Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

RoadRunner Co-Opting "Organization" Headers

Posted by timothy on Sun May 12, 2002 08:44 AM
from the you-are-what-you-subscribe-to dept.
Privacy
Dusty Rhodes writes: "AOL-Time Warner cable Internet Provider RoadRunner has begun co-opting the 'Organization' line of Usenet headers, replacing whatever information a user enters with 'Organization: Road Runner - (location).' All RoadRunner customers nationwide, including business customers, have had their organization identity hijacked with no disclosure whatsoever, much less an opt-in or even an opt-out. Nothing in their TOS or AUP. Nada."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

RoadRunner Co-Opting "Organization" Headers 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • My ISP's Usenet Server (NTL in the UK) is set up to add NNTP-Posting-Host: with your IP to every post. So much for Usenet being an anonymous media.
    • If they didn't add the IP address, it'd be too easy to abuse their server and spam through it. Who says Usenet should be anonymous anyway?

      If you do want almost anonymous access, sign up with a pay-for news provider such as EasyNews [easynews.com]. They don't add an IP address to messages posted through their system, so it's effectively anonymous. However, they still add a special encoded header line that lets them determine which user account sent the message, but it's only of internal use to them, and someone would probably require a court order to force them to identify the poster.

      It's been a long time since anything on the Internet has been truly anonymous...
    • Nothing on the Internet is anonymous. Even "anonymizers" just make it difficult to find the source, not impossible. If you want anonymity, stay the hell off the Internet. Everything you do can be traced to you. If you hadn't figured this out before, wake up. There is no right to anonymity. There shouldn't be.
  • Qmail [qmail.org] is great for unixes.

    Argosoft [argosoft.com]is an awesome win32 one.

    If they are blocking port 25 outbound, you can do what I used to do when the fuckers at earthlink did that. I setup a qmail/proxy machine at work running on port 5000 something and sent all my mail through that, hell if they are to the point of scanning the packets themselves you could always tunnel in as well. The problem is that the majority of people out there are screwed by this and do not have enough knowledge to take recourse against it.

    • Yeah, I did that myself, but alot of places will drop your mail if you're in DUL blocks, like my cable network is.
    • If they are blocking port 25 outbound, you can do what I used to do when the fuckers at earthlink did that.

      Keep in mind that the reason Earthlink does this is to prevent stupid people from sending spam that doesn't go through Earthlink's servers, and from running open relays that spammers can use. Yes, it's inconvenient for some people, but you can configure Sendmail or whatever to relay everything through smtp.earthlink.net, or do what you've done and relay through an outside server on a different port.

      What exactly does smtp.earthlink.net add to the headers that you find objectionable?

      The problem is that the majority of people out there are screwed by this and do not have enough knowledge to take recourse against it.

      The firewall was set up exactly because the majority of people out there do not have enough knowledge to prevent others from abusing their systems to send spam. So, what would you propose as another solution to the spam problem? Keep in mind that Earthlink has over 200,000 DSL customers and several million dialup customers.

  • This has been going on for years (Score:5, Informative)

    by Arcturax (454188) on Sunday May 12 2002, @08:55AM (#3505607)
    I've noticed this for a long time now. A lot of ISP's are doing that. I don't mind too much since my organization is "Crime" but it is a bit annoying yes. However if you want much better news service at not too much a year, try Newsguy [newsguy.com]. I used them back when I did a lot of usenet posting and for like $25/year (its gone up a bit since then) I was able to get non-binary access to all my favorite newsgroups. If you want access to binaries you have to pay a bit more, but the service is very customizable to fit your needs. They filtered out 95% of the spam and kept articles for a month, while roadrunner is lucky to keep them a week and seems to have cut corners on spam filtering. So I'd suggest if you are serious about usenet, buy your access (its less then $5/month for basic access) and get higher quality news feed with less spam and full control over those important headers.

    • Re:This has been going on for years (Score:4, Informative)

      by dattaway (3088) on Sunday May 12 2002, @10:52AM (#3506017) Homepage
      I have used newsguy since they were named zippo.com [zippo.com] (guess the evil company that sued for the name) and can say their usenet service is very reliable. Binaries are complete and you have a choice of the NNTP protocol or a fancy point and click web based interface that automates multipart decoding. RR may run a good newsserver, but I still keep newsguy to suppliment the spool.

      Newsguy also has impressive spam fighting filters. Even my newsguy email account hasn't had one spam email since I signed up since 1997.

  • So? (Score:3, Insightful)

    by nuggz (69912) on Sunday May 12 2002, @08:56AM (#3505611) Homepage
    Companies aren't there to serve customers.

    Companies are there to serve the owners/shareholders. Most of them just want to get the best return on investment they can.

    Most people vote for "returns at any cost" with their money, and the companies act accordingly.

    When is the last time you've heard people say "oh you can lose a few million this year, just be nice to everyone", until they put a dollar value on satisfied customers, they are going to continue to behave this way because WE make them.

    And I don't really care how much RoadRunner screws with their customers, as long as they make money and build my retirement fund for me. Yes it is selfish, but I think that is the way it is.

    • "oh you can lose a few million this year, just be nice to everyone", until they put a dollar value on satisfied customers, they are going to continue to behave this way because WE make them


      True, but for most companies it is a choice between "We can make 10 million and have a few customers hate us (but keep giving us money because we are the only game in town)" and "We can make 8 million and get good press and have the most satisfied customers."

    • Re:So? (Score:5, Funny)

      by Waffle Iron (339739) on Sunday May 12 2002, @09:43AM (#3505759)
      And I don't really care how much RoadRunner screws with their customers, as long as they make money and build my retirement fund for me.

      Unfortunately for you, AOL/TW's brilliant scheme to pad your retirement account by manipulating usenet headers has failed miserably. Last quarter, they posted the largest net loss in U.S. history ($54 billion).

      Last week they announced that the SMTP and NNTP Header Development Division will be axed to save costs; this is expected to result in massive layoffs.

      • It isn't that this particular idea is any good, it is quite dumb IMO.

        It is that they should continuously be trying to make more, and improve somehow. Advertising is a good idea, and really rewriting a header doesn't take any CPU load compared to everything else.

  • My Rights Taken Away?? (Score:2, Insightful)

    by Anonymous Coward
    big whoop..is this intentional or just RR's mistake? either way, this doesn't belong in YRO section.

    there's absolutely no "rights" issue here. stop confusing rights with privileges.. you will only dilute this section further.

    • "there's absolutely no "rights" issue here. stop confusing rights with privileges..

      Privileges are something you don't have to do anything for. Rights are something you have to pay for, such as the rights granted to you by a service agreement (ie. "contract") for a certain price.
      • Privileges are something you don't have to do anything for. Rights are something you have to pay for

        Erm, what are they teaching in the schools these days? In the words of Mr. Locke, as channeled through Mr. Jefferson:

        We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed...

        Rights are something you are born with buddy. Priviledges are something you are granted and can be taken away, like Daddy loaning the old family car to you as long as you maintain a 'B' average. You can lose rights for the commission of crimes, but that is seen as a punishment.

        And what happens when someone takes away those rights? Reading a bit further in the same document:

        --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness...

        Of course exercising that Right might get your sorry ass killed. Live Free or Die, as they say.

        The full thing is here [nara.gov], in case anyone wants to accuse me of selective quotation.

        • Um, yeh.

          These are property rights. We bought (or leased, depending on how you look at it) the internet access, and them skimming away parts they thought we wouldn't notice violates those rights.

          Then, on top of that, we have creative rights to our usenet posts. Copyright, for instance. For them to edit this, without our approval, is another violation of our rights. They can't even make the claim that it is a technical necessity.

          Or are these just privileges?

  • Legal Issue? (Score:3, Insightful)

    by suwain_2 (260792) on Sunday May 12 2002, @09:04AM (#3505635) Journal
    I think RoadRunner is getting themselves into more trouble then they think.

    Let's say I post something to Usenet trolling, blasting Microsoft and making wild accusations against them. However, my "Organization" is "RoadRunner." While it may not mean anything legally, doesn't that at least partially imply that I'm speaking on behalf of RoadRunner, and, thus, making it seem like RoadRunner's official corporate stance is whatever nonsense I just accused Microsoft of?

    For example, if you work at IBM (arbitrarily chosen company), and routinely send out mail voicing *your* opinion, you'll likely have something to the effect of "These opinions are my own, and not that IBM," so that people don't twist mail you send to your friend into IBM's official position on the issue.

    Again, I don't know if this carries any legal weight, but I think RoadRunner is getting themselves into more than they bargained for. (Picture swarms of angry people blaming RoadRunner for whatever their customers post.)

    • I agree. I view the "Organization" header as stating the legal entity to which I have pledged some sort of allegiance, in most cases meaning I work for them in exchange for money. This carries the assumption that, since I am posting in the identity of someone that "belongs" to said organization, I have some legal right to speak for them unless I apply a disclaimer.

      While I assume they are overriding the "Organization" header as a marketing tactic, I believe they are ignoring the internet cultural norms for how that field is used. I hope they come to understand what they have done, perhaps inadvertantly, and change their policy. However, given the current climate, I suspect this will continue unnoticed (save the /. crowd) for years to come with no ramifications.

  • Could just be a foul-up (Score:5, Insightful)

    by Evil Al (7496) on Sunday May 12 2002, @09:10AM (#3505653) Homepage
    Not to pour water on a good conspiracy theory, but are people sure this isn't just a misconfigured nnrpd.conf (or equivalent)? It's pretty easy to do; many nntp sites already add an Organization line if there isn't one present -- all it would take is for some admin to foul up a config line.

    Not to downplay the significance of companies doing stuff like this, but this may be unintentional. The article doesn't look like it's double-checked the motive.
    • Blockquoth the poster:

      Not to pour water on a good conspiracy theory, but are people sure this isn't just a misconfigured nnrpd.conf (or equivalent)? ... all it would take is for some admin to foul up a config line.

      The same mistake, made everywhere at once? From the article:

      replacing whatever information a user enters with "Organization: Road Runner - (location)."
      All RoadRunner customers nationwide, including business customers, have apparently had their organization identity hijacked

    • The guys who run RoadRunner mail hosts seem to be a bit out of it when it comes to how "the Internet" works. Sure, they can figure out some of the stuff, but they get clueless really fast.

      For example: They used to have the "From:" header screwed up. When you sent some mail, it said that the sender was "username at the machine that handled all of the mail for the area," not "username at the real address." So for six months or so, when some folks tried to reply to my RR address, their replies bounced. I had to add a "Reply-to" line just to get mail back.

  • Correct me if I'm wrong but isn't this a perfectly correct implementation of organization? Whose NNTP server was used? Roadrunner's server. Whose name should be listed under organization, well I can make a strong argument for roadrunner. I fail to see what harm this does to the consumer, and more importantly what "right" is lost. Most clients don't display the header by defualt. It might help someone report spam. The only downside is if you used public usenet to reply to support postings, and wanted to look profesional, and then a private server would be a much more sensible solution(no propagation time, complete control, etc.)
  • The bottom line here is that, if like the article says, there is nothing in the ToS that guarantees that this wont happen (I start to twitch if I actually read ToS or EULA documents) then I'd say you're at the mercy of the owner of the servers that you use. When I load slashdot, it gives me slashdot content. When I send mail through my ISPs SMTP servers, it adds a header. While the co-opting aspect of this is disturbing, the bottom line is that if you don't like it, run your own NNTP server, or simply use Google Groups or any other alternative news service that delivers what you want, in the way you want it. A lot of people seem to think that Roadrunner is going to get in trouble for this. I just don't see that happenning. I can't even conceive of a way that this could be illegal. But I'm not a lawyer ;)

  • Usenet Fields (Score:3, Funny)

    by JabbaKosh (578865) on Sunday May 12 2002, @09:41AM (#3505750)
    I wonder how RoadRunner would feel if some unscrupulous person put Roadrunners email addresses in their reply fields for the spambots to harvest? Gee, I hope no one does that. That would be just awful. Roadrunner receiving tons of unsolicited mail because someone changed some information that they were not asked to. The horror...the horror....

  • Incorrect, they don't post the location (Score:3, Informative)

    by ben_degonzague (222715) on Sunday May 12 2002, @09:56AM (#3505799)
    For the last year (probably even longer) I have noticed RR putting Road Runner in the Organization field on the header. I've never seen them put the actual city name however in the header. This is not late breaking news.

    I can't beleive this made the front page on slashdot. First of all the story is false (at least in the upstate New York RR service) second, what's the big deal? For me, I use my full name when posting to newsgroups. Plus with RR you get a fairly static IP address (mine hasn't changed in the last year), how can you be anonymous with that?

  • Spam (Score:3, Interesting)

    by Tim Ward (514198) on Sunday May 12 2002, @09:57AM (#3505805) Homepage
    Doesn't this make it harder for RR "customers" to send out Usenet spam with totally forged headers and remain undetected?

    Isn't this a Good Thing for everyone?

    In particular it's a Good Thing for all RR customers who don't spam, as it means that other ISPs won't be denying connectivity to RR because of spam.

    What have I misunderstood here?

  • RFC850 (Score:5, Informative)

    by Fastolfe (1470) <david@fastolfe.net> on Sunday May 12 2002, @10:12AM (#3505863) Homepage
    From RFC850 [faqs.org]:
    2.2.9 Organization The text of this line is a short phrase describing the organization to which the sender belongs, or to which the machine belongs. The intent of this line is to help identify the person posting the message, since site names are often cryptic enough to make it hard to recognize the organization by the electronic address.
    What exactly is the problem here? You can't use your vanity Organization header with their news servers anymore? This is hardly a "rights" issue as implied by the YRO category, it's just a policy change issue on the part of RoadRunner. If you don't like it, let them know, but I wouldn't expect them to change this policy as it's a perfectly legitimate use of the Organization header. Use another news service or insert your own X-Real-Organization header if you're concerned about what's in the headers. If RoadRunner had been doing this from the start, nobody would be complaining. Many ISP's do this today.

    The bottom line is that from the Internet's point of view, your ISP and network provider is RoadRunner, so it makes perfect sense to label you as being part of that "organization" in this context. It is both within the letter and spirit of NNTP. To allow you to use your own vanity Organization header would only add confusion and defeats the spirit of the header.

    • Re:RFC850 (Score:4, Informative)

      by John Hasler (414242) on Sunday May 12 2002, @11:56AM (#3506270)
      "The bottom line is that from the Internet's point of view, your ISP and network provider is RoadRunner, so it makes perfect sense to label you as being part of that "organization" in this context. It is both within the letter and spirit of NNTP."

      Nonsense. My ISP is merely a contractor selling me the service of forwarding my Usenet aricles into the rest of Usenet. I am not in any way part of their "organization".

      "To allow you to use your own vanity Organization header would only add confusion and defeats the spirit of the header."

      To use my own "Organization" header reduces confusion by identifying the organization to which I and my machine belong. Replacing it with one which erroneously identifies me as belonging to my ISP adds confusion.

      • Re:RFC850 (Score:3, Interesting)

        by Fastolfe (1470)
        Read the RFC snippet I quoted. The Organization header is meant to identify the organization the user belogs to or the machine, the news server itself. If you're posting through your ISP's news server, you're probably a low-end business or a single-user individual.

        Still, I used the term organization in the context of a network (or news server) hierarchy, not in the logical business context. I may have been too subtle in my original post regarding this.

        From an NNTP point of view, the "organization" is really the provider hosting the news service, but the description of this header in the RFC doesn't really mandate it one way or the other.

        The point I was trying to make is that RoadRunner is not in violation of any civil laws, any rights you think you have, nor are they really breaking anything at all in the RFC or the intent of this header in the NNTP specification. They're doing exactly what a lot of other providers have been doing for years.

        If you don't like this change in policy, by all means let them know. They could easily reverse it, but I wouldn't necessarily expect them to. If all else fails, use a different news service that lets you specify your own vanity organization header (or even better, set up your own news service).
        • "The Organization header is meant to identify the organization the user belogs to or the machine, the news server itself."

          The machine referred to is the one the article originates from, not the first server it propagates to. Why do you think that news clients insert the "Organization" header to begin with?

          "From an NNTP point of view, the "organization" is really the provider hosting the news service,"

          The organization is clearly intended to be that of the author of the article.

          "They're doing exactly what a lot of other providers have been doing for years."

          A lot of providers have been screwing up news in all sorts of ways for years.

  • What? (Score:3, Informative)

    by The Asmodeus (18881) on Sunday May 12 2002, @10:31AM (#3505942)
    Ok, I'm a RoadRunner customer. I read this and immediately went out to check my posts. Nope, didn't see the text added in any of them. Even posted a new post and still no text.

    So, either it's not happening in all areas are this yet another bogus "It was posted on the web so it has to be true" story.

  • How to strike back (Score:5, Funny)

    by eschasi (252157) on Sunday May 12 2002, @10:44AM (#3505981)
    If this were happening to me, I'd change my netnews .sigfile to read
    --
    If the Organization line on this post says 'RoadRunner', then the opinions expressed here are the official opinions of 'RoadRunner'. They put their name on them, they must approve.

  • Easy solution (Score:5, Funny)

    by Blue Neon Head (45388) on Sunday May 12 2002, @11:52AM (#3506253)
    All concerned RoadRunner customers should change their organization name to "is a sh*tty ISP."
  • I think it's real sporting of them. By identifying themselves as the organization responsible for the messages (not mereley the source of the messages), do they not open themselves to legal action? Shielding their customers, who are small-fry (anything other than AOL/TW, including most countries) by definition.

    Seriously, this has all the hallmarks of (rather clever) disgruntled employee sabotage. How much attention do you think the higher-ups at rr even pay to their UseNET service? How closely do you think it is monitered? I'm betting very little and not-at-all. It could be weeks before they really notice/understand, even now.

    If I still had UseNET flamewars^H^H^H^H^H^H^H^H^Hdiscussions, I'd be really pissed; I have roadrunner.

  • Which servers? (Score:3, Interesting)

    by Restil (31903) on Sunday May 12 2002, @01:15PM (#3506568) Homepage
    Does this apply only to the RR usenet servers? Or does this apply to ANY usenet server that a RR customer is using?

    Big difference. IF RR owns the server and provides it as part of a package, yes it might suck, but its their server and if they want to alter information, I suppose its their right to do so. You don't HAVE to use it. In fact, most ISP based newsservers suck anyways. It wouldn't be a great loss.

    A lot of companies do things behind the scenes without putting into their terms of service. A great many isps will run httpd traffic through a cacheing proxy to either save on upstream bandwidth or to record information. One of these schemes makes perfect sense, the other is slimy.

    Ok, so they're changing your organization field. Whether this matters or not, you know about it now. If its a problem, use a different news server. However, if they're hijacking nttp packets and "fixing" that information, then you have a BIG problem. At NO point should ANY information I send out be modified. If they want to play games to save bandwidth, fine. But I better get the exact data I request, and the other end better get the same data I send, with no
    modifications. THAT would be entering into the realm of arbitrary censorship without permission.

    They might STILL be within their rights to do that, but if I were a customer of theirs, I would start shopping around.

    -Restil
    • The biggest reason I can see is to help cut down on spam. If people try spamming through RR, the recipient will KNOW it came from a RR server, and know where to complain. (Not sure how that HELPS RR, but it's a theory.)

      • Re:Spam? (Was: Re:Why?) (Score:4, Interesting)

        by dougmc (70836) <dougmc+slashdot@frenzied.us> on Sunday May 12 2002, @09:41AM (#3505752) Homepage
        The biggest reason I can see is to help cut down on spam. If people try spamming through RR, the recipient will KNOW it came from a RR server, and know where to complain.
        That's what the
        X-Complaints-To: abuse@rr.com
        header is for. It's added by most(?) ISPs nowadays, including TWRR. The only reason I can see for TWRR to change the Organization: header is `branding' -- to put their name on your post. As if they owned it or something.
        • to put their name on your post. As if they owned it or something.

          That's an interesting thought. By doing this are they claiming some sort of ownership to your post and thus become liable for things in the said post?
      • The biggest reason I can see is to help cut down on spam. If people try spamming through RR, the recipient will KNOW it came from a RR server, and know where to complain.

        But they could just as easily add something like "X-Complaints-To:" or "X-ISP:", etc. Rather than deciding that RFC 850 dosn't quite apply to them. The header is for identification of the poster's organisation. Rather than whatever ISP their employer may use...

    • Re:They are your ISP (Score:5, Insightful)

      by waytoomuchcoffee (263275) on Sunday May 12 2002, @08:58AM (#3505620)
      They are your ISP and you are using THEIR machines, hence they may do as they wish...an ISP has every right (though perhaps not ehtical) to ... do whatever they want to incoming/outgoing data

      Are you serious? Given your logic, you seem to think it's alright to replace every other header as well (including the X-Priority, or even the TO and FROM). Why stop there? Why not change the message body as well?

      • Re:They are your ISP (Score:2, Funny)

        by Anonymous Coward
        Can I play on the slippery slope after you're done with it?
      • Its at best a civil matter not "civil rights". You have no right to send email or usenet postings. Those are privileges that you pay for. If your ISP violates your contract sue the bastard.

        Tom
        • Its at best a civil matter not "civil rights".

          You are exactly correct. This is not really an issue of rights. It's only an issue customer service. A company is failing to provide a service that most paying customers are used to getting. A poor choice on their part, yes, but hardly anything worth marching to the capital steps in Washington over.

          In addition to the "Your Rights Online" category, Slashdot really needs a "Big Company Not Treating Their Customers Well" category, because that seems to be what a lot of these stories end up being. Save the YRO banner for DMCA court battles and stuff like that.

        • Because Yahoo, et. al. are free, they make their money from advertising. I pay my ISP, and if they started requiring me to run programs that displayed banner ads at the bottom of my screen continuously -- in addition to the $45 / mo -- I'd leave ASAP.
    • They are your ISP and you are using THEIR machines, hence they may do as they wish.
      But you're paying them for use of their machines, and you agreed to the TOS that came with their product. They exceeded their rights under their own TOS.
      [A]n ISP has every right...to do whatever they want to incoming/outgoing data.
      Again, you're paying them for their service. They must abide by their own TOS.

    • Re:They are your ISP (Score:5, Insightful)

      by Guppy06 (410832) on Sunday May 12 2002, @09:03AM (#3505632) Journal
      "They are your ISP and you are using THEIR machines, hence they may do as they wish."

      They gave up the right to do whatever they wish with their hardware as soon as they started charging you money to use it. An ISP is bound as much to an agreement as a user (if not more so) because of the exchange of money involved, and they should not be able to unilaterally change the terms of the contract without at least informing the customers.
      • If I had a RoadRunner connection for free, then yeah, maybe I could deal with them wanting to plug themselves in my e-mails and news postings.

        However, since RoadRunner is a pay-to-use service, aren't they getting money already? Why, yes, they are. And what if part of your organization is required to post to certain newsgroups, and all of a sudden, with no warning, instead of being from BlahCo, it says it's from RoadRunner? Wouldn't you be a touch upset about that?

        They can fix it by making it opt out.

        Kierthos

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.