[wildcard-comments] Comments after reviewing the Oct15th meeting captioning

["Dave Oatley" <oatleyd@xxxxxxxxx>]

Please forgive the length of this email, I noted items as I read
the captioning output from the SECSAC meeting on Oct 15th, as
found at http://secsac.icann.org/captioning-15oct03.htm

Please do not allow Verisign to abuse their monopoly control and impose 
SiteFinder on us all again.

Thank you,

Dave Oatley

Verisign examined 73,000 spam emails and concluded that SiteFinder
did not increase spam on the internet. It is estimated that there 
are over 4.5 billion spam emails sent every day, how could such a
paltry sample be expected to tell them anything?
-------------------------
If you offered $1 to every person that came to your site, they?d 
like the site. They wouldn?t care about what other costs were 
created by it, or who bears those costs. So certainly, if 
SiteFinder is a nice, clean, usable page and it is simply 
compared against a stark "no such site" error page, an average 
user would choose the usable page. But that?s not the whole story.
Who got hurt getting that page to the user? Is the overall effect
worth the costs? And can the same page be presented in another way
that allows Verisign and the user to bear the costs, since they 
alone are getting the supposed benefit? (A browser plug-in would
serve this purpose)
-----------------------
Verisign repeatedly alludes to the idea that because they are 
*only* "inconveniencing" people and because it is possible to 
create "workarounds" for their system, the system is ok to impose on 
people. It's like building a speedbump on the highway in front of 
your house to slow traffic. The first few cars that hit it will 
careen off the road and crash, then people will recognize it's there, 
and eventually people will just slow down before they hit it. 
Granted, traffic will backup for miles, new roads will have to be 
built to get around your house, and businesses along that road will 
suffer because people won't drive through there anymore. And of 
course the costs for the damage to vehicles, medical care, road 
construction, and loss of business will be borne by others, not you. 
But at least you're slowing traffic around your house. You got what 
you wanted.
---------------------
"I guess more basically using HTTP over port 80 in this way by 
automated tool is discouraged according to BCP 56."

I love the idea that it's ok to break things if they shouldn't have 
been working anyway. Imagine building a parking garage, and a road 
leading into the door, then years later the architect points out that 
the door was actually supposed to be 10 feet further to the left. 
Would it make sense to preserve the integrity of the blueprints by 
bricking up the current entrance and building a new door? Or would it 
make more sense to understand that people can drive in and out of the 
current door and it should be considered the defacto standard?
------------
"we said very clearly that we don't even have log files there to 
collect any information and our privacy policy specifically mentions 
this"

Verisign often responds to the privacy issue by saying, "But we're 
not reading this stuff! Our privacy policy says we're not." What 
don't they get about the idea that we don't trust them? They have 
shown themselves to be untrustworthy. They snuck this huge change 
into the system, only pulled it under threat of legal action, 
threaten to bring it back without regard to public opinion, but we're 
supposed to trust them? They don't want anyone to see 
their "proprietary" surveys, but they expect us to trust them.
------------
"the take-away numbers are the summary numbers which is 76% rated the 
site excellent or very good."

Verisign's usability statistics seem to be talking about user's 
reactions to the specific sitefinder page. The page is located at 
http://sitefinder.verisign.com and it is a reasonable search page. 
The page itself is not at all the issue, but they are trying to shift 
the focus to it. Banging out a pretty search page would take a couple 
of hours of HTML work. The problem is the underlying internet 
plumbing that takes the hit to serve up that page inappropriately. 
The exact same page could be served by a browser plugin and the users 
that responded to the surveys wouldn't have known the difference.
-----------
"And then basically what that says is that there's more functionality 
than you get with a 404 so it's helpful for me."

Verisign is not incompetant, they know full-well their system doesn't 
intercept 404 errors. Yet they happily quote users that cluelessly 
thought Verisign was fixing the dreaded 404 for them. 
-------------
"many thought before we launched the service that the presence of 
wildcard in the DNS would somehow break the Internet. Well clearly 
the evidence does not support that at all"

What exactly does "break" mean? Is my car "broken" if it sputters at 
a stop light? If my cable "broken" if my favorite channel disappears? 
Does my computer have to completely disintegrate into silicon dust 
before I can declare it "broken"? In general usage, we use the 
term "broken" to refer to things that aren't working the way we 
expect them to. Often a new release of software is said to "break" 
things the users previously liked, even though 99% of the application 
is still functional, even enhanced. But if it is a vital item for the 
user, he may choose to revert to the previous version despite any new 
benefits, to avoid suffering the 1% loss.
---------------
In regard to research conducted into SiteFinder's impact on non-HTTP 
protocols: " their findings was that the user experience would not 
change dramatically."

It's hard to know what a company means by "change dramatically" when 
they are already known to misrepresent the work "break". In my view, 
any change I make to a system used by others needs to leave their 
experience unchanged altogether, or only with their consent. Even 
an "un-dramatic" change would be unacceptable.
---------------
Rusty Lewis recognized Verisign was being accused of surveying users 
in a way that would force them to give positive answers, so he 
stepped in and said, "From our perspective, we did not conduct this 
survey for purposes of convincing the SECSAC or ICANN or anybody 
else, for that matter, that end users want to use this service. We're 
a commercial company. We are interested in getting unbiased, 
unfettered feedback from the marketplace so that we can design 
services that meet commercial needs."

Realistically, why would they care who wanted to use the system and 
who didn't? Like any company, their ultimate goal is to make money, 
not friends. If making friends leads to making money, then they'll 
make friends. But if capitalizing on a revenue-generating advertising 
opportunity makes them both enemies and money, why would they care? 
They wouldn't, and perhaps we could even say they shouldn't. The 
fact, though, that they are lying about people's attitudes toward the 
system (by framing the surveys to skew the results, proven by their 
unwillingness to reveal the surveys themselves) shows that they are 
not to be trusted.
-------------
Verisign: "One of the segments of the community that has not been 
looked at in this whole issue, in my opinion, is the user community."

Users would like it if every time their ISP served them a web page, 
they were required by law to send the user a dollar, too. But the 
ISP's wouldn't care for it. They'd go out of business, then the user 
would be sad. Verisign isn't looking out for the consumer or they 
would take the same course that others have taken, they'd produce a 
browser-plugin or other opt-in service that users could decide to use 
or not. They'd compete in that market, like everybody else. Instead, 
they've chosen to abuse their monopoly and then hide behind the end-
user whose best interests they supposedly have at heart.
---------------
Steve Crocker asked if there had been a change to the registry. 
Verisign's response was "in the definition of registry operations 
that you're using, the answer is no, there was no change to the 
registry operations."

There's a reason people lie like this. Bill Clinton worked very hard 
not to admit his affair with Monica. He lied, but used words that he 
thought he could legally defend as being truthful, or at least not 
lie-ful. But this isn't a legal game and we shouldn't spring Verisign 
on a technicality. They're lying. Give them this, and they will 
certainly do worse in the future. They have to be stopped now.
-------------
Verisign said, "I'm totally confused about how what we've been 
talking about the last few minutes has to do with security and 
stability."

Verisign's own presentation was primarily usability surveys that 
arguably had nothing to do with security and stability. Again, lies. 
Not legal lies, but lies.
-------------
" we've heard a lot of anecdotal data"

Verisign uses this term often. It seems to be a way for them to 
dismiss what people are saying. If I play my radio too loudly, I 
could blow off any complaints as anecdotal, instead saying that my 
own surveys showed that people prefered my music over dead silence. 
Unless the complaintants had some decibel numbers they wanted to bat 
around, or perhaps a multi-thousand dollar survey of their own they 
wanted to put forth, I could just dimiss them out of hand.
--------------
" we've bent over backwards to not adversely impact the stability or 
security of the Internet"

If I'm ever accused of a crime, I want Rusty Lewis to be my lawyer.
---------------
" Ben Turner: the way we do the web bug is compliant with the 
standards that exist. It is a typical implementation for this type of 
bug."

There are standards for "bugging" users? Steve's comment echoes mine:

Steve Crocker: I'm speechless.
--------------



------------------------------------------------------
http://TheEschalot.com
  We mock the news, so you don't have to!
------------------------------------------------------

_______________________________________________
No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com