[policy] When Tech Meets Policy...

Carl Karsten carl at personnelware.com
Mon Aug 13 21:01:35 UTC 2007

Barry Shein wrote:
> On August 13, 2007 at 10:11 dotis at mail-abuse.org (Douglas Otis) wrote:
>  > 
>  > 
>  > On Aug 12, 2007, at 6:41 AM, John Levine wrote:
>  > 
>  > > The problems with domain tasting more affect web users, with vast  
>  > > number of typosquat parking pages flickering in and out of existence.
>  > 
>  > Domain tasting clearly affects assessments based upon domains.  With  
>  > millions added and removed daily as part of "no cost" domain tasting  
>  > programs, the number of transitioning domains has been increased by  
>  > an order of magnitude.  Many of these new domains often appear as  
>  > possible phishing domains.  The high number of tasting domains  
>  > obscures which are involved in criminal activities.  This high number  
>  > also makes timely notification of possible threats far less practical.
> This sort of chain of reasoning, one behavior for one purpose might
> sometimes be a more insidious behavior for other purposes, makes me
> nervous. I just think it's a treacherous way to make policy, except in
> extreme cases.
> Then again I'm not particularly bugged by people who run these ad-only
> sites. Seems to me that's between them and the advertisers who pay
> them so long as it's not inherently criminal. And where it is criminal
> that should be dealt with, take any advertising medium in existence
> and you'll find a percentage of fraud.
> The real sin here is indicated by the terminology, "domain tasting".
> Domains should be paid for in advance, not necessarily "by law", but
> by liability.
> That is, if you extend domains on credit w/o any useful accountability
> of the buyer and this results in a pattern of criminality then the
> liability for that fraud should be shared by the seller. 

I am not sure tasting is criminal or fraud.

 > This would
> not be unique, there are lots of real world examples (e.g., if you
> rented cars for cash and asked for no id's and they were often used in
> crimes...)

The car rental example falls apart:  no ID = no way to track you down if you 
don't return the car.

I don't believe there are any real world examples, where "real world" deals with 
  anything physical.  I think this problem only exists in the electronic world, 
where what is being bought and sold is just a few bytes in a database.

Carl K

More information about the NANOG mailing list