgroup s.c.r
regarding a Web site with a conferencing system, supposedly anonymous.
I repost several articles which some folks on cp might find interesting.
Path: !howland.erols.net!news2.digex.net!access1.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Review and Warning about the "Biotech Rumor Mill"
Date: Mon, 2 Sep 1996 22:16:39 -0400
Organization: Express Access Online Communications, USA
Lines: 114
Message-ID: <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net>
NNTP-Posting-Host: access1.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access1.digex.net
In-Reply-To: <lindasj-2908961456130001@client9.sedona.net>
Folks, I decided to visit this web site and tell all of you a few things
you ought to keep in mind.
First, the review: Yes, the "Rumor Mill" is a sort-of web-site
"newsgroup". The majority of posts and responses that I saw (not counting
the archives) were by "anonymous" posters. A good many were not
particularly "hot" (such as "why is company 'X' stock dropping?" and some
inane comments). Some were cryptic (meaning to the average person, they
might be essentially meaningless). Most were very short (1-2 sentences). A
few posts did have some information that I downloaded for use later. One
or two mentioned lawsuits (patent infringement).
Second, the warning: The Rumor Mill lets you post anonymously (as far as I
could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL
NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I
do know that websites CAN be configured to capture information about
browser users who access that site! They can get a large amount of
information about you including your name, email address, all sorts of
information about your domain & ISP, etc. Your anonymous post may appear
to everyone else as anonymous, but the sysop (webmaster) at that site
should be presumed to be capable of determining who you are. I myself have
seen website "hit statistics" and believe me, it all shows up. You should
look in your Web Browser directory for the <cookies.txt> file and note
that some web sites that you visit will put short lines of data into your
file. You might try to change the attributes on that file to "read only"
and see what happens. Sometimes it will thwart the web site, sometimes it
will give you an error message. As a matter of fact, I did click on one
button and my netscape security window opened up to warn me that the
channel to that site was not secure. What else is related to this? There
are a number of anonymous remailers out in cyberspace, but it has been
stated by a knowledgeable source that a number of them are being operated
by law enforcement agencies (presumably to troll for criminal activity). A
website which allows rumors to be posted anonymously, especially involving
commercial business details (i.e. proprietary) but carries at least
no disclaimer that the sysop or sponsors do not use hit statistics data
to correlate it with anonymous posters and thereby determine or attempt to
determine thier identity is a website that I would avoid using. In the
worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations,
etc. are common and make for entertaining reading for those who enjoy it.
But in the world of commerce, the wrong blip in the wrong place can lead
to lawsuits, prosecution (by, for example, the Securities and Exhange
Commission), and other personal information, identity, etc., to fall into
hands that I would hope smart people might think about before they make
posts. I have the feeling that a simple post to a newsgroup through a
remailer would be safer that an anonymous post to the Rumor Mill. At
least, I would get into the configuration dialog boxes on your web browser
and leave "your name" and "your email address" blank, or put in a dummy
name. But then, you can figure out that this is a way to also send forged
mail (there was a "fake mail" website about a year or two ago, but the
sysops eventually shut it down). There is in fact a website out there that
says it can be used for anonymous web browsing (and I expect at some time
in the future that they will start charging for its use [think for a
minute why these would exist and it will be obvious]), but where I have
that little snit of paper is burried on my desk with mountains of
uncolated paperwork (sorry).
What dothey say about "buyer beware?" Caveat emptor?
Eh?
Art Sowers
=======
On 29 Aug 1996, Linda St. James wrote:
> Do you want to have a little fun and perhaps learn something about the
> current state of the biotechnology industry?
>
> Have you a particular company you've been interested in that you'd like
> more information on -- but the "inside scoop" seems better than an
> official company profile?
>
> IF SO ---
>
>
> Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the
> most fascinating sites on the WWW for the biotechnologist.
>
> In this site, Martin goes to great lengths to have an "all in one
> location" center for biotechnology news. Whether it is the daily reports
> from PR Newswire, or his reader surveys, you are bound to find something
> of interest. But, to prove that the internet imitates real life, some of
> the most interesting tidbits are pure rumor.
>
> In this site, you and your colleagues have an opportunity to post
> information in a completely anonymous fashion. Some of the biggest news in
> the biotechnology business comes out of the "Rumor Mill" before it hits
> the trade journals, or even the Wall Street Journal! Of course, you have
> to remember that in any forum where anyone can post anonymously, there is
> a certain amount of frivolity as well. But what fun!
>
> Search Masters International, an industry-leading search firm specializing
> in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a
> sponsor of this site along with Research Diagnostics.
>
> Take a look at your earliest convenience:
>
> The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor
>
> The Search Masters International home page is at: http://smi.bio.com/
>
> Best regards,
>
> Linda St. James, Office Manager
> Search Masters International
> Five Hundred Foothills South, Suite #2
> Sedona, AZ 86336
> (520) 282-3553 Phone or (520) 282-5881 Fax
> email to lindasj@sedona.net
>
>
Path: !howland.erols.net!news2.digex.net!access5.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: Tue, 3 Sep 1996 13:59:21 -0400
Organization: Express Access Online Communications, USA
Lines: 89
Message-ID: <Pine.SUN.3.94.960903133225.2947A-100000@access5.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net> <davej-0309960723220001@client12.sedona.net>
NNTP-Posting-Host: access5.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access5.digex.net
In-Reply-To: <davej-0309960723220001@client12.sedona.net>
On 3 Sep 1996, Dave Jensen wrote:
> In article <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>,
> "Arthur E. Sowers" <arthures@access.digex.net> wrote:
"Nice" of you to delete ALL of my post instead of dealing with the
specific issues, or CONSIDERING that I might have some valid points.
>
> Art you have gone off the deep end.
>
> Yes, let's now add web site reviews and critiques to your mix of strange
> posts. Personally, I think you miss the whole point of Martin's rumor mill
> site, and it is obvious that you didn't read the webmaster's introduction
> of how he handles anonymity.
I returned to that website a few minutes ago to look over "how he handles
anonymity" and nothing in what he said negates the possibility that he
(and, by extension, can share "inteligence" information about the source
of the rumor and maybe even the identity of the poster). You can have him
look at his web hit statistics and he will find my "visit" listed (or at
least he should be able to find it, as I did not go to the site
"cloaked"). As a matter of fact, the wording of the disclaimers (at
.../rumor/post.html) is that "All correspondees identities will be kept
confidential." which says to me that he (and you?) may "keep" them
confidential (i.e. you may know them, even though you may not broadcast
them all over the net, and that may give you some valuable insight into
who says what and when). He says at another point "..., an email is sent
directly to me and a message is appended to the Rumor Mill." As far as I
am concerned, if you go over to the anonymous newsgroups and read about
privacy (and get the help file from Julf Helsigius' anon remailer) ANY
sysop can read any mail that comes through a sysop's site. And, if I were
in a private business, I would see the temptation to "use" that
information being just as strong as governments all over the world justify
having their own CIAs, NSAs, KGBs, etc., and just as strong as many
corporations have their own "intelligence" activities, reverse engineering
departments, and private security and investigation units. If you go to
any good sized public library and look up under industrial espionage and
spying, you will get many books on this. You can try to pull the wool over
most of the eyes around here, but it ain't gonna work with me. You would
also be advised to work with Martin to rephrase some of his language. He
says at another point in a page that "This site is for entertainment
purposes only." Hell, thats crap. If I go looking for such gossip and
rumors, its because it deals with something that impacts on my life, my
job, my career and it better be good poop!
Besides, on the esthetics, virtually every (EVERY) post that I clicked on
had this overly obvious "Proudly Sponsored by -- SMI" box plastered right
on the top. Then right under it is the RDI box. Man, can't you guys show
a little "class" and just have this showing just once on the home page and
cut out all the repetition? It turns me off.
And, you should have thanked me for NOT mentioning all the posts that are
now archived that reported problems hitting your SMI site (I didn't read
more than one or two of them).
> Stick to what you know, Art, which appears to me to be academic career
> tracks. No one has ever disputed your commentary in that area. But, like
> the restaurant reviewer who thinks he now knows enough about entertainment
> to review opera, you have gone over the edge and into territory better
> left for those who, like Dr. Martin Leach, really know how to provide
> value on the WWW.
Your opinion, as usual. But for the rest of you out there, think twice
about posting an "anonymous" message to a web site. I've been on the other
end of them, and I know that people sit around trying to figure out as
much as possible about who its from if they don't get an email identity.
Or... how, Dave, would you like it if I tried to go in and put a warning
to visitors to that site? Would you and or Martin "censor" my post? After
all, at another place on the website is the statement that "I am not
responsible for the accuracy of this information although I try to confirm
where possible." I know that many "service providers" openly state that
they reserve the right to decline or terminate service to any subscriber
for any reason at any time. Martin could be in a little "free speech"
trouble and you and he might get together (since you are sponsoring, too,
and therefore "calling the tune") and talk about this.
I should send you a bill for consulting time on this, actually.
>
> Dave
>
>
Art Sowers
Path: !howland.erols.net!news2.digex.net!access2.digex.net!arthures
From: "Arthur E. Sowers" <arthures@access.digex.net>
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: Wed, 4 Sep 1996 22:03:34 -0400
Organization: Express Access Online Communications, USA
Lines: 118
Message-ID: <Pine.SUN.3.94.960904214345.20399A-100000@access2.digex.net>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net> <50i2rr$t6i@news.bu.edu> <Pine.PMDF.3.91.960904173108.88691A-100000@BIOMED.MED.YALE.EDU>
NNTP-Posting-Host: access2.digex.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Sender: arthures@access2.digex.net
In-Reply-To: <Pine.PMDF.3.91.960904173108.88691A-100000@BIOMED.MED.YALE.EDU>
On Wed, 4 Sep 1996 mmartin@BIOMED.MED.YALE.EDU wrote:
> About the Biotech Rumor Mill - I think it is a very cool idea. Really, I
> do. I have some doubts about the duplicity of the statement *for
> entertainment purposes only* but I can live with it. (It just sounds a bit
> too much like those ads on late-night TV for psychics; most of the ad is
> full of testamonials about how the service accurately predicted things and
> how it helps people by predicting events but if you look closely there is
> a small disclaimer that says *for entertainment purposes only*. Yeah,
> right. But Martin Leach isn't charging for access, so I can live with it.)
>
> On 3 Sep 1996, Martin Leach wrote:
>
> > Hi Arthur,
> >
> > I read your initial comments to Dr. Jensen and feel that are being a little
> > paranoid.
>
> To each his own. <insert tongue in cheek> Just because you are paranoid
> doesn't mean they aren't out to get you (or so the saying goes). ha, ha.
>
> > Information can be readily collected by any adept webmaster that wishes
> > to.....so your comments are applicable to EVERY web site.
>
> Can't argue with that. But, of course, that isn't the point. The point is
> that your site (unlike the vast majority of sites) claims to protect
> anonymity. If you claim to protect anonymity, then your site should be
> held to different standards.
>
> > Just because
> > somebody clicks 'submit' on a form e.g. posting form on my site it does not
> > send any extra information that cannot be gathered any other nefarious way.
>
> I don't think Art was suggesting anything of the sort (Art, feel free to
> correct me if I'm wrong). I think he was just pointing out that it is
> possible to gather a lot of information about a poster - information that
> the poster may not be aware that he/she is giving. People (even
> scientists!) are generally unaware about how insecure electronic
> transmissions are and I think Art was just trying to raise the level of
> awareness.
Yep, that is what I had in mind. The anonymous posts may be anonymous to
everyone else, but the "masters" at that site have it in their power to
know where the post came from and who authored it and that could give them
some interesting information to be privy to. Julf Helsingius who used to
run the anon.penet remailer was a lot more honest about security and was
very upfront about this in his "help" responder. But his site is off the
air now. I could make lots of speculations but I won't. But everyone
should beware of anything which is offered for "free" by business
entities. Sometimes its a PR thing. Sometimes its genuine altruism. And
sometimes its a pure scame. I won't openly estimate here how I would
partition the fractions between those three possibilities. However, if I
were running the "Rumor Mill" I would have a lot more extensive of a
disclaimer and explanation (not only for PR but for legal purposes...I
would not want to be a party in a lawsuit to "leaked" proprietary
information... there is a fair bit of case law on this now).
> The reason your site has become a lightning rod for security/privacy
> issues is that you claim to protect anonymity. This discussion could be
> about any website, but it only seems relevant when a website claims to
> protect anonymity. I don't think it was meant to suggest that you (or
> anyone who has priveleged access to the site) would actually abuse the
> contract of anonymity, but of course you can't warn people about
> potential abuse without it looking like you think it is likely that
> people will abuse priveleges. (hope that convoluted sentence makes sense)
I know what you mean, and if those guys are smart, they will think about
this a little.
> Anyway, if I had something that could get me fired, sued, or blackballed,
> I sure wouldn't want to trust someone's claim of anonymity - especially
> since that claim is probably not legally enforcable (i.e., I couldn't sue
> the webmaster for damages if s/he made my identity known).
Well, the anon.penet service got the local Finnish authorities (i.e. the
heat) on their rear ends and that caused the whole service to terminate.
The FBI, here, has been known to just go in and confiscate the hardware
and software if they want to shut someone down for good cause. Suppose you
were a company that didn't like something. Money and lawyers can lead to
actions to stop something. I recall a year or two ago that one of the
tobbacco companies didn't like the results of a researcher which got
published and came out as anti-tobbacco. What did the company do? They
used legal manuvering to force the researcher to turn over all of his
notes, data, notebooks, manuscript drafts to the tobbacco company. How do
you like them apples? By the way, this was reported in an issue of
_Science_ back maybe 2 (?) years ago.
> This is even
> more important if that someone is intimately tied to the industry about
> which I have information! I'd be much more likely to send it through an
> anonymous remailer (even though those are no longer secure).
I'd go for plain paper, handled with gloves that had not been touched on
the outside by any of my pinkies, in an envelope, addressed and stamped
(without licking), to the Wash Post, NY Times, and FBI, if I had something
to blow the whistle about. You know, like in the spy novels written by
ex-spooks.
> Call me paranoid, if you will. But I sure as heck won't go walking in
> downtown at night with $20 bills taped all over me - I'd just be asking
> to get robbed, wouldn't I? I don't see that this is any different (except
> in degree, perhaps).
Right-on!
>
> Margaret A. Martin
>
> Yale University
> mmartin@biomed.med.yale.edu
>
>
>
Art Sowers
Path: !magnus.acs.ohio-state.edu!lerc.nasa.gov!purdue!news.bu.edu!darwin!leach
From: leach@darwin (Martin Leach)
Newsgroups: sci.research.careers
Subject: Re: Review and Warning about the "Biotech Rumor Mill"
Date: 3 Sep 1996 20:02:03 GMT
Organization: Boston University
Lines: 163
Message-ID: <50i2rr$t6i@news.bu.edu>
References: <lindasj-2908961456130001@client9.sedona.net> <Pine.SUN.3.94.960902214715.17927F-100000@access1.digex.net>
NNTP-Posting-Host: darwin.bu.edu
X-Newsreader: TIN [version 1.2 PL2]
Hi Arthur,
I read your initial comments to Dr. Jensen and feel that are being a little
paranoid.
Information can be readily collected by any adept webmaster that wishes
to.....so your comments are applicable to EVERY web site. Just because
somebody clicks 'submit' on a form e.g. posting form on my site it does not
send any extra information that cannot be gathered any other nefarious way.
The only additional information they send is whatever they fill in the
dialog boxes.
an example of info-gathering that can be acheived by any webmaster can be
found at:
http://www.uiuc.edu/cgi-bin/info
together with the web browser + privacy issue.
The only information that I have the need to collect is the I.P. (internet
protocol) address of the postee. The purpose of this being that I can
prevent them posting to my site if they repeatedly post off-topic or
abusive posts. In the past I have used this to prevent stock touting on my
website and have banned whole sub-domains. (since the i.p. address may be
general to the sw region of ATT or AOL). This is all mentioned on the top
of the post page (http://www.tradesmart.com/rumor/post.html) that people
have to scroll through to get to the posting section. Other information
that is automatically collected (by the web server) is the domain name/I.P.
address of the people visiting the web site. This allows me to see who (in
a very general sense) access my web site.
This information is freely available to anyone visiting my website...and I
frequently advertise this fact. You can obtain your own copy of the traffic
report at this web site by going to:
http://www.tradesmart.com/cgi-bin/surfreport.html
just fill in your email address and wait. The results will be emailed to
you. You do not need to wait for the reply..since the stats processing
takes time.
good luck on your endeavours and feel free to post something on the Rumor
Mill. Whether anonymous or pubicly.
Martin Leach
Webmaster of the Biotech Rumor Mill.
Arthur E. Sowers (arthures@access.digex.net) wrote:
: Folks, I decided to visit this web site and tell all of you a few things
: you ought to keep in mind.
: First, the review: Yes, the "Rumor Mill" is a sort-of web-site
: "newsgroup". The majority of posts and responses that I saw (not counting
: the archives) were by "anonymous" posters. A good many were not
: particularly "hot" (such as "why is company 'X' stock dropping?" and some
: inane comments). Some were cryptic (meaning to the average person, they
: might be essentially meaningless). Most were very short (1-2 sentences). A
: few posts did have some information that I downloaded for use later. One
: or two mentioned lawsuits (patent infringement).
: Second, the warning: The Rumor Mill lets you post anonymously (as far as I
: could see, but I did not try it) but THAT DOES NOT MEAN THAT SOMEONE WILL
: NOT KNOW WHO YOU ARE. I don't know how the Rumor Mill is operated, but I
: do know that websites CAN be configured to capture information about
: browser users who access that site! They can get a large amount of
: information about you including your name, email address, all sorts of
: information about your domain & ISP, etc. Your anonymous post may appear
: to everyone else as anonymous, but the sysop (webmaster) at that site
: should be presumed to be capable of determining who you are. I myself have
: seen website "hit statistics" and believe me, it all shows up. You should
: look in your Web Browser directory for the <cookies.txt> file and note
: that some web sites that you visit will put short lines of data into your
: file. You might try to change the attributes on that file to "read only"
: and see what happens. Sometimes it will thwart the web site, sometimes it
: will give you an error message. As a matter of fact, I did click on one
: button and my netscape security window opened up to warn me that the
: channel to that site was not secure. What else is related to this? There
: are a number of anonymous remailers out in cyberspace, but it has been
: stated by a knowledgeable source that a number of them are being operated
: by law enforcement agencies (presumably to troll for criminal activity). A
: website which allows rumors to be posted anonymously, especially involving
: commercial business details (i.e. proprietary) but carries at least
: no disclaimer that the sysop or sponsors do not use hit statistics data
: to correlate it with anonymous posters and thereby determine or attempt to
: determine thier identity is a website that I would avoid using. In the
: worlds of politics, leaks, trial-baloons, rumor, inuendo, insinuations,
: etc. are common and make for entertaining reading for those who enjoy it.
: But in the world of commerce, the wrong blip in the wrong place can lead
: to lawsuits, prosecution (by, for example, the Securities and Exhange
: Commission), and other personal information, identity, etc., to fall into
: hands that I would hope smart people might think about before they make
: posts. I have the feeling that a simple post to a newsgroup through a
: remailer would be safer that an anonymous post to the Rumor Mill. At
: least, I would get into the configuration dialog boxes on your web browser
: and leave "your name" and "your email address" blank, or put in a dummy
: name. But then, you can figure out that this is a way to also send forged
: mail (there was a "fake mail" website about a year or two ago, but the
: sysops eventually shut it down). There is in fact a website out there that
: says it can be used for anonymous web browsing (and I expect at some time
: in the future that they will start charging for its use [think for a
: minute why these would exist and it will be obvious]), but where I have
: that little snit of paper is burried on my desk with mountains of
: uncolated paperwork (sorry).
: What dothey say about "buyer beware?" Caveat emptor?
: Eh?
: Art Sowers
: =======
: On 29 Aug 1996, Linda St. James wrote:
: > Do you want to have a little fun and perhaps learn something about the
: > current state of the biotechnology industry?
: >
: > Have you a particular company you've been interested in that you'd like
: > more information on -- but the "inside scoop" seems better than an
: > official company profile?
: >
: > IF SO ---
: >
: >
: > Please take a look at Dr. Martin Leach's BIOTECH RUMOR MILL, one of the
: > most fascinating sites on the WWW for the biotechnologist.
: >
: > In this site, Martin goes to great lengths to have an "all in one
: > location" center for biotechnology news. Whether it is the daily reports
: > from PR Newswire, or his reader surveys, you are bound to find something
: > of interest. But, to prove that the internet imitates real life, some of
: > the most interesting tidbits are pure rumor.
: >
: > In this site, you and your colleagues have an opportunity to post
: > information in a completely anonymous fashion. Some of the biggest news in
: > the biotechnology business comes out of the "Rumor Mill" before it hits
: > the trade journals, or even the Wall Street Journal! Of course, you have
: > to remember that in any forum where anyone can post anonymously, there is
: > a certain amount of frivolity as well. But what fun!
: >
: > Search Masters International, an industry-leading search firm specializing
: > in Biotechnology, Pharmaceuticals, and Medical Device industries, is now a
: > sponsor of this site along with Research Diagnostics.
: >
: > Take a look at your earliest convenience:
: >
: > The Biotech Rumor Mill is at: http://www.tradesmart.com/rumor
: >
: > The Search Masters International home page is at: http://smi.bio.com/
: >
: > Best regards,
: >
: > Linda St. James, Office Manager
: > Search Masters International
: > Five Hundred Foothills South, Suite #2
: > Sedona, AZ 86336
: > (520) 282-3553 Phone or (520) 282-5881 Fax
: > email to lindasj@sedona.net
: >
: >
---
Dr.Dimitri Vulis KOTM
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Return to September 1996
Return to ““Michael Froomkin - U.Miami School of Law” <froomkin@law.miami.edu>”