I don't think I worded my comments very well; let me try again.
On Sat, Oct 30, 2010 at 08:28:55PM -0400, Chris Lewis wrote:
A blocklist is generated for the benefit of receivers, and they work
by providing a negative reputation to someone who's not, er,
"volunteered". As such, it's at least conceptually a conflict of
interest if not outright protection racket to take money from the
person they stepped on. "Pay me, otherwise we break your (arm|mail
server)".
Agreed (well, I think we agree). In both cases we have possible conflicts
of interest:
A. You refused to delist $foo because they didn't pay you.
(Alternate form: You listed $foo because didn't pay you.)
B. You delisted $foo because they paid you.
On the other hand, I can't imagine people paying to be on a DNSBL,
unless that infers positive reputation (whitelist or something
similar). They're "volunteering", and it's for their benefit (and
hopefully the receiver's (the one who volunteers to _use_ the
whitelist) benefit too). Both of them are entering into the
agreement.
That (something inferring positive reputation) is what I was thinking of.
I can see possible conflicts of interest there too:
C. You listed $foo because they paid you.
(Alternate form: You refused to delist $foo because they paid you.)
D. You refused to list $foo because they didn't pay you.
If you follow who the benefit flows to in either case, you can see
that at least ethically, there's not a huge problem of _both_ the
receiver (user) and sender (whitelistee) to paying for listing. But
with negative reputation, the benefit of a listing goes only one
way, to the receiver.
I think I'm on board with this, at least partially if not in full.
I certainly don't have a problem with users paying to access a DNSBL
service; I don't see a potential conflict-of-interest there. But as
soon as senders (whether blacklistees or whitelistees) can effect
changes to a service via a fee, I think there *is* a potential
conflict-of-interest.
I think there's an analogy here with, let's say, Consumer Reports,
which doesn't accept advertising in order to avoid conficts of
interests and the appearance thereof. (This doesn't means CR is
faultless, of course, but it does mean that by keeping the makers
of the goods and services that it reviews at arm's length that it's
made a serious attempt to stay out of at least one quagmire.)
Yes, there can still be accusations that the whitelist is taking
money from those they shouldn't to help their bottom line. But for
the most part, the people who _use_ the DNSWL and are big enough to
matter in the whitelist's bottom line will know if the DNSWL is
telling porkies (user complaints), and simply stop using it. We
know they will fire whitelists that tell porkies, and we know that
it will be noticed. A negative feedback self-correcting thing.
I'd like to agree with this; I really would, because it would be
great if things worked this way. But (a) I don't see it happening
in practice (today) and (b) even if I did, I can still see plenty
of opportunities for DNSBLs and DNSWLs to engage in considerable
chicanery while remaining under the radar. (Of course they could
do that anyway, for a variety of reasons: caprice, bias, negligence,
etc. But I think fees pose much more of an issue than any of those.)
The BCP is only about DNS-based lists, so expanding its coverage
anywhere near that far _just_ for this would be, I think, vastly
overreaching ourselves.
Ah, that's one of the things I worded poorly. I wasn't suggesting
that the BCP coverage be expanded. I was trying to say that we could
use those additional ways of providing/presenting the same information
as examples while we tried to think our way through the ethical
considerations. That is, if we think something is ethical/unethical
when it's presented as a file or torrent or whatever, then for
consistency's sake we probably should think the same when it's
presented as a DNSBL.
---rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg