| View previous topic :: View next topic |
| Author |
Message |
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
|
| Back to top |
|
 |
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
 Posted: Thu Aug 02, 2012 3:12 pm Post subject: |
 |
|
Limiting it to in-state sources would be fairly trivial, although not 100% reliable.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
| Posted: Thu Aug 02, 2012 3:32 pm Post subject: |
|
|
Seems "easier" to limit service on an account basis. Prove residency, get an account. Change residency, account expires.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.
In Loving Memory
1787 - 2008 |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Fri Aug 03, 2012 1:26 pm Post subject: |
|
|
| pjp wrote: | | Seems "easier" to limit service on an account basis. Prove residency, get an account. Change residency, account expires. |
That's actually the way it is now due to an FCC mandate. My alternative suggestion is to remove the proof of residency requirement and make things easier for both the service provider and the user. If a user travels to a different state, he's still able to use THAT state's relay service because he'll be IN that state and his IP address will show that. On the other hand, scammers from Weruveria won't even be able to connect to any of the U.S. state relays because their IP address isn't even in the country.
Now that I think of it, such an implementation could make use of pring, whois and tracert. Like BK said, trivial stuff.
Not sure why I haven't seen this discussed anywhere else in this context. I'll see if I can find out if maybe it was.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
| Posted: Fri Aug 03, 2012 2:18 pm Post subject: |
|
|
Geolocation only works until people are prevented from using a service they want to use.
London Olympics & NBC are a great example. People used services to watch it on BBC for free. Problem solved. Which problem left up to the reader :D
_________________
lolgov. 'cause where we're going, you don't have civil liberties.
In Loving Memory
1787 - 2008 |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Sat Aug 04, 2012 10:59 am Post subject: |
|
|
I'm not sure what he's got in mind here, but such prevention may be exactly what he has in mind. If this is about preventing people from making inter-state calls without paying long distance charges, then a lot of people will find a way to abuse it (e.g. by spoofing IP address). This is also why a registration-based system wouldn't work; people register in-state, then use the account from wherever they want.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
| Posted: Sat Aug 04, 2012 8:42 pm Post subject: |
|
|
I presumed the service was intended for state residents, regardless of their location. Maybe I judt don't understand what is being provided.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.
In Loving Memory
1787 - 2008 |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Sun Aug 05, 2012 11:08 pm Post subject: |
|
|
| BoneKracker wrote: | | I'm not sure what he's got in mind here, but such prevention may be exactly what he has in mind. If this is about preventing people from making inter-state calls without paying long distance charges, then a lot of people will find a way to abuse it (e.g. by spoofing IP address). This is also why a registration-based system wouldn't work; people register in-state, then use the account from wherever they want. |
No, I'm just interested in preventing fraudulent users - that is, people who are not deaf, not hard-of-hearing, and have no speech impediment, who use these services to run scams.
Since my OP, I have found two services that do not require a copy of a driver's license or utility bill, and one that does. I'm interested in finding a way to prevent the system from being abused (which it used to be, very heavily, costing a LOT of taxpayer money to go to waste) while not demanding information that is not relevant (a driver's license # and soundex # certainly are not) and is not required by paid utility services (just to be fair to deaf users).
I noticed that the relay service that does require such further verification suggested on their web site that users scan their driver's license and email it to the provided email address. I am sure I don't need to convince anyone here that that is a terrible idea and leaves the user open to ID theft, especially given the general public's lack of education on encrypted email. 
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Mon Aug 06, 2012 12:12 am Post subject: |
|
|
Then what's the point of making it "in-state-only"?
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Mon Aug 06, 2012 1:05 pm Post subject: |
|
|
Hm, seems like I'm not doing such a great job communicating. Let me try again. 
I'm not interested in keeping it in-state. I'm only interested in trying to prevent fraudulent use without requiring valid users to register (and thus possibly open things up for information privacy abuse by the companies running the relay services, which I've actually experienced, albeit in an unintentional-because-they-don't-know-better way). What I'm proposing is that anyone connecting to a relay service to place a phone call can only connect to that state's relay service. Someone in Wisconsin cannot connect to the Ohio relay. Someone in Nigeria cannot connect to any relay service in the U.S. Once connected, the user can then place a call to that or any other state.
This is akin to a TTY user dialing 711 anywhere in the country. 711 automatically connects to that state's relay service, and the caller can then place a relay call to anywhere in the country. So someone using AIM can connect to a handle that is the equivalent of dialing 711 and connect to the in-state relay service - and only to that service. From there, the user can place an internet relay call to any phone number in the country.
Like you said, address-spoofing could be a problem, but I'm sure a competent team can deal with that. I know, I know, competence is generally frowned upon, but I can dream, right? 
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Mon Aug 06, 2012 7:46 pm Post subject: |
|
|
I don't see the point of putting "relays" in every state and then controlling what relay they connect to. You need two relays: a main one and a failover. I don't see how forcing people to connect to the system within their home state reduces the likelihood of information privacy abuse. If you want privacy, have centralized access control, with encrypted authentication and encrypted message traffic.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
nomilieu
n00b
Joined: 22 Nov 2011
Posts: 24
|
| Posted: Mon Aug 06, 2012 8:58 pm Post subject: |
|
|
Verifying someone's physical location by IP address seems shaky.
What's to stop people from bouncing their connection through another machine? |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Mon Aug 06, 2012 10:20 pm Post subject: |
|
|
| nomilieu wrote: | Verifying someone's physical location by IP address seems shaky.
What's to stop people from bouncing their connection through another machine? |
More to the point, what's the point of verifying what state they are in? How does that protect privacy?
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 12:08 pm Post subject: |
|
|
| BoneKracker wrote: | | I don't see the point of putting "relays" in every state and then controlling what relay they connect to. You need two relays: a main one and a failover. I don't see how forcing people to connect to the system within their home state reduces the likelihood of information privacy abuse. If you want privacy, have centralized access control, with encrypted authentication and encrypted message traffic. |
Information privacy abuse is not the main point. Preventing fraudulent users from using the relay service is. If you have a system whereby only users whose IP address is within the state can connect to the state relay service to place a call, and it is set up with reasonable anti-spoofing measures, etc., that should cut down on fraudulent use, much of which originates outside the country. I do not know how to explain it any more clearly than this.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 12:09 pm Post subject: |
|
|
| nomilieu wrote: | Verifying someone's physical location by IP address seems shaky.
What's to stop people from bouncing their connection through another machine? |
This is the kind of feedback I wanted. Is it possible to detect whether a connection has been thusly bounced? Wouldn't it be possible to know whether a connection is coming from a TOR server and thus block it?
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Tue Aug 07, 2012 12:19 pm Post subject: |
|
|
| audiodef wrote: | | BoneKracker wrote: | | I don't see the point of putting "relays" in every state and then controlling what relay they connect to. You need two relays: a main one and a failover. I don't see how forcing people to connect to the system within their home state reduces the likelihood of information privacy abuse. If you want privacy, have centralized access control, with encrypted authentication and encrypted message traffic. |
Information privacy abuse is not the main point. Preventing fraudulent users from using the relay service is. If you have a system whereby only users whose IP address is within the state can connect to the state relay service to place a call, and it is set up with reasonable anti-spoofing measures, etc., that should cut down on fraudulent use, much of which originates outside the country. I do not know how to explain it any more clearly than this. |
Okay, then you really want in-country usage restriction (which could be done by geoip or, more authoritatively by using an ipset of IANA network assignments). You'd also want basic account registration, password-based authentication, and encryption of message traffic. It's all pretty basic stuff and quite feasible.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 12:28 pm Post subject: |
|
|
| BoneKracker wrote: | | audiodef wrote: | | BoneKracker wrote: | | I don't see the point of putting "relays" in every state and then controlling what relay they connect to. You need two relays: a main one and a failover. I don't see how forcing people to connect to the system within their home state reduces the likelihood of information privacy abuse. If you want privacy, have centralized access control, with encrypted authentication and encrypted message traffic. |
Information privacy abuse is not the main point. Preventing fraudulent users from using the relay service is. If you have a system whereby only users whose IP address is within the state can connect to the state relay service to place a call, and it is set up with reasonable anti-spoofing measures, etc., that should cut down on fraudulent use, much of which originates outside the country. I do not know how to explain it any more clearly than this. |
Okay, then you really want in-country usage restriction (which could be done by geoip or, more authoritatively by using an ipset of IANA network assignments). You'd also want basic account registration, password-based authentication, and encryption of message traffic. It's all pretty basic stuff and quite feasible. |
Pretty much, although the in-country restriction already exists. Relay users have either never been able to place international calls or have not been able to for many years if it was originally allowed. I consider that discrimination. How else am I going to call a friend or relative out of the country when anyone with normal hearing can?
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Tue Aug 07, 2012 12:38 pm Post subject: |
|
|
| audiodef wrote: | | BoneKracker wrote: | | audiodef wrote: | | BoneKracker wrote: | | I don't see the point of putting "relays" in every state and then controlling what relay they connect to. You need two relays: a main one and a failover. I don't see how forcing people to connect to the system within their home state reduces the likelihood of information privacy abuse. If you want privacy, have centralized access control, with encrypted authentication and encrypted message traffic. |
Information privacy abuse is not the main point. Preventing fraudulent users from using the relay service is. If you have a system whereby only users whose IP address is within the state can connect to the state relay service to place a call, and it is set up with reasonable anti-spoofing measures, etc., that should cut down on fraudulent use, much of which originates outside the country. I do not know how to explain it any more clearly than this. |
Okay, then you really want in-country usage restriction (which could be done by geoip or, more authoritatively by using an ipset of IANA network assignments). You'd also want basic account registration, password-based authentication, and encryption of message traffic. It's all pretty basic stuff and quite feasible. |
Pretty much, although the in-country restriction already exists. Relay users have either never been able to place international calls or have not been able to for many years if it was originally allowed. I consider that discrimination. How else am I going to call a friend or relative out of the country when anyone with normal hearing can? |
Well you're the one saying it cuts down on fraudulent use.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 1:00 pm Post subject: |
|
|
| BoneKracker wrote: |
Well you're the one saying it cuts down on fraudulent use. |
So? I pointed out a measure that was put in place. That doesn't mean I agree it shouldn't be reevaluated in light of a new anti-fraud measure. Deaf callers not being able to call their friends and family out of the country when everyone else can is wrong, no matter why it is not allowed.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
BoneKracker
Veteran
Joined: 14 Mar 2006
Posts: 1487
Location: U.S.A.
|
| Posted: Tue Aug 07, 2012 1:23 pm Post subject: |
|
|
I'm just pointing out that if you're going to propose or create some new service, maybe you ought to design it the way you think it should be.
_________________
Oldthinkers unbellyfeel INGSOC.
-- Headline of a document on Winston Smith's terminal in his cubicle at the Ministry of Truth, seen briefly in the background in one scene of the movie rendition of Nineteen Eighty-Four. |
|
| Back to top |
|
|
nomilieu
n00b
Joined: 22 Nov 2011
Posts: 24
|
| Posted: Tue Aug 07, 2012 1:57 pm Post subject: |
|
|
| audiodef wrote: | | nomilieu wrote: | Verifying someone's physical location by IP address seems shaky.
What's to stop people from bouncing their connection through another machine? |
This is the kind of feedback I wanted. Is it possible to detect whether a connection has been thusly bounced? Wouldn't it be possible to know whether a connection is coming from a TOR server and thus block it? |
Listen to BK. You shouldn't do it based solely on IP, but rather you'd want account-based authentication and encryption.
Otherwise, if I owned or rented a server in the proper location, I could just forward my connections through it. The headers shouldn't show my original location. Moreover, I could allow all of my friends to use my box for that purpose as well.
I do this at work in order to have more than one IP address whitelisted to send bulk email. (The people in charge of that wouldn't listen to reason.)
*edit* You could probably block things from TOR, though. I'd have to read up on it. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 6:10 pm Post subject: |
|
|
| BoneKracker wrote: | | I'm just pointing out that if you're going to propose or create some new service, maybe you ought to design it the way you think it should be. |
This service has been around for a while. It's nothing new.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4949
|
| Posted: Tue Aug 07, 2012 6:11 pm Post subject: |
|
|
| nomilieu wrote: | | audiodef wrote: | | nomilieu wrote: | Verifying someone's physical location by IP address seems shaky.
What's to stop people from bouncing their connection through another machine? |
This is the kind of feedback I wanted. Is it possible to detect whether a connection has been thusly bounced? Wouldn't it be possible to know whether a connection is coming from a TOR server and thus block it? |
Listen to BK. You shouldn't do it based solely on IP, but rather you'd want account-based authentication and encryption.
Otherwise, if I owned or rented a server in the proper location, I could just forward my connections through it. The headers shouldn't show my original location. Moreover, I could allow all of my friends to use my box for that purpose as well.
I do this at work in order to have more than one IP address whitelisted to send bulk email. (The people in charge of that wouldn't listen to reason.)
*edit* You could probably block things from TOR, though. I'd have to read up on it. |
Thanks for your input.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
|
| Back to top |
|
|
|
Off the Wall
