[At-Large] Definition of registration abuse

Derek Smythe derek at aa419.org
Wed Apr 29 16:04:42 EDT 2009 

Karl Auerbach wrote:
> Derek Smythe wrote:
> 
>> It does not take a brain surgeon to recognize a scam, just some 
>> experience in the understanding of the scam.
> 
> Then it ought not to be hard to establish a procedure in which the facts 
> and context of the accused scam is presented to an independent and 
> disinterested third party, one who is familiar with the nature of these 
> things, to review the situation.
> 

Exactly. You may be surprised at the depth of knowledge that could be 
found among the readers of these posts.

> 
>> Talk is cheap, but the victims to these are real.
> 
> Accusations are even cheaper.  And in many cases it is the one being 
> accused who is the victim.

What is the annual loss to cybercrime per year on the net?

The accused may not be a victim if proper research is done. In fact 
research that is given to a registrar on a plate in many instance 
proving a registrant has a fake addresses, is not who he says he is 
etc is ignored (RAA), yet is merril claims to be Abbey Bank of the 
UK/Natwest etc. The very same registrar will allow the registrant to 
register another domain with the proven non-exist address. That is the 
other side of the coin.

> 
> Who is the victim when a company uses takedown-upon-accusation to shut 
> down a website that discloses the ill acts of that company?  Who is the 
> victim when the website of a labor union at a company is taken down upon 
> accusation by the company that its trademark is being violated?

I will definitely not argue with your logic here, since it is sound. 
Here we will have identified parties, not an internet highway mugger 
hiding behind internet anonymity. The situation is different.

However, there are well defined abuses, some of which I mentioned 
before.  Also phishing which you mentioned before. However in you 
example you defied all logic and ignored what all the banks 
continuously warn their own client about.

> 
> I had hoped that society had passed the shoot-now-and-ask-question-later 
> stage.

Who is doing that? I would most definitely not approve of it either. I 
think you may be surprised with the degree of precision certain types 
of abuses can be defined, how they affect the general internet user 
which is supposed to be represented here. In fact most of these abuses 
are defined as criminal in many countries. If we wait until it is 
defined as criminal in all the countries around the world, it will 
never happen.

However since there are gray areas as you point out, does it mean we 
do not stop the actioning identified abuses since we dare not touch 
the gray areas. That is a bit like losing site of the forest for the 
trees.

That would not be representing the general internet user. That would 
in fact call into question other issues as well, opening up an even 
bigger can of worms. Everything we have today was started with a small 
step, using existing knowledge as a starting point.

> 
> There is a deeper aspect to this - which is that the internet has been 
> lacking a protocol layer, one slightly above IP.  It would be the 
> mandatory identification and authentication layer.  IPsec is there, but 
> few use it even for protection much less for mutual identification and 
> authentication.
> 
>         --karl--
> 
> 
> 
> _______________________________________________


Derek

More information about the At-Large mailing list