Recently, a member of the community lamented that folks weren’t willing to provide an email address for free training. This reminds me of an old saying popularized by Heinlein, but one that was used a lot in the Perl community: TANSTAAFL (There Ain’t No Such Thing As A Free Lunch). While the training was advertised as “free,” it really wasn’t. After all, the person had to pay up something: his or her email address.
Once upon a time, we didn’t think anything of this. However, then SPAM became more than a nuisance. And despite increasingly advanced mail filters, SPAM still gets through. SPAM campaigns are still effective. While percentage wise they seem not to be, converting at far less than 1%, the upside for spammers is sending out a bunch of emails doesn’t cost very much. So it doesn’t take much to turn a profit. Those conversion rates are stil good enough to keep the spammers happily in business. That’s why folks are still at it.
Worse than that, now we’re seeing phishing and spear phishing attacks, where adversaries are trying to have you click on malware or a MitM (Man-in-the-Middle) site or just a mock-up of a legitimate site that doesn’t actually take you to the original site (it usually just throws an error indicating the site s unavailable and to try again later), the latter two to capture legitimate credentials to use at the sites they pretend to be.
And that brings me to my final thought about providing email addresses: they are increasingly becoming the username to log on to various sites, such as the PASS site. So giving up your email means giving up your login unless you’re a paranoid type that has multiple email adresses just to serve to split things up. Not many fall into this category as it’s a real chore trying to keep up with a lot of email addresses. So if you give up your email, then someone who wants to be malicious now has part of the information he/she needs to log on to those sites as you.
Therefore, I can’t fault folks when they don’t want to provide email information for something described as free. Whe you give up your email address, you don’t know what the person or organization is going to do with it. A lot of organizations resell email addresses to other organizations. This is legitimate business, even if we personally disagree with the practive. There’s also the black market where individual email addresses aren’t worth much, but if you can sell them in bulk, then the multiplier means a tidy profit. It’s even better if you are selling validated email addresses, which are obviously worth more, because spammers know they will be able to reach a legitimate person.
I also can’t fault folks who ask for the email address when they provide resources to the community. After all, they’ve worked hard (hopefully) to be able to make those resources worthwhile to whomever wants to use them. However, if you ask for an email address, what you’re providing isn’t free. You’re just asking for a different form of currency. You are asking for both information and identity. So don’t be surprised if someone (especially folks like me) chooses to forego accessing a resource instead of providing the email. At the end of the day I have to make a decision on a value proposition: is what you are providing worth what I am giving up? Some folks win, other folks lose. That’s just the way it is.
