[Pool] Isn't monlist a violation of privacy rights?

Mouse mouse at Rodents-Montreal.ORG
Sat Feb 1 16:12:36 UTC 2014

>> (b) I really do not like shutting off a useful facility just because
>> it's being abused and a lot of other people don't/can't prevent the
>> abuse any other way.
> Just for curiosity: Have you ever used other ntp-server's monlist for
> anything particular?

No, not really.  I'm not a hardcore time geek; I haven't had occasion
to do the kind of investigation it helps with.

> Why do you consider that facility useful?

I assume you mean, useful to arm's-length third parties; I'll ignore,
for purposes of this mail, uses to people directly involved with
administering either end of NTP associations my host(s) participate in.

The same reason I consider ntptrace useful.  SMTP EXPN.  Remote
route-view servers.  traceroute.  Much of ICMP.  In a word, visibility:
it helps others do their own debugging instead of having to do a
round-trip through me.

> Personally, I'm rather concerned about my privacy.  When I'm using a
> service and that service tells other people that I'm using it, and
> does so without my explicit consent, I don't like that.  I feel my
> privacy rights are being violated.

Then you probably shouldn't NTP with hosts you haven't set up explicit
arrangements with.  Shouldn't...actually, shouldn't do pretty much
anything with hosts in places with weaker privacy laws than the ones
you like.  The Internet, which was founded on a culture (both social
and technical) of openness, still retains remnants of that openness; it
will be an unpleasant place for you in various respects.

> In particular, a service that gives out the fact I'm using it not
> only to specific third parties somehow known to the people behind
> that service - but to anybody?

Like mailing lists with world-accessible archives?

> I'm not a lawyer.  But in my understanding, in my country, Germany,
> such behavior would even be illegal.  And I tend to think: rightly
> so.

I don't see it as surprising that you would agree with your country's
stance.  I'm glad there's variety in that respect, though, as I do not
go that far in that direction.  But you probably will want to be very
careful interacting with non-German hosts, as NTP's monlist facility is
hardly the only example of visibility into others' networks.

> So, I would have thought monlist an anachronism, something that may
> have been appropriate in the early days of the internet, but no
> longer has been for more than a decade now.

If you see it as a privacy invasion, I'm not sure how you could see it
as having been appropriate even in the early days of the Internet.

Perhaps in Germany it is.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

More information about the pool mailing list