A village in the Zurich highlands area of Switzerland

Thoughtsletter

You are invited to subscribe to my Thoughtsletter on AI and small businesses.

To do so, simply send an email with the subject “Subscribe” to the special email address subscribe@en.clearthink.ing (there is no need to write anything else in the email to this address; anything else that you may write will be ignored).

What is a Thoughtsletter?

If you subscribe (and only in that case), you will from time to time receive an email from me with some of my thoughts on the subject of AI and small businesses. Currently, this is rather rare and irregular; at some point, it may become more frequent and regular. At the end of each email, there is also a link that you can use to unsubscribe if you wish.

For good reasons, most online companies have a “newsletter” or “mailing list”. My Thoughtsletter is basically the same thing. I don't call it a “newsletter”, but rather a “thoughtsletter”, because the content mainly consists of my thoughts and only rarely includes news.

Technical note: Why I request subscription by email rather than via an online form

In an online form, anyone can enter any arbitrary email address.

If an online form on a public website is not protected by effective technical countermeasures, it will usually not be long before automated systems find the form and abuse it by submitting email addresses that are completely unrelated to the human who is in control of that automated system. This happens on a massive scale. The email addresses entered in this way are either invalid or they belong to an uninvolved third party.

In regard to uninvolved third parties, the problem can be greatly reduced by not immediately adding the email addresses provided via an online form to a mailing list, but instead sending a single email with a confirmation link.

However, this approach does not completely solve the problem, because there is still that single unsolicited email with a confirmation link. And if someone’s email address is submitted to online subscription forms of many mailing lists, the “Please confirm your subscription request!” emails will again add up.

One approach that attempts to protect publicly accessible online forms from automated abuse is CAPTCHAs: small tasks that are assumed to be easy for real humans to solve, while it is assumed that automated form submission agents will fail.

Both assumptions are highly problematic. On the one hand, CAPTCHAs can be a huge hurdle for people with disabilities. On the other hand, AI systems are rapidly becoming more powerful, making it more difficult to protect against automated nuisances.

For these reasons, I do not consider it a viable option to attempt to protect an online subscription form with self-hosted CAPTCHA software.

To protect their online forms, many online companies rely on a service in which CAPTCHAs and/or other protective measures are not directly part of their own website, but are provided by an external service provider. Such a service provider can analyse and compare data from a large number of websites, so that they can detect and observe the activities of automated nuisances.

However, this poses a data protection problem: these are companies that systematically collect website access data for a large number of websites as part of their desired service provision. Such data, which can be used to track the surfing behaviour of website visitors across many websites, has considerable commercial value. Why should we assume that companies that have such data at their disposal would not sell it secretly? (In addition to their own legitimate use of the data.) Although such data sales are illegal under European data protection law, the service companies in question are based outside Europe, and there is no reason to believe that European data protection law would be taken particularly seriously there.

Despite all these problems, for a long time it was still better to use a publicly accessible online subscription form than to solicit email subscription requests, because automated sending of fake emails was technically much easier than automated misuse of an online form.

However, by now technical countermeasures against email forgery have advanced enough so that it is now generally possible to reliably verify automatically for emails sent by a human that they actually originate from the specified sender domain. Emails that come from domains where these security technologies are not used correctly can be rejected by the mail server with a corresponding error message. (This rejection of the email should occur during the initial attempt to transmit the email.)

Impressum

Postal mail address:

Norbert Bollow Coaching and Framework Solutions
Weidlistrasse 18
CH-8624 Grüt
Switzerland

Telephone:      +41 44 972 20 59

Email:          info@nb.clearthink.ing

Homepage:       https://clearthink.ing/

Appointments:   https://clearthink.ing/en/schedule

LinkedIn:       https://www.linkedin.com/in/norbert-bollow/

Data protection information: https://clearthink.ing/en/privacy