Rod, that wasn't a personal attack, if you took it as such, you need to re-read my message and think about how it was meant.
The TSA having this list is no different than the NSS keeping a list of its members, and sending that list out in book format, plain and simple. Harvesting emails from a mailing list is very very simple, I have the complete list as owner of the list, but even another list, I can harvest with a simple script that would only take me a few minutes to write. It was a tongue in cheek comment about writing down email addresses by hand. Scammers/Spammers/Phishers don't do anything manually. Modern email applications cache email addresses that it sees, Malware can and does use these lists to send out spam. We've seen it recently on the mailing list. Your email address is not safe anywhere, you will just have to learn to face that fact in this modern age. Charles On Tue, Dec 15, 2009 at 2:23 PM, Rod Goke <rod.g...@earthlink.net> wrote: > Charles, > > Your message below really misses the the point, and your personal attacks are > totally unwarranted. Of course, we all run some risk that our email addresses > will somehow get to spammers whenever we send them to anyone. Whenever you or > I or anyone else posts a message to Texascavers we understand that our email > addresses will be visible to others on the list, and we choose to do that. > Harvesting email addresses one at a time from postings to this list as you > suggested would be possible, of course, but it would be a slow and > inconvenient way to collect a large list for spam, and I don't think either > of us is seriously worried about that. > > The primary hazard is not that anyone in TSA or other caving organizations > will deliberately pass information to spammers, but rather that some people > downloading information with good intentions will inadvertently store it > where spyware or other malware on an infected computer can search the > downloaded files for email addresses, phone numbers, or other information > that writers of the malware wish to harvest. This is something that easily > can happen, and when it does, the person making information available to the > malware might be totally unaware of what is going on. When people download > individual email messages or other data items containing only a few email > addresses or other sensitive items, then only those few items are vulnerable > to harvesting by malware in any one incident. When people download an entire > mailing list, however, then just one incident on one inadvertently infected > computer can result in harvesting of the entire list. When many people > download the list to many different computers, the risk to everyone on the > list increases accordingly. > > So far as I know, the subscribers to Texascavers are not allowed to download > that entire email address list, and I trust that Texascavers will continue to > be managed in this responsible manner, especially since I haven't noticed any > demand to do otherwise. The discussions I've heard and read about the TSA's > online data resources, however, create much more uncertainty about how they > will be managed. This is why it is important to have serious discussions of > the issues beforehand to prevent problems, especially when some of them could > be prevented so easily with a few minor policy decisions. > > Rod > > > -----Original Message----- >>From: Charles Goldsmith <wo...@justfamily.org> >>Sent: Dec 15, 2009 10:48 AM >>To: Rod Goke <rod.g...@ieee.org> >>Cc: Bill Bentley <ca...@caver.net>, John Brooks <jpbrook...@sbcglobal.net>, >>Mark Alman <mark.al...@l-3com.com>, TexasCavers <texascavers@texascavers.com> >>Subject: Re: [Texascavers] Can TSA be trusted with email addresses? >> >>Rod, your paranoia is unwarranted here, only by the fact that over 360 >>people have your email address and each others. Anyone of them could >>harvest most of the emails after a bit of time by keeping track of who >>posted an email to this list. >> >>Do you completely trust every one of these 360 people? The odds that >>one of them would sell out is far greater than one of the "TSA" >>people, who are duly elected by some of these people. >> >>If the TC goes free, it won't be in the password protected section, it >>will be available on the front page. >> >>Blaming the TSA for something that has never happened is just bad >>press, and you should know better, as a member of the TSA. >> >>Charles >> >>On Tue, Dec 15, 2009 at 8:56 AM, Rod Goke <rod.g...@earthlink.net> wrote: >>> For the record, I like TSA, too, which is why I've maintained my TSA >>> membership ever since moving to Texas about 25 years ago. I, too, think >>> that Mark has been doing a great job as editor, and I much appreciate the >>> dedicated work that he and other TSA volunteers have been doing. Nor do I >>> blame TSA for the small amount of spam that occasionally slips through the >>> filters into my email account. (How could I blame TSA for that when they >>> don't even have my email address? ;-) ) >>> >>> I still am not confident, however, that TSA can be trusted to handle our >>> email addresses responsibly. Look at Jerry's observation that TSA already >>> has placed an online listing of its electronically registered members on >>> its password protected website. Then look at Gill's recent proposal to make >>> online access to the Texas Caver free for nonmembers. Neither of these >>> things necessarily involves an irresponsible release of TSA members' email >>> addresses when considered separately (although I still would rather not >>> have my email address on even a members-only password protected online >>> list). When both of these things are considered together, however, along >>> with all the other turmoil about TSA digital publication policies, it is >>> easy to imagine how people might provide their email addresses to TSA >>> assuming one seemingly responsible privacy policy, only to discover later >>> that TSA has changed its mind and has made the email address list more >>> widely accessible than people had expected when they provided their >>> addresses. >>> >>> I chose to "throw this stone into the hornets nest," because I wanted >>> people to actually start thinking about the issue, instead of just telling >>> us "don't worry, be happy." The problem would be easy to fix if TSA simply >>> would make a commitment to its members that no member's email address will >>> be included in any online list unless that member explicitly "opts in" for >>> inclusion in the list. TSA members need to be able to register for website >>> access without having their email addresses published in an online list. >>> >>> Rod >>> >>> -----Original Message----- >>>>From: Bill Bentley <ca...@caver.net> >>>>Sent: Dec 14, 2009 11:17 AM >>>>To: John Brooks <jpbrook...@sbcglobal.net> >>>>Cc: TexasCavers <texascavers@texascavers.com> >>>>Subject: Re: [Texascavers] Can TSA be trusted with email addresses? >>>> >>>>For the record Mark, I wasn't blaming nor condeming the TSA, I was just >>>>stating the fact that I get hundreds of thousands of spam emails. >>>>Mark, I like the TSA and I think I get my moneys worth from volunteers who >>>>are very much appreciated. >>>> >>>>Bill >>>>----- Original Message ----- >>>>From: "John Brooks" <jpbrook...@sbcglobal.net> >>>>To: "Bill Bentley" <ca...@caver.net> >>>>Cc: "Rod Goke" <rod.g...@ieee.org>; "TexasCavers" >>>><texascavers@texascavers.com>; "Rod Goke" <rod.g...@ieee.org> >>>>Sent: Monday, December 14, 2009 9:24 AM >>>>Subject: Re: [Texascavers] Can TSA be trusted with email addresses? >>>> >>>> >>>>> The TSA has my e mail.....and I get....oh maybe one or two junk mail >>>>> messages per WEEK. >>>>> Paranoia runs deep concerning e mail spam. But unjustly condemning the TSA >>>>> for something they are not doing or really at fault for......hardly seems >>>>> fair or reasonable. >>>>> >>>>> Sent from my iPhone >>>>> >>>>> On Dec 14, 2009, at 6:37 AM, "Bill Bentley" <ca...@caver.net> wrote: >>>>> >>>>> Rod, >>>>> My ca...@caver.net email address gets a spam email message every 2 to 3 >>>>> seconds... literally thousands per hour... all of it goes into a spam >>>>> folder and good spam sorting software on the email server helps me figure >>>>> what is crap and what is not... End of the day I am deleting a lot of >>>>> spam... If someone were to go after the companies who are advertisng the >>>>> drugs, diplomas and sex services then it mifght help curb it. I feel that >>>>> a complete overhaul of how email works wouold be the answer, since you can >>>>> currently send from and have the reply to address be different. A lot of >>>>> the spam I gets looks as if it is coming to me from me... but buried in >>>>> the header I find that it comes from Korea or China... >>>>> >>>>> Bill >>>>> ----- Original Message ----- From: "Rod Goke" <rod.g...@earthlink.net> >>>>> To: "TexasCavers" <texascavers@texascavers.com> >>>>> Cc: "Rod Goke" <rod.g...@ieee.org> >>>>> Sent: Monday, December 14, 2009 2:04 AM >>>>> Subject: [Texascavers] Can TSA be trusted with email addresses? >>>>> >>>>> >>>>> All this talk about electronic vs. paper publication of the Texas Caver >>>>> reminds me of a related issue: >>>>> >>>>> Is it safe to give your email address to TSA? >>>>> >>>>> For years TSA has been asking for our email addresses on the membership >>>>> renewal forms, and I have been refusing to give them mine. During this >>>>> same period, however, I have been providing my email address (along with >>>>> mailing address and phone numbers) to the UT Grotto for publication in >>>>> their "UT Grotto Phone List". Why is it that I have felt that my email >>>>> address was sufficiently safe with the UT Grotto but not with TSA? The >>>>> answer is that the "UT Grotto Phone List" is published only in paper form, >>>>> where email addresses and other personal information is not likely to be >>>>> harvested by spammers, telemarketers, search engines, etc. >>>>> >>>>> I don't have that kind of confidence in TSA, however, because for years, >>>>> I've heard various people within TSA advocating expanded use of digital >>>>> publication without adequately considering the negative consequences of >>>>> what they are advocating. Most disturbing has been the proposal I've heard >>>>> from time to time that TSA publish its membership list information >>>>> electronically, perhaps by placing it on a web site. This might be cheap >>>>> and convenient for TSA to implement and for TSA members to use, but it >>>>> also could make our personal information much more vulnerable to automated >>>>> harvesting by those who would use it in ways we never intended. Once our >>>>> email addresses, cell phone numbers, etc. have been harvested from a >>>>> digitally published list, there would be no cheap and convenient way to >>>>> undo the damage. How can we be confident that the continuing push towards >>>>> digital publication within TSA will not lead to ill considered digital >>>>> publication of email addresses >>>>> and other information vulnerable to automated harvesting? >>>>> >>>>> Rod >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> Visit our website: http://texascavers.com >>>>> To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com >>>>> For additional commands, e-mail: texascavers-h...@texascavers.com >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> Visit our website: http://texascavers.com >>>>> To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com >>>>> For additional commands, e-mail: texascavers-h...@texascavers.com >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> Visit our website: http://texascavers.com >>>>> To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com >>>>> For additional commands, e-mail: texascavers-h...@texascavers.com >>>>> >>>> >>>> >>>>--------------------------------------------------------------------- >>>>Visit our website: http://texascavers.com >>>>To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com >>>>For additional commands, e-mail: texascavers-h...@texascavers.com >>>> >>> >>> >>> --------------------------------------------------------------------- >>> Visit our website: http://texascavers.com >>> To unsubscribe, e-mail: texascavers-unsubscr...@texascavers.com >>> For additional commands, e-mail: texascavers-h...@texascavers.com >>> >>> > >
