Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Mar 2006 05:41:57 +0000
From:      Dominic Marks <dom@helenmarks.co.uk>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Maxim Sobolev <sobomax@FreeBSD.org>, src-committers@FreeBSD.org, John Baldwin <jhb@FreeBSD.org>, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, Luigi Rizzo <rizzo@icir.org>
Subject:   Re: email mangling (Re: cvs commit: src/bin/ls cmp.c extern.h ls.1 ls.c ls.h print.c util.c
Message-ID:  <4424D825.6040003@helenmarks.co.uk>
In-Reply-To: <20060325015521.GA31895@xor.obsecurity.org>
References:  <200603241638.k2OGc2qt094713@repoman.freebsd.org>	<20060324084458.A88774@xorpc.icir.org>	<44243867.4090501@sippysoft.com>	<20060324183303.GA26205@xor.obsecurity.org>	<44248297.5020201@FreeBSD.org> <20060325015521.GA31895@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote:
> On Fri, Mar 24, 2006 at 03:36:55PM -0800, Maxim Sobolev wrote:
>> Kris Kennaway wrote:
>>> On Fri, Mar 24, 2006 at 10:20:23AM -0800, Maxim Sobolev wrote:
>>>> Luigi Rizzo wrote:
>>>>> On Fri, Mar 24, 2006 at 04:38:02PM +0000, John Baldwin wrote:
>>>>> ...
>>>>>> Submitted by:   Andrzej Tobola ato at iem dot pw dot edu dot pl
>>>>> i understand that this is an attempt to prevent email harvesting,
>>>>> but don't you think that such programs will be smart enough
>>>>> to recognize sequences of 'foo at bar dot baz' and convert
>>>>> back to regular email addresses ? :)
>>>> Perhaps we have to change policy to put only contributor's name, not 
>>>> email, into the commit message.
>>> No thanks, it makes it impossible to contact them later on when all
>>> other context is lost.
>> Hmm, you can dig it out of PR, no?
> 
> Not if it wasn't submitted via a PR, no.
> 
> Kris

Demo:

  http://goodforbusiness.co.uk/~dom/mail/
  http://goodforbusiness.co.uk/~dom/mail/?c=105678 (my email)

Summary:

Public web page which maps a unique numeric id to an email address.

The number can be used to redeem an unmangled email address easily from 
a public web page. This is hard for spammers to trawl because the id is 
a non sequential number and when you view the address it is in the form 
of a png image.

You then anyone can quote the number for the E-Mail address in the PR / 
commit / corrospondance / etc. All it requires is a quick lookup to get 
the real email address.

Anyone can add addresses to the system as long as they pass a simple 
human test. In my demo you solve a simple calculation before you can add 
an address. This way those people who dont want their email addresses 
displayed like this can generate their own number and put that in their 
PRs (ie: less work for committers)

It is more effective than text obfuscation. Obviously a proper 
implementation of this would need to be put on a freebsd.org box or 
other trusted system.

Just a suggestion.

Dom (105678)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4424D825.6040003>