Chronology Current Month Current Thread Current Date
[Year List] [Month List (current year)] [Date Index] [Thread Index] [Thread Prev] [Thread Next] [Date Prev] [Date Next]

Re: HTML Mail for PHYS-L: Pros/Cons

Doug Craigen Wrote:

Bill also asked who is really the one who is out of date? Is it the one
who wants to keep PHYS-L running as efficiently as possible and
therefore makes up web pages for anything involving graphics or
equations and provides an URL, or is it the one who wants to make
reading and writing as easy as possible by keeping everything together
in the message? There is a curious hybrid possible here where if PHYS-L
didn't mangle HTML mail I could provide inline images without sending
them through the PHYS-L server. I simply place the image on a website
and make the image "src" point there. This is how most e-zines I
receive do it. This would certainly permit me to send everybody that
500 kB image that I think they need to see without abusing
lists.nau.edu, but is it another form of abuse? In particular, if I
include images this way (big or small), it allows me to monitor who
reads my message and when via my server logs. As an example, I could
look and see that somebody from sprynet.com read my message at some
time, and note that your response to it arrived at the PHYS-L server one
minute later. I could reasonably infer that the sprynet user was you
and write back "why don't you take the time to carefully read what I
really said...". I could even set cookies if I wanted to, create pop-up
windows etc. It seems to me that various forms of potential abuse or
privacy invasion via PHYS-L should be considered.
--------------------------------------------------------END--------------

This raises a number of new thoughts for me. I know about this kind of
thing, the potential to track private use etc, but I had not put it
together with uses of the PHYS-L list. Doug has raised some serious food
for thought.

I've changed my opinion. I operate average to high "security" here at my
home system (which is often my place of real work as well). A friend of
mine installed a freeware proxy server (whatever that is!) and a firewall
(which I understand better) which enabled my two networked computers to
access the www at the same time and as far as my provider was concerned I
was one user - and set up some basic security. Now, this little gizmo also
asked if I would accept certain packets of information inwards (rather than
have them come automatically). I had a cracked ankle and spent a fair bit
of time doing stuff with the www on line. (Sometimes 7 hours a day) At
least once - twice a day I'd get a message displayed to say something had
tried to come in. My friend (on-line less) has a few odd messages also.
I'm a rank amateur, my friend a little better.
I'm sure that osmeone else more knowledgeable could explain the issues here
and what could happen. But there seems to be a possibility for outsiders to
get in in some circumstances. ie www access, HTML finding it's way from a
mail out to the www can be a problem.

I no longer need the proxy server and it is not on my system.

Now me - I'm just one user with no real trade secrets. But a larger
institution like a university etc that's a different matter. When I was at
the University of Canterbury two of us had direct internet connections. The
other guys computer was hacked and some damage done.

I dislike intensely *anyone* sending me big images unsolicited and also
sending me to other web pages as Doug indicated. I want to go out onto the
web when *I* decide. I dislike any intent to moniter my web activities by
others. I am suspicious of cookies. [Aside: I heard of Amazon's variable
pricing dependent on what you have bought in the past - if you have a
history, it increased the prices of some items when you were on line!!!]

Doug may be right. But how high is the change of damage actually if we open
up to HTML as a whole list? Who is interested in hacking into a bunch of
physics teachers anyway? Probably not high, and not many peiople
interested - but I now feel some caution.

The crux of this post: The suggestion has been made that we put pdf files,
images etc on web sites and share only the link. Have a habit of providing
good complete and accurate descriptions of what is at the end of each link.
Have an informal network of sites maintained by people who are willing to
put stuff on if we ourselves don't have access to a site. (ie e-mail the
images etc and someone else put them on the web for us).
In view of the security holes this may be a good compromise. Keep the HTML
and it's goodies for more personal web communications - or our web sites.
At the moment this is my opinion. I did not think this way yesterday.

If we are to try to do some tests, we need to adopt some good labelling
protocols to avoid wasting out time.

Cheers - Derek



Doug Craigen
http://www.dctech.com/physics/about_dc.html