?

Log in

No account? Create an account

Tue, Apr. 22nd, 2008, 12:18 pm
Abrasive words slurred with obtuse thought

I got joe-jobbed again recently and it reminded me of this mini-essay I wrote about 3 years ago about a more ... extreme solution to spam.



Whilst cleaning out my inbox this morning and once again pondering whether to give up my current address as too tainted I decided to cheer myself up by pondering the death of members of the Spamhaus Top 10

http://www.spamhaus.org/statistics/spammers.lasso

Spam is all about economics. It costs virtually nothing and if only one in 10,000 people buy into your product then you're quids in.

Spam costs the United States alone 10 billion dollars including lost productivity and the additional equipment, software, and manpower needed to combat the problem according to Wikipedia. My financial burder isn't huge but spam definitely costs me time.

However, whilst we're sitting on the wrong side of that economic equation it's never going to stop.

You can implement filters and various other countermeasures but as this article shows, there are just too many ways to circumvent them so you're always going to be in an arms race.

Various people have come up with solutions. These range from completely rearchitecting the Email Infrastructure (see, for example DJB's Intenet Mail 2000) or piggybacking on top of the current infrastructure such as charging for email (to tip that profitability equation back our way) which would almost certainly kill off much of Net Culture as we know it.

They all largely fall foul of one of the laws of Spam Kookery:

http://www.rhyolite.com/anti-spam/you-might-be.html

Moreover, all those problems solve the problem client side. They put the onus on us, the victim. UNNACCEPTABLE! Why should we have to put up with it? It's not our fault.

Hence stuff like the CAN-SPAM act which, err, fails. You just move to Russia or somewhere. The Internet knows no boundaries and in Soviet Russia Spam eats you. Or something.

So what can we do? Well we can seize the spammers' assets but that's hard. It's easier and more convenient to hide your wealth than it is to hide yourself.

So, get a little creative. In a brutal sense. First off though, I would like to point out (to the NSA and future law enforcement officers - Hello! - if anything else) that I'm not actually planning on doing this. I just bored and more than a little grumpy today and such economic thought trains help soothe troubled brow.

The central premise of this solution is such - the threat of assassination is cheap and a fairly effective deterrent. Therefore we publish an open letter stating that we will shortly be assassinating a selection of spammers.

Those threatened (say the top 10 spammers world wide) would fall into three categories. This assume that all of them thought the threat to their life credible which may, by necessity, require a pre-emptive strike against, say, the top three plus a couple of smaller fish to seed the entire field with paranoia. A nasty and vicious measure but regrettably necessary in this grisly tableau I'm laying out for you.

The first category, and the simplest, would be those that would stop all activities immediately. This is the desired result since we haven't had to actually do anything.

The second would go into hiding but continue to spam anyway. This is undesirable but how many people are willing to completely subjugate their life in that way for profit? Hopefully a small amount.

The third would get protection.

Close protection costs vary wildly but for a competent team in a high risk situation with a morally dubious customer the costs can be around 30,000 US dollars a month if not more.

Chris "Rizler" Smith was indicted for spamming in 2005 and it was claimed he was making 2 million USD a month gross. Even assuming 50% costs (unlikely) 30,000 a month is, if not peanuts then a reasonable amount for a spammer to pay.

This, I'll confess, is not what I was expecting when i first started writing this. Of course it doesn't take into account the fact that whilst continuous close protection may well be economically viable, the constant threat of assassination is almost certainly unacceptable? That said, more than one despot puts up with a similar level of threat not to mention drug dealers.

Unfortunately, even if spammers did leave the industry then there plenty of people who would fill their spot.

I suspect this is somehow related to an interesting paradox in betting which I'm trying to find a cite for to confirm that I'm remembering right. Essentially it works like this:

You offer someone a 100% chance to take 50 pounds or 50% chance to take 110 pounds. Probability dictates that that you should take the second bet but people will almost uniformly take the first.

Paradoxically however if you force people to chose between 100% chance of losing 50 pounds or at 50% chance of losing 110 pounds then they'll choose the second even though the first becomes the better bet.

In searching for definitive example of this I came across Ellsberg's Paradox which is marginally related and quite interesting:

http://everything2.com/index.pl?node_id=1251265

So, the threat of assassination probably isn't an economic deterrent to spamming and probably won't be an emotional deterrent either - the rewards are too good. However the money's only good whilst people click on the links and buy the herbal pills and fake college degrees and what not. A friend of mine pointed out an alternative

"i've always felt that actually the problem lies with educating the user. remove the people dumb enough to pay for products solicited by spam and you remove the root of the problem, rather than the cause of it.

a few high profile executions of people stupid enough to purchase from spam emails would mean that the press gets involved and publishes enough information to stop that 1 in 10000 from buying something from those spammers.

of course finding these fools is a bit tricker, you then need to become a spammer yourself in the hope of harvesting some fools yourself, and of course you'd have to become a fairly big spammer to net the right number of people within an easy to reach vicinity (although 2 million a month goes a long way to making that easier). hell you should already have a billing and delivery address for the intended victim.

once the market has fallen out from under them the spammers will not be getting 1 in 1 million - making their operations a lot less successful, initially i guess this will lead to an increase of spam, but after a few months of no returns i'm assuming that they will give up."


His suggested solution was to send out spam for incredibly cheap pills but substitute the Viagra for, say, Strychnine - a plan which has a certain poetic charm.

Wed, Apr. 23rd, 2008 02:51 am (UTC)
pfig

the other day the guy from wired started publishing emails of people who send him unsolicited email (that is, if i or you send him an email and he's hungover, we make the shitlist). i've been thinking somewhere mid-way between his solution and your friend's:

a large amount of the spam i get is due to fucking clueless idiots (tm) sending me "e-cards", invites to hi5 and the other 383 social networks that pop up each day, etc. so basically i need to find 10 minutes to write a script that 1) updates a web page with the idiot's name and email address and 2) subscribes said idiot to every. fucking. porn. site. i. can. think. of. and gcc-dev.

Wed, Apr. 23rd, 2008 05:12 pm (UTC)
hex

And debian-legal.

Thu, Apr. 24th, 2008 12:16 am (UTC)
pfig

damn, you're good.

Wed, Apr. 23rd, 2008 05:10 pm (UTC)
hex

You offer someone a 100% chance to take 50 pounds or 50% chance to take 110 pounds. Probability dictates that that you should take the second bet but people will almost uniformly take the first.
Probability is trumped by the guarantee of a free lunch (AKA "quit while you're ahead"). Greed-induced failure to understand this (and an idiotic misunderstanding of how probability actually works) is the reason why "Deal or No Deal" continues to attract "entertaining" contestants.