[Asterisk-Users] free dids on goiax.com

trixter aka Bret McDanel trixter at 0xdecafbad.com
Tue Oct 18 13:44:54 MST 2005


On Tue, 2005-10-18 at 13:52 -0500, Rajesh kumar wrote:
> To put the abusers out, I propose that each account holder should
> pre-register the phone numbers they typically call. For a legitimate
> user,
> pre-registration is certainly acceptable (especially for a free
> service),
> and if we give option of uploading an outlook address book or so, that
> would
> even simplify the process. Pre-registration of outgoing calls will
> make
> abusers' job lot harder and it is lot easier for hunting down the
> abusers as
> well. If you want, you can set a maximum pre-registration limit as
> well.
> 

Making lists of who you are going to call defeats the purpose.  If I
only wanted to call a small number of people I wouldnt need US48
termination.  If I have to upload a contact list (or enter it manually
which would be a lot more bothersome) I wouldnt use the service.  The
reason for that is I dont know who I am gonna call, and I dont give out
my address book to some website just because.  I would imagine that a
lot of other people would feel the same.

Now lets say a new pizza place opens up and runs a local commercial on
TV.  Some number if flashed on the screen but its not in my address
book.  I only use goiax for outbound.  I then have to register that
number to call to order a pizza?  Not very user friendly.  A friend is
staying in a hotel and I wish to call them I have to add that hotel as
well?  


> To avoid multiple account holders, i would take an approach of
> comparing IP
> addresses at the time of registration itself. 

What about all the proxy lists that exist freely available?  What about
proxy scanners that exist to find new unlisted ones?  What about the
fact that with most cable modem providers its trivial to get a new IP.  

Then there is the issue of dynamic IPs where people might sign up then
get a new IP someone new comes along and cant sign up becuase that IP is
already flagged as being at its maximum.  So you would have to timestamp
and purge the database occasionally.  A lot of overhead for a system so
easily defeated.

While I appreciate the problems Matthew is going through, this is a
complex issue, and one that has plagued the net for a long time.  How do
you authenticate random people on the internet as 1. unique and 2. as
themselves.  The net provides anonymity and without associating a
physical mail address and mailing them a code (slow, costly, etc) its
really hard to do that for a free service.  Credit cards can be used to
a degree to do this, but for a free service I seriously doubt anyone
will enter a credit card.  And on the same token I doubt that anyone
would scan in and email a copy of their drivers license either.  

If someone comes up with a way to authenticate users with no prior
contact that users will accept and adhere to for a free service like
this they could make a ton of money overnight because that is kinda one
of the holy grails of authentication that is desired right now (as it
has direct impacts on paid services).  This is a very complex problem
and so far the best methods require other forms of authentication based
on preexisting ones (ie credit card verification to match against) or
are costly (a code mailed to the person).  

> 
-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
UK +44 870 340 4605   Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20051018/5135d212/attachment.pgp


More information about the asterisk-users mailing list