Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Learn to Outsource Their Captcha Needs

Posted by Zonk on from the hearing-some-ominous-muttering dept.

lukeknipe writes "Guardian Unlimited reporter Charles Arthur speaks with a spammer, discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas. In his report, Arthur discusses Nicholas Negroponte's gift of hand-powered laptops to developing nations and the wide array of troubles that could arise as the world's exploitable poor go online." From the article: "I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business."

6 of 221 comments (clear)

  1. This tell us two things by Dark+Paladin · · Score: 3, Insightful

    1. The cost of computing and Internet access have truly dropped to a point to where it is nearly "universal".
    2. The Human solution sometimes is the best.

    What's going to be interesting is threefold: how do we conquer this problem, and how long until "sweat spam shops" have opened up, and how long until the outsourcers become the main branches? Much like the Cory Doctorow story revolving around sweat shops of MMO players, it might not be long until automated scripts are combined with "sweat shop" style workers, who's only job it so enter in the proper "human" data to fill spam.

    On the other hand, as outsourcing has taught us, it is only a matter of time before the outsourcees become the suppliers as they get the training they need. Once the "local guy" starts making up the scripts, it's only a matter of time before he/she goes to open up their own spamming sweat shop. Which is a good thing in a weird way as the article points out - it encourages new business at the expense of annoyance.

    The next phase of solutions might have to focus on more detailed question/responses - but there's a danger in this in finding the "sweet spot". You want to make it as expensive as possible for spammers, but not so annoying for your "true customers". Much like my new bank's online service, perhaps, where they made me select my "security image" and more personal questions so I had to enter 2-3 things to truly "log in" the first time.

    --
    52 Weeks, 52 Religions with John Hummel
  2. or maybe... by idlake · · Score: 3, Insightful

    It's pretty depressing when one of the primary worries of bringing the third world on-line is that it will drive the cost of breaking anti-spam measures to zero.

    In fact, there is a lot of good, low-end on-line work low-skilled third-world labor can do once they are on-line. That's a good development: it gets work done that otherwise wouldn't get done, and it gets people jobs that beat the back-breaking, dangerous work they'd otherwise have to do (provided they aren't too old, weak or ill to do it in the first place).

    Hey, maybe that third world labor can also do the spam classification, manually. I'd be willing to pay for that.

  3. Re:it is just business by Anonymous Coward · · Score: 4, Insightful

    The problem with this reasoning is that there is only a small group of people buying the pills, but the spam is received by a much larger group.

    This is of course because spreading spam costs too little to be worried about pre-selecting the audience. When advertising on TV or sending info by post, companies usually try to match their audience to the product they are going to sell. I.e. they do not send adverts for luxury products to houses in poor neighborhoods, they try to weed their lists so that bouncing addresses are not kept on it forever, etc.
    All this to maximize the return on the cost of sending the adverts.

    Spammers don't have to do this, because they make money anyway.
    When it would cost 1 cent to send a spam message, it would not be worthwile to send it to 100000 addresses and make 1 sale of a $25 product.

  4. This is simply stupid by trojjan · · Score: 5, Insightful

    The very point of spam is it is almost zero cost to the spammer. When you pay people to answer to captchas the zero cost factor disappears. I don't think cheap computers and internet will make the problem dangerous
    Not everyone in the third world is going to get computers
    Every computer is not going to get internet connected
    Not everyone on the internet is going to be spamming
    Also consider the fact how much can a single person spam. If the dude with the new cheap computer answers captchas for even 15 hours a day they would hardly generate over a 1000 spam messages which is likely to get the spammer one or two hits. Do you think the spammer is stupid enough to pay for this much profit?

  5. Re:Now what? by cyberon22 · · Score: 3, Insightful

    Hire someone in the developing world to monitor your blog and clear it of spam. If the cost is insignificant to them it is insignificant to you. And as the cost of labour rises with competition the problem naturally goes away.

  6. Follow the money by Attaturk · · Score: 3, Insightful
    So, e-mail clients should be programmed to automatically respond to EVERY message they get (or at the very least, every message flagged as spam) with an ad-libbed "O rly? tell me more", unless the e-mail came from a known-good mailing list or contact. Result: If even 1% of recipients responded and didn't buy, the signal-to-noise ratio at the bastard's inbox plunges by a factor of a hundred. Everybody responds, and spam-friendly ISPs implode under a digital tsunami of replies. The SOB pumping out 100 million messages can't possibly sort out the 1000 buyers from the 99,999,000 fakes.
    I don't think spammers read the replies - at least they'd be fools if they did. They don't typically expect any useful replies - they're simply acting on behalf of a third party either raising the profile of its brand or promoting some offer. I personally find it more fruitful to go after the organisation being advertised. If someone is touting Viagra, get in touch with the highest marketing authority you can at Pfizer. If someone is selling cheap watches, go to the website where you can buy the watch, go through the process and find out where your money would go and/or who owns the domains etc. Then follow the chain back up to someone who might give a damn and give them a really hard time. If everyone did that it'd be far more effective than replying to the spam mails. :)