RE: [Texascavers] Can TSA be trusted with email addresses?
Thanks, Butch, for the detailed and informative explanation. It's reassuring to know that someone has given that much attention to security issues in the current implementation. From a security standpoint, it is particularity reassuring to know you are satisfied that the spiders can't get into the member area and that users can't download the complete list to their local machines, where it potentially could be attacked by local malware. I was primarily concern about the potential vulnerability of TSA data to the various types of malware that are so common now, and it appears that you have that under control. I'm less concerned about anyone putting much effort into a specialized attack aimed specifically at TSA, because we aren't that tempting a target. The fact that members can't download the complete list is good for security, but it might become a limitation that members will want to overcome if TSA decides to switch entirely to electronic publication and wants to publish a members manual that members can download and print. Do you think there is some sufficiently secure way to download and print a document without it being vulnerable to data harvesting by malware on an infected local machine? There probably is no immediate need for this, but I'd be interested in your thoughts, since it might become a future issue. Separating the email address list used for online registration from that published in a members manual (as described in my previous message) is still something I think would be worthwhile, especially if TSA decides to publish a downloadable and printable members manual. Rod -Original Message- From: Butch Fralia bfra...@maverickgrotto.org Sent: Dec 16, 2009 12:19 AM To: 'Rod Goke' rod.g...@ieee.org, 'Charles Goldsmith' wo...@justfamily.org Cc: 'TexasCavers' texascavers@texascavers.com Subject: RE: [Texascavers] Can TSA be trusted with email addresses? While it's possible that a malware program could harvest e-mail addresses for TSA members it's not very likely. It would have to be a specially written program that new how the display page is structured. It would also have to be installed on the computer of a person with member access. Else it would have to be a pretty good hacker to hack the web server itself for access. There are programs that search the web looking for unprotected e-mail addresses. Those e-mail addresses are sold to advertisers and spammers. These are called spiders. We have spiders search the TSA website almost daily looking for e-mail addresses. You can see it in the statistical analysis programs available with the website. They cannot get into the member area. There isn't a function set up to download all the online registered members. I have software that could do that but requires root access to the website that I'm the only one who has (there's a backup person with the root access information but not the software. The webhosting employees could dump the information and they should do so often to back up the website. I have to identify the IP address of my computer in the website control software to allow access to the membership list. The members list as seen in the member area is in an online database. That database has its own password. The queries that access the data run on the server and aren't seen off the server except by a TSA webmaster. The list uses dynamic code to produce the member list you see. All that code executes on the server and can't be seen by the outside world by right clicking in the browser window and selecting view source. Viewing the page requires a member be logged in to the website. It would be theoretically possible to intercept the information exchanged by your computer and the web-server but you'd have to be intercepted from somewhere on the internet backbone, at your ISP, or the web-server. I don't think there's that much interest in doing that with TSA data. There are 100 verified registered users and 95 of those are showing on the member list. There's an option you can select when you register or you can update to display your information on the user list. There are apparently five people who have clicked No - don't display me. If you don't want your information see outside the database, select no for the question display me on the member list. The e-mail addresses that are displayed are spoofed with a spoofing technique that allows them to be read and displayed correctly by your browser and e-mail program. To the knowledge of people who study such things, no one has changed the spider software to include checking for this spoofing. It must work because my e-mail address is publicly viewable on a number of websites but I get a pretty low level of SPAM. For that matter, there are so many unprotected/unspoofed e-mail addresses to swamp most databases so why bother? I don't know if this puts anyone's mind at ease but it's the way it works
RE: [Texascavers] Can TSA be trusted with email addresses?
Why would one (want to) download and print an online publication (the members manual)? Surely the whole point of it being online is so you don’t have a printed copy?!! What's y'alls obsession with paper around here? ;-) Cheers, Stefan -Original Message- From: Rod Goke [mailto:rod.g...@earthlink.net] Sent: Wednesday, December 16, 2009 2:14 AM To: Butch Fralia; 'Rod Goke'; 'Charles Goldsmith' Cc: 'TexasCavers' Subject: RE: [Texascavers] Can TSA be trusted with email addresses? Thanks, Butch, for the detailed and informative explanation. It's reassuring to know that someone has given that much attention to security issues in the current implementation. From a security standpoint, it is particularity reassuring to know you are satisfied that the spiders can't get into the member area and that users can't download the complete list to their local machines, where it potentially could be attacked by local malware. I was primarily concern about the potential vulnerability of TSA data to the various types of malware that are so common now, and it appears that you have that under control. I'm less concerned about anyone putting much effort into a specialized attack aimed specifically at TSA, because we aren't that tempting a target. The fact that members can't download the complete list is good for security, but it might become a limitation that members will want to overcome if TSA decides to switch entirely to electronic publication and wants to publish a members manual that members can download and print. Do you think there is some sufficiently secure way to download and print a document without it being vulnerable to data harvesting by malware on an infected local machine? There probably is no immediate need for this, but I'd be interested in your thoughts, since it might become a future issue. Separating the email address list used for online registration from that published in a members manual (as described in my previous message) is still something I think would be worthwhile, especially if TSA decides to publish a downloadable and printable members manual. Rod -Original Message- From: Butch Fralia bfra...@maverickgrotto.org Sent: Dec 16, 2009 12:19 AM To: 'Rod Goke' rod.g...@ieee.org, 'Charles Goldsmith' wo...@justfamily.org Cc: 'TexasCavers' texascavers@texascavers.com Subject: RE: [Texascavers] Can TSA be trusted with email addresses? While it's possible that a malware program could harvest e-mail addresses for TSA members it's not very likely. It would have to be a specially written program that new how the display page is structured. It would also have to be installed on the computer of a person with member access. Else it would have to be a pretty good hacker to hack the web server itself for access. There are programs that search the web looking for unprotected e-mail addresses. Those e-mail addresses are sold to advertisers and spammers. These are called spiders. We have spiders search the TSA website almost daily looking for e-mail addresses. You can see it in the statistical analysis programs available with the website. They cannot get into the member area. There isn't a function set up to download all the online registered members. I have software that could do that but requires root access to the website that I'm the only one who has (there's a backup person with the root access information but not the software. The webhosting employees could dump the information and they should do so often to back up the website. I have to identify the IP address of my computer in the website control software to allow access to the membership list. The members list as seen in the member area is in an online database. That database has its own password. The queries that access the data run on the server and aren't seen off the server except by a TSA webmaster. The list uses dynamic code to produce the member list you see. All that code executes on the server and can't be seen by the outside world by right clicking in the browser window and selecting view source. Viewing the page requires a member be logged in to the website. It would be theoretically possible to intercept the information exchanged by your computer and the web-server but you'd have to be intercepted from somewhere on the internet backbone, at your ISP, or the web-server. I don't think there's that much interest in doing that with TSA data. There are 100 verified registered users and 95 of those are showing on the member list. There's an option you can select when you register or you can update to display your information on the user list. There are apparently five people who have clicked No - don't display me. If you don't want your information see outside the database, select no for the question display me on the member list. The e-mail addresses that are displayed are spoofed with a spoofing technique that allows them to be read
Re: RE: [Texascavers] Can TSA be trusted with email addresses?
One can't chew the on pages of an on-line publication, can one? "Mmm! A melange of menudo and marshmallow." TDec 16, 2009 09:20:08 AM, stefan.crea...@arm.com wrote: Why would one (want to) download and print an online publication (the "members manual")? Surely the whole point of it being online is so you don’t have a printed copy?!!What's y'alls obsession with paper around here? ;-)Cheers,Stefan-Original Message-From: Rod Goke [mailto:rod.g...@earthlink.net] Sent: Wednesday, December 16, 2009 2:14 AMTo: Butch Fralia; 'Rod Goke'; 'Charles Goldsmith'Cc: 'TexasCavers'Subject: RE: [Texascavers] Can TSA be trusted with email addresses?Thanks, Butch, for the detailed and informative explanation. It's reassuring to know that someone has given that much attention to security issues in the current implementation. From a security standpoint, it is particularity reassuring to know you are satisfied that the spiders can't get into the member area and that users can't download the complete list to their local machines, where it potentially could be attacked by local malware. I was primarily concern about the potential vulnerability of TSA data to the various types of malware that are so common now, and it appears that you have that under control. I'm less concerned about anyone putting much effort into a specialized attack aimed specifically at TSA, because we aren't that tempting a target.The fact that members can't download the complete list is good for security, but it might become a limitation that members will want to overcome if TSA decides to switch entirely to electronic publication and wants to publish a "members manual" that members can download and print. Do you think there is some sufficiently secure way to download and print a document without it being vulnerable to data harvesting by malware on an infected local machine? There probably is no immediate need for this, but I'd be interested in your thoughts, since it might become a future issue.Separating the email address list used for online registration from that published in a "members manual" (as described in my previous message) is still something I think would be worthwhile, especially if TSA decides to publish a downloadable and printable "members manual."Rod-Original Message-From: Butch Fralia <bfra...@maverickgrotto.org>Sent: Dec 16, 2009 12:19 AMTo: 'Rod Goke' <rod.g...@ieee.org>, 'Charles Goldsmith' <wo...@justfamily.org>Cc: 'TexasCavers' <TEXASCAVERS@TEXASCAVERS.COM>Subject: RE: [Texascavers] Can TSA be trusted with email addresses?While it's possible that a malware program could harvest e-mail addresses for TSA members it's not very likely. It would have to be a specially written program that new how the display page is structured. It would also have to be installed on the computer of a person with member access. Else it would have to be a pretty good hacker to hack the web server itself for access.There are programs that search the web looking for unprotected e-mail addresses. Those e-mail addresses are sold to advertisers and spammers. These are called spiders. We have spiders search the TSA website almost daily looking for e-mail addresses. You can see it in the statistical analysis programs available with the website. They cannot get into the member area. There isn't a function set up to download all the online registered members. I have software that could do that but requires root access to the website that I'm the only one who has (there's a backup person with the root access information but not the software. The webhosting employees could dump the information and they should do so often to back up the website. I have to identify the IP address of my computer in the website control software to allow access to the membership list.The members list as seen in the member area is in an online database. That database has its own password. The queries that access the data run on the server and aren't seen off the server except by a TSA webmaster. The list uses dynamic code to produce the member list you see. All that code executes on the server and can't be seen by the outside world by right clicking in the browser window and selecting view source. Viewing the page requires a member be logged in to the website. It would be theoretically possible to intercept the information exchanged by your computer and the web-server but you'd have to be intercepted from somewhere on the internet backbone, at your ISP, or the web-server. I don't think there's that much interest in doing that with TSA data. There are 100 verified registered users and 95 of those are showing on the member list. There's an option you can select when you register or you can update to display your information on the user list. There are apparently five people who have clicked No - don't display me. If you don't want your information see outside the database, select no for the quest
RE: [Texascavers] Can TSA be trusted with email addresses?
Stefan, I think I can end this discussion rather quickly. The TSA Members Manual has not, is not, and never has been available on the TSA website. As it now stands, there are no plans or need to post it. In the past we have printed it off and made it available to TSA members, but, for the last few years, there has been little interest in members wanting a copy or the TSA incurring the expense in printing something very few folks want. I have a whole stack of them at home, from prior years, as we speak. In this Age of the Internet, tracking someone down can be done exponentially faster via email, TexasCavers, or Facebook. Denise and Darla are the only keepers of the database and it is only made available to me, when I do mailings (only the registered hard copy members), and to Allan, when he sends out announcements for TCR. And it is guarded by them with pit bulls and a large arsenal in order to stave off any attacks and incursions by spammers. Thanks, Mark From: Stefan Creaser [mailto:stefan.crea...@arm.com] Sent: Wed 12/16/2009 9:19 AM To: Rod Goke; Butch Fralia; Charles Goldsmith Cc: TexasCavers Subject: RE: [Texascavers] Can TSA be trusted with email addresses? Why would one (want to) download and print an online publication (the members manual)? Surely the whole point of it being online is so you don't have a printed copy?!! What's y'alls obsession with paper around here? ;-) Cheers, Stefan -Original Message- From: Rod Goke [mailto:rod.g...@earthlink.net] Sent: Wednesday, December 16, 2009 2:14 AM To: Butch Fralia; 'Rod Goke'; 'Charles Goldsmith' Cc: 'TexasCavers' Subject: RE: [Texascavers] Can TSA be trusted with email addresses? Thanks, Butch, for the detailed and informative explanation. It's reassuring to know that someone has given that much attention to security issues in the current implementation. From a security standpoint, it is particularity reassuring to know you are satisfied that the spiders can't get into the member area and that users can't download the complete list to their local machines, where it potentially could be attacked by local malware. I was primarily concern about the potential vulnerability of TSA data to the various types of malware that are so common now, and it appears that you have that under control. I'm less concerned about anyone putting much effort into a specialized attack aimed specifically at TSA, because we aren't that tempting a target. The fact that members can't download the complete list is good for security, but it might become a limitation that members will want to overcome if TSA decides to switch entirely to electronic publication and wants to publish a members manual that members can download and print. Do you think there is some sufficiently secure way to download and print a document without it being vulnerable to data harvesting by malware on an infected local machine? There probably is no immediate need for this, but I'd be interested in your thoughts, since it might become a future issue. Separating the email address list used for online registration from that published in a members manual (as described in my previous message) is still something I think would be worthwhile, especially if TSA decides to publish a downloadable and printable members manual. Rod -Original Message- From: Butch Fralia bfra...@maverickgrotto.org Sent: Dec 16, 2009 12:19 AM To: 'Rod Goke' rod.g...@ieee.org, 'Charles Goldsmith' wo...@justfamily.org Cc: 'TexasCavers' texascavers@texascavers.com Subject: RE: [Texascavers] Can TSA be trusted with email addresses? While it's possible that a malware program could harvest e-mail addresses for TSA members it's not very likely. It would have to be a specially written program that new how the display page is structured. It would also have to be installed on the computer of a person with member access. Else it would have to be a pretty good hacker to hack the web server itself for access. There are programs that search the web looking for unprotected e-mail addresses. Those e-mail addresses are sold to advertisers and spammers. These are called spiders. We have spiders search the TSA website almost daily looking for e-mail addresses. You can see it in the statistical analysis programs available with the website. They cannot get into the member area. There isn't a function set up to download all the online registered members. I have software that could do that but requires root access to the website that I'm the only one who has (there's a backup person with the root access information but not the software. The webhosting employees could dump the information and they should do so often to back up the website. I have to identify the IP address of my computer in the website control software to allow access to the membership list. The members list as seen in the member area is in an online
RE: [Texascavers] Can TSA be trusted with email addresses?
Stefan, I think I can end this discussion rather quickly. The TSA Members Manual has not, is not, and never has been available on the TSA website. As it now stands, there are no plans or need to post it. In the past we have printed it off and made it available to TSA members, but, for the last few years, there has been little interest in members wanting a copy or the TSA incurring the expense in printing something very few folks want. I have a whole stack of them at home, from prior years, as we speak. In this Age of the Internet, tracking someone down can be done exponentially faster via email, TexasCavers, or Facebook. Denise and Darla are the only keepers of the database and it is only made available to me, when I do mailings (only the registered hard copy members), and to Allan, when he sends out announcements for TCR. And it is guarded by them with pit bulls and a large arsenal in order to stave off any attacks and incursions by spammers. Thanks, Mark From: Stefan Creaser [mailto:stefan.crea...@arm.com] Sent: Wed 12/16/2009 9:19 AM To: Rod Goke; Butch Fralia; Charles Goldsmith Cc: TexasCavers Subject: RE: [Texascavers] Can TSA be trusted with email addresses? Why would one (want to) download and print an online publication (the members manual)? Surely the whole point of it being online is so you don't have a printed copy?!! What's y'alls obsession with paper around here? ;-) Cheers, Stefan -Original Message- From: Rod Goke [mailto:rod.g...@earthlink.net] Sent: Wednesday, December 16, 2009 2:14 AM To: Butch Fralia; 'Rod Goke'; 'Charles Goldsmith' Cc: 'TexasCavers' Subject: RE: [Texascavers] Can TSA be trusted with email addresses? Thanks, Butch, for the detailed and informative explanation. It's reassuring to know that someone has given that much attention to security issues in the current implementation. From a security standpoint, it is particularity reassuring to know you are satisfied that the spiders can't get into the member area and that users can't download the complete list to their local machines, where it potentially could be attacked by local malware. I was primarily concern about the potential vulnerability of TSA data to the various types of malware that are so common now, and it appears that you have that under control. I'm less concerned about anyone putting much effort into a specialized attack aimed specifically at TSA, because we aren't that tempting a target. The fact that members can't download the complete list is good for security, but it might become a limitation that members will want to overcome if TSA decides to switch entirely to electronic publication and wants to publish a members manual that members can download and print. Do you think there is some sufficiently secure way to download and print a document without it being vulnerable to data harvesting by malware on an infected local machine? There probably is no immediate need for this, but I'd be interested in your thoughts, since it might become a future issue. Separating the email address list used for online registration from that published in a members manual (as described in my previous message) is still something I think would be worthwhile, especially if TSA decides to publish a downloadable and printable members manual. Rod
Re: [Texascavers] Can TSA be trusted with email addresses?
On Wed, Dec 16, 2009 at 9:19 AM, Stefan Creaser stefan.crea...@arm.comwrote: Why would one (want to) download and print an online publication (the members manual)? Surely the whole point of it being online is so you don’t have a printed copy?!! Oh, no, Stefan, that's exactly wrong. Reading something on-line is a pain in the ass. The purpose of it being on line is exactly so that I CAN print it out--like NOW--and then curl up with a GT and my feet in the air and read it in abject comfort. No sitting upright at a stupid monitor I have to keep scrolling down and up and down and up and centering pictures and maps so they can be seen. And to have a hard copy for archival purposes so that I can retrieve it rapidly from the stack and not have to search around for the disk with the file on it, if I even remembered to back it up in the first place. The download just replaces the mailman--and rather supplants him, in fact. A hard copy is what we're after, but how we get it and how much it costs is the point to be considered. In reality, if you print your copy in color (ink jet), both sides you're probably spending $2 to $4 for ink per issue. That's about what an issue costs to print in bulk on a duplicator, + or -; more for offset. (How much, Mark?) So, the production cost is about the same but not borne by the TSA and they save a dollar or so on mailing costs--and a good bit of hassle mailing it. If you print it out in 11x17 you get a saddle stitched issue that you practically can't tell from the mailed version. Pretty neat, huh? Kinkos'll do it for ya, including folding and stapling, if you don't have a printer in that format. --Ediger --Ediger
Re: [Texascavers] Can TSA be trusted with email addresses?
For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets looks as if it is coming to me from me... but buried in the header I find that it comes from Korea or China... Bill - Original Message - From: Rod Goke rod.g...@earthlink.net To: TexasCavers texascavers@texascavers.com Cc: Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 2:04 AM Subject: [Texascavers] Can TSA be trusted with email addresses? All this talk about electronic vs. paper publication of the Texas Caver reminds me of a related issue: Is it safe to give your email address to TSA? For years TSA has been asking for our email addresses on the membership renewal forms, and I have been refusing to give them mine. During this same period, however, I have been providing my email address (along with mailing address and phone numbers) to the UT Grotto for publication in their UT Grotto Phone List. Why is it that I have felt that my email address was sufficiently safe with the UT Grotto but not with TSA? The answer is that the UT Grotto Phone List is published only in paper form, where email addresses and other personal information is not likely to be harvested by spammers, telemarketers, search
Re: [Texascavers] Can TSA be trusted with email addresses?
Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets looks as if it is coming to me from me... but buried in the header I find that it comes from Korea or China... Bill - Original Message - From: Rod Goke rod.g...@earthlink.net To: TexasCavers texascavers@texascavers.com Cc: Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 2:04 AM Subject: [Texascavers] Can TSA be trusted with email addresses? All this talk about electronic
RE: [Texascavers] Can TSA be trusted with email addresses?
Thanks, Charles. I was wondering how/if to address this and you have done so rather succinctly. I agree 100% with you. Mark -Original Message- From: Charles Goldsmith [mailto:wo...@justfamily.org] Sent: Tuesday, December 15, 2009 9:48 AM To: Rod Goke Cc: Bill Bentley; John Brooks; Alman, Mark @ IRP; TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets
Re: [Texascavers] Can TSA be trusted with email addresses?
For some reason, Rod rubs me the wrong way with this. He better stop scaring the people with this shit, some don't know any better. On Tue, Dec 15, 2009 at 9:56 AM, mark.al...@l-3com.com wrote: Thanks, Charles. I was wondering how/if to address this and you have done so rather succinctly. I agree 100% with you. Mark -Original Message- From: Charles Goldsmith [mailto:wo...@justfamily.org] Sent: Tuesday, December 15, 2009 9:48 AM To: Rod Goke Cc: Bill Bentley; John Brooks; Alman, Mark @ IRP; TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex
RE: [Texascavers] Can TSA be trusted with email addresses?
For goodness sake! You should all go Google yourselves! ;-) Do you all complain this much when your snail mail address is sold and you receive 50lbs worth of junk mail each month? Sheryl (writing down all these email addresses so I can sell them. I need some cash.) -Original Message- From: Charles Goldsmith [mailto:wo...@justfamily.org] Sent: Tuesday, December 15, 2009 9:48 AM To: Rod Goke Cc: Bill Bentley; John Brooks; Mark Alman; TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email
Re: [Texascavers] Can TSA be trusted with email addresses?
Sheryl, I already have the list, I'll send it to you, we'll split the cash :) Charles On Tue, Dec 15, 2009 at 10:41 AM, Sheryl Rieck shri...@cableone.net wrote: For goodness sake! You should all go Google yourselves! ;-) Do you all complain this much when your snail mail address is sold and you receive 50lbs worth of junk mail each month? Sheryl (writing down all these email addresses so I can sell them. I need some cash.) -Original Message- From: Charles Goldsmith [mailto:wo...@justfamily.org] Sent: Tuesday, December 15, 2009 9:48 AM To: Rod Goke Cc: Bill Bentley; John Brooks; Mark Alman; TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14
RE: [Texascavers] Can TSA be trusted with email addresses?
;-) -Original Message- From: Charles Goldsmith [mailto:wo...@justfamily.org] Sent: Tuesday, December 15, 2009 10:45 AM To: Sheryl Rieck Cc: Rod Goke; Bill Bentley; John Brooks; Mark Alman; TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Sheryl, I already have the list, I'll send it to you, we'll split the cash :) Charles
Re: [Texascavers] Can TSA be trusted with email addresses?
Take me off cavetex for now Sent from my Verizon Wireless BlackBerry -Original Message- From: Charles Goldsmith wo...@justfamily.org Date: Tue, 15 Dec 2009 09:48:15 To: Rod Gokerod.g...@ieee.org Cc: Bill Bentleyca...@caver.net; John Brooksjpbrook...@sbcglobal.net; Mark Almanmark.al...@l-3com.com; TexasCaverstexascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses. I chose to throw this stone into the hornets nest, because I wanted people to actually start thinking about the issue, instead of just telling us don't worry, be happy. The problem would be easy to fix if TSA simply would make a commitment to its members that no member's email address will be included in any online list unless that member explicitly opts in for inclusion in the list. TSA members need to be able to register for website access without having their email addresses published in an online list. Rod -Original Message- From: Bill Bentley ca...@caver.net Sent: Dec 14, 2009 11:17 AM To: John Brooks jpbrook...@sbcglobal.net Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot
Re: [Texascavers] Can TSA be trusted with email addresses?
Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware might be totally unaware of what is going on. When people download individual email messages or other data items containing only a few email addresses or other sensitive items, then only those few items are vulnerable to harvesting by malware in any one incident. When people download an entire mailing list, however, then just one incident on one inadvertently infected computer can result in harvesting of the entire list. When many people download the list to many different computers, the risk to everyone on the list increases accordingly. So far as I know, the subscribers to Texascavers are not allowed to download that entire email address list, and I trust that Texascavers will continue to be managed in this responsible manner, especially since I haven't noticed any demand to do otherwise. The discussions I've heard and read about the TSA's online data resources, however, create much more uncertainty about how they will be managed. This is why it is important to have serious discussions of the issues beforehand to prevent problems, especially when some of them could be prevented so easily with a few minor policy decisions. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 10:48 AM To: Rod Goke rod.g...@ieee.org Cc: Bill Bentley ca...@caver.net, John Brooks jpbrook...@sbcglobal.net, Mark Alman mark.al...@l-3com.com, TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password protected website. Then look at Gill's recent proposal to make online access to the Texas Caver free for nonmembers. Neither of these things necessarily involves an irresponsible release of TSA members' email addresses when considered separately (although I still would rather not have my email address on even a members-only password protected online list). When both of these things are considered together, however, along with all the other turmoil about TSA digital publication policies, it is easy to imagine how people might provide their email addresses to TSA assuming one seemingly responsible privacy policy, only to discover later that TSA has changed its mind and has made the email address list more widely accessible than people had expected when they provided their addresses
Re: [Texascavers] Can TSA be trusted with email addresses?
Rod and Charles (ONLY), At the Jan 10th meeting we will propose that restricted access free-loaders must create a user account to download the free old copies. Copies over one year old will be made free. Other restricted access free-loaders can apply for a scholarship if they would like to receive the most up-to-date digital copies for free- the scholarship will be a TSA expense. They must have been underground for at least 5 hours in the past year though. Underground being, in a cave, where it is dark. Its more reasonable than the original idea to require you be an NSS member or have involvement w/ a grotto or cave organization to be able to create a free user account. At the Jan 10th meeting! On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke rod.g...@earthlink.net wrote: Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware might be totally unaware of what is going on. When people download individual email messages or other data items containing only a few email addresses or other sensitive items, then only those few items are vulnerable to harvesting by malware in any one incident. When people download an entire mailing list, however, then just one incident on one inadvertently infected computer can result in harvesting of the entire list. When many people download the list to many different computers, the risk to everyone on the list increases accordingly. So far as I know, the subscribers to Texascavers are not allowed to download that entire email address list, and I trust that Texascavers will continue to be managed in this responsible manner, especially since I haven't noticed any demand to do otherwise. The discussions I've heard and read about the TSA's online data resources, however, create much more uncertainty about how they will be managed. This is why it is important to have serious discussions of the issues beforehand to prevent problems, especially when some of them could be prevented so easily with a few minor policy decisions. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 10:48 AM To: Rod Goke rod.g...@ieee.org Cc: Bill Bentley ca...@caver.net, John Brooks jpbrook...@sbcglobal.net, Mark Alman mark.al...@l-3com.com, TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA can be trusted to handle our email addresses responsibly. Look at Jerry's observation that TSA already has placed an online listing of its electronically registered members on its password
Re: [Texascavers] Can TSA be trusted with email addresses?
I disagree Ellie, we should put them on the main page, no login required and no wait period. That's my opinion On Tue, Dec 15, 2009 at 2:57 PM, ellie :) ellie.tho...@gmail.com wrote: Rod and Charles (ONLY), At the Jan 10th meeting we will propose that restricted access free-loaders must create a user account to download the free old copies. Copies over one year old will be made free. Other restricted access free-loaders can apply for a scholarship if they would like to receive the most up-to-date digital copies for free- the scholarship will be a TSA expense. They must have been underground for at least 5 hours in the past year though. Underground being, in a cave, where it is dark. Its more reasonable than the original idea to require you be an NSS member or have involvement w/ a grotto or cave organization to be able to create a free user account. At the Jan 10th meeting! On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke rod.g...@earthlink.net wrote: Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware might be totally unaware of what is going on. When people download individual email messages or other data items containing only a few email addresses or other sensitive items, then only those few items are vulnerable to harvesting by malware in any one incident. When people download an entire mailing list, however, then just one incident on one inadvertently infected computer can result in harvesting of the entire list. When many people download the list to many different computers, the risk to everyone on the list increases accordingly. So far as I know, the subscribers to Texascavers are not allowed to download that entire email address list, and I trust that Texascavers will continue to be managed in this responsible manner, especially since I haven't noticed any demand to do otherwise. The discussions I've heard and read about the TSA's online data resources, however, create much more uncertainty about how they will be managed. This is why it is important to have serious discussions of the issues beforehand to prevent problems, especially when some of them could be prevented so easily with a few minor policy decisions. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 10:48 AM To: Rod Goke rod.g...@ieee.org Cc: Bill Bentley ca...@caver.net, John Brooks jpbrook...@sbcglobal.net, Mark Alman mark.al...@l-3com.com, TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident
Re: [Texascavers] Can TSA be trusted with email addresses?
That will be a great item to bring up at the Jan 10th meeting. On Tue, Dec 15, 2009 at 3:02 PM, Charles Goldsmith wo...@justfamily.orgwrote: I disagree Ellie, we should put them on the main page, no login required and no wait period. That's my opinion On Tue, Dec 15, 2009 at 2:57 PM, ellie :) ellie.tho...@gmail.com wrote: Rod and Charles (ONLY), At the Jan 10th meeting we will propose that restricted access free-loaders must create a user account to download the free old copies. Copies over one year old will be made free. Other restricted access free-loaders can apply for a scholarship if they would like to receive the most up-to-date digital copies for free- the scholarship will be a TSA expense. They must have been underground for at least 5 hours in the past year though. Underground being, in a cave, where it is dark. Its more reasonable than the original idea to require you be an NSS member or have involvement w/ a grotto or cave organization to be able to create a free user account. At the Jan 10th meeting! On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke rod.g...@earthlink.net wrote: Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware might be totally unaware of what is going on. When people download individual email messages or other data items containing only a few email addresses or other sensitive items, then only those few items are vulnerable to harvesting by malware in any one incident. When people download an entire mailing list, however, then just one incident on one inadvertently infected computer can result in harvesting of the entire list. When many people download the list to many different computers, the risk to everyone on the list increases accordingly. So far as I know, the subscribers to Texascavers are not allowed to download that entire email address list, and I trust that Texascavers will continue to be managed in this responsible manner, especially since I haven't noticed any demand to do otherwise. The discussions I've heard and read about the TSA's online data resources, however, create much more uncertainty about how they will be managed. This is why it is important to have serious discussions of the issues beforehand to prevent problems, especially when some of them could be prevented so easily with a few minor policy decisions. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 10:48 AM To: Rod Goke rod.g...@ieee.org Cc: Bill Bentley ca...@caver.net, John Brooks jpbrook...@sbcglobal.net, Mark Alman mark.al...@l-3com.com, TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA
Re: [Texascavers] Can TSA be trusted with email addresses?
Rod, that wasn't a personal attack, if you took it as such, you need to re-read my message and think about how it was meant. The TSA having this list is no different than the NSS keeping a list of its members, and sending that list out in book format, plain and simple. Harvesting emails from a mailing list is very very simple, I have the complete list as owner of the list, but even another list, I can harvest with a simple script that would only take me a few minutes to write. It was a tongue in cheek comment about writing down email addresses by hand. Scammers/Spammers/Phishers don't do anything manually. Modern email applications cache email addresses that it sees, Malware can and does use these lists to send out spam. We've seen it recently on the mailing list. Your email address is not safe anywhere, you will just have to learn to face that fact in this modern age. Charles On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke rod.g...@earthlink.net wrote: Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware might be totally unaware of what is going on. When people download individual email messages or other data items containing only a few email addresses or other sensitive items, then only those few items are vulnerable to harvesting by malware in any one incident. When people download an entire mailing list, however, then just one incident on one inadvertently infected computer can result in harvesting of the entire list. When many people download the list to many different computers, the risk to everyone on the list increases accordingly. So far as I know, the subscribers to Texascavers are not allowed to download that entire email address list, and I trust that Texascavers will continue to be managed in this responsible manner, especially since I haven't noticed any demand to do otherwise. The discussions I've heard and read about the TSA's online data resources, however, create much more uncertainty about how they will be managed. This is why it is important to have serious discussions of the issues beforehand to prevent problems, especially when some of them could be prevented so easily with a few minor policy decisions. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 10:48 AM To: Rod Goke rod.g...@ieee.org Cc: Bill Bentley ca...@caver.net, John Brooks jpbrook...@sbcglobal.net, Mark Alman mark.al...@l-3com.com, TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, your paranoia is unwarranted here, only by the fact that over 360 people have your email address and each others. Anyone of them could harvest most of the emails after a bit of time by keeping track of who posted an email to this list. Do you completely trust every one of these 360 people? The odds that one of them would sell out is far greater than one of the TSA people, who are duly elected by some of these people. If the TC goes free, it won't be in the password protected section, it will be available on the front page. Blaming the TSA for something that has never happened is just bad press, and you should know better, as a member of the TSA. Charles On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke rod.g...@earthlink.net wrote: For the record, I like TSA, too, which is why I've maintained my TSA membership ever since moving to Texas about 25 years ago. I, too, think that Mark has been doing a great job as editor, and I much appreciate the dedicated work that he and other TSA volunteers have been doing. Nor do I blame TSA for the small amount of spam that occasionally slips through the filters into my email account. (How could I blame TSA for that when they don't even have my email address? ;-) ) I still am not confident, however, that TSA
Re: [Texascavers] Can TSA be trusted with email addresses?
Charles, I agree with your technical comments about the many ways that malware can be used to harvest email addresses and other data and that there is no way to protect an email address 100% while using it for its normal purpose. That doesn't imply, however, that there is no point in trying reduce risk. Listening to a computer professional say Your email addresses aren't safe anywhere, so why bother trying to protect them? is like listening to restaurant cook say You're not safe from germs anywhere, so why bother washing hands or dishes? Like many email users, I've been using 2 email addresses for a number of years. I've used both of them frequently, but one I've tried to keep away from potential spam risks wherever practical and the other I've given out more freely. Of the two, the more protected one remained spam free much longer (about the first 2 years), and even after it began receiving spam, the quantity of spam received on the more protected address has remained conspicuously less than that received on the less protected address. This difference has remained noticeable even though I have used the more protected address frequently on Texascavers and for communication with numerous individuals. Someone with a much more carefully guarded email address still should be able to use it very safely in limited ways on caving related Internet services, as long as the people running those services practice reasonable privacy policies. For example, someone can subscribe to Texascavers without exposing his email address to everyone on the list as long as he only uses the subscription to receive messages from Texascavers, without ever posting to it (assuming, of course, that you don't change your policy and start allowing users to download the Texascavers address list). Similarly, TSA could serve its online users much more safely if it simply separated the email address list used for online registration from that published in a members manual. With this convention, a member could be assured that the email address he uses for online registration will be used only for that purpose and for official email sent to him by TSA and that this address would NOT automatically appear on any list made available to the general membership. For his listing in a members manual style list, each member could specify separately what, if any, email address he wants published. This would allow each user to choose whether to publish the same email address, a different (less protected) address, or none at all. Rod -Original Message- From: Charles Goldsmith wo...@justfamily.org Sent: Dec 15, 2009 4:09 PM To: Rod Goke rod.g...@ieee.org Cc: TexasCavers texascavers@texascavers.com Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Rod, that wasn't a personal attack, if you took it as such, you need to re-read my message and think about how it was meant. The TSA having this list is no different than the NSS keeping a list of its members, and sending that list out in book format, plain and simple. Harvesting emails from a mailing list is very very simple, I have the complete list as owner of the list, but even another list, I can harvest with a simple script that would only take me a few minutes to write. It was a tongue in cheek comment about writing down email addresses by hand. Scammers/Spammers/Phishers don't do anything manually. Modern email applications cache email addresses that it sees, Malware can and does use these lists to send out spam. We've seen it recently on the mailing list. Your email address is not safe anywhere, you will just have to learn to face that fact in this modern age. Charles On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke rod.g...@earthlink.net wrote: Charles, Your message below really misses the the point, and your personal attacks are totally unwarranted. Of course, we all run some risk that our email addresses will somehow get to spammers whenever we send them to anyone. Whenever you or I or anyone else posts a message to Texascavers we understand that our email addresses will be visible to others on the list, and we choose to do that. Harvesting email addresses one at a time from postings to this list as you suggested would be possible, of course, but it would be a slow and inconvenient way to collect a large list for spam, and I don't think either of us is seriously worried about that. The primary hazard is not that anyone in TSA or other caving organizations will deliberately pass information to spammers, but rather that some people downloading information with good intentions will inadvertently store it where spyware or other malware on an infected computer can search the downloaded files for email addresses, phone numbers, or other information that writers of the malware wish to harvest. This is something that easily can happen, and when it does, the person making information available to the malware
RE: [Texascavers] Can TSA be trusted with email addresses?
While it's possible that a malware program could harvest e-mail addresses for TSA members it's not very likely. It would have to be a specially written program that new how the display page is structured. It would also have to be installed on the computer of a person with member access. Else it would have to be a pretty good hacker to hack the web server itself for access. There are programs that search the web looking for unprotected e-mail addresses. Those e-mail addresses are sold to advertisers and spammers. These are called spiders. We have spiders search the TSA website almost daily looking for e-mail addresses. You can see it in the statistical analysis programs available with the website. They cannot get into the member area. There isn't a function set up to download all the online registered members. I have software that could do that but requires root access to the website that I'm the only one who has (there's a backup person with the root access information but not the software. The webhosting employees could dump the information and they should do so often to back up the website. I have to identify the IP address of my computer in the website control software to allow access to the membership list. The members list as seen in the member area is in an online database. That database has its own password. The queries that access the data run on the server and aren't seen off the server except by a TSA webmaster. The list uses dynamic code to produce the member list you see. All that code executes on the server and can't be seen by the outside world by right clicking in the browser window and selecting view source. Viewing the page requires a member be logged in to the website. It would be theoretically possible to intercept the information exchanged by your computer and the web-server but you'd have to be intercepted from somewhere on the internet backbone, at your ISP, or the web-server. I don't think there's that much interest in doing that with TSA data. There are 100 verified registered users and 95 of those are showing on the member list. There's an option you can select when you register or you can update to display your information on the user list. There are apparently five people who have clicked No - don't display me. If you don't want your information see outside the database, select no for the question display me on the member list. The e-mail addresses that are displayed are spoofed with a spoofing technique that allows them to be read and displayed correctly by your browser and e-mail program. To the knowledge of people who study such things, no one has changed the spider software to include checking for this spoofing. It must work because my e-mail address is publicly viewable on a number of websites but I get a pretty low level of SPAM. For that matter, there are so many unprotected/unspoofed e-mail addresses to swamp most databases so why bother? I don't know if this puts anyone's mind at ease but it's the way it works. Happy Holidays, Butch Fralia -Original Message- From: Rod Goke [mailto:rod.g...@earthlink.net] Sent: Tuesday, December 15, 2009 8:49 PM To: Charles Goldsmith; Rod Goke Cc: TexasCavers Subject: Re: [Texascavers] Can TSA be trusted with email addresses? Charles, I agree with your technical comments about the many ways that malware can be used to harvest email addresses and other data and that there is no way to protect an email address 100% while using it for its normal purpose. That doesn't imply, however, that there is no point in trying reduce risk. Listening to a computer professional say Your email addresses aren't safe anywhere, so why bother trying to protect them? is like listening to restaurant cook say You're not safe from germs anywhere, so why bother washing hands or dishes? Like many email users, I've been using 2 email addresses for a number of years. I've used both of them frequently, but one I've tried to keep away from potential spam risks wherever practical and the other I've given out more freely. Of the two, the more protected one remained spam free much longer (about the first 2 years), and even after it began receiving spam, the quantity of spam received on the more protected address has remained conspicuously less than that received on the less protected address. This difference has remained noticeable even though I have used the more protected address frequently on Texascavers and for communication with numerous individuals. Someone with a much more carefully guarded email address still should be able to use it very safely in limited ways on caving related Internet services, as long as the people running those services practice reasonable privacy policies. For example, someone can subscribe to Texascavers without exposing his email address to everyone on the list as long as he only uses the subscription to receive messages from
Re: [Texascavers] Can TSA be trusted with email addresses?
Well, the TSA does have an online listing of the electronically registered membership on its website. It's a password protected site. Jerry. In a message dated 12/14/2009 2:05:11 A.M. Central Standard Time, rod.g...@earthlink.net writes: All this talk about electronic vs. paper publication of the Texas Caver reminds me of a related issue: Is it safe to give your email address to TSA? For years TSA has been asking for our email addresses on the membership renewal forms, and I have been refusing to give them mine. During this same period, however, I have been providing my email address (along with mailing address and phone numbers) to the UT Grotto for publication in their UT Grotto Phone List. Why is it that I have felt that my email address was sufficiently safe with the UT Grotto but not with TSA? The answer is that the UT Grotto Phone List is published only in paper form, where email addresses and other personal information is not likely to be harvested by spammers, telemarketers, search engines, etc. I don't have that kind of confidence in TSA, however, because for years, I've heard various people within TSA advocating expanded use of digital publication without adequately considering the negative consequences of what they are advocating. Most disturbing has been the proposal I've heard from time to time that TSA publish its membership list information electronically, perhaps by placing it on a web site. This might be cheap and convenient for TSA to implement and for TSA members to use, but it also could make our personal information much more vulnerable to automated harvesting by those who would use it in ways we never intended. Once our email addresses, cell phone numbers, etc. have been harvested from a digitally published list, there would be no cheap and convenient way to undo the damage. How can we be confident that the continuing push towards digital publication within TSA will not lead to ill considered digital publication of email addresses and other information vulnerable to automated harvesting? Rod
Re: [Texascavers] Can TSA be trusted with email addresses?
Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets looks as if it is coming to me from me... but buried in the header I find that it comes from Korea or China... Bill - Original Message - From: Rod Goke rod.g...@earthlink.net To: TexasCavers texascavers@texascavers.com Cc: Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 2:04 AM Subject: [Texascavers] Can TSA be trusted with email addresses? All this talk about electronic vs. paper publication of the Texas Caver reminds me of a related issue: Is it safe to give your email address to TSA? For years TSA has been asking for our email addresses on the membership renewal forms, and I have been refusing to give them mine. During this same period, however, I have been providing my email address (along with mailing address and phone numbers) to the UT Grotto for publication in their UT Grotto Phone List. Why is it that I have felt that my email address was sufficiently safe with the UT Grotto but not with TSA? The answer is that the UT Grotto Phone List is published only in paper form, where email addresses and other personal information is not likely to be harvested by spammers, telemarketers, search engines, etc. I don't have that kind of confidence in TSA, however, because for years, I've heard various people within TSA advocating expanded use of digital publication without adequately considering the negative consequences of what they are advocating. Most disturbing has been the proposal I've heard from time to time that TSA publish its membership list information electronically, perhaps by placing it on a web site. This might be cheap and convenient for TSA to implement and for TSA members to use, but it also could make our personal information much more vulnerable to automated harvesting by those who would use it in ways we never intended. Once our email addresses, cell phone numbers, etc. have been harvested from a digitally published list, there would be no cheap and convenient way to undo the damage. How can we be confident that the continuing push towards digital publication within TSA will not lead to ill considered digital publication of email addresses and other information vulnerable to automated harvesting? Rod - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com
Re: [Texascavers] Can TSA be trusted with email addresses?
The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets looks as if it is coming to me from me... but buried in the header I find that it comes from Korea or China... Bill - Original Message - From: Rod Goke rod.g...@earthlink.net To: TexasCavers texascavers@texascavers.com Cc: Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 2:04 AM Subject: [Texascavers] Can TSA be trusted with email addresses? All this talk about electronic vs. paper publication of the Texas Caver reminds me of a related issue: Is it safe to give your email address to TSA? For years TSA has been asking for our email addresses on the membership renewal forms, and I have been refusing to give them mine. During this same period, however, I have been providing my email address (along with mailing address and phone numbers) to the UT Grotto for publication in their UT Grotto Phone List. Why is it that I have felt that my email address was sufficiently safe with the UT Grotto but not with TSA? The answer is that the UT Grotto Phone List is published only in paper form, where email addresses and other personal information is not likely to be harvested by spammers, telemarketers, search engines, etc. I don't have that kind of confidence in TSA, however, because for years, I've heard various people within TSA advocating expanded use of digital publication without adequately considering the negative consequences of what they are advocating. Most disturbing has been the proposal I've heard from time to time that TSA publish its membership list information electronically, perhaps by placing it on a web site. This might be cheap and convenient for TSA to implement and for TSA members to use, but it also could make our personal information much more vulnerable to automated harvesting by those who would use it in ways we never intended. Once our email addresses, cell phone numbers, etc. have been harvested from a digitally published list, there would be no cheap and convenient way to undo the damage. How can we be confident that the continuing push towards digital publication within TSA will not lead to ill considered digital publication of email addresses and other information vulnerable to automated harvesting? Rod - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com
Re: [Texascavers] Can TSA be trusted with email addresses?
For the record Mark, I wasn't blaming nor condeming the TSA, I was just stating the fact that I get hundreds of thousands of spam emails. Mark, I like the TSA and I think I get my moneys worth from volunteers who are very much appreciated. Bill - Original Message - From: John Brooks jpbrook...@sbcglobal.net To: Bill Bentley ca...@caver.net Cc: Rod Goke rod.g...@ieee.org; TexasCavers texascavers@texascavers.com; Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 9:24 AM Subject: Re: [Texascavers] Can TSA be trusted with email addresses? The TSA has my e mail.and I getoh maybe one or two junk mail messages per WEEK. Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA for something they are not doing or really at fault for..hardly seems fair or reasonable. Sent from my iPhone On Dec 14, 2009, at 6:37 AM, Bill Bentley ca...@caver.net wrote: Rod, My ca...@caver.net email address gets a spam email message every 2 to 3 seconds... literally thousands per hour... all of it goes into a spam folder and good spam sorting software on the email server helps me figure what is crap and what is not... End of the day I am deleting a lot of spam... If someone were to go after the companies who are advertisng the drugs, diplomas and sex services then it mifght help curb it. I feel that a complete overhaul of how email works wouold be the answer, since you can currently send from and have the reply to address be different. A lot of the spam I gets looks as if it is coming to me from me... but buried in the header I find that it comes from Korea or China... Bill - Original Message - From: Rod Goke rod.g...@earthlink.net To: TexasCavers texascavers@texascavers.com Cc: Rod Goke rod.g...@ieee.org Sent: Monday, December 14, 2009 2:04 AM Subject: [Texascavers] Can TSA be trusted with email addresses? All this talk about electronic vs. paper publication of the Texas Caver reminds me of a related issue: Is it safe to give your email address to TSA? For years TSA has been asking for our email addresses on the membership renewal forms, and I have been refusing to give them mine. During this same period, however, I have been providing my email address (along with mailing address and phone numbers) to the UT Grotto for publication in their UT Grotto Phone List. Why is it that I have felt that my email address was sufficiently safe with the UT Grotto but not with TSA? The answer is that the UT Grotto Phone List is published only in paper form, where email addresses and other personal information is not likely to be harvested by spammers, telemarketers, search engines, etc. I don't have that kind of confidence in TSA, however, because for years, I've heard various people within TSA advocating expanded use of digital publication without adequately considering the negative consequences of what they are advocating. Most disturbing has been the proposal I've heard from time to time that TSA publish its membership list information electronically, perhaps by placing it on a web site. This might be cheap and convenient for TSA to implement and for TSA members to use, but it also could make our personal information much more vulnerable to automated harvesting by those who would use it in ways we never intended. Once our email addresses, cell phone numbers, etc. have been harvested from a digitally published list, there would be no cheap and convenient way to undo the damage. How can we be confident that the continuing push towards digital publication within TSA will not lead to ill considered digital publication of email addresses and other information vulnerable to automated harvesting? Rod - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com - Visit our website: http://texascavers.com To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com For additional commands, e-mail: texascavers-h...@texascavers.com