Slashdot Mirror
Endangered Countries On The Internet
Vande writes "Balkanalysis.com has an article about Macedonia being driven towards internet extinction as a result of some blacklists, which also include Bulgaria and Romania. Namely, this poorly written quote from the 'export bureau' (non-gov org) states the reason for being blacklisted: 'Pay close attention to shipping or contact addresses located in countries with a high reported incidence of online fraud and many e-commerce web sites have found a high incidents of on-line fraud as well, such as Africa, Nigeria, Macedonia, Colombia, etc..' They must have lost the stats on fraud from Russia, Israel and the USA itself, because Macedonia's negligible internet population cannot possibly account for that much trouble. Cutting off an entire country only hurts the legitimate users. And I thought all this time I was surfing the 'World Wide' Web :/"
use a proxy located somewhere else
what are Israel's fraud stats?
That said, I'd be unlikely to ship products to, say, Nigeria for obvious reasons. The web is a bit of a mess as far as security is concerned. And part of the issue is that countries don't enforce their own laws very stringently (e.g. sect 409 of the nigerian criminal code).
The Cheese Stands Alone.
Cutting off an entire country only hurts the legitimate users.
That's not true. Cutting off entire countries is never done to hurt legitimate users, it is done to protect legitimate users. The legitimate users just don't happen to be in the countries that are cut off.
When 100% of the traffic received from a large netblock is undesirable for a long enough period of time, any reasonable person will eventually add firewall rules or blocklist entries to solve the problem.
Perhaps if the governments of and companies within the countries that tend to generate or relay far more illegitimate traffic had any interest in protecting their ability to communicate digitally with the rest of the world, they would do something about it. As things stand with certain massive netblocks that have sent me nothing but spam, viruses, phishing attempts, and 419 scams for several years, I am willing to risk losing one or two legitimate contacts in favor of eliminating thousands upon thousands of undesirable contacts.
Just this morning we cancelled 4 orders by the same person from Nigeria. UK billing address, Gambian delivery address, Nigeria IP address.
We lose more money to the US than Nigeria, but then the honest orders more than outweigh those. I can't recall a single order from Nigeria/Romania where the credit card was 100% clean.
If these countries want to get a positive reputation then they should place more real orders so that the clean orders outweight the fraudulent ones.
Another thing that is noticable, Indians in the UK have a very high level of fraud, whereas Indians, in India have a very low level of fraud.
I reckon its because they are displaced from their home country and don't feel any need to be honest.
Residents of those contries have the option of using foreign ISPs
Right, as if using the internet wasn't expensive enough already, you're going to be dialing international to a hypothetical ISP that has no qualms about selling accounts to foreign countries? The other issue is payment - Mastercard?
I'd be surprised if at least some blacklists didn't include the IPs of those anon. proxies too.
Sure, they can work around it, but seriously... that'd just suck.
Then what's the point of blacklisting in the first place?! If you force access to go through foreign ISPs, it will be those with money (e.g. the fraudsters) who have access, not the common people.
If you have a problem with Internet users from some country, why not help the country fight them? It's not like these countries want to host spammers, scammers and fraudsters. They only do so because they don't have the means to fight them. If you don't care enough to help them, put up with the crime. If you can't put up with the crime, help fight it. There is no excuse for locking innocent users out of the Internet, and laziness/stinginess is a particularly selfish one.
Please correct me if I got my facts wrong.
I don't think I've noticed any of this blocking described in the article during my everyday surfing, and I do surf the web a lot. Can't say this really worries me.
While I do agree that blocking ANY country (including the mentioned Russia, Israel, etc.) based on actions of a few individuals is utterly wrong, I think the article is a bit too alarmist and paranoid, especially the bit about this being the result of some kind of political conspiracy.
So a few sites blocked Macedonian IPs, big deal. Various IP blocks get blocked all the time for various (sometimes wrong) reasons, and things usually work out when enough legitimate users complain. A tempest in a teapot...
One of the pieces of advice included blocking countries. If you tried to buy from eastern europe on our site, you'd get a "we're havng problems processing your transaction, please call customer support" error message. If the person called, we'd assume they were legit and white-list them.
Sucked for them, though, because of the long-distance call.
If ISPs in large contries refuse to play nice, they can face this. I have seen this with Wanadoo, a large French ISP. They just don't respond to abuse complaints, even if you get someone who speaks French to send them. They seem to have this "not our problem" attitude, leading to lots of abuse. Ok, well, if you aren't going to deal with it, the only solution may be to block them. Just how it goes.
UU.net went through this. They faced a Usenet Death Penalty (the inability for their entire network to use newsgroups) stemming from a refusal to deal with abuse.
Basically, ISPs need to take some responsibility for their users. Doesn't mean they need Orwellian monitoring, but if someone sends an abuse complaint, they need to look and see if it looks legit and, if so, ban the abuser. Otherwise they DO risk blacklists, regardless of nationaltiy.
If a certian netblock repeatedly tries to hack my systems, and the company/person in charge will not respond what can I do? I'm not going to sit and allow it, so my only option is a ban on the firewall.
We've even done this internal to the university. When Phatbot came out it spread pretty bad since so many people had shitty passwords. We had about 5 infections, all in research labs that wouldn't let us manage their systems (huge supprise). When it happened, we shut the lab's network connection off and wouldn't turn it back on until we had found the system and made them promise to keep it off the net until it was fixed. However some departments lack a good network staff, and let systems just get infected. Those that were non-responsive were just banned until we got confirmation they had cleaned their crap up.
Life in an unregulated world. Since there is no central body that controls who can and can't play, no net police to track down the bacd guys, if you misbehave, those you go after may just ban you and be done with it.
A friend of mine (Actually the guy that runs sinfulshirts.com) refuses to sell to Russia just because it's not on a list of countries that another T-shirt site will sell to. No more reason then that and "Well, they must have a reason.".
It bugged me, because another friend of mine was saying that Russians didn't wear t-shirts with funny sayings, and if he got an order from Russia, I would have irrefutable proof she was wrong!
autopr0n is like, down and stuff.
As many a FOSS geek has argued, information wants to be free. The Internet is perhaps both the cause and effect of this little maxim. As has been noted elsewhere in the discussion, the protocols that make the Net are not particularly good at things like verification, authenticity, trust, etc. You know, all the things that are necessary in a cutthroat capitalist world...
:(
So if we take this anarchy as something of a fait accompli, then where we go from here kind of depends on where you stand on the issue of, well, free.
I'm no anarchist, but country blacklisting seems a little over the top, a tad heavy-handed, if you will. Granted, these countries might produce more than a small amount of slurry, but that is the inherent problem with freedom - you might not like what comes out. It's like the people who get scared about Freenet and the idea that child porn might travel over their wires. This might be a little of an extreme example but the point is the same.
Not a few people have lamented that the problem with the Internet is it allows every man his voice - ugh, it sounds awful, doesn't it!? So democratic.
I'm not pro-spam. Depending on my mood, I can ache for the pre-commercial glory days of the Internet. But this is what it is now - pig shit that we have to roll around in. I just don't think that anyone has the right to silence someone else's voice because of the actions of a third party.
It's also interesting to note what a peculiar façade the Manufacturers Exporters Directory Global Worldwide Association, or whatever, is. Any site that uses Babelfish to offer translation is, in my book, seriously lacking in credibility. It is rather evocative of those irritating placeholder sites you sometimes get to when you type a URL slightly wrong. Furthermore, calling itself a bureau and using the eagle in its logo it downright misleading.
I don't know where the Slashdot crowd stands on free speech, but the crock of shit we are discussing at the moment is not in a small part America-made. It's the World Wide Web, people. Don't forget that.
iqu
Me, I'm not a fan of this, because it seems the goal is to protect those too dumb or careless to protect themselves. But that's one of the big goals of government, especially outside the US, so it's a point you might appreciate.
The "collateral damage" of black lists is far worse than positive effect it ever has, I have recently come to the conclusion that black listing is in general worse than spam itself! Blacklisting single hosts for open relay is fine, actually I support and use host only black lists. But in my opinion these kinds of blanket black lists are dispicable!
Just a quick look at the kind of things that are black listed should make anyone cringe, I'm not talking about the topic at hand, heck small countries have no hope of surviving if big counrties like Australia, or the UK have significant portions of their Internet blatently blacklisted!
For example, their respective largest ISP's Telstra and BT are both blacklisted! apparently they are "only" dynamic ip black lists, of course what many "intelligent" people in charge of these black lists dont realise is that these ISP's allocate their STATIC IP's DYNAMICALLY. So who cares? Well 45% (figure made up based on Telstra's market capitalisation) of Australian small businesses or some equally significant number of Brittish small companies have endless problems that they cannot afford to deal with!
It is a daily issue for myself as an engineer for a large outsourcer in London, I used to be able to say email is a reliable system, your message is generally either delivered or you get a NDR. Today you just dont know..
For those who are not familiar with these... they allow anybody in the world to pay anybody else in the world a certain amount of gold. The actual gold sits in a vault (or actually several vaults across several locations on earth) and basically what gets exchanged is the rights to a fraction of that gold held in trust.
There are several well established digital gold currencies now, with E-Gold being the oldest, running since 1996 I believe.
One of the important distinctions between using E-gold as a payment system, and (say) credit cards, is that there are no chargebacks. That means that when a merchant receives payment, he is SURE that he has received REAL VALUE and not something that can be revoked.
Because of this, digital gold has really been catching on for online commerce in a lot of locations worldwide where credit cards have not been traditionally used. Places such as India, Southeast Asia, the Middle East, Eastern Europe, and Africa are prime markets for digital currency. And personally, I think that western nations will really benefit from the birth of digital gold currencies as well.
Lets face it: the whole western world banking system is terribly outdated, and as evidenced by the high incidence of online fraud, credit cards are not really a great solution for e-commerce.
(Heck, even the Mozilla Foundation accepts E-Gold donations!)
And I haven't even begun to mention the privacy benefits, and the fact that gold retains its value much better than government issued fiat currency. This page has a bunch of great links about the digital currency revolution...
A friend of mine from Romania needed some books, he tried to get them sent to another friend in Germany, but HIS credit card was not accepted, because it was a Romanian card.
:-(
He tried several different aproaches and nothing worked, to make the story short. Finally he contacted me, in the US. I paid for the books with my paypal, made the seller ship them to his home and he wired me the money.
A big pain in the butt, just for a couple of books if you ask me
~~~Please pass the salt, I hate unsalted MD5s
I have to use a proxy to browse Slashdot from my home connection (and had to do the same from my office connection for a while).
For some reason, Slashdot has decided to ban whole ranges from the biggest providers in Spain.
Right now, more than half of the Spanish internet population is banned from Slashdot. This was virtually the whole Spain for some time.
I've written several emails to Rob "CmdrTaco" Malda, only to receive a "hey, I'm sorry about that" and I still have to use a proxy.
You can read more about this here (Spanish)
One of the ranges cut off was Telefónica's Proxy-cache. This alone leaves out the majority of the Spanish internet population when it's incidentally turned on.
One of the projects I've worked on for my current employer is fraud detection code.
They must have lost the stats on fraud from Russia, Israel and the USA itself, because Macedonia's negligible internet population cannot possibly account for that much trouble
It's not about numbers. It's about percentage. Sure, most of our fraud comes from the US, but it's a miniscule percentage of the US business. Whereas Indonesia accounts for a small percentage of fraud but nearly all indonesian orders are fraud.
We did a lot of analysis to identify indicators and assign scores to them. Funny things turn up. Like we found that Florida had a very high fraud liklihood. So did the Bronx.
Working with UPS we found that they do it by zip code. They keep tabs on how many shipments to each zip result in a missing package report, and then they won't drop off packages in those zip codes without a signature.
If you didn't know how they arrived at the list of zips and looked them over you might think the company was being mean. But it would be foolish for a business to not use reasonable data like that to avoid trouble.
Anyways...
They must have lost the stats on fraud from Russia, Israel and the USA itself, because Macedonia's negligible internet population cannot possibly account for that much trouble. Cutting off an entire country only hurts the legitimate users. And I thought all this time I was surfing the 'World Wide' Web :/
Now that everyone has complained about the "hypocracy" of the West, sit back and think for a minute: it's the RATIO of fraud that's the problem, not the total incidence. If there are 1,000 incidents of internet fraud in the US per day and 5 incidents of fraud in Macedonia each day, it looks like the US should be blacklisted, not Macedonia, right? Wrong. The US has a lot of internet orders. Throwing out some made-up numbers, we might say that 1% of US internet orders are fraud and 50% of Macedonia orders are fraud. Under those numbers, if I were a business, I would avoid Macedonia, but not the US because it the RATIO of internet fraud that's the problem -- not the total number. If you ship 1000 orders to the US, you'd have a LOT of real orders that would help you pay for the fraud. But 1000 orders to Macedonia would bankrupt you because you'd never have enough legitimate orders to pay for the fraudulent ones. Why is Macedonia's numbers so high? Maybe because the government doesn't care much about cracking down on internet fraud. And just as an FYI, "Macedonia's negligible internet population cannot possibly account for that much trouble" is non-logic when you realize that it's the ratio of fraud, not the total incidence of fraud. The fact that Macedonia has a small internet population would actually accentuate the degree of fraud because it means a small number of criminals could easily skew the ratio of internet crime to epic proportions!