Link to the Permissions Denied app: https://play.google.com/store/apps/details?id=com.stericson.permissions.donate&hl=en

It appears Cyanogen Mod used to have this feature.

Permissions Denied [google.com] is another (root-only) app that can deny certain permissions to a selected app.

Both a firewall and selective permissions should be part of the core OS so users do not have to root their phones. If the functionality of denying permissions was part of the OS, developers would hopefully test their software against some restrictions and fail gracefully instead of crashing. However, if some apps knew they were denied the Internet permission, they mail fail to launch at all since they could not download ads. (This may reduce ad-supported apps and games, which could be positive or negative depending on your perspective.)

Part of Android's security design is to isolate apps from each other by running each app as it's own user_id. Thus, if you want to back up the data from all apps, you need root (or designate some sort of super-user that belongs to all of those groups in order to read those files). Just like in other *nix, user A cannot read user B's files if the file/directory permissions are restricted.

Android Firewall (linked above) allows easy blocking of net access to each individual app because they all run as separate user_ids, so the iptables rule is trivial.

Permissions Denied is another (root-only) app that can deny certain permissions to a selected app.

Both a firewall and selective permissions should be part of the core OS so users do not have to root their phones. If only Cyanogen Mod was installed by manufacturers/carriers...

Try "Android Firewall" (needs root)

https://play.google.com/store/apps/details?id=com.jtschohl.androidfirewall&hl=en

But us users need protection from ourselves!

Consume media. Don't think.

In China, CNNIC manages .cn in ASCII for their country code top level domain (ccTLD). They also manage .xn--fiqs8s (simplified) and .xn--fiqz9s (traditional) for ".china" in Chinese.

When you purchase a domain under .xn--fiqs8s, you get the same string in .xn--fiqz9s. This is referred to as "IDN Bundling". DNS resolves for both, but you only have to manage one domain.

It's yet to be seen what the New gTLDs will do for Chinese simplified vs traditional. Most likely, they will only accept simplified characters (to keep it simple!) but they could do bundling.

Yes, they will be standardized. All of the registries participating list the Unicode code points for all allowable characters in each script. They disallow "variants" so you cannot mix low code point ascii with high code point cyrllic to prevent IDN homograph attacks.

Check out the marketing site: http://dotshabaka.com/

Copy/paste that text into your favorite text editor to see how it handles right-to-left scripts (and move your cursor around and use 'home' and 'end' keys).

.UK has done well to expand its namespace. However, it seems likely that $secondlevel.uk domains will be sold in the future, mostly invalidating the existing 3rd level domains.

One could argue Vietnam has gone overboard with their namespace expansion: .ac.vn .arts.vn .banks.vn .biz.vn .business.vn .cafe.vn .cars.vn .com.vn .edu.vn .email.vn .factory.vn .fashion.vn .flowers.vn .food.vn .golf.vn .gov.vn .health.vn .hotels.vn .info.vn .int.vn .it.vn .lawyers.vn .models.vn .musics.vn .name.vn .net.vn .nguyen.vn .org.vn .phone.vn .pro.vn .realestate.vn .resort.vn .shopping.vn .stocks.vn .tours.vn .travel.vn

Here is the marketing website behind it: http://dotshabaka.com/

The controller of the root servers controls the entire namespace. Size of the namespace doesn't really matter. Too bad alternate roots never took hold. Nor has any distributed DNS infrastructure gained any acceptance.

.onion on TOR is the largest non-ICANN top level domain. Anyone know how large .onion is?

In addition to SPF and DKIM, you should also publish DMARC records for your sending domain(s). This way, you can receive failure reports from the major providers that support DMARC.

(DMARC is a DNS TXT record just like SPF, but you list a 'mailto' URI to receive failure and aggregate reports of problem messages.)

That's a bummer that the bi-directional communication does not help with your filtering.

However, asking the user to add your address to their address book may help.

You may also consider dividing your list up with multiple sender/receiver pairs. Subscriber A would get the email from your Sender A, and reply to her. Subscriber B would get the email from your Sender B, and reply to him. At least total counts from Sender A would be lower than a single Sender.

I'm assuming you are also using SPF (v1 and v2) and DKIM correctly.

If I was in the newsletter sending game, I suppose I would try Constant Contact and Mail Chimp and others like that, to see what they do (they probably all recommend the privacy eroding features, but you might learn some tricks).

I think your opt-back-in-every-N-messages is a good idea.

Re-opting in could be done via replying to the email. This would establish a "communication" between the recipient and the sender. It should help against mis-qualifying other messages from the same sender as "spam" if there is a thread.

For example, Thunderbird's junk filtering allows you to whitelist your addressbook. Thus, these users should be encouraged to add his sender(s) to their addressbook. Replying to a few messages might do this (depending on client and settings).

The point is most people who receive the proxy list by email cannot simply view the website or RSS feed showing proxies.