On Nov 10, 1:30*pm, Jim Logajan wrote:
Dudley Henriques wrote:
I understand someone could open an account on one of the free servers
using my name and have taken the steps necessary along those lines,
but how can their posts appear on Google Groups allowing access
through links to my profile.

Here's what I believe is happening:

Google Groups uses only the content of the "From:" header to automatically
associate posts to user profiles. So when someone places your name and e-
mail address in the header of their posts, then no matter what Usenet
service provider they posted from (and irrespective of all the other post's
headers) the Google Groups software will associate that post with your
Google Groups account.

So the Google Groups web site software displays your user profile when
someone (like you or I) clicks on the "View profile" of the forged post.
Fortunately that does nothing to compromise your Google account.

Is there any way at all this can be stopped by notifying Google
Groups? Is this even a Google Groups problem?

It's a problem with the user interface design of Google Groups that isn't
likely to be fixed since they probably don't consider it broken. I suspect
they wrote their software the way they did so that even if a poster changes
Usenet service providers, then so long as that user continues to post under
the same name and/or e-mail address, then their archives will associate all
posts to the same user profile. Sometimes that reasonable, sometimes not
(as in forgeries.)

In one sense, the Google Groups programming assumption reinforces the case
that such forgeries have the potential to be libelous and if persistent and
serious enough, might rate legal pursuit. Depends on whether the perp makes
the cost/benefit ratio low enough to pursue for you or anyone else so
targeted.

I've seen enough of the mismanagement (or deliberately criminal
management?) of x-privat.org and the owner's slow and non-responses to
complaints (and failures to blacklist repeated perps and failure to put in
place better registration procedures) that I think it would be reasonable
to target that provider. I think that from a legal strategy point of view,
it might be worthwhile to consider pointing out to the owner of the x-
privat.org machines that such libelous posts are originating on _their_
machines and they are responsible for said libel until they can prove
otherwise. In other words, if they aren't keeping records of who is posting
through their machine they have to be considered the authors of those
posts.

Thanks Jim. I'm considering at this point just how far I want to go
with this. I have considerable resources but so far no harm has been
done other than aggravation. I have some fairly heavy police and legal
resources available overseas in both the UK and Switzerland that have
been made aware of what's happening. I've given them what data I
have.
As I say, nothing so far but harmless troll behavior but I'm keeping a
close eye on it to see if it expands.
Dudley