According to the article, "The idea, evidently, was to induce Kawamoto to open an e-mail attachment with a "tracer" in it that would allow them to see who she forwarded it to. They hoped it would pinpoint board member Keyworth as her source, according to the documents."
How is this done? Is this something spammers do?
rather than rely on the uninformed writer of the article, or your own spurious conclusions about what "must be" as a consequence, allow me to suggest that you read the standard for yourself. It is available at the link above.
It helps by making passports harder to forge. Much harder. Remember when Jean Claude goes to passport office in Paris, his picture (and possibly finger scan) are deposited on the chip. And digitally signed. A paper copy of the picture is pasted into the passport. When he comes to immigration he presents his passport. Now, the immigration guy looks at Jean Claude, the picture in the passport, and the picture extracted from the chip. If the two pictures do not match each other, or bear no resemblance to the Jean Claude standing in front of him, he knows there is a problem. One thing he knows is that the picture on the chip was actually taken by a french passport official with access to the signing key. Is it not obvious how that helps?
Suppose the spammer were required to wade through 10, 20 or 30 bogus responses for every genuine order for organic Viagra, or whatever?
Suppose when each of us received a spam message, we responded with a concocted name, address, and credit card number that forced the spammer to eliminate countless spurious orders to find the genuine responses? Suddenly, the economic advantage would be reversed. The formula that makes spam an attractive advertising medium would be undone.
The trouble is, spam is already taking too much of our time. No one will spend even three minutes responding to a single e-mail with a false name and address in the hope that the huge problem of spam would vanish. Unless, perhaps, instead of spending three minutes, you could spend 30 seconds, and felt that you were part of a larger community that was acting together to diminish this curse?
A few years ago, a hacker tool called AOHell included an apparatus for developing a bogus AOL account. In those days AOL would give a new user some number of free hours on the service, provided they supplied an apparently valid credit card number. The hacker tool would produce a credit card number that met the checksum requirements and produced a user name, which, although entirely fictitious, was internally consistent. That is, the area code, phone number exchange, and zip code were compatible. As a result, AOL gave countless fictitious users 30 days of free internet access, until VISA or Mastercard informed AOL that they had never heard of say, Ralph Garrett, of 379 Markham Drive, in Toledo, OH.
I propose that some of the dedicated anti spam activists develop a site that will facilitate the creation of bogus responses: A database of first names, last names, street names, zip codes, area codes and phone exchanges, along with a tool for generating apparently valid credit card numbers. The angry spam recipient would have only to go to the site, and enter the url to which he was directed by the spam. That window would open in a frame inside the anti-spam sites' window, with it's response form pre populated with a bogus, but credible, response. The spammee would check out the form, correct any mistakes made by the form-filling software and click submit.
There is an appealing sense of poetic justice to this approach - fighting fire with fire and spam with spam. The most egregious spammers will incur the wrath of more people, and their databases more likely will be seeded with spurious responses, that can only be distinguished from real responses by painstaking manual labor, just as we can only be sure to avoid trashing a wanted e-mail by reviewing the subject lines of the spam.
Why this might not be a good idea:
It is possible that despite the enormous odds against it, a randomly created response might actually be that of a real person. In the worst possible case, the form-filling software we're proposing would, if badly implemented repeatedly create the same name and credit card number that belonged to a real person. However, this seems about as likely as monkeys creating a Shakespearean sonnet by banging mindlessly at the keyboard.
Another reason: It might be illegal. I have no idea weather deliberately using a bogus VISA number for the sole purposes of ridding the internet community of one of its most persistent headaches is against the law. However, if those who provide hacking tools to the script kiddies can away with it with a minor disclaimer, why can't we?
Slashdot Mirror
According to the article, "The idea, evidently, was to induce Kawamoto to open an e-mail attachment with a "tracer" in it that would allow them to see who she forwarded it to. They hoped it would pinpoint board member Keyworth as her source, according to the documents." How is this done? Is this something spammers do?
rather than rely on the uninformed writer of the article, or your own spurious conclusions about what "must be" as a consequence, allow me to suggest that you read the standard for yourself. It is available at the link above.
It helps by making passports harder to forge. Much harder. Remember when Jean Claude goes to passport office in Paris, his picture (and possibly finger scan) are deposited on the chip. And digitally signed. A paper copy of the picture is pasted into the passport. When he comes to immigration he presents his passport. Now, the immigration guy looks at Jean Claude, the picture in the passport, and the picture extracted from the chip. If the two pictures do not match each other, or bear no resemblance to the Jean Claude standing in front of him, he knows there is a problem. One thing he knows is that the picture on the chip was actually taken by a french passport official with access to the signing key. Is it not obvious how that helps?
Suppose the spammer were required to wade through 10, 20 or 30 bogus responses for every genuine order for organic Viagra, or whatever?
Suppose when each of us received a spam message, we responded with a concocted name, address, and credit card number that forced the spammer to eliminate countless spurious orders to find the genuine responses? Suddenly, the economic advantage would be reversed. The formula that makes spam an attractive advertising medium would be undone.
The trouble is, spam is already taking too much of our time. No one will spend even three minutes responding to a single e-mail with a false name and address in the hope that the huge problem of spam would vanish. Unless, perhaps, instead of spending three minutes, you could spend 30 seconds, and felt that you were part of a larger community that was acting together to diminish this curse?
A few years ago, a hacker tool called AOHell included an apparatus for developing a bogus AOL account. In those days AOL would give a new user some number of free hours on the service, provided they supplied an apparently valid credit card number. The hacker tool would produce a credit card number that met the checksum requirements and produced a user name, which, although entirely fictitious, was internally consistent. That is, the area code, phone number exchange, and zip code were compatible. As a result, AOL gave countless fictitious users 30 days of free internet access, until VISA or Mastercard informed AOL that they had never heard of say, Ralph Garrett, of 379 Markham Drive, in Toledo, OH.
I propose that some of the dedicated anti spam activists develop a site that will facilitate the creation of bogus responses: A database of first names, last names, street names, zip codes, area codes and phone exchanges, along with a tool for generating apparently valid credit card numbers. The angry spam recipient would have only to go to the site, and enter the url to which he was directed by the spam. That window would open in a frame inside the anti-spam sites' window, with it's response form pre populated with a bogus, but credible, response. The spammee would check out the form, correct any mistakes made by the form-filling software and click submit.
There is an appealing sense of poetic justice to this approach - fighting fire with fire and spam with spam. The most egregious spammers will incur the wrath of more people, and their databases more likely will be seeded with spurious responses, that can only be distinguished from real responses by painstaking manual labor, just as we can only be sure to avoid trashing a wanted e-mail by reviewing the subject lines of the spam.
Why this might not be a good idea:
It is possible that despite the enormous odds against it, a randomly created response might actually be that of a real person. In the worst possible case, the form-filling software we're proposing would, if badly implemented repeatedly create the same name and credit card number that belonged to a real person. However, this seems about as likely as monkeys creating a Shakespearean sonnet by banging mindlessly at the keyboard.
Another reason: It might be illegal. I have no idea weather deliberately using a bogus VISA number for the sole purposes of ridding the internet community of one of its most persistent headaches is against the law. However, if those who provide hacking tools to the script kiddies can away with it with a minor disclaimer, why can't we?
If I paint this on my head, does that mean I can stop wearing my tin foil hat?