Its not up to the ISP to determine outbound malicious traffic, but its up
to the ISP to respond in a timely manner to complaints. Many (most?) do not.
If they did their support costs would explode. It is block the customer,
educate the customer why they were blocked, exterminate the customers PC,
unblock the customer. No doubt there'll be a repeat of the same in short
time.
Adi
And how exactly does that translate to the online world?
It doesn't. There is none or very little punishment for lawlessness and
missbehaviour in the online world.
Despite the safety and environmental regulations and the fact that
you have to have a driver's license and insurance (at least here in
NL), there is no requirement that your locks are industrial strength.
Or that your car can be locked at all, for that matter.
There is a clear understanding of right and wrong in the general
population. There is law enforcement and meaning full punishment for
crooks and thieves. In the online world I have no recurse against anyone
compromising my computer.
The fact that a compromised computer doesn't really hurt you all that
much in the real world is exactly the reason why so many users don't
care about security. When driving a car they at least have to be
drunk to reach that level of carelessness.
The fact is that in the online world the abuser is laughing while the
abused is left to clean up the damage. Because a compromised computer
doesn't really hurt most do not even know that they are a victim.
Adi
Give me a *clear* unobstructed line (that stays up) at
the cheapest price please.
Your attitude is very much the norm, however your requirements on connectivity are more stringent. All customers want unobstructed access and, we as an ISP, want to provide it. Obstructions to service, regardless of fault or utility, generate call volume. The vast majority of subscribers, measured in millions, are not obstructed by filtered internet services. Subscribers do not understand the benefits of complete end-to-end connectivity nor do they perceive filtered connections as less valuable than other services.
For those subscribers who do notice these obstruction, we offer more robust connections at a different price point. The reasoning is simple: in order to provide the best connectivity possible, measured by least obstructions perceived by the user at the lowest price point, at the highest margin possible we need to relocate the operating cost to the appropriate party. Providing all users with unfiltered transit increases our operating expense without providing the customer with any added benefit. Providing a subset of users with unfiltered transit when necessary pushes that expense onto the users requesting additional service.
As you said, customer desire the cheapest stable connection they can locate. Value added services aid in retention when cheaper rates are offered by competitors and we are not willing to match that price point. Subscribers are willing to pay more for connectivity instead of incurring the cost of replacing their email address, their ISP associated software, etc.
Who are you to decide that there is no damage to blocking residential
customers?
The customer makes the decision when they subscribe to a service whether or not filtered service will meet their needs. Who are you to decide that unfiltered service is required to meet the needs of all customers?
Why should an ISP decide what a residential
customer can or can't do with their internet connection.
The service provider should be able to decide what services they wish to offer. If a provider of any service chooses to differentiate services based on utility and the customer is made aware of these characteristics, how is this in anyway unfair? If your objection is that, in single provider markets, it may not be financially viable to obtain your desire service level i.e. the local cable provider does not offer unfiltered connectivity and there are no other residential high bandwidth options available then I suggest you encourage diversity in the market place.
You are not entitled to unfiltered internet connectivity. If you want to be entitled to unfiltered internet connectivity then petition your local government to make transit a privatized utility with all the government oversight and bureaucracy that entails.
It would seem that relocating the costs of doing extra (filtering, etc)
*should* be passed on to the people who necessitated the extra handling by
running software that needs extra protection. As it stands, you're charging
the people who (in general) aren't the problem more for you *not* to do
something...
Car insurance companies figured this out long ago: They charge extra premiums
to those customers who incur them more cost - that's why male teenagers pay
more than middle-aged people, and why people with multiple tickets pay more.
Would any car insurance company be able to stay in business long-term if they
raised the premium for middle-aged men driving boring Toyota sedans because
somebody else's teenager wrapped their Camaro around a tree? Why is it
perceived as reasonable in this industry?
It would seem that relocating the costs of doing extra (filtering, etc)
*should* be passed on to the people who necessitated the extra handling by
running software that needs extra protection. As it stands, you're charging
the people who (in general) aren't the problem more for you *not* to do
something...
"Extra" in the sense of this statement is incorrect. If filtered connectivity is the norm in our environment, then I would be charging people who require unfiltered access more to make an exception for them and allow them more flexible connectivity. Exceptions, even in the form of removing restrictions, are something.
Car insurance companies figured this out long ago: They charge extra premiums
to those customers who incur them more cost - that's why male teenagers pay
more than middle-aged people, and why people with multiple tickets pay more.
This is a poor analogy, which is why I have avoided them thus far. It is easier to assess blame in automobile incidents. It is, more often than not, the fault of a driver of one of the involved automobiles, not some nebulous third party. Insurances companies maintain records of traffic offenses on customers and check traffic records for prospective customers, there is no comparison within network abuse. It is difficult to assess responsibility in network abuse.
Increasing the price point, or penalizing the customer, for network traffic generated by malware is an excellent way to promote churn and reduce revenue. It is more profitable to restrict customers from generating unfriendly network traffic in the first place than penalize them after the fact.
Would any car insurance company be able to stay in business long-term if they
raised the premium for middle-aged men driving boring Toyota sedans because
somebody else's teenager wrapped their Camaro around a tree? Why is it
perceived as reasonable in this industry?
Again, this is a poor analogy. I am not penalizing customers who act responsibly. There is no direct correlation between users who are responsible and users who require unfiltered internet access. There are millions of subscribers who are responsible using filtered internet connectivity and they are not penalized for it. In fact, they are rewarded as they are paying a lower price point for this adequate and restricted service.
Please, stop making the assumption that all responsible users require unfiltered internet access.
James Baldwin wrote:
Again, this is a poor analogy. I am not penalizing customers who act responsibly. There is no direct correlation between users who are responsible and users who require unfiltered internet access. There are millions of subscribers who are responsible using filtered internet connectivity and they are not penalized for it. In fact, they are rewarded as they are paying a lower price point for this adequate and restricted service.
Please, stop making the assumption that all responsible users require unfiltered internet access.
---
James Baldwin
hkp://pgp.mit.edu/jbaldwin@antinode.net
"Syntatic sugar causes cancer of the semicolon."
Well said. I also want to point out that, I believe several people discussing this thread are confusing ISP's who just provide Internet Services direct to end users, with transit providers who are soley providing transit to other ISP's.
In my own opinion, I would not expect a transit provider to filter anything other than my BGP announcements. However, I would expect my ISP to filter a possible worm infection port(s), as it would completely saturate my lowly-end-user datapipe if they did not, making network access worthless, even if my host was secure. Ofcourse, I would also, not expect to pay a higher fee for this filtering.
Additionally, I am curious why any time a technical issue comes up on NANOG (or any other operator list), people resort to terrible analogies that have little to do with the actual content of the discussion?
Adi Linden wrote:
Its not up to the ISP to determine outbound malicious traffic, but its up
to the ISP to respond in a timely manner to complaints. Many (most?) do not.
If they did their support costs would explode. It is block the customer,
educate the customer why they were blocked, exterminate the customers PC,
unblock the customer. No doubt there'll be a repeat of the same in short
time.
This is actually the opposite. (though I'm biased) But the support costs will decrease because you'll get less complaints inbound and less customers complaining about slow connections because their PC's are filling them with junk.
Pete
Hmmm... when you're driving on a public street there is certain safety
equipment you are required to have and use. You're paying more for your
vehicle because of seatbelts, airbags and all the other things that are
supposed to lessen the impact of an accident. Even if you're an expert
driver, you don't have the privilege of not paying for these features.
This simply isn't true. You can purchase a vehicle without any of those
devices. Sure, it restricts you to older vehicles, but, they are still
available. Additionally, if you so choose, you can build your own vehicle
without those devices. There are exemptions in most of the laws for
vehicles manufactured without them.
Owen
If they did their support costs would explode. It is block the customer,
educate the customer why they were blocked, exterminate the customers PC,
unblock the customer. No doubt there'll be a repeat of the same in short
time.
On a cost basis, it should be:
+ block the customer
+ Explain to the customer why they were blocked
Customer should be responsible for getting their PC exterminated, although
enterprising ISPs could offer this service for a fee. Finally, it would not
be unreasonable to impose a reconnect fee. For that matter, if ISPs wrote
contracts appropriately, there could be a disconnect fee for abuse as well.
Owen
Who are you to decide that there is no damage to blocking residential
customers?The customer makes the decision when they subscribe to a service whether
or not filtered service will meet their needs. Who are you to decide that
unfiltered service is required to meet the needs of all customers?
I never said they did. I simply said ISPs shouldn't decide this for their
customers, as some do.
Why should an ISP decide what a residential
customer can or can't do with their internet connection.The service provider should be able to decide what services they wish to
offer. If a provider of any service chooses to differentiate services
based on utility and the customer is made aware of these characteristics,
how is this in anyway unfair? If your objection is that, in single
provider markets, it may not be financially viable to obtain your desire
service level i.e. the local cable provider does not offer unfiltered
connectivity and there are no other residential high bandwidth options
available then I suggest you encourage diversity in the market place.
I do encourage diversity in the market place. However, that doesn't
necessarily change the current reality.
You are not entitled to unfiltered internet connectivity. If you want to
be entitled to unfiltered internet connectivity then petition your local
government to make transit a privatized utility with all the government
oversight and bureaucracy that entails.
In some locations, that is becoming the case. I'm not sure that's
necessarily
such a bad idea. I'd rather encourage providers to do the right thing
without
the extra overhead, however.
Owen
If one is going to use the car analogy, then the ISP is the street, not the car. The car is the user's computer or customer premise equipment. Streets do not have airbags. (Though that is an interesting concept.) At best, streets have features that influence safety & traffic such as stop signs and guard rails, but even a well designed street does not actually prevent car accidents or dictate what kind of person is riding in a car.
But this analogy breaks down on so many levels, so I recommend not using it. The street system is a government controlled monopoly and...well lets not use this analogy.
John
It would seem that relocating the costs of doing extra (filtering, etc)
*should* be passed on to the people who necessitated the extra
handling by
running software that needs extra protection. As it stands, you're
charging
the people who (in general) aren't the problem more for you *not* to do
something..."Extra" in the sense of this statement is incorrect. If filtered
connectivity is the norm in our environment, then I would be charging
people who require unfiltered access more to make an exception for them
and allow them more flexible connectivity. Exceptions, even in the form
of removing restrictions, are something.
No, it isn't. The fact that filtered is becoming the norm is what
many of us are taking exception to. I shouldn't have to pay extra
for unfiltered intenet just because the majority of your customers
are too ignorant to correctly deal with it. Fortunately for me,
as long as there are ISPs that don't see the world your way, I won't
have to be your customer, so, have fun.
Car insurance companies figured this out long ago: They charge extra
premiums
to those customers who incur them more cost - that's why male
teenagers pay
more than middle-aged people, and why people with multiple tickets pay
more.This is a poor analogy, which is why I have avoided them thus far. It is
easier to assess blame in automobile incidents. It is, more often than
not, the fault of a driver of one of the involved automobiles, not some
nebulous third party. Insurances companies maintain records of traffic
offenses on customers and check traffic records for prospective
customers, there is no comparison within network abuse. It is difficult
to assess responsibility in network abuse.
Actually, it's an excellent analogy. If your system is a source of
abuse, you are responsible, one way or another. Either you chose to
run exploitable software and failed to patch it, or, you chose to
run the exploit. Either way, you have responsibility for abuse
originating from your machine.
Sure, there's a contributing factor in a lot of internet abuse from a
nebulous third party, but, people running exploitable systems should be
held responsible for the abuse those systems generate.
Increasing the price point, or penalizing the customer, for network
traffic generated by malware is an excellent way to promote churn and
reduce revenue. It is more profitable to restrict customers from
generating unfriendly network traffic in the first place than penalize
them after the fact.
While I believe we don't currently have a better process than capitalism
available, this is an example of how capitalism does not necessarily lead
to the correct conclusions in a market. Destroying existing and future
valid capabilities of the network to avoid solving the real problem because
solving the real problem might eat into revenues is exactly why I think
we need to modify our thinking on this.
Would any car insurance company be able to stay in business long-term
if they
raised the premium for middle-aged men driving boring Toyota sedans
because
somebody else's teenager wrapped their Camaro around a tree? Why is it
perceived as reasonable in this industry?Again, this is a poor analogy. I am not penalizing customers who act
responsibly. There is no direct correlation between users who are
responsible and users who require unfiltered internet access. There are
millions of subscribers who are responsible using filtered internet
connectivity and they are not penalized for it. In fact, they are
rewarded as they are paying a lower price point for this adequate and
restricted service.
Yes you are. You are penalizing users who act responsibly and want to use
the full capability of the network instead of some subset in order to
subsidize the costs of your other users who don't know and don't care.
It is an excellent analogy, it just doesn't support your point of view.
Your statement that their price point is lower is absurd. It costs money
to put filters in place. It doesn't cost money to not filter, except to
the extent that irresponsible actions which filtration would prevent are
not blocked. Therefore, any increased costs in unfiltered connections
are the direct result of irresponsible use. Absent irresponsible use,
unfiltered connections will, by definition, cost less.
Please, stop making the assumption that all responsible users require
unfiltered internet access.
That isn't the assumption. The assertion is that unfiltered use costs
less than filtered use unless there is abuse or irresponsible use to be
filtered. The further assertion is that ISPs should not be the ones
determining what level of access end users require. ISPs should filter
what end users ask them to filter. End users should not be charged
extra for access to the whole internet.
Owen
If you really want some analogy for Internet independent of the telecom sector or governent infrastructure, best is to compare internet & ISPs to
retail product distribution. In both cases you have produces (content or
manufactures) with many different kind of products and brands consumers want and complex distribution channels to get from the produces to the stores (ISPs) where end-users actually buy it. But in majority of retail
products, the origin product can not be contaminated or dangerous to
end-users, but if you compare groceries (a subset) then its a lot more interesting and product can easily get spoiled or otherwise be dangerous
and a lot more regulations exist to make sure what consumers get is good and supermarkets also routingly check themselve quality of products they receive (especially for produce and dairy).
In my own opinion, I would not expect a transit provider to filter
anything other than my BGP announcements. However, I would expect my ISP
to filter a possible worm infection port(s), as it would completely
saturate my lowly-end-user datapipe if they did not, making network
access worthless, even if my host was secure. Ofcourse, I would also, not
expect to pay a higher fee for this filtering.
I'm probably one of the ones you think is confused. However, I am not,
I simply don't think that they need different policies about what packets
flow. If the customer doesn't ask for something to be blocked, it shouldn't
be blocked.
The most probabl worm infection port is 80 or 443. Do you really want those
filtered by your ISP? I don't... It would wreak havoc with my web servers.
Additionally, I am curious why any time a technical issue comes up on
NANOG (or any other operator list), people resort to terrible analogies
that have little to do with the actual content of the discussion?
Personally, I think the analogy was a pretty good one. Just because it
doesn't support your point of view doesn't make it a bad analogy. No matter
how much you and the person you qouted would like to obscure the fact,
default filtration is bad policy for a number of reasons:
+ It inflicts an unfair cost burden on responsible users
who want full internet connectivity.
+ It inflicts an unfair cost burden on responsible users
who don't need full internet connectivity, but, don't
need ISP-side filtration, either.
+ It taxes responsible users in order to reduce the costs
of irresponsible users.
+ It is a transit solution to an end-host problem, thus
creating a number of undesirable side-effects, not the
least of which is the cost of a continuing arms race
between the filters and the malware.
Owen
This mantra is often repeated but their costs are going to explode
anyhow as the defensive blocking of them goes on, world-wide, and
their customers want to know why they can no longer send email or
browse in random, and ever-growing, chunks of IP space (and,
frustrated, find new providers.)
Only that situation is going to be much more expensive to fix since
it's others' IP space they'll need to get policy changes in, not their
own.
-Barry Shein
Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
Owen, I may be wrong... but it sounds to me like half the people in this
conversation are talking about things *the retail gas station ought to
do*, assuming that the people on the other side realize this, and the
other side is reacting as if the first group is advocating that
*refineries and pipeline operators* ought to be doing those things.
Certainly backbone ops shouldn't be doing this sort of filtering, and
if you're big enough and willing to pay enough, you ought to be able to
get a hose free of such filters.
But *what you're paying for* there is the right to pollute the commons,
and no, people paying $1/MB's for their Verizon FTTH connection
probably ought not to expect a raw unfiltered connection.
It's not *just* about bandwidth...
Cheers,
-- jra
It's not a buck a meg.
15/2 service is about $45/month:
over $3/Mbps downstream
over $22/Mbps for the upstream
30/5 service is almost $200/month:
over $6/Mbps downstream
about $40/Mbps for the upstream
There should be a little money in their model to
provide guidance and/or software to the consumer.
Hopefully enough to fund an aggressive abuse department.
Both things that any provider who hands fat pipes to customers must do
There wont be any money at all in their model if they hand a raw,
unfiltered feed to customers .. and I seriously doubt if the customers
will want or need one (the vast majority I mean, the people who know
enough to switch on their PC / laptop and let their wifi network card
pick up a connection, or maybe know a little more like "the blue cable
goes from the back of my PC to that bright blue colored box the
verizon tech dropped off at my place")
There are some providers who think there is money in charging premium
rates to give unfiltered feeds to clued users (speakeasy for example,
though it resells dsl from providers who wouldnt give you the same
sort of feed or service if you bought directly from them). There are
others who see more money in providing filtered feeds to a mass market
that only wants to get on the internet, check their email and then
spend time streaming music / movies / gaming etc.
Fine.
But the pain doesn't *hurt* the people who cause it.
See also: Tragedy of the Commons.
http://en.wikipedia.org/wiki/Tragedy_of_the_Commons if you didn't have
a better explanation handy.
Cheers,
-- jra
In this context, Owen, why isn't that a circular argument?
Cheers,
-- jra