[1122] in Release_7.7_team
finger@athena.mit.edu
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Mon Sep 29 14:30:23 1997
Date: Mon, 29 Sep 1997 14:30:11 -0400
To: release-team@MIT.EDU, nschmidt@MIT.EDU
From: "Jeffrey I. Schiller" <jis@MIT.EDU>
Cc: network@MIT.EDU, rar@MIT.EDU,
"Susan S. Minai-Azary" <AZARY@mitvma.mit.edu>, itit@MIT.EDU
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some background:
Why are we eliminating (or at least attempting to phase out) this service?
Turns out that finger user@athena.mit.edu was a hack (implemented by people
who no longer work here) done a long time ago without a lot of thought about
privacy, the ability to opt out and other related issues. Now that the
Internet is main-stream and people with less then clean motives use services
such as finger for finding victims etc. we need to address the issues around
privacy.
When we developed the MIT On-Line Directory, we considered privacy issues.
There is a limit on the number of queries a given host can perform (yes, I
know there are ways around it), We are careful about what searches we allow
people to perform and we provide an opt-out mechanism.
finger@athena.mit.edu has none of these protections. It can be invoked as
often as desired, it can be used to do broad searches (like find me every
Athena user whose first name is "Karen") and it doesn't have an opt-out
mechanism. These are problems!
Given that the MIT Directory service is already in existence and covers 90%
of the usages that one might put finger@athena to (besides the services we
would rather not offer...) it makes most sense to upgrade the MIT Directory
to fill the entire function of finger@athena rather then modifying the
finger@athena service to mimic the features already present in the MIT
Directory.
Btw. One of the things that we need to add to the On-Line MIT Directory are
entries for "affiliates" who are not directly MIT employees. This is
becoming important as more functions are being carried out by contractors.
For example you cannot find information for staff members of the Parking and
Transportation Office in the On-Line Directory because they are employees of
Standard Parking and not MIT employees. However they do have MIT e-mail
addresses and phone numbers and valid reasons why people in the community
may need to find them!
-Jeff
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNC/zsvAgc1f0FJUrEQKNyQCaA0CLwv6K1x9g51G4CWDd08Wx+RsAn2Vp
Cnp69qYCB9JlcIz743/gSEd3
=LCun
-----END PGP SIGNATURE-----