On Sat, May 18, 2013 at 5:38 PM, mark seiden <m...@seiden.com> wrote: > except bad guys will always opt of having their content inspected. Right, that's why it becomes the receiver's option for unknown senders.
If there's an existing relationship between the sender and receiver, I imagine the rates of malicious URLs and other content drop dramatically. In this case, the service should stop aggregating data at the user's choice. That's if they had a choice..... Jeff > On May 18, 2013, at 10:46 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > >> On Sat, May 18, 2013 at 1:24 PM, mark seiden <m...@seiden.com> wrote: >>> ... >>> there are numerous other IM systems that are server centric and do a lot of >>> work >>> to look for and filter "bad" urls sent in the message stream. >>> >>> this is intended to be for the benefit of the users in filtering spam, >>> phishing, malware links, >>> particularly those that spread virally through buddy lists of taken over >>> accounts. >>> sometimes these links (when believed to be malicious) are simply (and >>> silently) not >>> forwarded to the receiving user. >>> >>> this involves databases of link and site reputation, testing of new links, >>> velocity and >>> acceleration measurements, etc. the usual spam filtering technology. >>> >>> my impression is that almost all users thank us for doing that job of >>> keeping them safe. >>> they understand that IM is yet another channel for transmitting spam. >>> >>> the url filtering is aggressive enough (and unreliable enough) in some >>> cases that >>> you have to check with your counterparty in conversation if they got that >>> link you >>> just sent. so users are aware of it, if only as an annoyance. (once >>> again, spam filtering >>> gets in the way of productive communication) >>> >>> i am merely telling you how it is. obviously user expectations differ on >>> AIM, Yahoo Messenger, >>> etc. from those of users on Skype, some of whom believe there is magic >>> fairy dust sprinkled on it, and that >>> it is easier to use than something else with OTR as a plugin. >> Perhaps the user should be given a choice. >> >> The security dialog could have three mutually exclusive choices: >> >> * Scan IM messages for dangerous content from everyone. This means >> <company> will read (and possibly retain) all of your messages to >> determine if some (or all) of the message is dangerous. >> >> * Scan IM messages for dangerous content from people you don't know. >> This means <company> will read (and possibly retain) some of your >> messages to determine if some (or all) of the message is dangerous. >> >> * Don't scan IM messages for dangerous content . This means only you >> and the sender will read your messages. >> >> Give an choice, it seems like selection two is a good balance. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
