|
Why traffic injection instead of mail pieces? I mean, I open all of mine, even the 75%+ that are upsells I don't want, on the off chance one of them will tell me something I need to know. And if Comcast can afford to send that much junk mail, I should tend to think Comcast can afford to send one or two, or five, mail pieces that carry a warning like ACTION REQUIRED TO MAINTAIN SERVICE on the envelope, to those of whom action is indeed required to maintain service. You guys shipped me a whole new unsolicited modem! (One which I'll put into service, too, just as soon as I've worked out how to disable all the routing and wireless smarts I don't want, don't need, and won't suffer messing with my network.) Surely you can afford bulk rate. And mail pieces don't produce the potentially rather widespread indignation that traffic injection does. Granted, I don't see the harm in it that a lot of people here do. Unencrypted traffic is unencrypted traffic - open to tampering by anyone, not just Comcast, and for many less innocuous reasons than the one for which you've chosen to do so. But with Let's Encrypt, browser manufacturers, and friends leading the charge toward TLS everywhere or as nearly so as is practical, and with most sites that most people use already employing TLS, the attack surface is closing for even an other-than-innocuous variant of your notification methodology. Of course, that also means that that methodology itself is reaching a natural end-of-life, as it cannot work anywhere that TLS exists, and the majority of the web where it does exist continues to grow. If this low-latency notification scheme is of unique value to your business, then now is the time to consider replacing the outdated technology that underpins it with something which will continue to work reliably over the next decade or two. All that said, I appreciate your decision to engage in this forum. That's unprecedented in my experience from someone in a position like yours, and I wouldn't mind seeing more of it. |
Lots of reasons, including years of experience with response rates for particular types of messages / calls to action. Clearly one particular communications channel won't work for everyone - each person has their own preferences. One of the things we're working on is to better enable you to control just that - basically one person may ask for SMS messages, another alerts via their mobile app, another via email, another via phone call, etc. You can see the beginnings of that in MyAccount / Settings / Communication & Ad Preferences.
> But with Let's Encrypt, browser manufacturers, and friends leading the charge toward TLS everywhere or as nearly so as is practical, and with most sites that most people use already employing TLS, the attack surface is closing for even an other-than-innocuous variant of your notification methodology.
Agree. And more TLS is better IMHO. I also like the work that Let's Encrypt has been doing - they've had a really big impact on the adoption of TLS. (See also http://labs.comcast.com/innovation-fund-spotlight-lets-encry...)
> Of course, that also means that that methodology itself is reaching a natural end-of-life, as it cannot work anywhere that TLS exists, and the majority of the web where it does exist continues to grow. If this low-latency notification scheme is of unique value to your business, then now is the time to consider replacing the outdated technology that underpins it with something which will continue to work reliably over the next decade or two.
You bet - totally agree! One of the places we're engaging to try to do that is in the IETF's CAPPORT working group and I think the charter describes reiterates all the points you made: https://datatracker.ietf.org/wg/capport/about/
> All that said, I appreciate your decision to engage in this forum. That's unprecedented in my experience from someone in a position like yours, and I wouldn't mind seeing more of it.
My pleasure & thanks for being a customer that's willing to offer constructive criticism. :-)