|
|
|
|
|
|
11:21 pm By Arnold Kling Consumer to Microsoft: Trust This!Microsoft's Palladium initiative is off to a bad start. On the one hand, Microsoft's enemies are bashing the concept. On the other hand, Microsoft's friends are...silent. What is the sound of no hands clapping? If Microsoft's "trustworthy computing" is going to get anywhere, I think Microsoft is going to have to take some small steps to gain consumers' trust, rather than rely on a radical Hail Mary play. An easy-to-use spam filter for Outlook and Outlook Express would produce a lot of good will and consumer benefit for relatively little effort. Palladium as Registration (?)I do not have a technical grasp on Palladium. As a layman, I think of it as a kind of automatic registration system. When I buy the computer, I register myself with a special chip, dubbed 'Fritz' by Ross Anderson in his hostile FAQ. When I download or load some bits on the computer, those bits have to register with Fritz, also, or else they must run in untrusted mode--some sort of silicon ghetto. As Anderson sees it, a music company could code bits in Fritz-friendly format, meaning that if the bits are not registered with Fritz, the song will not play. In order to get those bits registered with Fritz, I might have to pay for the song.I can see how Fritz could stop downloading of new music. But if there are copies of "Free man in Paris" already out there, then I do not see any way to stop them. If the record companies make new music much harder to access than old music, the starmaker machinery will grind to a halt. But that's a different rant. Spam Filtering as a Trojan Horse?Jon Udell, another Palladium opponent, says that consumers might consent to Palladium because they want to filter out spam. He points out that spam could be stopped using manual registration systems, but consumers find them too cumbersome. He then advocates a registration system that proves the point--I would sooner give the Evil Empire my first-born child than go through all that rigamarole to try to use authenticated email. Statistical FilteringFiltering out spam is a statistical problem. You have Type I error, which consists of blocking good mail with your spam filter. You have Type II error, which consists of letting spam get past your filter. In general, I think of Type I error as more costly, so that I would tune my filter to have a low probability of Type I error, and therefore I am bound to make some Type II errors. A big reason that we do not need solutions as drastic as Palladium, or convoluted email authentication, is that we can tolerate a bit of Type II error. If someone wanted to write an ideal email filtering system from my point of view, it would be a system that I could quickly teach how to filter. I would give every email a point score from 1 to 5, where 5 is "I definitely want to read this" and a 1 is "this is definitely spam." The system would look at the groups of characters in my emails and find patterns in the good stuff and in the spam. With enough data, it could use these patterns to sort my email as well as I could do it myself. I believe that John ("the Internet interprets censorship as damage and routes around it") Gilmore advocates something along these lines. My guess is that a well-trained system actually would make very few errors of either type. Moreover, because this system would be personal to me, it would be very hard for spammers to attack. A high score in my filter might not be a high score in someone else's filter, because we have different friends and preferences. Usable Filtering--a Simple SolutionBut I do not need a perfect statistical filtering system. I just said that I can tolerate some type II error. I use Netscape as my email client, and it has a rule-based system for filtering that is pretty crude by my standards. But my problem with email filtering in Netscape is not with quality--it's with usability. I am not as familiar with Microsoft Outlook, but from what I find at Microsoft's support site, email filtering in Outlook is at best confusing and cumbersome, and at worst even less functional than Netscape's. I want to be able to set up a spam filter with one or two mouse clicks. When I right click on either a subject line or a sender, I should have an option that says "put into spam filter." That way, the next time "Link2Buy" sends me an email, it will go straight to the trash can, or to a special spam folder. Ideally, I could just highlight part of the subject line (for example, those Korean-generated characters) and put that into the spam filter, so that any time email with those characters comes in, it gets trashed. I can do that kind of filtering now, with Netscape, but it takes a lot of time to set up. Each filter rule may only catch a few spams, so it is not worth it if it takes more than a couple of mouse clicks. Memo to MicrosoftSo here's my proposal for Microsoft. In the next patch for Outlook and Outlook Express, give us a right-click "put into spam filter" option. If you want to get fancy, create another right-click option to "automatically file" email to a particular folder. That way, I can set things up so that the filters perform triage: email from my associates automatically goes into a "good" folder; email from "Link2Buy" and the Koreans goes into the trash; and I sort the rest manually. That will make my life better and make me better disposed to trust other innovations from Microsoft that are intended to enhance computer security. Copyright 2002 Corante. All rights reserved. Terms of use |
|
|
