Versions Compared

Old Version 3

changes.mady.by.user ASF Infrabot

Saved on

compared with

New Version 4

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: [Original edit by JustinMason]

...

  • Cynthia Dwork's talk:
    • 16 seconds per message computation time doubles spam cost
    • 56 seconds per message " means $36 per message for spammers
    • cycle theft arguments (zombies are illegal; spyware can be combatted with user @+ education) *already don't work* in the real world
  • MailFrontier:
    • some kind of marketroid noise about how they're "third generation" because they have grey areas, or something; combination of multiple tests means "definitely spam, no false positives". riiight
    • "Reverse Turing Test": C-R as usual, with pictures of puppies
    • except the C-R page has some kind of plugin which will burn CPU cycles instead, woo
  • The naysayer:
    • http://www.cl.cam.ac.uk/~rnc1/
    • going rate to solve puzzles is about $.11/hr in South India
    • Real Money systems: people will regulate it; EU Directive on E-Money (2000/46/EC)
    • people will walk away with 2.5% of it (cost of running + greed)
    • people will steal it (e.g. sysadmin skimming x% of incoming mails and stealing their tokens)
    • Payment systems: settlement: see taugh.com
    • also compares with the telco system (~1200mill ham mails/day, ~2000mill phone calls per day) – much fewer calls on telco system, most local, diff trust model
    • how much payment:
      • 30 responses per mill: .1c/mail mean $33 per sale to be viable
      • if .05c/mail, $16
      • at a 0.7% response rate, $33 profit means 23c/mail
    • http://www.cl.cam.ac.uk/~rnc1/
  • questions:
    • to Ironport: "why can't I nominate a charity?" to avoid interested parties
    • Dan to Ironport: "how much bonds debited?" not very much
    • question from an Indian querier: "any documented cases of South Indian kids clicking on CAPTCHAs?" MailFrontier guy, naturally, says "nope". In reality, the answer is "yes", but that was in Thailand
    • Yahoo! guy on CAPTCHAs: "seen everything: porn sites, people paid to type them; sites in Russia with full pages of CAPTCHAs, 10 hour turnaround after a new fix is deployed"
    • Vanquish guy says they use CMU's CAPTCHA code
    • question on CPU time stamp inflation: Cynthia Dwork says "memory cycles much more stable over time"
    • Dan: annoyed about senders having to "prove they are real" when they're doing the recipient a favour: MailFrontier guy: "we just want the problem to go away"
    • Dave Crocker: "why didn't anyone on the panel take any notice of the naysayer's presentation and its points?"
    • panel: "but we have only 5 minutes!"
    • Vanquish guy: "he doesn't understand how PKI works" (!!!) then some advertising for Vanquish (again)
    • Ironport: "Bonded Sender is working right now"
    • MailFrontiers guy: "mostly agreed with his presentation, but we'll do whatever works (titters from audience)MailFrontiers guy: "mostly agreed with his presentation, but we'll do whatever works (titters from audience); C-R is an atomic bomb, but with some collateral damage, but it can be turned off"
    • naysayer: "not only is my machine insecure, my email is insecure, but I don't want my *money* to be insecure" (applause)
    • panel mod: there will be coevolution between attacker and defender, a lesson from the Cold War