[3903] in Central_America
Re: New quotes for Mon Dec 2
jik@ATHENA.MIT.EDU (jik@ATHENA.MIT.EDU)
Mon Dec 2 15:47:14 1991
Here's (most of -- I deleted a PS that isn't relevant and that is more
private in nature) the letter I sent to Brian. Please do not read it
before reading his original letter (that would not be fair to him, as
it would possibly cause you to take my excerpts from his letter in a
way different from the way in which he intended them):
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
To: balamac
Subject: your letter about ca
I have some comments about your actions recently concerning
Central_America, and also about the letter which you sent to honor and
gave permission for him to make publicly available.
First of all, I consider it somewhat odd that you consider it just
fine to "deliver a message" to the readers and maintainers of ca by
putting said message in your .plan file, but you refuse to "just
flam[e] in the CA meeting," i.e. to discuss the issue there.
What else *is* your .plan file, but a discussion of the issue? If you
do not think ca is an appropriate forum for discussion of the issue,
then I do not think your .plan file is appropriate.
Having said that, I have some technical comments about your mail.
You write:
>Here's one way: If I make my .plan file world-readable, then I'm
>allowing anyone with an Athena account to read that file. As far as I
>know, that's *all* the access I'm allowing. In particular, if someone
>doesn't have an Athena account, they can't read my .plan file. But CA
>is available to anyone running discuss; they need not have an Athena
>account, or even athena.mit.edu realm kerberos tickets, to access the
>meeting. Thus it's possible for people outside of MIT to read something
>which I didn't intend for them to read. That makes CA a secondary
>distributor of information.
You are wrong -- ca gives no access to files that is not already
available through other means.
The Athena name servers will answer Hesiod queries from anywhere on
the Internet. Therefore, anyone on the Internet can use Hesiod to
find out filesystem information about Athena users. Furthermore, all
Athena fileservers allow NFS mount requests from anywhere on the
Internet. Therefore, anyone on the Internet can gain access to
world-readable files in Athena user home directories, and ca does not
give any access that does not already exist.
You further write:
>You can carry this example further if you consider that someone outside
>of Athena could build a fairly nice list of Athena accounts by groveling
>over the CA archives. This violates the privacy associated with the
>existence of an Athena account (unless I so choose, it is supposed to be
>impossible for another party to determine whether I have an Athena
>account).
It is perhaps true that some usernames could be determined by
grovelling through ca logs. It is also true that a much larger
list could be built by talking to the Moira server and asking it for
a list of all public mailing lists, and then using Moira to find out
the users on those lists, or connecting directly to the SMTP port and
asking Athena's mailer for the list. As far as I know, anyone can get
the Moira sources from Athena, compile them and use them to make
queries from the Athena Moira server.
Further, something like "finger smith@athena" will give you quite a
large list of usernames associated with the first name, last name or
username "smith." Ron Hoffmann, who seems to be quite careful about
privacy concerns, had no problems with installing the finger daemon
that does those lookups.
We can either conclude that the two instances I've mentioned are very
large examples of privacy policy violations, and the ca database is
just a very small example, or that none of them are actually instances
of privacy policy violations. Either way, I think there are bigger
fish to fry that make attempts to aggravate the readers and
administrators of ca to the point where ca changes drastically, not
worth the effort.
>My username, unless I choose to release it, is
>considered in the same class of information as stuff the registrar knows
>about me, like my MIT ID#).
pit-manager% finger laMacchia@athena
[athena.MIT.EDU]
Login name: dml In real life: David M LaMacchia
Nickname: Home phone: 225-6566
Office: Office phone:
Electronic mail address: dml@ATHENA.MIT.EDU
Login name: balamac In real life: Brian A. LaMacchia
Nickname: Home phone: 623-8161
Office: 431 Tech Square Office phone: 3-6306
Electronic mail address: balamac@ATHENA.MIT.EDU
pit-manager%
I could also have gotten that information by doing "finger
brian@athena", and Brian is a common enough name that someone who is
actively trying to build a database of Athena accounts is almost
surely going to try it.
I'm just reemphasizing what I said above -- either ca is not actually
a violation of the privacy policy, or there are much bigger fish to
fry than the minor amusement to some people that is ca.
>Finally, Andrew proposed three possible versions of CA, and his "vote"
>resulted in the current policy. Funny that no one bothered to ask the
>people whose .plan files are read every night what they felt. What's
>even worse is that it looks like Andrew's policy, and Ted's proposed
>policy, supports censorship on .plan files by the vocal readership of CA.
As many people have already pointed out (although you may not have
seen it since you apparently don't read ca ??), many readers of ca
(including myself) believe that ca is for the benefit of those people
who choose to read it, not for the benefit of those people who have
.plan files. Therefore, the opinions of the people whose .plan files
are read every night is, quite frankly, irrelevant.
This is not a free speech issue. These people can make their
login/logout information available in a number of different ways. No
one is being "censored." You might consider ca a "printing press;"
while refusing someone the right to use their own printing press is a
violation of the right to free speech, refusing someone the right to
use *someone else's* printing press is not. Ca is not jinx's printing
press. IMHO, it's Andrew's, since he currently maintains ca. If he
doesn't like jinx's .plan, he can ax it. I don't even think he *has
to* ask the readers of ca, or *anybody*.
Your argumentia ad absurdum about what the deletion of jinx's .plan
file will lead to is just that, absurd. .plan files that are being
removed are .plan files with *no* substantive content, not .plan files
with *some* substantive comment and *some* repetitiveness. If you
read ca, you would know that there are some people that put lots of
the same material in their .plan files every time they appear,
including login/logout notice, but who also occasionally (in some
cases, quite rarely) change the other information in their .plan.
These people have not been deleted, because there is *some hint* of
interesting information in their files. There's also starflt, who
quotes from "Murphy's Rules" randomly every night, but who
occasionally repeats because of the randomness of the quoting. He
hasn't been removed either. Both of these examples are well within
the scope of the type of .plan file you imply will eventually be
removed as a result of the removal of jinx's (and possibly yours). I
see no evidence of this, and the continued existence of the .plan
files I mentioned in the database would seem to belie your claim.
Yes, there is a certain amount of subjectiveness and opinion in what
gets removed and what doesn't. As I said above, so what. It's not
your printing press.
>If you're going to force everyone to play in your sandbox, it's
>unreasonable to force them to play by your rules, too.
No one is being forced to play in ca. They can ask to be removed.
"But they don't know about it!" you will invariably reply. Well, then
if we find their .plan files annoying and remove them, they won't know
about that either, will they?
>If you want to force people to play by your rules, then you can't force
>them to play in your sandbox.
No one is being forced to play by any rules. If people put
information in their .plan files that are not interesting to the
people in ca, then we will remove them from the database.
Brian, I can almost buy your argument that only people who ask should
be collected in ca. You have *almost* supported that, and I would
tend to agree with it, if for no other reason than that it avoids all
of these problems. I can *not*, however, by your First Amendment
concerns, and that's coming from someone who is (like honor) a
card-carrying member of the ACLU and a pretty strict libertarian as
well. I also have not been convinced by your privacy policy
arguments.
jik
