Slashdot Mirror
Endangered Countries On The Internet
Vande writes "Balkanalysis.com has an article about Macedonia being driven towards internet extinction as a result of some blacklists, which also include Bulgaria and Romania. Namely, this poorly written quote from the 'export bureau' (non-gov org) states the reason for being blacklisted: 'Pay close attention to shipping or contact addresses located in countries with a high reported incidence of online fraud and many e-commerce web sites have found a high incidents of on-line fraud as well, such as Africa, Nigeria, Macedonia, Colombia, etc..' They must have lost the stats on fraud from Russia, Israel and the USA itself, because Macedonia's negligible internet population cannot possibly account for that much trouble. Cutting off an entire country only hurts the legitimate users. And I thought all this time I was surfing the 'World Wide' Web :/"
Residents of those contries have the option of using foreign ISPs, or even anonymous proxies, to bypass the blacklists.
neworder.box.sk has some links to good anonymous proxies.
That said, I'd be unlikely to ship products to, say, Nigeria for obvious reasons. The web is a bit of a mess as far as security is concerned. And part of the issue is that countries don't enforce their own laws very stringently (e.g. sect 409 of the nigerian criminal code).
The Cheese Stands Alone.
Brilliant. That's mentioned in the article, of course. But what the outcome is that any fraudsters can continue (though no evidence was offered of such), but the average home user will be stymied.
Just this morning we cancelled 4 orders by the same person from Nigeria. UK billing address, Gambian delivery address, Nigeria IP address.
We lose more money to the US than Nigeria, but then the honest orders more than outweigh those. I can't recall a single order from Nigeria/Romania where the credit card was 100% clean.
If these countries want to get a positive reputation then they should place more real orders so that the clean orders outweight the fraudulent ones.
Another thing that is noticable, Indians in the UK have a very high level of fraud, whereas Indians, in India have a very low level of fraud.
I reckon its because they are displaced from their home country and don't feel any need to be honest.
Sure, the USA might account for a lot of fraud because of the sheer Internet population here, but at least criminals here have at least some fear of getting prosecuted and thrown in jail. If a country doesn't enforce the law (or there isn't one there to enforce), then the entire country might as well be waging war on my servers.
Africa is not a country. It is a continent.
such as Africa, Nigeria, Macedonia, Colombia, etc..
Both the article and the writeup wonder how "tiny macedonia" could be a big enough problem to blacklist. Surely Russia and Israel have more scams?
What they're missing is that it's probably the ratio of fraudulent order volume to total order volume. It seems that the blacklisters are accusing Macedonia of too high a ratio of fraud.
These complainers are failing to see the merchant's viewpoint. Fraud can really bite into profits. If I were starting an e-commerce business, I wouldn't ship to any questionable countries. Sorry to hurt anyone's feelings, but it doesn't make business sense.
Sound like Macedonia needs to start catching and prosecuting the fraudsters, then publicize this fact to the e-commerce merchants.
US Embasy Brief for Travelers To whit: Macedonia has a cash-based economy. The local currency is the denar. Few establishments accept dollars, credit cards or travelers' checks. Travelers are advised to avoid using credit cards due to numerous instances of credit card fraud.
I realize the State Department may be parroting back the same biases as banks and such.
A quick search for "+macedonia +fraud +crime" and "+macedonia +online +fraud" has it listed on almost every bank, shipping, and e-commerce site as a country to suspect. On most of the lists, it's third after Nigeria and Columbia.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
The definition of 'world wide' varies depending on whether you're from the USA or someplace else. Who was it, the Monty Python folks perhaps?, who remarked that the key difference between the US and England is that when England hosts an international sporting event, they invite other countries. Could the same be said for the "world" wide web? :-)
I find your ideas intriguing and I wish to subscribe to your newsletter.
I don't see why it's Slashdot's job to be free advertising for this guy's personal opinion
Whilst written from a personal perspective, the article raises valid issues. Some anti-spam RBLs just blacklist entire countries like Korea and China. See this here for more about that.
The difference is now it isn't just affecting email, but other parts of the web as well. It doesn't make living in one of these countries any easier, does it. If this article is to be believed, it seems that many admins have been quick to blacklist eg. macedonia perhaps because they are small and "not worth the risk" rather than actually being a source of trouble.
So, we're now excluding minorities on the so-called World-Wide-Web. Sure, it's an opiniated observation, but an observation that I'm glad to have encountered. I'm glad this article ran, I got something out of it. I'm sorry you didn't. At any rate, this article is a hell of a lot more "insightful" than the Linux Users Are Spoiled drivel I had to endure recently.
I don't think I've noticed any of this blocking described in the article during my everyday surfing, and I do surf the web a lot. Can't say this really worries me.
While I do agree that blocking ANY country (including the mentioned Russia, Israel, etc.) based on actions of a few individuals is utterly wrong, I think the article is a bit too alarmist and paranoid, especially the bit about this being the result of some kind of political conspiracy.
So a few sites blocked Macedonian IPs, big deal. Various IP blocks get blocked all the time for various (sometimes wrong) reasons, and things usually work out when enough legitimate users complain. A tempest in a teapot...
One of the pieces of advice included blocking countries. If you tried to buy from eastern europe on our site, you'd get a "we're havng problems processing your transaction, please call customer support" error message. If the person called, we'd assume they were legit and white-list them.
Sucked for them, though, because of the long-distance call.
So Macedonia, Romania and Bulgaria would be part of the 2nd world, to the extent these terms retain any of their original meaning.
As things stand with certain massive netblocks that have sent me nothing but spam, viruses, phishing attempts, and 419 scams for several years, I am willing to risk losing one or two legitimate contacts in favor of eliminating thousands upon thousands of undesirable contacts.
And obviously, since you personally have only received unsolicited email from Nigeria, where you presumably have few social contacts, thousands upon thousands of them must be spammers/scammers and only one or two "legitimate contacts."
By that logic nearly every country in the world would be blocked by nearly every other country.
It would seem more reasonable to assume that, given the nature of spam, a few bad apples are spoiling it for thousands upon thousands of "legitimate contacts."
Yes, it would be nice if the respective governments would/could do something about it. Perhaps "we" should set them a shining example of how to go about it properly, for a change, before we bitch overmuch.
KFG
If ISPs in large contries refuse to play nice, they can face this. I have seen this with Wanadoo, a large French ISP. They just don't respond to abuse complaints, even if you get someone who speaks French to send them. They seem to have this "not our problem" attitude, leading to lots of abuse. Ok, well, if you aren't going to deal with it, the only solution may be to block them. Just how it goes.
UU.net went through this. They faced a Usenet Death Penalty (the inability for their entire network to use newsgroups) stemming from a refusal to deal with abuse.
Basically, ISPs need to take some responsibility for their users. Doesn't mean they need Orwellian monitoring, but if someone sends an abuse complaint, they need to look and see if it looks legit and, if so, ban the abuser. Otherwise they DO risk blacklists, regardless of nationaltiy.
If a certian netblock repeatedly tries to hack my systems, and the company/person in charge will not respond what can I do? I'm not going to sit and allow it, so my only option is a ban on the firewall.
We've even done this internal to the university. When Phatbot came out it spread pretty bad since so many people had shitty passwords. We had about 5 infections, all in research labs that wouldn't let us manage their systems (huge supprise). When it happened, we shut the lab's network connection off and wouldn't turn it back on until we had found the system and made them promise to keep it off the net until it was fixed. However some departments lack a good network staff, and let systems just get infected. Those that were non-responsive were just banned until we got confirmation they had cleaned their crap up.
Life in an unregulated world. Since there is no central body that controls who can and can't play, no net police to track down the bacd guys, if you misbehave, those you go after may just ban you and be done with it.
I feel I should point out that blacklisting an entire country is probably not as good an idea as it sounds, as it may just inadvertently set a dangerous precedent.
Before starting my current job, I did some systems admiistration work for small ISPs here in South Africa. At one point last year, after long deliberations and searching for any other solutions we could find, we finally decided to blacklist seven U.S. ISPs, because of the never ending tidal wave of spam and worm attacks that originated from these. It worked.
Following from this, I have often wondered about the possible effect of completely disconnecting the United States from the rest of the internet.
Just think for a moment my fellow non-Americans, no more "legal" spam, no more pop-up adds that come from nowhere, because a hapless user clicked "Yes" somewhere, no more propaganda web sites telling us how wonderful they are and how bad we are, no more "you will use DRM because our laws say so, even though they are not your laws" attitude, no more open source projects being distributed with half the functionality removed, because it might infringe on some insignificant U.S. software patent, and someone from the States might download it, putting the author in violation of the patent, no more Carnivore servers reading every word I type as I compose this post, because I just might be saying something that could "endanger the interests or national security of the United States", ah, bliss...
Since the introduction of the CAN-SPAM Act, spam, even non-compliant spam, has been increasing. American businesses seem to interpret the Act as a free license to spam everyone with impunity. Oh sure, the very large spammers eventually get shut down by multi-million dollar law suits filed under the Act by the very large American ISPs, but that really doesn't help the rest of the world, does it?
We've all read the statistics about how China is such a large source of spam, but what the statistics fail to tell you is that this spam originates from Chinese companies, being payed by American spammers to do their dirty work. If spam from China could not reach the United States, because the United States isn't there in internet terms, there would be no point for the spammers to continue hiring the Chinese to do this for them, and spam from China would probably decline.
I'm sorry if this hurts the feelings of all the American readers, but I feel I must point out that the rest of the Western world is getting very tired of your incessant moaning and paranoia.
Inter-without-America-Net anyone? If they can justify doing this, so can we. ISPs of the world, blacklist with impunity!
I realise that this post will probably get me flamed or even moderated into oblivion, but I think it does serve to illustrate an important point, of which even the United States should take heed.
If the U.S. can justify blacklisting an entire country because of a minute security threat, do we, the rest of the world, not have more than sufficient justification to blacklist the entire United States?
This is a dangerous door for the U.S. to open, and it swings both ways. Yes, blacklisting the entire U.S. does seem to be impractical, as we would probably loose most of the internet, but to be brutally honest, the only American web site I would miss is Slashdot.
The poster is rather plainly a Macedonian who is annoyed at having trouble with web sites. . .
.it's the USA's fault, Israel's fault, Russia's fault. . .
.
.especially given the limited news value of a pure opinion post.
Plainly. Any number of Slashdot stories have been based on similar complaints. Do they only count if it's an American doing the bitching?
. .
He said nothing of the kind. He pointed out a certain hypocrisy in the blacklisting.
I don't see why it's Slashdot's job to be free advertising for this guy's personal opinion. .
I rather thought that was one of its overt functions where the opinion might be relevant to the tech/computer/internet world.
. .
I disagree that it is pure opinion or of limited news value, but then I don't take a purely "western" point of view either.
C'mon, really, slashdot is a news site, not "opinionated rant of the week", for that I read the comments, not the articles.
And now you have mine.
KFG
The issue came to the public attention about 6-7 years ago (I think), when a bunch of teenagers "discovered" IRC CC trading channels, and got a hold of some stolen credit cards (and once you have a few, you can trade them with people on those channels to get more). They immediately shared them with their friends and started ordering all kinds of stuff online like CDs, watches, perfumes, eyeglasses, and what not, for them, their girlfriends, relatives, etc.
:)
:)
Well, the customs officials noticed the unusual surge in that kind of merchandise coming from a small number of big online retailers, and stemmed the flow immediately.
They would just keep the stuff at customs terminals, and notify the recipients that they should come pick it up. When a kid showed up, they simply asked for proof of order, and if it was ordered via credit card, they asked to see the actual credit card.
If they failed to produce it, the police was notified (the idiots were ordering stuff to their home addresses), and some of the bigger offenders were brought in for interrogation etc. Nobody really got anything more than a slap on the wrist, as most of them were just kids, but it sure ended the massive ordering.
I even remember even a few scary looking guys in suits with laptops at the university where I was studying then, they were going over the computer terminals and servers to extract logs of suspicious activity as some of the orders were coming from there. I later found out they were from the illegal trade department, which means somebody in the police took this very seriously.
In any case, I was surprised at how quickly this was stopped and the responsible people identified, I didn't think the customs and police had any kind of tech savy people among them.
On a related note, at about the same time software piracy was thriving in Macedonia, you could get a truck load of latest expensive software for a couple of dollars per CD.
It was really bad, I even distinctly remember I was playing the final retail version of Quake 2 almost a whole WEEK before it was scheduled to appear in US stores
Anyway, after some more incidents and complaints by foreign companies, the government really cracked down on this kind of thing a few years ago, and the legislation was slowly brought up to speed to include laws for online commerce, credit card fraud, etc.
Things are very much under control now, but hey, bad reputation (admittedly well deserved) tends to follow you for a long time...
Let me say on the out-set: I am not impressed. Since when has Africa been a country? This is what I find wrong in the "Western" Press. When ever something about a country in Africa is being discussed, The word "Africa" is used instead of the country. Africa is a continent with more than 50 countries, each with different peoples. I will give an example of Uganda which with is 24 million people, has more than 40 tribes. Each of these tribes is different in itself. I sympathize with those that fall into the topic's fraud.
As an African living in Canada, I hear Africa being lumped as a single entity when referring to a country in this vast place! Africa is unique in that it has climates ranging from temperate to tropical to semi-arid. Back to the point: I agree that this piece has been very very poorly written! But it's worth the read.
We're now arriving at a point where virus-infected users are booted off networks and told to clean their shit up, it's a logical extension that countries which can't police themselves suffer the same fate.
Like the virused home-user PC, its a matter of local responsibility, having better safeguards means the Web community won't ever need to act against you. I hope Macedonia actually takes action to regain the trust of the world rather than just looking for ways to get around the blacklists and relays through foreign proxies.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
You might want to learn a bit more about the US system, specifically regarding the Internet. Right now, despite what some of our leaders would like, the government does not run or control the Internet in this country. The Internet is run by a bunch of private corperations, public instutions, and so on. At the top level are big communications companies like AT&T. They sell bandwidth to smaller companies and so on until it reaches the consumer. The government actually buys connections from these providers. They do run their own networks, but for internal communication. When they want on the Internet, they get on it just like private ciizens.
So, any and all blacklisting is done by companies and private citizens. If I run a mail server and determine that X netblock, which might be a whole country, is an endless source of problems, I ban it. The government does not tell me to do this or not to do this, that's not up to them. Same with an ISP. They may decide to ban netblocks/countries. Of course they do this at the risk of pissing off their subscribers. If they ban something they want to get to, that'll create backlash. They way the benefits against the risks.
So please, don't get on the nationalist, anti-US kick. The US, as a nation, has NOTHING to do with this. It is companies and individuals excerising their rights in a free society. I have a right to choose who may and may not access my servers. For some servers, any may do so, for others, none but me.
If you, as a South African ISP, want to blacklist the entire US, that is your right (I understand that you are supposed to be a free country as well). However I won't confuse that with the policy of the Sount African government. Also, don't be supprised if your subscribers leave since, at this point, a majority of the Internet still resided in the US (though that continues to change).
I do get really tired of people from other countries blaming any view or action taken by a US citizen on the United States as a whole. Just because a minority in the KKK declares people of African descent to be inferior does NOT mean that is the official position of the US. It means that we have a right to free speech here, even if that speech is racist, stupid, and wrong.
When the US government mandidates bans on other countries, then you come talk to me about US policy. When it's private individuals, blame them, not the US at large.
You would emigrate over Internet connectivity?
this is slashdot, most here would answer yes.
Snowden and Manning are heroes.
I have to use a proxy to browse Slashdot from my home connection (and had to do the same from my office connection for a while).
For some reason, Slashdot has decided to ban whole ranges from the biggest providers in Spain.
Right now, more than half of the Spanish internet population is banned from Slashdot. This was virtually the whole Spain for some time.
I've written several emails to Rob "CmdrTaco" Malda, only to receive a "hey, I'm sorry about that" and I still have to use a proxy.
You can read more about this here (Spanish)
One of the ranges cut off was Telefónica's Proxy-cache. This alone leaves out the majority of the Spanish internet population when it's incidentally turned on.