Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!watdcsu!magore From: magore@watdcsu.UUCP Newsgroups: news.admin,misc.legal Subject: Re: Mark Ethan Smith: For real? Message-ID: <3947@watdcsu.waterloo.edu> Date: Tue, 13-Oct-87 11:51:25 EDT Article-I.D.: watdcsu.3947 Posted: Tue Oct 13 11:51:25 1987 Date-Received: Sat, 17-Oct-87 12:57:10 EDT References: <378d6016.b8ab@apollo.uucp> <5261@jade.BERKELEY.EDU> Reply-To: magore@watdcsu.waterloo.edu (Mike Gore, Institute Computer Research - ICR) Organization: U. of Waterloo, Ontario Lines: 44 Xref: utgpu news.admin:1046 misc.legal:2342 Hello Roger, [ This comment is only concerned with the issue of detecting faked articles ] In article <9067@felix.UUCP> bytebug@felix.UUCP (Roger L. Long) writes: >But speaking of liability, just how does one PROVE that statements made on >USENET actually come from the organization or user they say they do? It >is quite easy for me to post an article to the net that would appear to >come from larry@kitty.UUCP saying that "Smith" molested little girls. [munch...] > Roger L. Long Yes you could by faking the header - BUT once the forged message leaves your site it will leave a trail pointing back to you. Every site you connect to will tack on it's own part of the full distribution path and if enough people compare the results it would be simple to determine where it _didn't_ come from by seeking a common root- and in many cases it would be possible to track it back to the actual poster _if_ that site keeps logs. If you do manage to post from several places at once you might cause problems with this method but there are other methods by using article numbers that further help to make undetected forgeries harder to do... Summery: Lets say you faked a header: aa/bb/cc/userX where the path 'aa/bb/cc/userX' is valid - this does NOT mean that all people who normally receive userX will also receive your posting as if it were comming from the correct path. The only way around this is if you happened to be on one of the sole links userX uses to reach the net and if nether of those links keep logging info... Even with the growing number of MSDOS [ et. all ] machines it would be safe to assume that on average they , at some point down the path, connect to a machine that keeps logs. So, the main problem with tracking down fake postings remains on average with the effort it takes... This issue suggest that if the average person wants to detect if their articles are being faked they can suggest to all their friends to keep track of the path headers for articles they receive from them. On many systems this could be a simple as a grep of the news logs at regular intervals ... Best Regards, # Mike Gore # Institute for Computer Research. ( watmath!mgvax!root - at home ) # These ideas/concepts do not imply views held by the University of Waterloo.