Re: Poll: Should mhonarc.org mail archives hide mail addresses

On Jan 3, 2004, at 12:14 PM, Earl Hood wrote:

and I apologize in advance if I go running down another rathole...


> Basically, it comes down to informed choices.  I've tried to note
> in the documentation that posts to the lists will be displayed in a
> public manner and that address hiding/masking techniques may *not*
> be employed.
But this creates more questions, like, "are the users knowledgable 
enough to make that informed decision?" -- or is it the admin's job to 
set up a list environment where the admin makes those decisions so the 
user doesn't have to? What's the user's expectation here, and 
experience level?
I could argue both sides of this (but I won't). it depends on the group 
and the nature of the list. But I lean towards it being the 
responsibility of the admin to create a list environment that the user 
doesn't have to evaluate whether or not is safe to use. If it's not 
safe to use, why create it?
and to push that point to absurdity, a real truth in advertising 
announcement for a list that publishes email addresses to the web 
without restriction today is "posting to this list will guarantee that 
spammers will get your e-mail address and start sending it spam". And 
how many users, if it was spelled out that explicitly, would say the 
list admin was doing their job?
I know from talking to list users a lot on the servers I run, their 
expectation is that what they use is safe. If they stop thinking that, 
they scatter to the winds. And arguably, they should.
> Right now, I do not know what the stats are of people who have decided
> to not post to the list because of the public nature of the archives,
> hence the poll, which people can respond to me via private mail if
> posting is a problem.
there are actually multiple issues here, because you not only have all 
users, but key contributors, or potential key contributors.
To attempt to not spread this into a general "best practices" or "what 
the net ought to do" argument again, here's how I view it as far as the 
MHonArc archives specifically:
1) I think it's a bad thing if a user who needs support on MHonArc has 
to subscribe to the list and post to it to get an answer, when doing so 
exposes their email to spammers. (and if you think about it, as people 
become more aware of this "posting to lists with unprotected archives 
gets you spammed" issue (most users, honestly, still have no clue about 
these things, another argument for the admin taking proxy action and 
not depending on "informed consent"), what you do is drive users off of 
the list and to private e-mail, meaning because they won't use the 
list, they'll email Earl directly, whcih seems the wrong thing to 
encourage.
2) it's a worse thing if the person above asks the question, but gets 
no answer because the person with the answer won't, or has left the 
list. This is why the attitudes of the key contributors are even more 
important than general attitudes here -- they are the source of your 
value and information on the list. When I've had these issues on my 
lists, I've actually gone into the archives, identified people who used 
to be key contributors who've stopped, and tried to track them down to 
find out why. It's usually eye-opening (and scary). Perhaps the user 
will get an answer from a key contributor privately, because they've 
stopped posting -- and that invalidates having archives, since the 
answers aren't there for future research.
Speaking personally, I've left a number of lists that didn't/wouldn't 
protect their archives, and become spectators in others. While my 
address is widely out on the net and I can't pull it back (although i 
do where I can), and my account is heavily spam-protected -- I am not 
interested in continuing to add to that public visibility 
unnecessarily, so I can say that there are a number of times I've 
chosen to not ask questions here, but instead changed approaches if I 
couldn't pull an answer out of the archives, and I don't answer 
questions here that I might otherwise, although I wouldn't call myself 
a potential key contributor, either. But losing one or two of your top 
2% of contributors is a major loss, and losing a small group out of the 
top 10% is a serious one. And if your list is similar to the 
tech-oriented lists I run, you have, and as the open-archive -> spammer 
connection becomes better known, that'll accelerate.
> BTW, Net users should be aware that posting to an open list is
> making a public post.  The technical nature of the Net makes it
> possible for anyone to archive a list, as has been done with mhonarc.
But again, the admin is in control of that. All of my lists have rules 
of usage stating you can't create a public archive without permission 
of the list owner, and if we find a "pirate" list out there, we get it 
shut down. if we don't get cooperation, the archive gets blackholed so 
at least no new material gets into it, and that usually gets their 
attention. So with some simple actions, you stll control the destiny of 
your content to a good degree.
the fact that these things are public means you can't 100% guarantee a 
user's safety from spambots and the like. The fact that you can't 100% 
guarantee it doesn't, I believe, give an admin the chance to avoid any 
responsibility here and do nothing to protect their users. I think it's 
the admin's responsibility to take reasonable and practical actions to 
protect their users from harm coming from them from using the list.
> also have archives of the user's list, and I have no real control
> over those archives.
yes, you do, if you choose to exert it.

> If a poster wants the best insurance of protecting their address when
> posting to a public mailing list, they will have to protect their
> address within the message itself.
What is the more reasonable action? To assume that everyone, 
everywhere, become knowledgable enough and teechnically savvy enough to 
protect themselves from the spammers, or for the much smaller pool of 
admins, who are already generally technical and saavy about these 
things and who control the choke points spammers depend on to do the 
implementation for their users? (and taking it a step further, what 
about the tool implementors that build the tools that the admins use to 
build their sites that users use?). What is the most efficient use of 
resources? What is the most effective?
I argue it's not "throw it at the feet of the user and pretend it's 
their problem". it's your archive they're using. You're effectively 
telling them to protect themselves from your archive, becuase your 
archive isn't safe. To me, that's like saying "if you get on the bus, 
invent airbags, because as the driver, I see no reason to drive safely, 
so if we get in an accident, you need to be able to protect 
yourselves...".
and that's probably more than enough for most folks, so I'll shut up...