Slashdot Mirror

← Back to Stories (view on slashdot.org)

jQuery Dev Bemoans Overwhelming Spam On Google Groups

Posted by Soulskill on from the discount-llama-pelts dept.

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

23 of 251 comments (clear)

  1. Perhaps a new mail header? by Zarf · · Score: 2, Interesting

    Maybe if we created a mail header with the pgp signature of the message in it we could train our spam filters to filter on that. Google could silently inject the header into its mail clients... no one would need training. Email would look the same. Clients unaware what to do with the header could ignore it. Inside systems like Groups you could see "verified" or not on the email.

    --
    [signature]
    1. Re:Perhaps a new mail header? by Eravnrekaree · · Score: 1, Interesting

      sounds like a good idea, it seems. For this to work, can the correct signature be made only by the users private key, on the text in the email message, so someone couldnt just take the public key or whatever and spoof the signature?

    2. Re:Perhaps a new mail header? by _Shad0w_ · · Score: 4, Interesting

      If a spammer can easily spoof a legitimate user's cryptographic signature on a given block of text I would be very surprised. The only practical way that could happen would be if the user's private key was compromised - if that's the case you just issue a revocation certificate for the compromised key.

      Requiring users to sign up using their public key and then requiring all posts to be signed isn't completely ridiculous. It may be a OTT for most groups and possibly beyond the ken of a lot of users, but it could be done. You would just have to parse the all incoming mail to make sure they had a valid signature and that the signature was made using a key that matched a register group member. Although I couldn't comment on how much processing overhead that would create.

      --

      Yeah, I had a sig once; I got bored of it.

  2. Tragedy of the Commons by oldspewey · · Score: 5, Interesting

    I used to be an avid newsgroup participant way back in the day. The flamewars were legendary, and the amount of technical information exchanged on some of those groups was beyond description.

    If there were a way to use spammers for fuel, I'd have no qualms solving our energy woes that way ...

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
    1. Re:Tragedy of the Commons by John+Hasler · · Score: 2, Interesting

      > I used to be an avid newsgroup participant way back in the day.

      I still am. Competent news services such as Newsguy are able to remove enough of the spam to make it tolerable.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Tragedy of the Commons by oldspewey · · Score: 3, Interesting

      I think your godwin generator needs to go in for calibration.

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
  3. Yahoo chats have had similar syndromes by Eravnrekaree · · Score: 2, Interesting

    Yahoo chat as well seems to be overtaken by this spamfest. They have tried to address it with captchas, but the spammers simply go ahead and entire the captcha code and keep spamming. They could require credit card verification to make it harder to open massive numbers of accounts, i suppose. Maybe they could have some sort of scanner that would look for sequences that could identify common patterns in spam messages and flag these messages for moderation. Even moderation itself is ripe for abuse with moderators who abuse that power that they have. Perhaps another solution is a voting system on particular messages like that on slashdot, in this case, simply as to whether the message is spam or not, the messages which are voted to be spam are basically collapsed but could be opened with a click, or can be shown with a show "spam marked messages" feature. Could be useful both on chat and also on message boards.

    1. Re:Yahoo chats have had similar syndromes by weaponx71 · · Score: 2, Interesting

      The Yahoo groups aren't all that bad. I belong to a few and over the past two weeks we got a few infected links from members that got infected. Straight spam has been like maybe one every three months or so. Now the Yahoo chat, well.. that is just unusable as I use to remember it. When I became wise and got rid of AOL, Yahoo chat was a great replacement. You could actually have conversations with real people. Then the script kiddies were flooding the rooms with their booters and such. The bots were easily spotted and ignored. Now... Take any given room, even with the captcha and you will have over 60% bots. As soon as you log into the chat room you get flooded by spam adds to your list and spam chat windows. It IS completly useless compared to what it was a bunch of years ago. Yahoo is the ONLY one to blame for this. Sure they use captcha, and sure there are admins in ever room. But they obviously do NOTHING. I now only pop into those chat rooms once a month, maybe. My wife just said she couldn't right click and it was due to Yahoo's new toolbar, even though she doesn't use the new toolbar. So all of that just spells out to me that is that only Yahoo email is worth anything. And even that hasn't been my main email for 5 some years. I figure it will very slow or maybe not even at all that Yahoo will try and make all of that better. I would go for a guess that now that Google has been called out on it, something will be tried to fix the problems very soon. But... that's just my opinion, I could be wrong.

  4. and Blogger too by GameGod0 · · Score: 3, Interesting

    Google's really dropped the ball on spam blocking with Blogger too. I host a couple of random blogs on there, and they've all been hit with a ridiculous amount of spam in the last year. Blogger doesn't even give you something like Akismet... :(

    1. Re:and Blogger too by BitZtream · · Score: 2, Interesting

      Blogs ARE spam 99 times out of 100, its hard to implement spam filtering when the content in and of itself might as well be spam.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  5. Time to bring back the cancelbots? by argent · · Score: 5, Interesting

    If this is a Usenet group that Google Groups is just providing an interface to, I guess it's time to bring back the cancelbots. UDP against Google. It's come close before.

    If this is one of the Google Groups that's a web forum, then they need to require that you actually log in before posting.

  6. Unusable indeed by Ritz_Just_Ritz · · Score: 1, Interesting

    I've been wondering if/when Google would make some sort of effort to deal with the problem. You'd think that a company that's gone out of their way to hire brainiacs could come up with *some* sort of solution. I'm a little surprised they've let it spin this far off into the weeds.

  7. Re:Finally, someone important points out the obvio by Minwee · · Score: 3, Interesting

    Why the hell haven't they put the same spam filters that they use for Gmail on the discussion lists?

    Maybe it's because they want to encourage you to use Gmail, which they control and can extract some income from, instead of Usenet, which they have only a passing acquaintance with and can't squeeze a penny out of.

  8. Ebarassing for group admins by Morris+Thorpe · · Score: 4, Interesting

    I created and admin a Google group for my son's high school team. We have coaches about 120 parents in the group.

    Even though it's a pain in the ass, I chose to moderate messages for new members. Still, spam gets through. As the group's admin, it's embarrassing to see graphic messages and know that all the parent's on my kid's team are seeing it. Also, moderation means that some messages may not get through in a timely manner.

    I'm looking to migrate the group to an alternative now.

  9. Spammers are spoofing Google Groups by farnsaw · · Score: 2, Interesting

    I manage a moderated google group and I have received spam "from the group" from someone who is not a member. This makes me think that they sent it directly to me and just spoofed the headers to make it appear to come from google to get past my local spam filter. I wonder if this is what is really happening?

    --
    "Computer Scientists can count to 1024 on their fingers" (non-mutant, non-mutilatated, human computer scientists)
  10. Re:Join the 21st Century by commodore64_love · · Score: 2, Interesting

    Nope. I belong to the AVS (audio-visual science) forum for awhile, and stated matter-of-factly that digital TV has reception problems and the converter boxes from Dish are junk. I was banned.

    You can't have free speech in a system where the Sysop is like a dictator - deciding what can or can not be said. Even a benevolent dictator can be bad. Usenet offers a place that is libertarian in nature - people police themselves - and nobody gets censored even if they are whackjob KKK members.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  11. Re:Finally, someone important points out the obvio by baxissimo · · Score: 4, Interesting

    Google Groups serves as a face to Usenet, yes, but it also advertises itself as a place to create new groups which are hosted by Google, as an alternative to setting up your own mailing list. I suspect the jQuery folks are using a Google hosted group. The spam situation is indeed ridiculous, and Google could indeed do something about it. They even have "report spam" buttons on all the messages, but so far as I can tell clicking on those buttons has no effect. At the very least it should hide the messages from me that I mark as spam. But no, it doesn't even remember which messages I've marked as spam from login to login. They've just dropped the ball for some reason.

  12. Re:Join the 21st Century by Richard+Steiner · · Score: 2, Interesting

    I'm not the OP, but I use Slashdot's web UI because they haven't created an nntp gateway for me yet. :-)

    Once that is done, you won't see me using this web-based interface, believe me. I'd be using Yarn here, or maybe slrn with slrnpull.

    The content here is decent for the most part (STN ratio is often quite good). It's the interface that sucks.

    --
    Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
    The Theorem Theorem: If If, Then Then.
  13. Re:Time to DIY by The+Ultimate+Fartkno · · Score: 2, Interesting

    1. How can you steal a service that's provided to you for free?

    My internet service is not provided to me for free. I pay for it. I reserve the right to accept or reject advertising as I see fit. People who not only force advertising on me, but do it in a deceitful manner, deserve nothing more than forcible, unlubed sodomy during the half time show of the Super Bowl. Spammers are roaches and should be treated as such.

  14. Re:Block posts to Usenet via Google by rudy_wayne · · Score: 2, Interesting

    At this point, we have to view GMail like Hotmail, another free email account system made useless by spammers.

    Hotmail is widely blocked. Next, Gmail?

    I have 2 Gmail accounts but access them via POP3. Gmail's spam filters work perfectly. I get zero spam. Although there are hundreds of spam messages in the spam folder none of them get through to me. Why can't they do the same thing to newsgroups?

  15. Is there a reason to keep archives private? by tetranz · · Score: 4, Interesting

    This is more to do with Yahoo Groups than Google Groups but they seem similar. Recently I've joined several Yahoo Groups about specialized ham radio topics. Nearly all of them keep their archives private. I have apply to join (basically push a button and say who I am) and then wait for approval from the admin. Once approved I can read the archives and also post. Posting from members is usually unmoderated. It's painless enough but still very frustrating when I'm just searching around for information and a quick look at the archives is probably all I want.

    I don't mind having to join if I want to post but do they achieve anything by keeping the archives private? Yahoo obscure the email addresses so spammers' 'bots are not going to get much from them. I've asked several admins "why do you keep the archives private?" and have not received a convincing answer. It usually goes something like "I understand your frustration but we have a lot of trouble with spam" and sometimes goes on to imply what a silly question I asked. Well ... I still don't see how keeping the archives private helps to reduce spam. I haven't been a group admin so maybe I'm missing something.

    I can understand keeping archives private or non-existent for a group on a personal or private subject but that doesn't apply to these groups.

    My guess is that this is Yahoo's default setting when a group is created and few admins really think about it. Of course Yahoo want as many people as possible to join.

  16. Re:Finally, someone important points out the obvio by psydeshow · · Score: 2, Interesting

    Bingo. They need a moratorium on new products for 3 years while they chain the engineers to big, burly product managers and get all of their offerings on the same page.

    Of course, that's (more or less) what happened at Yahoo!, and Google took the opportunity to fly right past them.

  17. Re:Join the 21st Century by Anonymous Coward · · Score: 1, Interesting

    Just look at any project that has both mailing lists and forums. The technical discussion will be on the mailing list while the forums only seem to exist as a honey trap for retards.