Lycos Pulls Vigilante Anti-spam Campaign
davidwr writes "Eweek reports that Lycos is scrapping it's anti-spam campaign: 'On Friday, Lycos Europe gave up the ghost, posting a 'Stay Tuned' note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.' See previous Slashdot coverage from Nov. 26, Dec. 1, and Dec. 2."
fighting fire with fire doesn't always work
I can't believe the execs at Lycos even had the balls to O.K it as a plan, let alone develop and support it. Corporate sponsored DDoS attacks? What would have been next; MPAA sponsored screen savers that attacked BitTorrant link sites? SCO sponsored screen-savers that attacked kernel.org and Slashdot?
... i always wanted to be part of a botnet
Really it's not that complex of a product to make and given that it seems to have been somewhat successful at accomplishing it's goal (or in fact too successful by actually DOSing the spammers) I don't see it as that unlikely that someone will go and create a new screensaver that is even more destructive.
Clearly there is at least some interest in fighting spam with DDOS even though it's not the best solution.
What about existing users of the screensaver? Will it continue to work (i.e., flood spam sites)?
quidquid latine dictum sit altum videtur.
But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers with this, or made them feel less secure, in the week this stunt was running. More importantly, look at all the publicity Lycos got out of this; if it wasn't for this spam thing I probably wouldn't have even thought about Lycos's existence once in the second half of this year, and probably you or most of the other people here wouldn't have either. Instead, thanks to makelovenotspam, they've been rescued for at least a moment from obscurity and irrelivance and they've been all over the headlines for a week. Meanwhile, by getting out now Lycos possibly avoids the otherwise-almost-certain legal problems from all of this.
... well probably.
Was makelovenotspam, in its short life, effective? Almost certainly not. Was makelovenotspam a public good? I'd bet not. Was makelovenotspam good for Lycos?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
(x) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
( ) Nice try, dude, but I don't think it will work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
How am I supposed to fit a pithy, relevant quote into 120 characters?
I propose Slashdot's editors agree to "accidentally" incorrectly rewrite one submitted link per week to point to the site of a major spammer. It will have exactly the same effect as the Lycos DDOS screensaver, fulfilling its necessary service now that Lycos has backed out, but lack the legal risks and require no new technological infrastructure.
Why not build this feature into an email client (e.g. Thunderbird). When you get a spam, you put it in a special folder and the client repeatedly accesses the site (a la the Lycos screensaver). That way nobody can be cited for orchestrating a DDoS or unfairly blacklisting. Each recipient can make their own spammer determination.
Whether the client uses the exact URL in the email (which often has identification codes for the recipient of the spam or the affiliate who sent it) is a matter of debate. On the one hand, I don't want to identify myself to any spammer or show that my email is live.
On the other hand, I would want the spam site to know that using my email address will only bring it grief. As a side bonus, it might even bankrupt the site when it has to pay its spammer affiliates for all the automated clickthroughs. If a greater percentage of people clickthrough via automated means (but don't buy), it harms both the spam-marketed site (in bandwidth and affiliate charges) and it hurts the spammer when sites reduce their clickthough payment rates. I can only hope that this will cause spammer-using sites to crack down on spammers that are too aggressive.
Two wrongs don't make a right, but three lefts do.
I stopped trusting Lycos the day I started finding this bloody thing on my customers computers. That they tried and failed at something so shady in the first place doesn't seem like much of a surprise to me. This was just some poorly done publicity stunt, probably dreamed up in by some PHB deep in the dungeons of their marketing department.
Next, the spammers will start converting all the zombie PCs they now use for distributed email attacks into web servers that provide their advertisers a distributed source of order-taking. This means that unsuspecting PC owners everywhere will soon rack up astounding bandwidth overruns as URLs that point to their PC get entered into the SBS program.
Nevertheless, an SBS does strike directly at the spammers, raising the hoop a bit higher and perhaps winnowing out the less 'professional' among them.
The only sure cure for spam, of course, is to take the battle one step further, by consuming all the resources of the advertisers directly - call their phones, request literature, place fraudlent orders with non-existant CC numbers (that, of course, pass Luhn MOD 10 checking) and provide contact phone numbers that ring forever. This will swamp them with orders that tie up their sales staff, cost them money and ultimately starve them.
The only problem with "the final solution" for spam is that it takes individual effort on a daily concerted basis. So spam endures by riding on the backs of those so clueless that they actually order products from spammers and those of us too lazy to do anything about it.
Ain't humanity grand?
Call it what you want but it probably was working. I recorded a drop in spam that started last thursday and was proportional to the number of screen savers in operation. By the time it hit 104,000 savers in operation daily spam was down over 80%. I actually had three solid hours with no spam (that hasn't happened since 9/11). Historically spam rises during this time frame.
It's odd that attacking websites seemed to have dropped the amount of spam. Makes me wonder just how close the spam servers are to the spam website servers. Maybe the innocent victems we are so worried about are really the spammers.
Come on all you people - this was a probe - yack about good or evil and POST YOUR RESULTS!
What did this really do. I can't be the only one who tracks spam. Admins, what do you say?
For the first time, the angry mob (people around the world with email accounts) have tasted blood and they want more. "The beast is wounded, quick, go for the eyes!"
It hardly seems important whether the notion of DOS-styled retribution is appropriate or even legal - no such moral or legal considerations have managed to control people's decision to download mp3's and movies for free.
This is history in the making, and as I see it, the real story is this; we have been victims with no means of defending ourselves, while our frustration and anger grow without end. Suddenly a revolutionary appears on the scene and give us hope, showing us how we can fight back.
It's no longer an issue of whether or not we will, or should fight back - the mob has tasted blood and will have more. As far as I'm concerned, it falls to forums like this one to "think-tank" relatively responsible solutions, and I've heard some good ideas here in the last week.
We all know someone is sitting in their basement right now, pulling an all-nighter, writing the next tool of mass-retribution, fueled by strong coffee and an even stronger hatred of spam. I suggest that if cooler heads are to prevail in any manner, it will be by creating a less-malicious tool of retribution, one which attempts to focus the attacks on legitimate "military targets" by requiring manual human selection of the targets, not by letting some distributed software select the targets automatically. Better hurry, the latter approach is probably more tempting to programmers who have succumbed to the blood-lust...