Slashdot Mirror
McColo Takedown, Vigilantes Or Neighborhood Watch?
CWmike writes "Few tears were shed when alleged spam and malware purveyor McColo was suddenly taken offline last Tuesday by its upstream service providers. But behind the scenes of the McColo case and another recent takedown of Intercage, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature. But some question whether there is a hint of vigilantism behind the takedowns — even as they acknowledge that there may not be any other viable options for dealing with the problem at this point."
Your comment fails to account for:
[x] Laziness on the behalf of the Slashdot readers
[x] Lack of time
[x] Boredom with the same auto-reply form
[ ] Puppies
æeee!
Vigilantism would be action like that employed by the Lad Vampire. This was just a bunch of experts asking companies to enforce their TOS.
The real "Libtards" are the Libertarians!
When you have no law, nobody with legal authority, vigilantes and posses will form to deal with issues. Human history is filled with evidence of this. Usually, the citizens demand a code of law to emerge from the chaos after some gross miscarriage of justice is perpetrated by an overzealous vigilante. The internet hasn't had that yet.
The internet is still in the stage where vigilantes mostly take care of it, and likely will be for some time to come. Certain nations lay claim to certain aspects of internet behavior of their citizens (we almost all agree that child porn is bad, for example.) But the more restrictive you get, the fewer people are in agreement. We'll never get the whole globe to agree on standards for porn, political content, religious content, etc., so it will be almost impossible for a Global Internet Police Force to arise.
I think the undefined-but-pragmatic status we're in will last quite a while longer, and the vigilantism will increase. Maybe the future will hold an odd-bedfellows agreement along the lines of the UK/USA spying deal. U.S. vigilantes will not be extradited for committing a good-faith takedown of a Russian spammer. And Russian vigilantes will not be extradited for taking down an American spammer.
John
Of course there's an element of vigilantism. This is the sort of situation that vigilantism is for.
Hopefully better ways to deal with the problem will come along soon. In the meantime, I hope the body count among innocent bystanders stays small.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
I don't really understand, especially on a Web forum that decries most law enforcement actions as invasive to privacy and liberty, why private conduct aimed at correcting undesired private conduct is just assumed to be bad.
Does this "only the government shall administer law" doctrine apply to the civil rights movement? Greenpeace? Software piracy? Or just things we don't like?
One person's vigilantism is another's social activism.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
If the upstream providers had a service agreement that disallowed the use of their network for illegal activities, they can pull the plug any time.
[x] Meh
æeee!
No, not remotely vigilantism. Its not like someone went to these people and cut their fiber cable with a hacksaw - *THEIR ISP* turned them off, after it received reports of TOS violations and (presumably) investigated same. We should live in a world where all ISP's have and enforce anti-spam TOS, and actually investigate take action, as appropriate, when they receive reports of abuse, regardless of who the reporter is.
Since the '90s, various groups have labeled other groups as "internet scum" and targeted them for banhammers.
Sure, providers of child porn an, in France and Germany, stand no chance against the national police. But everyone else - American Nazis, spammers, 409 scammers where protected by law, and those advocating unorthodox positions like "sex with children is okay" or "gay fags don't deserve to live" are generally left alone by governments.
Like-minded individuals like to get together and fight what they see is an abuse of the net and/or an abuse of free speech. Right or not, the party that "wins" is usually the party with the most political and financial might.
If a small church group goes at it alone against a well-funded Neo-Nazi organization, they will go nowhere. On the other hand, if a large denomination spearheads a global effort to get a lightly-funded neo-nazi organziation kicked off their ISP under threats of boycotts, bad press, etc. the neo-nazi organization's web site will soon go dark.
Oh, it helps to have the ISP's and upstream's moral-compass on your side: If the Neo-Nazi's ISP and upstreams are very pro-free-speech, you may not get far no matter how much influence you wield. If on the other hand they aren't very pro-free-speech but are pro-racial-equality, then they'll help you find an excuse to terminate their contract or not renew it.
Back in the days early days of spam, a major spammer paid handsomely for a very friendly upstream provider. However, the pressure finally got to be too much and they gave him a non-renewal or 30-day termination notice under the "we simply no longer want your money" clause.
Ultimately, society will have to decide if your rights to say anything you want to anyone you want who will listen on your Internet connection is a right that can be negotiated away by contract. Note the "who will listen" clause - that doesn't cover spammers, but it does cover people spewing neo-nazi propoganda and the like to people who ask to hear it. It arguably doesn't cover "force fed" material like content that lives beyond the current session or affects your computer outside the browser, e.g. malware, or even "surpise" material like Goatse, unless you specifically made an informed decision to download such material knowing full well what it was.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
> I host a few web servers at a colo. I have no idea what my neighbors are serving up. If
> my sites were shut down without notice I'd be pretty unhappy.
Well, then you would sue the colo operator, wouldn't you? They are the ones who contracted to provide you with service. Would you blame the power company if it shut down your colo operator for breaching his contract with it by not paying his bill? Then why blame your colo operator's upstream provider for shutting him down for breaching his contract with them?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I probably would too. Which is why one of the questions I ask before deciding to deal with a hosting or colo provider is "What kinds of customers will I be sharing a network with?". I look at what this provider's reputation is, what sort of history they have when it comes to spam, malware and similar things. Do they have a lot of complaints about spam and malware originating from their network? Are they known for investigating and taking action when problems are reported, or do they have a reputation for ignoring the problem for as long as possible? Do I find them showing up as a place to go for "bulletproof" hosting? Do I see their netblocks showing up in spam e-mail, attacks on my firewall or lists of netblocks known to originate malware? I make sure I've got answers to those questions that I like before I decide to do business with them.
Part of your responsibility when you start a business relationship is to know who you're getting yourself involved with. If you choose not to, don't be suprised when it comes back to bite you later.
[x] Your mom.
You asked and I'm happy to oblige. As spam systems go this one scores fairly well. The biggest problem is the "worm-ridden Windows boxes" checkbox.
----
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Some ISPs think they can cut or filter your internet activities because you consume too much bandwidth. It's probably in your terms of service somewhere (now or in the future, you'll sign or you won't get internet). Elsewhere on slashdot, if you mention "Comcast", an array of hysteria breaks out.
If these people are guilty of a crime, law enforcement needs to prosecute. If you can track the perpetrator to a US based location, then there's no "global problem" excuse. The only issue is that as a citizen there's no chain of custody on your evidence, so they'll have to do their own detective work. But once you know someone is probably guilty of something, you can probably find something on him. If the appropriate authorities are not interested in being involved, THAT is the problem worthy of public attention.
The ends don't always justify the means. Bypassing proper authorities is not appropriate when it's a big evil corporation chasing 12yo girls pirating Britney, and it's not appropriate from a group of well-intentioned vigilanties. We have law and law enforcement to prevent this sort of thing from happening. If they are inadequate, we should focus on solving that problem. It's true spam may not rate right now with unemployment and economic collapse...and that's not a bad thing.
I hate spammers and won't lift a finger to help them (I really ought to, I just can't overlook my hatred of them), but I worry more about the long term effects of people taking laws into their own hands and getting street justice. I worry about ISPs getting excessively involved in the content passing through their networks, and being, in any way, legally justified in moderating, censoring or controlling access based on anything other than whether your check cashes. I would rather tolerate a few low grade crooks than live in the kind of society where the lowest common denominator creates all laws.
You can't make an omlette without breaking eggs. I for one, and sick of finding spam in my omlette.
I tried to understand this, I really did.
Modding me -1 troll doesn't make me wrong.