
EDITORIAL




  About a month and a half, or two months ago, I logged onto a BBS that was
  operated in a manner that was 180 degrees of what I considered the
  standard way of running a BBS. I've always taken it for granted that when
  you log onto a BBS, you would have to go through some kind of 3rd degree
  type of questioning, where you would have to provide information, sometimes
  of a personal nature, before you would be allowed the privelege to access
  that system. You would, at the least, have to give a real name, address,
  and phone number, as well as sometimes providing information on what kind
  of computer you operated, personal likes and dislikes, and if you could
  identify such acronyms as "ACiD", "iCE", and "DoA".

  This system, however, required only two pieces of information; A handle,
  and your general location, oh, and where you heard about the BBS (okay, three
  pieces of info). That took me by surprise to say the least. While I have
  nothing to hide from anyone, I'll admit, I never really felt comfortable
  giving out my personal information to an unknown individual or
  organization, and let's face it, unless you're calling something like AOL
  or Compu$erve, you really don't know that much about who you're calling.

  Of course, most BBS's are legitimate, and maintain your personal
  information in the strictest confidence, but not all. Those are the ones
  that I worry about. There was even a scandal involving Prodigy Online
  Services, whose terminal program was alledgedly capable of scanning a
  member's hard drive for personal information and would upload it to the
  service when the user connected to it. Of course, Prodigy denied it, but did
  offer a "patch" to users who complained of this.

  The SysOp of this BBS made an excellent argument against the use of
  "Big-Brother" type user verification methods as well as showing that the
  anonyminity that his lack of user verification actually made users feel
  more comfortable about logging onto the system and participating in it. His
  argument made so much sense to me, that I decided to follow suit. I did
  away with all the questionaires and ID verifications, and granted all first
  time callers regular user access. While I don't suggest everyone do the
  same, I personally that in our Information Age, a little mystery is a good
  thing. Most SysOp's defend the use of user verification as a means of
  thwarting hack attacks or system abuse by using multiple accounts, and to a
  point, I agree. But, the bulk of callers to any BBS are good people who
  aren't interested in crashing your system or grabbing as many file credits
  as they can, so why make them feel like they're the criminal?

  As a side note, I must stress that I run a free BBS and do not require my
  users to pay for their access. As such, I don't have to worry about such
  things as credit cards and credit card fraud, or having to dole out
  download credits (downloads on my system are free). In situations such as
  that, I totally agree with having some sort of way to identify users, it
  just makes business sense to do that.

                                      Yojimbo


