« Web Essentials | Main | The right tool for the right job »

May 17, 2004

The three scourges

Both related and unrelated, there are three scourges of the web that have increased significantly for both me and westciv in the last couple of months. Spam, illegal software copying and blogspam.


Westciv now receives in the order of 5000 spam emails a day. A year ago it was probably less than 1000, three months ago, 2000.

A year ago I still largely manually handled spam. I had a number of hand made filters which seemed to reduce the level to such that the rest I could take care of by hand.
A year ago I switched to a mail application with Bayesian filtering. This keeps the amount of spam I actually see to a very small fraction of the amount I receive, but that email still needs to get onto my machine. At the beginning of the year, when I got maybe 1500 spams a day I still had a dialup connection, and particularly when I connected of a morning, after only a few hours disconnected, it would take me an hour or more to download those emails. Today even with a cable connection, the email of a morning is starting to take this kind of time to download.

Thank god there is a solution. Online spam catching services. Today I am finally going to sort one out. Otherwise, at this rate of spam increase, my fearful prediction is that even full time fast internet connection would be swamped with spam within the next few months.

Illegal software copying

I've written about piracy a few times, and I am still working on a major (several thousand word) article about it, but it continues to be a significant issue for westciv. It sucks bandwidth away from legitimate customers and visitors of our site, costs us bandwidth money, costs us time and effort attempting to minimize the impact on our business, and costs us karma. When thousands of people a week are ripping you off, it is hard not to feel a little negatively effected by it.

Blog spam

Many who have blogs provide a means for commenting on them. I think one of the great promises to the blog as a medium is to create "mediated" discussions. Free form discussions, as found on newsgroups, mailing lists and forums are great, and I have been involved with them for more than a decade. But mediated discussions seem to maintain the vitality of free form discussions while increasing the signal to noise ratio in many cases.

As with Wikis, forums, and other online forms of shared communication they are prone to abuse, and rely on the community mindedness of their communities. Unfortunately, search engine rankings throw a spanner in the works. It i widely known that your ranking at various search engines is in part a function of how many people link to you. And to some extent the comment mechanism on blogs is like an open relay for search engine spamming. Anyone can come and leave "comment" including their url.
We get this a lot at our blogs. Almost invariably from extremely pornographic sites.

We delete them as soon as we can, but they still will be there for some time, an affront to our readers and to us. And they cost us time and effort to monitor and remove.

A pattern

Is there a pattern here?

I think there are many, some clearer than others.

One is that anonymity is a cloak under which people will clearly do unethical, illegal and unsavoury things that they would largely not do if identified.
But that is unlikely to change.

Some attitudes can change. I believe that many forms of "piracy" are committed by people who feel that it is justified by any number of factors, whether it be the high price of software, the poor deal that musicians get from recording companies and so on.
These kinds of attitudes can be addressed, not just by "spin" but by addressing their underlying justifications. I address this in some detail in my long promised magnum opus "Pirates of the CyberAeon" coming soon.

The real problem

But there is a deeper issue. Many of these processes operate at a meta human level. Spam is not something directly human. It is a highly automated process. It involves the legitimate abuse (yes that is what I meant) of existing systems and networks. In essence, the systems enable the behavior, the behavior is potentially beneficial, therefore the behavior occurs.

There are two vectors here. One we usually address is the motivation of the doer. We pass laws against spam, targetting the motivation of the spammer. Many proposed anti spam solutions focus on upping the cost of spamming, (and emailing for the rest of us) by making email have a cost which scales. Send more email, pay more in "postage".

But the "real" problem (that is one for which there is a feasible solution) lies in both the intended and unintended features of the underlying networks and systems.
Is their a legitimate reason to send millions of emails to millions of different addresses almost simultaneously? And yet the underlying email systems and networks allow it.

A great deal of spam emanates from everyday computers like yours and mine connected to the net via relatively high speed connections, like cable. The very very (almost criminally so) poorly designed systems and applications which these computers run enable the ludicrously easy infection by viruses and other such applications which turn these computers into open relays for spam, and the propagation of themselves and other viruses.

At present there is a tendency to blame the victim - you should have anti virus software installed, you should have your firewalls on, you should not open email attachments from people you don't know, you should turn off the ability of your email client to auto open attachments and on and on. Sure you could, and many of us do, but many people really don't understand this kind of thing, and why is it the users responsibility anyway?

But imagine if when you bought a car, it came without seat belts, indicators, headlights. Imagine the brakes would work if you were traveling at 40, but increasingly less well at higher speeds. Serious accidents would abound. Would they be the drivers fault? In many ways yes. You should take more vigilance, yo should install safety features, then there would be fewer accidents and when they occurred the consequences would be less serious for all involved.

Over the century or so there have been automobiles on the public roads, we have moved from seeing safety as being the responsibility of the driver, to much of it being a systematic issue. It's about roads, about the manufacture and design of the vehicles. As well as the skills and attitudes of the driver.

It's time to grow up

It's time for the computer industry as a whole to grow up. Hardware, software and networks designers and builders, whether commercial, or Free/Open Source must take responsibility for the almost catastrophic lack of security in our networked world. In some quarters this is already a fundamental design consideration. In others it is a bolted on afterthought, with PR lip service paid to its importance. For many it's an after sale extra.

So the next time you see calls for a tax on email to make spam go away, realize that this is like a tax on petrol to make the roads safer. It's passing the buck. It's time to get real about security and for those who are responsible for it to take that responsibility seriously.

The internet depends on it. Seriously.


May 17, 2004 | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference The three scourges:

» Whisper from Rodent Regatta
Today I stumbled into Bloxsom and GeekNewz. Then, tonight, I see that Jeffrey Veen points to Whisper for quiet content... [Read More]

Tracked on May 17, 2004 2:42:12 PM