Talk:Lecture 7

From CSEP590TU
Jump to: navigation, search

‘I Want Spam’ list

Tolba: As discussed by prof. Felten, it’s a bad idea to handle the proposed DNE-list the same way the famous ‘telemarketing’ DNC-list was handled even though it was a great success. The obvious reason is that such list is every ‘spammer’s’ wish, since it’s potentially an invaluable asset if you are in that business. Even though we are trying to break away from the DNC model only ‘collateral’ or technical solutions were brought up, but the concept of the list remained the same. I believe a potentially good way of doing this is having the reverse of the DNE list, and yes it’s a list of people who want spam. It can be made illegal for spammers to spam anyone outside of this list. Of course the list could be freely handed to spammers since people who volunteered potentially like spam. All that remains is renaming the list do something more decent (not including “Anatomical Enhancement Products Seekers”). ;)


SPAM

TedZ: I am struck by the irony of the fact that the Pew Organization admits to using "telephone spam" to conduct their research into email spam. I wonder how many people used the defense mechanism that I use (don't answer the phone unless the person starts talking to the answering machine and I recognize the voice) for deflecting unwanted telephone calls?

I'm a long-time internet user (10 years or so I think), and I must have pretty strong defense mechanisms, because I average less than 1 spam email per month. I use a white list to filter most of my email, guard my email address, NEVER even click on anything that might be a spam, do not click random advertisements on web pages, never click on a link in an email (even if it looks legit, such as a note from my bank), use throw-away email addresses when necessary, etc. Given the fact that the people taking this class are probably fairly technologically savvy, I wonder what your experiences with spam are? Anyone overwhelmed by spam? What are your defense mechanisms?

JSpaith: I was inspired by my SPAM defense by another guy in my group, who does this with sapek.com. I own spaith.com, Spaith fortunately not being a common name and me being in time to get it. (The story my aunt tells me is that my great-great grandfather, Wilhelm Spaith, originally spelled it the more common Spaeth but changed it to Spaith on coming to the US from Germany. Spaeth.com was taken by the time I wanted to pull this trick, so I credit old Wilhelm with being a visionary and foreseeing the day this would matter. Just a little off topic I know.)

My anti-SPAM plan works as follows. Whenever I go to say buystuff.com, I give them the email address JohnBuystuff@spaith.com. So if they sell my email address to another company that spams me, I can (1) block JohnBuystuff@spaith.com and if I'm really irked I can (2) have all messages sent to JohnBuystuff@spaith.com forwarded back to the CEO of BuyStuff.com. This lets me be super-liberal with giving out my email address. Interestingly if I just block marketing@spaith.com and sales@spaith.com, I get very little spam. I use no other mechanism than that (i.e. white lists, software plugins, etc...), though maybe my mail host is being smart for me behind the scenes. Spaith.com has my email as johnWeb@spaith.com listed as my contact info in the event a bot ever picks it up and starts spamming me. And since I don't want a bot picking up my email from here, I leave it as an exercize to the reader to figure out my real email address.

This of course is good for the John Spaith's of the world (all one of us), but the poor John Smith's have to be more clever. My scheme falls to pieces for me too if my real email got onto some SPAM engine and we don't fix SPAM.

Avichal I have had my email since about 5 years, and although initially I may have done some dumb things (posting email address to a webchat etc.), but I would say I have generally protected my email address. I do get about 10-20 spam emails every day, although with the use of exclusive blocking (white list), I am able to deflect most of them. However the problem with tha is, I have to constantly scan the 'Junk' folder as well, and keep updating my 'allowed' list (new people, new email id for existing people etc.). But mostly I have learnt to live with it, and that's good I suppose, considering that spam is not going away anytime soon. Infact, considering that 'telephone spam' is still quite prevalent, probably spam will just be a part of IT world. I find email spam less intrusive than telephone spam (They call you right at dinner time). But I can imagine it to be a serious issue for people with children who are concerned about the emails they might receive.
The 'Do Not Email' registry, does not seem practical to me. I would have serious doubts that it can be implemented successfully.

Ian King Funny enough, I don't get much phone spam anymore - I signed up for the do-not-call registry, and it seems to have worked for me. Email spam is another matter. I get fifty spam messages for every legitimate message. Of course, my email is out there on websites, given some of my activities; I haven't been overly careful about it. I can't believe the sudden influx of fake Rolex ads!  :-)

The other behavior we don't often associate with this is "door spam", i.e. folks selling/soliciting door to door. Just the other day I blew one off.  :-) It comes down to the same thing: someone 'pushing' a marketing interaction, whether in person, on the phone, through postal mail or in email. Marketing is an odd business: they are trying to make you interested in a product/service/position you've probably not considered or even known about, and their job is to convince you that you can no longer live without it. What's more interesting is that the marketer often has no other connection to the marketed object than being paid to market it - no personal investment. What an odd world....

Avichal I would add to my previous comments, that a lot of email users out there are not 'IT savvy'. So you cannot expect them to be able to effectively take measures that you or me would (use of Software tools, blocked/allowed lists etc.). And do not just think US (in general, people are more aware here), think the first-time internet users in developing nations. Actually, even if you take US users, I have seen spammers continually evolve their techniques to get past automated filtering by email servers/desktop filter software etc. They have even adopted increasingly deceptive methods to dupe users into thinking it is a legitimate email and hence opening it. Now with the possibility that even JPEGs may contain virus/malicious code [1] it's even riskier (especially for novice users who may not be aware of this threat).

So it has been a cat and mouse game, which has till now pretty much been played on the technological field (with the Spammers winning the first round, I must say). With the IT companies (and users) adopting various technological measures to block spam, and spammers adopting increasingly sophisticated counter-measures. But only recently has this spilled out into the legislative arena. But it remains to be seen whether spam can effectively be controlled by legislative/policy measures.

Avichal Interesting articles in the news today, about Bill Gates being the world's most spammed person, getting 4 million emails per day. Also Bill Gates commented that he 'hopes' that the problem will be under control in 2 years. [2]

Jesse Ruderman: I make my address public and I get several unsolicited but wanted e-mails a day, usually from people with questions or feedback about web site. If you feel that you have to hide your e-mail address from the world, then the spammers have already won.

Jesse Ruderman: Content-based spam filtering has failed. To get rid of spam, ISPs need to do two things. First, ISPs need to make the "from" address meaningful in e-mail, in part by using Yahoo! DomainKeys. Second, ISPs need to prevent computers from being compromised and used to send spam. They can do this by suggesting that users keep their software up-to-date and use Firefox, by limiting the rate at which users can send e-mail to people they have not sent e-mail to before, and by imposing a small fine on users whose computers are compromised and used to send spam. I wonder if ISPs could be pressured to do these things in the same way they can be pressured to cut off large spammers.


Kiran Kalyan Well, considering the size of Gates' problem, I suppose that spam IS a major problem. Although, until recently , i did feel that it could be classified as a major irritant rather than as a Problem. I mean spam-filtering may not work on most other web-based email services, but my Yahoo! mail is VERY good at filtering out spam. I rarely find any spam in my email nowadays. Hotmail, though, is another thing altogether - i've given up even trying to delete all the spam that i get in my hotmail account. so, is it just a question of better spam-filtering or is hotmail being targeted more, especially since its a Microsoft subsidiary? I wonder...

User:patrickh: The ability to detect spam will improve, but the false positive identification problem has bit me - with email from me being removed from my contractor's alias - and likewise I've dug through my Spam folder and found stuff I really was interested in being put there. Just like the national "do not call" list I think we need the same for a "do not email" list and folks breaking it need to be subject to fines. With US mail there is a cost of materials limiting the amount of junk mail (though not effectively) and with phone calls there is a time cost (though with automated telephone question/sales pitch even that isn't true) so with email we really need legislation to protect a email spamming like the do not call list.

User:amirrahim: Harsher punishments against spammers might help deter their activity. The speaker mentioned this point in class and I see this being a possible solution. The fact that these spammers leave a trail makes it possible to track and punish them. Of course there are tricks these spammers can use to avoid being easily detected and the most common one is to relocate their businesses. The vast openness of the internet makes it very difficult to regulate and standardize business practices in helping detect and prosecute spammers. It would be interesting to see how the IT world reacts to this every increasingly annoying problem in the future.

--Remegraw 12:15, 27 Nov 2004 (PST) Here's the link to professor Etzioni's article on fighting spam with spam: http://www.cs.washington.edu/homes/etzioni/spam2.doc Professor Felton's reponse to this proposal was that it is a bad idea because you are setting yourself up for further spam bombardment. Perhaps this is true with responding to an email address, but what about hitting a web server? He also mentioned that many spam's include phone contact info rather than email/web contact info.... but if this is the case wouldn't it be very easy to identify the spammer by their phone number? It seems that most spammers can be prosecuted under existing laws, but the costs associated with tracking down every spammer and taking legal action are too high to make this practical. But it's hard to see an end to the spam battle until spammers are held accountable for breaking the law.

Diwaker: I use regular adaptive filters. White list mechanisms are affective, but not always convinient since many a times (as Ed Felton pointed out as well), I *do* want unsolicited spam, and not all of it comes from humans (so that they could ask me to white list them). For example, conference CFPs, notification bots and so on. I think one of the biggest advantages spammers have is that most "organizations" are required by law to forward ALL mail they get, spam or not. So the spammers are guaranteed reachability to the last hop. If there was a mechanism for spam classification that had low accuracy but guaranteed no false positives, then perhaps there could be a law allowing organizations to do spam filtering at their gateways, significantly cutting down on traffic. Right now, all they can do is tag messages, but most users are not even aware that this is taking place so that they can use it for more effective spam filtering.

Copyright: MPAA & RIAA

Last night, driving back after the lecture, I heard Dan Glickman, President and CEO of MPAA, speak about Movie industry, especially piracy and the recent lawsuits[3]. The comment that Ed Felten made that the MPAA is where the RIAA was 4 years ago, just flashed across my mind. But the unfortunate thing is seeing MPAA go down the exact same path (with the lawsuits). The arguments are so similar, that you couldn't tell MPAA from RIAA. Same thing about - if we let this go on, movie industry will perish, people will stop making movies; oh we don't want to do this either, but we have to to raise awareness and set a deterrent ("We would rather make a court room drama than star in one"). While RIAA lawsuits had created awareness amongst people and MPAA just piggybacked on that; do we really need a fresh set of lawsuits to reeducate people that movie swapping is illegal as well. Also RIAA sales are still slow, and file swapping has not really slowed down that much.

I think an important difference between the two, is that the movie industry has faced large scale piracy mainly originating on international soil. Glickman, also commented that US has always protected international copyright, and should coerce other countries to do so as well.

Kiran Kalyan I agree that the MPAA does not seem to have done its homework. The RIAA's lawsuits caught a few big "offenders", sure, but they also made scapegoats of quite a few kids. And its not as if these measures have worked. With each day, new P2P software is being released and the piracy is spreading. I dled a software called DC++ the otehr day and conncected to some hubs with mostly Finnish and other European users. I was,to say the least, shocked/awed/amazed when i saw the number of files each user was sharing there. They had share directories running into the hundreds of GB and everything was alphabetically indexed into separate folders - thats equivalent to having virtually every major,and most minor,English(and Finnish) song released in the past 20 years. And all this well after the RIAA made scapegoats of a few unfortunate users. Its obvious the lawsuits haven't had any effect. As one of the slides in the lecture so correctly pointed out, these lawsuits are driving away people who wouldn't have used the thing in a major way anyway. Another relevant point made on that slide was that quite a few users use file-sharing to test the waters before making a purchase - I agree with that and even confess to doing that myself. I even feel that file-sharing tends to drive up sales of the really good music while the over-hyped ones(think Britney) remain also-rans - which does have a sort of poetic justice to it.

And a big,BIG mistake the RIAA is making is ignoring copyright infringement on foreign soil. Back home in India ( and in China and the Middle East,too,I suspect), video and song piracy are HUGE businesses. We walk in to our local cable guy with a list of about 250 songs that we want and he dls the songs AND burns it onto a CD for us - all for a max. of 150 rupees(about $3). Movies are about the same,too - since it takes almost two months for the big releases to hit India after they're released here, most of us lose patience and , again, walk in to our local cable guy, get the VCD of the latest release [ which will be in his shop within two days of a movie's release here in the US] and enjoy! its not as if we have a choice - there is no such thing as an official DVD release and people , i suppose, get fed up of waiting for Hollywood to decide to release in India. Anyway, my point is: the RIAA and MPAA are possibly targeting a totally wrong set of users to make an example of and deter sharing.

User:Joanna The true cost of copyright infringement, both domestically and abroad seems very important and should be a component in future policy decisions (should, but probably won't). The New York Times had a timely article on 11/21 on that very subject (requires registration - http://www.nytimes.com/2004/11/21/business/yourmoney/21view.html?oref=login). The article looks only at music downloads in the US, with economists estimating a loss of zero to two sales per 10 downloads. To me that doesn't sound like a disaster! The author notes that these estimates are a moving target, with changes such as the success of iTunes. One limitation that keeps me (and probably others) still buying CD's is the low quality of downloadable recordings. Increased bandwidth and storage will eventually remove that constraint - will that shift download patterns again?

Interesting observation on India. Clearly thinking about IT policy solely withing the context of the US misses some of the complexity. It seems that something will have to give.

--Remegraw 12:38, 27 Nov 2004 (PST) One comment about the legal dowload services... I cannot speak to all of them, but the ones I have tried have not worked that well. It is far easier to get the song from a p2p service than hassle with a legal service. When talking about purchases in the $.10 to $10 range, the most important concern for many users is the time and ease of the transaction. If the legal services could surpass the user experience of the p2p services, they would be a long way towards beating them.

Diwaker: What really amazes is that no one seems to be giving attention to IRC networks. IRC is probably the oldest (> 30 years) and most widely used content distribution network on the Internet today (both legal as well as illegal). Bittorrent is big, but its still a new kid on the block. I read a couple of months back that the FBI was considering taking a serious look at IRC networks, but I'm not sure what the status on that is. Though I'm positive that not much has been done in the past 10 years or so, and IRC users have enjoyed a level of security and anonymity that Napster and Kazaa users were not able to enjoy.

Kiran Kalyan: Here's a very interesting article about the trend in the thinking on copyrights - supposedly, a lawsuit has been filed in San Francisco (where else can it be?:-)) arguing that copyrighted software does not make sense and instead, shortlived patents must be issued to software developers. check it out at :http://in.tech.yahoo.com/041214/137/2igas.html Personally, i feel this might not make all that much of a difference for most software products except, maybe, the enterprise-level tools of Oracle and MS which would be hardest hit by any revoking of a copyright. what do you all think?

In response to Diwaker's post, I guess the reason IRC has stayed below the radar is because the initial learning curve for its usage, especially for non-techies, is pretty steep. This , i suspect , has put off a vast number of users who would otherwise have flocked to this technology. IRC is being monitored nowadays - but the effectiveness is certainly doubtful. Who knows? Maybe in 10 years, P2P where you can download or find any file you want will be a thing of the past. ;-)

Lists

(User: John) I have problems with the anti-spam lists and the do not call me lists. I am on the latter list, and I get 10 calls a day from marketers, anyway. Anti-spam lists won't work any better. Further, whenever you allow yourself to be on a list, you simply provide more data about yourself for the guy holding the list. In the end, that guy creates a database and sells it to someone else who then uses the list data for something else. A clear cut right to privacy is the best way to deal with much of this stuff. Advertising is commercial free speech, yes, but my e-mail address is private. No?

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Talk:Lecture_7&oldid=5146"