[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Re: lynx: ftp anonymous password

From: Eduardo Pérez
Subject: lynx-dev Re: lynx: ftp anonymous password
Date: Fri, 15 Feb 2002 19:40:59 +0000

On 2002-02-15 08:13:00 -0800, Doug Kaufman wrote:
> On Fri, 15 Feb 2002, Eduardo Pérez wrote:
> > I've seen that lynx sends the user name when doing ANONYMOUS ftp gets.
> > I see a lot of problems:
> > - Sending the user name if the user doesn't know that it's sent doesn't 
> > protect the user state of ANONYMOUS
> > - Spyware is not a good idea, most users don't like it.
> > - Sending the user name helps SPAM instead of stopping it. Many ftp sites 
> > use this information to send you unsolicited email.
> > - Sending the user name doesn't help ftp sites to know who the cracker is, 
> > crackers are not stupid to send their email address.
> > - Sending the user name can be used to discriminate the user.
> Perhaps I am old fashioned or I don't see the risks listed above, but
> I don't see that this patch is a good idea. If we are to request free
> use of the server's resources and they request our email address for
> that use, it seems impolite not to supply it. There are still a few
> servers who will not allow access if an invalid domain is given. My
> specific comments about the above concerns:

If that servers don't let this ftp anonymous password, they also
 don't allow clients like Internet Explorer or Netscape Communicator.
These moved to this password because of these problems.
Not a good idea because this are the most used ftp clients.

> If you are really concerned about anonymity, using lynx from your own
> IP address without going through some anonymizing proxy doesn't make
> sense either

I'm concerned about privacy. But users should know that lynx is
leaking personal information.

> By no stretch of the imagination does sending your email address
> constitute "spyware" in the usual meaning of the word. Calling this
> spyware confuses the spyware issue and may make it harder to fight true
> spyware.
> Are there data that "many ftp sites" use the login data to send
> unsolicited email?

If there is I really don't want to know.

> Sending the email address is not supposed to help fight crackers. This
> argument seems irrelevant.

So what's the email address for?  SPAM?

> FTP sites certainly have the right to exclude users who have abused
> their services. I am not sure I call this discrimination.

OK, but they should do it in an intelligent way. Using the IP address.

> Lynx users can always specify an invalid personal address in the option
> menu if they don't want their true email address to be sent. 

That should be called anonymous ftp password.

> What do they say about this topic in the*
> newsgroups? Is there documentation of abuse to justify this change? If
> so, I will withdraw objections, but I would like to see some data first.

Only old ftp clients, do send the email address. As SPAM is taken seriously.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]