"Usenet Death Penalty" against AOL

An anonymous reader wrote in to send us an article from Deja News discussing the fact that German Usenet Admins have declared AOL Rogue, and are discussing banning the ISP to cut down trolls and spam. The RFD ist auf Deutsch, so you might wanna hit up Babelfish for your usual amusingly broken translation.

Signal to AOL ratio ..

I am all for this, if enough of a movement gets started to teach AOL a lesson, I would be more than happy to also do it at the small ISP I run.

"I am sorry, but we do not accept mail from AOL here"

Damn, that would be so satisfying.

Sigh..

One problem is, there ARE some intelligent AOL users. My favorite poster to a.p.t is from AOL.

In Holland there are ISP banning AOL e-mails.

AOL users can't mail some ISP's in the Netherlands and I think this trend will continue AOL cleans up it's act. It's a good thing too, if a lot of ISP's decide to ban AOL, it's a choice: either AOL or the "real" internet. I used to get 4x spams per week from AOL users. I used to forward every message with a complaint.. it HAS stopped recently.

Translation: "Free Trial Accounts Are Evil"

The gist of the RFD is that the anonymous free trial accounts AOL gives out are a spammer's best
friend, that AOL doesn't take action against spammers when notified, and that several Usenet groups are currently being destroyed by spammers using a series of free trial AOL accounts.

From Babelfish, with a little help from me:

AOL harms the network, because it offers trial accounts with up to 650 free hours. This gives
Spammers, Trolls, and other people who wish to
conceal their identity problem-free full write access to the network. Their posts can't be
traced (so the spammers can't be identified).

The AOL administration takes no action against people spamming from these accounts, even when action would be justified.
Complaints to AOL are acknowledged by an ignorebot, and the spamming continues.

A current example is the activity on de.etc.finanz.banken+broker, de.etc.finanz.misc, and de.etc.finanz.boerse, where where an individual AOL Spammer has made an otherwise lively hierarchy almost useless for several weeks, because he constantly posts similar advertisements
for his commercial Web PAGE and slandering,
while constantly changing AOL Accountnames and
misleading Subject lines. He also sends mail
bombs from his AOL account to the people who
try to complain about him.

Another example is the mailing list public@dana.de, which for months has carried
more Spam (almost without exception from
AOL users) than useful contents."

AOL Germany vs AOL USA

Something to add to the discussion: there seems to be a difference in handling abuse of American and of German AOL users. AOL Germany is a subsidiary of publisher Bertelsmann, so it's a different company than AOL US. In the discussion following the posting of the RfD it was mentioned that while AOL US does honor abuse-notifications, AOL Germany doesn't. I can't verify that myself, though.

Another interesting fact is that according to German "netgod" Lutz Donnerhacke AOL Germany is understanding the problem is going to make an announcement to the (de-)abuse-groups, soon.

Finally, the RfD is obviously lacking support of German news-admins so probably the effect, a successful CfV will have, will be minimal. BTW: It is not cleared, yet, if a formal CfV is possible.

- Sebastian Rittau

Re:Banning spammers ?

[Zack]

> controlling content on the internet on behalf
> of their population or any other way of
> "controlling" the internet

So what's the issue here? The issue here is freedom. If I want to go look at porn, or see information on abortion, or read anti-{insert your country here} propaganda, I should be allowed to. Freedom does not include "doing anything you want." I should not be able to degrade the quality of your service.

I should be free to view whatever content I want.

Spam, however, is another matter entirely. An email message sent to my account is not the same thing as a web page sitting out there. An email to me gets to me, and I am forced to wade through it in order to get to the rest of my messages. The spam sent to me actually causes me harm (in terms of lost time, lost bandwith, and lost disk space). A web page sitting out there that I don't want to see doesn't affect me at all.

USENET has rules. For example, posts are supposed to stay on topic, avoid flames, don't cross post to 1000 different groups. AOL users have violated the policies, and AOL refuses to do anything about it. In order to keep the net sane, they've got to be controled. So we have the freedom to read on topic posts and not see ads for sex sites in EVERY newsgroup.

Re:The threat

[jandrese]

The problem is that it isn't that simple. Most malicious spammers now use a technique called superceding where they basically overwrite the body of "signal" messages with noise. This makes it look like legitimate posters in the newsgroup are posting spam under legitimate titles. IMHO this is the most vile kind of spam, since not only does it increase the noise of a newsgroup, it actively decreases the signal, and destroys countless discussions. The worst part is that moderation is usually ineffective agsinst this kind of attack.

The threat

[Xamot]

Hopefully the threat alone will cause AOL to make some changes. I know it's not the company itself, it's the users, but since they know they have the largest base of newbies they should do something.

What is that something? How about forcing users to take a quiz on netiquette that they must pass before given the ability to post. Even just a major effort to educate their users would be a step in the right direction. Most ISPs don't have to worry about this, but AOL isn't most ISPs.

Re:The threat

[Ralph]

Hopefully the threat alone will cause AOL to make some changes

There's something you might miss, when reading a "bablefished" translation of the RfD: The RfD asks the admins to issue an UDP for the de.* hierarchy in Usenet, not banning AOL completely (which would be a quite senseless thing to discuss about in a de.*-only RfD).

It is not even clear, which kind of UDP should be issued, a passive one (where the newsfeeds won't take any postings coming from AOL) or an active one (where any AOL-Postings will be canceled on sight).

Furthermore the RfD talks about many issues, which aren't related to Usenet at all (not reacting on messages sent to abuse@aol.com, sending UCE from AOL test accounts), so many admins (and users) can't agree on issuing an UDP for those points.

Next: The actual reason for posting this RfD is a guy (calling himself Seltzer-McKensey) who is actually destroying four newsgroups in the de.*-hierarchy (de.etc.finanz.*) by posting hundreds of postings there monthly. AOL doesn't react to this (neither by calling them, nor through e-mails sent to abuse@aol.net). They tried to ban him from posting, but this guy just switches to his next AOL-CD and goes on posting.

But through this guy alone, the technical funtionality of Usenet is not harmed, so that's no reason for an UDP. And many of the admins and users in Germany (or in de.* which is international) take the same standpoint. There's idiots with each ISP, AOL has the problem of their non-restricted testing accounts.

Now, before anyone accuses me of standing in for the enemy ;-) - I would like to see those AOL test accounts being restricted (no posting without verification of the person who uses an account), I also would like AOL to actually react to mails to abuse@aol.net, not just having their ignorebot giving me replies. And that they can restrict those accounts has been shown some weeks ago: Without being a verified user with AOL, you can't send any e-mail attachments.

But I don't think that the mentioned points in the RfD qualify for issuing an UDP (and I don't quite see, what an UDP limited to one hierarchy could do). UDP is the last resort against an ISP, and I don't see, that this last resort should be used against AOL at the moment.

If UDP, then hierarchy-wide and not local to one hierarchy. If UDP then for reasons everyone will understand, but not for those. Otherwise there should be an UDP against deja.com right now, for the same reasons (or take any other company which allows webbased posting without checking on the users).

Ralph

PS: Of course: Friends don't let friends use AOL.

Re:The threat

[dattaway]

I remember on fateful morning many moons ago when I fired up tin to read the newsgroups and each post was repeated seven times each and from this new entity called "aol.com" So, I read through them (where did all the good news go?) and found they were ALL one liners and "me too" or something absurd. I wasn't mad, just pissed off! Usenet went downhill after that. The once mighty alt.sex newsgroup that had readership of 100,000 died into a cesspool of spam and is still dead.

It amazes me how a provider will not educate users how to properly use the service, but will only tell them how easy it is with point and click. "Click here, now you can post! See how easy that was?"

Death to usenet? No, death to AOL!

Re:The threat

[dattaway]

It all was in spring 1994 if I remember right when I shortly killfiled every .com and .net leaving nothing but .edu and .mil posts. That worked for a while, but people graduated and had to use those addresses. No one wanted to have an aol.com address like it was some disease.

You can take the dejanews.com power search page, save it and edit the crap out of it. They make it easy as you will see a few comments in there that say "content starts here" and "content ends here." You can cut everything above and below that.

As far as the banner ads go, visit http://waldherr.org/junkbuster/ where you can easily install an industrial strength anti ad tool. Its easy to maintain too. If a sex banner or eye killer comes into view, just insert that address into the blockfile. No need to restart anything as the next time you load a page, you can see the changes take effect immediately.

May your surfing days (and nights) be enjoyable and not surf in sewage and spam.

Re:The threat

[dattaway]

> The questions might go like this:
> 1. Someone posts something that's totally opposite to what you believe. You then:
> a. Post an intelligent, well thought arguement that adds to the debate.
> b. Type an angry reply, one sentence long, in all caps.

I forsee one problem: AOLers aren't *that* stupid. Anyone old enough to know how to send an email/usenet message can also

Oh? Back in about 1994 when AOL opened the floodgates onto usenet, they gave users a big point and click button. I was told they were given a brochure describing "full usenet access" over a variety of topics. The newsgroup alt.best.of.usenet was the group at the top of the list if I remember right. In less than an hour, it was the worst of usenet with thousands of posts destroying any use that group had. To my horror, I was logged in at the time when this happened.

Typing in a one sentence reply in all caps would be the best case. Usually, it was a sentence fragment, or just a thought, or a word or two. Not only that, there was a bug with the posting software that duplicated each post seven times. Irresponsible? I would have to say yes. As I see it, AOL is here to exploit the internet. It raped and pillaged the newsgroups in 1994 and I am not surprised that it is extending its reach into our mailboxes.

Maybe off topic, but Slashdot is like old-USENET

[root]

I guess that's why I (and probably many of us love Slashdot). It's reminiscent of the USENET of long ago. It discusses mostly tech topics and topics of interest to fellow geeks. The S/N ratio is pretty high. Newbies (usually in September) were whacked for bad postings after which they fell into line or were filtered out with killfiles (you rarely had to go this far, though). There was zero spam (it was once a usenet axiom that *you* *don't* *post* *ads* *in* *newsgroups*- *period*. [expecting .forsale and later biz.* groups]). USENET had a common culture back then much like Slashdot has a common culture now. Unfortunately it's a catch-22. Success, like when the internet went mainstream, destroys that culture. USENET is a wasteland now. And Slashdot is becoming popular... hmmm... we shall see. At least Slashdot has a control element the anarchastic USENET lacked.

The problem is volume, not content

[David+Jao]

Somebody earlier above gave links to http://maps.vix.com/ and http://spam.abuse.net/. These links are highly recommended reading. One thing that anti-spam advocates stress over and over again is that spam is problematic because of its volume, not because of its content. In fact, it is precisely this content-agnosticism that distinguishes anti-spam efforts from censorship.

The definition of e-mail spam is "unsolicited bulk email": that is to say, an email message is spam if, and only if, it is unsolicited and sent to a large number of recipients. Likewise, a message is usenet spam if, and only if, it is crossposted or multiposted heavily enough (c.f. the Breidbart Index). In each case, the content of the message is totally irrelevant. Spam is characterized by the manner in which it is delivered, and not by the content contained in the message.

The difference between anti-spam efforts and censorship efforts is that censorship by definition uses message content as the sole criteria for rejection, while spam fighters by definition use message delivery parameters as the sole criteria for rejection.

Re:Banning spammers ?

[dattaway]

Its not controlling content, but damage control. Its not the type of content, but noise is not useful. Can you think of a use for spam? And there is no way of controlling it, but to cut it off. There are many people who wish to contribute actual content, but when there is a big pipe pushing raw noise into the newsgroups, its utility is diminished. It breaks.

Usenet might break and become no more if spammers are unchecked. The death penalty might be the lesser of two evils.

UDP is strong magic

[Booker]

As a last resort, the UDP rocks, although it's unfortunate when it comes to that. There's a lot of potential for throwing the baby out with the bathwater. It's been used effectively a few times though, I believe.

If every admin would utilize the MAPS, the ORBS database, and participate in these UDPs, the world would be a remarkably spam-free place.

uu.net been through this already

[CrazyFraggle]

A had a short chat with our local newsmaster on the subject. He told me that about a year and a half ago a UDP was enforced upon uu.net because of intensive spamming originating there. At that time, he told me, all the major Usenet backbone servers enforced this UDP. For five days or so, no news where accepted from, or fed to uu.net.

After those few days, all the spammers that were using uu.net at the time, where gone from uu.net. Of course, later new spammers has come to uu.net, but at least now they're aware that it's a problem. (I wonder where they went :).

Perhaps a complete UDP would make AOL actually see the problem? X million annoyed AOL customers have the power to make AOL change that a few sysadms do not have.

AOL needs to show more responsibility.

[Outland+Traveller]

The reason I dislike AOL so strongly is their attitude towards the internet. AOL sees it as a natural resource to exploit, rather than a community. They take and take, but they do not accept any responsibility for problems they cause. In the environment of the internet, AOL is one of the largest polluters.

Last year a luser at AOL was running a barrage of Denial of Service attacks on our webserver. I don't know why (s)he did this but I do know that I received absolutely ZERO help from AOL resolving the issue. After a many attempts to talk to someone who could understand what a DoS attack is, I was told the equivalent of "tough luck". They wouldn't give me the time of day unless the FBI was involved.

When we discover cracking activity from other ISPs, those ISPs are usually very helpful in taking care of the problem.

This is just one example, but this newsgroup issue and earlier IRC issues seem to indicate a pattern of behavior. AOL needs to realize that the rest of the net doesn't exist for them to exploit. AOL needs to step up and take some kind of responsibility for the problems they create.

The biggest problem is that they've created an accountability nightmare. No one can effectively deal with an abuser armed with a box of AOL CDs, except for AOL. And AOL doesn't really care.

If the UDP forces them to improve their abuse management, I think that it's a good thing. I don't think they will change until there is damage to their reputation/bottom line.

- OT, who would not recommend AOL to anyone.

Re:AOL needs to show more responsibility.

[thales]

AOL's main concern is how many subscribers they have so they can say "your ad will be seen by 18 million subscribers!" The number two concern is keeping them on AOL, looking at ads. If a AOL user screws up your Web page, then the rest of the AOL users can't leave AOL to go there. If they screw up usenet maybe the other users will go back to an AOL forum where they can see those ads. AOL thinks only of thier responsibility to advertisers. AOL thinks of any site that isn't on AOL as costing them money. The only way AOL will reform is when thier practices start costing them users. Untill then they will do whats best for AOL and to hell with the rest of the Internet.

Re:AOL needs to show more responsibility.

[wolf-]

I couldn't agree more. About 6 months ago, my company was asked to do a intrusion investigation for a large company here in Atlanta. We spent nearly 3 months auditing network connections and leafing through megs upon megs of logs from services. Wasn't long before AOL ips appeared near the top of the most frequent attackers.

Now, this was all done with modems. AOL is trying to get some of the large cable modem and *dsl providers to offer direct aol access to the net over large bandwidth. If AOL has been such a large problem with only modem access, imagine the trouble an AOLer can get into with some serious bandwidth behind them?

Re:Banning spammers ?

[blkwolf]

I'd say there's one important difference between the Australian govt. and the ISP's in question.

Australia is trying to dictate what every australian ISP, and user is allowed to download, view, read, carry on their computer systems or internet access. Here the people have no choice in the matter neither do the ISP's who to comply with the new laws will have to invest hundreds to thousands of dollars a piece so that they can filter out and block "unreasonable" content and possibly monitor the activity's of their users.

This on the other hand is nothing more than a specific group of ISP's choosing not to carry certain content. As they own the services they provide they also have the right and the freedom to choose what services they do provide and what content they allow to be stored on their servers and harddrives. No different than me placing a filter in my news group reader to filter out and delete any posts from @aol.com, as I have the right and freedom to view and download what I choose.

Because an ISP chooses not to carry certain content, that does effect their users but those users still have a choice, if they feel the ISP doesn't provide enough services they want or need that have full ability to switch to a new one, subscribe to an online news service where they will probably get access to far more groups than their ISP has ever carried, etc.

So the difference is that in the German ISP situation every person involved has a choice, the ISP's have a choice on what they want to carry and pass thru their equiptment, and their users have a choice of sticking with the ISP's new policy's, switching ISP's, or finding their news posts somewhere else.

Australia no one has a choice, the govt. says this is how it will be and short of moving out of the country you will obey the rules and only see what we want you to see.

Re:Is Usenet WORKABLE anymore? (case for quotas)

[Stephen+Williams]

Of course, there are lots of other issues. For instance, the top level heirarchy makes very little sense.

It has got a bit large and unwieldly, hasn't it? Unfortunately, I fear that it's too late to do anything about it. The Great Renaming[1] probably confused a lot of people the first time round (it was before my time, so I don't know how bad it was). How many people will end up hideously confused if we try it again?

[1] Note to newbies: until the mid-1980s, all Usenet groups had names beginning "net.". The current hierarchy ("alt.", "comp.", "soc." etc) was started on a day which is now known as The Great Renaming, when all the old groups got renamed.

Banning spammers ?

[_Spirit]

Something in this discussion doesn't seem right. Most people were adamantly against the new Australian laws on controlling content on the internet on behalf of their population or any other way of "controlling" the internet, but when it comes to stopping spam it seems that for some people everything is allowed.
If you say that AOL should be banned from USENET altogether, you are in fact not that much different from the Australian government as you pretend to be.

It seems to me that some people here define their freedom by limiting other people's freedom. This is not what i would call freedom.

I am not saying that if people abuse their rights on an online service, we shouldn't punish them. But punishing individuals is not the same as excluding a large internetprovider and all it's clients.

I, for one, think that a lot of people are a bit over-sensitive to spam. They will classify anything they read that does not concern them or has a slight commercial reference as spam. If you don't want to read it there are plenty of ways to avoid it, especially on usenet. I use several filters myself to get rid of the usual crap.

Message on our company Intranet:
"You have a sticker in your private area"