CWmike writes "Few tears were shed when alleged spam and malware purveyor McColo was suddenly taken offline last Tuesday by its upstream service providers. But behind the scenes of the McColo case and another recent takedown of Intercage, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature. But some question whether there is a hint of vigilantism behind the takedowns — even as they acknowledge that there may not be any other viable options for dealing with the problem at this point."
You can't make an omlette without breaking eggs. I for one, and sick of finding spam in my omlette.
When you are breaking the rules, you can't complain when someone takes your toys away. I feel utterly zero pity/sadness/whatever in regards to this. As far as I am concerned, spammers are at the utter bottom of the food chain. Damned plankton eaters.
The quote "You can't make an omlette without breaking a few eggs" means that you cannot always keep everyone happy.
I added to this to say that I was sick of finding spam (the food kind) in my omlette as a play on TFA which is all about spam (the junk kind) - which in the end means that if I was going to have some unhappy campers in this entire picture, I would choose the ones who are sending all the spam (the junk kind).
Geez, next time I will just use a car analogy.
Some ISPs think they can cut or filter your internet activities because you consume too much bandwidth. It's probably in your terms of service somewhere (now or in the future, you'll sign or you won't get internet). Elsewhere on slashdot, if you mention "Comcast", an array of hysteria breaks out.
If these people are guilty of a crime, law enforcement needs to prosecute. If you can track the perpetrator to a US based location, then there's no "global problem" excuse. The only issue is that as a citizen there's no chain of custody on your evidence, so they'll have to do their own detective work. But once you know someone is probably guilty of something, you can probably find something on him. If the appropriate authorities are not interested in being involved, THAT is the problem worthy of public attention.
The ends don't always justify the means. Bypassing proper authorities is not appropriate when it's a big evil corporation chasing 12yo girls pirating Britney, and it's not appropriate from a group of well-intentioned vigilanties. We have law and law enforcement to prevent this sort of thing from happening. If they are inadequate, we should focus on solving that problem. It's true spam may not rate right now with unemployment and economic collapse...and that's not a bad thing.
I hate spammers and won't lift a finger to help them (I really ought to, I just can't overlook my hatred of them), but I worry more about the long term effects of people taking laws into their own hands and getting street justice. I worry about ISPs getting excessively involved in the content passing through their networks, and being, in any way, legally justified in moderating, censoring or controlling access based on anything other than whether your check cashes. I would rather tolerate a few low grade crooks than live in the kind of society where the lowest common denominator creates all laws.
There is a level of indirection here that you are ignoring, they were disconnected for the most part for hosting the C&C boxes for a bunch of large botnets. The botnets send the spam, not the spammers directly.
I think you would have a hard time arguing that hosting a bunch of massive botnets is excusable / legal.
[x] It is too short [x] It fails to include humorous but not applicable options that are left unchecked. [x] It lacks a "furthermore..." section [x] You were clearly too lazy to put any real effort into...
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses (x) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email (x) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (x) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (x) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Vigilantism would be action like that employed by the Lad Vampire. [wikipedia.org] This was just a bunch of experts asking companies to enforce their TOS.
Vigilantism would be action like that employed by the Lad Vampire. [wikipedia.org] This was just a bunch of experts asking companies to enforce their TOS.
This was my thought as well. These cases involved a process, review of proof, and action based on that review. If you accept that the TOS for the network providers is a legal document, then this is simply following the law. A vigilante is one who acts outside the law.
Actually, no. The "experts" in this case weren't even aware of McColo was actually doing because the few people who did know never shared the information.
I just love getting contradicted by people who have no idea of the facts. Hint to mods: do some research before up-moddng!
So it wasn't due to unanswered complaints sent to upstream providers, it was because upstream providers were notified of the issues by security researchers (to whom I referred as "experts").
I love this comment! Pro tip #68: When losing an Argument, it is a good idea to suggest that you work for whatever agency will help you win this argument. (hint: don't be to detailed, let the employer stay anonymous)
When you have no law, nobody with legal authority, vigilantes and posses will form to deal with issues. Human history is filled with evidence of this. Usually, the citizens demand a code of law to emerge from the chaos after some gross miscarriage of justice is perpetrated by an overzealous vigilante. The internet hasn't had that yet.
The internet is still in the stage where vigilantes mostly take care of it, and likely will be for some time to come. Certain nations lay claim to certain aspects of internet behavior of their citizens (we almost all agree that child porn is bad, for example.) But the more restrictive you get, the fewer people are in agreement. We'll never get the whole globe to agree on standards for porn, political content, religious content, etc., so it will be almost impossible for a Global Internet Police Force to arise.
I think the undefined-but-pragmatic status we're in will last quite a while longer, and the vigilantism will increase. Maybe the future will hold an odd-bedfellows agreement along the lines of the UK/USA spying deal. U.S. vigilantes will not be extradited for committing a good-faith takedown of a Russian spammer. And Russian vigilantes will not be extradited for taking down an American spammer.
This isnt about vigilantes, or international law. No one went and did anything to these spammers, illegal (in any jurisdiction) or otherwise. Their OWN upstream ISP shut them off, presumably after it became aware of TOS violations. The day it becomes illegal to either report spam to an ISP, or for that ISP to shut off its customers that it determines are sending spam (or for any other cause [including the infamous 'for any reason we want' clause] listed in the TOS the customer agreed to), is the day the Internet dies.
Now, I'm sure the spammers are unhappy that volunteer citizens around the world track their spammy activities, and will do their best to whine and try to paint it as something illegal or wrong, but that doesnt change what happened.
Yeah, and vigilantes have a long history of killing the innocents that happen to be near the Big Bad Man(tm) when the big brown slimy hits the fan. There's a reason we have laws, and a police force -- and it's partly to keep our casualties to a minimum. Vigilantism is nothing more than frustration combined with a big ego... And a hero can be properly defined as "someone who gets other people killed". Sure... it's just an internet connection... But the ethics are the same. Security researchers so often have
You live in a bad neighborhood. The local Dominos Pizza, their delivery drivers having been robbed numerous times when making deliveries in your area, have decided to effect a boycott of your neighborhood. They now refuse to drive down your street because your neighborhood is too dangerous.
Is it Dominos Pizza's fault that you share a neighborhood with scum and malevolent ilk?
It might not perfectly mirror the "sharing a network" analogy, but please don't complain about the poor widdle innocent third parties
These alleged innocents have chosen to NOT perform any diligence on the NSP that will be their upstream. These innocents have chosen to engage in business transactions with, and give money to organizations that finance or support criminal operations. Anyone helping the spammers are just as guilty as the spammers. Even more odd are the network providers that use their legit customers as human shields against the spammers. Obviously they have decided the income they make from the spam operations are more important than their legit customers.
Why does everyone insist on treating the internet like it's a public resource? The Internet is a collection of private networks (and private property). Peering operates through cooperation and agreements to play by the rules.
Place the blame exactly where it belongs with a caveat emptor to boot.
I don't really understand, especially on a Web forum that decries most law enforcement actions as invasive to privacy and liberty, why private conduct aimed at correcting undesired private conduct is just assumed to be bad.
Does this "only the government shall administer law" doctrine apply to the civil rights movement? Greenpeace? Software piracy? Or just things we don't like?
One person's vigilantism is another's social activism.
Agreed.
Frankly they didn't go and hurt anyone. They just notified the ISP of abuse on their network. These security researchers hopefully didn't use illegal means of gathering their information. In the end this is MUCH better than allowing law makers to come up with vague laws that could apply to too many situations. In this case these two companies McColo and the other one listed can simply go look for service elsewhere or negotiate to get their service re-enable. This is free market at work. The upstream saw lost their incentive to host these companies when it affects their service to other customers and simply back out of it.
McColo didn't respect it's contract with the upstream ISP and got disconnected. NOT vigilantism.
Be careful what you say there. 'Illegal activities' can also mean a whole pile of other things we take for granted, like P2P copyright.
What are you talking about? What he says doesn't matter. Every connectivity provider already has TOS in their contracts that allow them to disconnect you based largely on their whims and fancies.
Hey, in the late 80's when the first spammers showed up, if the administrators/ISP's didn't close they're account, they'd get kping/attacked and taken off line. Then the 90's came, with the STUPID aol metoo'rs. All the sudden, money became more important then integrity. Spammers' had a heyday, and everyone was afraid of the lawyers. The Internet started to really SUCK (is there anyone left out there that remembers archie and ftp?).
Now, all the sudden some security researchers are working with the press t
Back then, when google results actually returned something useful instead of 20 pages of useless links to price-grabber or experts-exchange.
You bring up an excellent point. In response, I have edited my google.xml search file (C:\Program Files\Mozilla Firefox\searchplugins\google.xml) thus:
Old values:
<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}"/>
<Url t
If I understand this right, the entire colo's link was taken down because they were hosting spammer servers. Fine and well for us I guess, but what are the chances some other, innocent folks were hosting servers there too?
I host a few web servers at a colo. I have no idea what my neighbors are serving up. If my sites were shut down without notice I'd be pretty unhappy.
> I host a few web servers at a colo. I have no idea what my neighbors are serving up. If > my sites were shut down without notice I'd be pretty unhappy.
Well, then you would sue the colo operator, wouldn't you? They are the ones who contracted to provide you with service. Would you blame the power company if it shut down your colo operator for breaching his contract with it by not paying his bill? Then why blame your colo operator's upstream provider for shutting him down for breaching his contract with them?
I probably would too. Which is why one of the questions I ask before deciding to deal with a hosting or colo provider is "What kinds of customers will I be sharing a network with?". I look at what this provider's reputation is, what sort of history they have when it comes to spam, malware and similar things. Do they have a lot of complaints about spam and malware originating from their network? Are they known for investigating and taking action when problems are reported, or do they have a reputation for ignoring the problem for as long as possible? Do I find them showing up as a place to go for "bulletproof" hosting? Do I see their netblocks showing up in spam e-mail, attacks on my firewall or lists of netblocks known to originate malware? I make sure I've got answers to those questions that I like before I decide to do business with them.
Part of your responsibility when you start a business relationship is to know who you're getting yourself involved with. If you choose not to, don't be suprised when it comes back to bite you later.
Vigilantism, means, at the root, being vigilant. While it might be nice in theory to sit on your hands and wait for someone else to be vigilant on your behalf, we're doomed as soon as everyone takes that attitude.
If there's a guy in a tower with a machine gun taking shots into the crowd bellow, and some subset of the crowd has the ability to DDos, what would you want them to do?
Just to note that though they share the same root, vigilantism does not share the exact same etymology as vigilance. Vigilantism comes from vigilante (italian/spanish), whereas vigilance comes from the latin root without the sidetrip into vigilante, where much of the connotation is from.
If there's a guy in a tower with a machine gun taking shots into the crowd bellow, and some subset of the crowd has the ability to DDos, what would you want them to do?
DDos isn't going to do much against a guy with a machi
As I understood, the colo in question was not shut down per se, it was simply severed from its internet connectivity as its upstream/backbone internet providers terminated their contract with them. Nothing special about that; business relationships are initiated and terminated all over the world every day.
Consequently, there was no "vigilanteism" in the strict sense as such, where normals citizens take the law in their own hands and act as if they had higher authority than they really have.
It was simply a case of concerned security researchers going to the upstream providers with evidence and saying "look what scum you do business with by providing connectivity, this is bad for the internet on the whole and it hurts your reputation", and the ISPs in question took action. If innocent customers of the rouge colo got hurt when the lines got cut, then they simply have to suffer the consequences of picking a bad host to buy services from.
Of course, if the proof the security researchers had gathered also proved that the shut-down colo in question had committed crimes, then the appropriate authorities need to be involved. But that is another chain of events, separate from the disconnection of the lines.
> If innocent customers of the rouge colo got hurt when the lines got cut, then they > simply have to suffer the consequences of picking a bad host to buy services from.
No, they need to sue the colo for breach of contract (a class-action might be appropriate here).
No, not remotely vigilantism. Its not like someone went to these people and cut their fiber cable with a hacksaw - *THEIR ISP* turned them off, after it received reports of TOS violations and (presumably) investigated same. We should live in a world where all ISP's have and enforce anti-spam TOS, and actually investigate take action, as appropriate, when they receive reports of abuse, regardless of who the reporter is.
It's quite a double-standard that we live in a world where SPAM is evil and ISPs should cut them off, and yet it's not OK to cut people off for sharing files that infringe copyright.
I wonder if the "Our wireless network was open! It wasn't us spamming!" defence would work for them.
It's quite a double-standard that we live in a world where SPAM is evil and ISPs should cut them off, and yet it's not OK to cut people off for sharing files that infringe copyright.
Well, a TOS violation remains a TOS violation. If you get service from an ISP and agree to not infringe copyright, then you shouldn't be surprised if you get cut off when you start downloading loads of videos without permission.
OTOH, it is users who cause problems for other customers of the ISP who really get stomped on. Spammers do this. So do people who use bittorrent without limiting their upstream bandwidth to well below the physical capacity. (Please don't do that if you've not got a business-class upl
Since the '90s, various groups have labeled other groups as "internet scum" and targeted them for banhammers.
Sure, providers of child porn an, in France and Germany, stand no chance against the national police. But everyone else - American Nazis, spammers, 409 scammers where protected by law, and those advocating unorthodox positions like "sex with children is okay" or "gay fags don't deserve to live" are generally left alone by governments.
Like-minded individuals like to get together and fight what they see is an abuse of the net and/or an abuse of free speech. Right or not, the party that "wins" is usually the party with the most political and financial might.
If a small church group goes at it alone against a well-funded Neo-Nazi organization, they will go nowhere. On the other hand, if a large denomination spearheads a global effort to get a lightly-funded neo-nazi organziation kicked off their ISP under threats of boycotts, bad press, etc. the neo-nazi organization's web site will soon go dark.
Oh, it helps to have the ISP's and upstream's moral-compass on your side: If the Neo-Nazi's ISP and upstreams are very pro-free-speech, you may not get far no matter how much influence you wield. If on the other hand they aren't very pro-free-speech but are pro-racial-equality, then they'll help you find an excuse to terminate their contract or not renew it.
Back in the days early days of spam, a major spammer paid handsomely for a very friendly upstream provider. However, the pressure finally got to be too much and they gave him a non-renewal or 30-day termination notice under the "we simply no longer want your money" clause.
Ultimately, society will have to decide if your rights to say anything you want to anyone you want who will listen on your Internet connection is a right that can be negotiated away by contract. Note the "who will listen" clause - that doesn't cover spammers, but it does cover people spewing neo-nazi propoganda and the like to people who ask to hear it. It arguably doesn't cover "force fed" material like content that lives beyond the current session or affects your computer outside the browser, e.g. malware, or even "surpise" material like Goatse, unless you specifically made an informed decision to download such material knowing full well what it was.
I'm sorry, this doesn't make any sense. When there is rule of law, a person who ignores same and takes justice into his own hands is a vigilante. There is no rule of law on the internet. Therefore, strictly speaking, there can be no vigilantes.
Moreover, even if you're not as much of a persnickety douchebag as I'm being here, you're still forced to admit that this isn't really vigilantism: reporting to a provider that one of their clients is in breach of contract isn't "taking matters into your own hands," it's being a good netizen.
Let's examine this further: under some looser definition of "vigilante," examples of qualifying behavior include defacing offending websites, DoS attacks, threats of violence against SPAM purveyors, destruction of associated computer equipment, et cetera. All of these have in common that the "vigilante" is taking it upon himself to retributively violate the rights (or right-like constructs) of the offender in some semblance of justice.
It is from this violation that complaints against vigilantes stem, by most accounts: you have some rights, and they're considered inviolate except by the government (by which you somehow agree to be governed) just in the case that you violate a law. Having come to such an agreement, you find your rights abrogated by "vigilantes" who are not associated with the government and therefor whom you do not consent to enforce laws upon you.
It's pretty clear that even under this looser definition the above didn't violate any of the spammers' rights: that the spammers were violating their providers' terms of service was public information. Bringing attention to this public fact cannot be construed in any way to violate the rights of the spammers.
Most backbone contracts state that their services cannot be used for illegal purposes. Researchers pointing out to those backbone providers that the contracts have been broken doesn't strike me as vigilantism. Neighborhood watch gets my vote.
Viagra! Damn it... I knew I should have bought an extra months worth. I'm about to meet my Russian bride-to-be (still waiting for an email), and my Nigerian friend is going to send me some info regarding a business proposition. Not to mention that I've got to re-register with Paypal as there has been a security breech and my bank wants to confirm my password too. I know! I'll forward this on to all my friends. They can pass it on too and maybe I'll get lucky.
--- consort banana security boat incongruous athletics opportunity several thousand ants incorporated
No (Score:4, Insightful)
I don't think notifying providers of illegal activity that they then act on is considered vigilantism. If the spammers don't like it, they should sue.
Damned plankton eaters (Score:3, Interesting)
When you are breaking the rules, you can't complain when someone takes your toys away. I feel utterly zero pity/sadness/whatever in regards to this. As far as I am concerned, spammers are at the utter bottom of the food chain. Damned plankton eaters.
Re:Damned plankton eaters (Score:5, Funny)
You can't make an omlette without breaking eggs. I for one, and sick of finding spam in my omlette.
I tried to understand this, I really did.
Parent
Re: (Score:3, Funny)
The quote "You can't make an omlette without breaking a few eggs" means that you cannot always keep everyone happy.
I added to this to say that I was sick of finding spam (the food kind) in my omlette as a play on TFA which is all about spam (the junk kind) - which in the end means that if I was going to have some unhappy campers in this entire picture, I would choose the ones who are sending all the spam (the junk kind). Geez, next time I will just use a car analogy.
Re:No (Score:5, Insightful)
Some ISPs think they can cut or filter your internet activities because you consume too much bandwidth. It's probably in your terms of service somewhere (now or in the future, you'll sign or you won't get internet). Elsewhere on slashdot, if you mention "Comcast", an array of hysteria breaks out.
If these people are guilty of a crime, law enforcement needs to prosecute. If you can track the perpetrator to a US based location, then there's no "global problem" excuse. The only issue is that as a citizen there's no chain of custody on your evidence, so they'll have to do their own detective work. But once you know someone is probably guilty of something, you can probably find something on him. If the appropriate authorities are not interested in being involved, THAT is the problem worthy of public attention.
The ends don't always justify the means. Bypassing proper authorities is not appropriate when it's a big evil corporation chasing 12yo girls pirating Britney, and it's not appropriate from a group of well-intentioned vigilanties. We have law and law enforcement to prevent this sort of thing from happening. If they are inadequate, we should focus on solving that problem. It's true spam may not rate right now with unemployment and economic collapse...and that's not a bad thing.
I hate spammers and won't lift a finger to help them (I really ought to, I just can't overlook my hatred of them), but I worry more about the long term effects of people taking laws into their own hands and getting street justice. I worry about ISPs getting excessively involved in the content passing through their networks, and being, in any way, legally justified in moderating, censoring or controlling access based on anything other than whether your check cashes. I would rather tolerate a few low grade crooks than live in the kind of society where the lowest common denominator creates all laws.
Parent
Re:No (Score:4, Insightful)
There is a level of indirection here that you are ignoring, they were disconnected for the most part for hosting the C&C boxes for a bunch of large botnets. The botnets send the spam, not the spammers directly.
I think you would have a hard time arguing that hosting a bunch of massive botnets is excusable / legal.
Parent
Re: (Score:3, Funny)
That's no ISP.
Re:No (Score:4, Insightful)
But not powerful enough to defeat a "Neighborhood Watch".
Parent
Re: (Score:3, Insightful)
I think anyone who doesn't like the current vigilante approach should step up and implement something better.
At the moment there is no other option and they should quit whining.
Who Cares? (Score:2, Redundant)
Re:Who Cares? (Score:5, Funny)
Your comment fails to account for:
[x] Laziness on the behalf of the Slashdot readers
[x] Lack of time
[x] Boredom with the same auto-reply form
[ ] Puppies
Parent
Re:Who Cares? (Score:4, Funny)
Your "standard form" reply fails because:
[x] It is too short
[x] It fails to include humorous but not applicable options that are left unchecked.
[x] It lacks a "furthermore..." section
[x] You were clearly too lazy to put any real effort into...
Ah, to hell with it.
Parent
Re:Who Cares? (Score:5, Funny)
[x] Meh
Parent
Re:Who Cares? (Score:5, Funny)
[x] Your mom.
Parent
Re:Who Cares? (Score:5, Interesting)
You asked and I'm happy to oblige. As spam systems go this one scores fairly well. The biggest problem is the "worm-ridden Windows boxes" checkbox.
----
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Parent
This isn't anywhere near vigilantism (Score:5, Insightful)
Re: (Score:2)
Vigilantism would be action like that employed by the Lad Vampire. [wikipedia.org] This was just a bunch of experts asking companies to enforce their TOS.
This was my thought as well. These cases involved a process, review of proof, and action based on that review. If you accept that the TOS for the network providers is a legal document, then this is simply following the law. A vigilante is one who acts outside the law.
Re:This isn't anywhere near vigilantism (Score:5, Informative)
I just love getting contradicted by people who have no idea of the facts. Hint to mods: do some research before up-moddng!
Some evidence to support my position: McColo, a Californian-based company played house to some of the world's worst online criminal gangs and was booted off the internet following an investigation by Washington Post security researcher Brian Krebs. The company's online presence was extinguished after Krebs alerted McColo's access providers Global Crossing and Hurricane Electric earlier this week to the criminal material it was pumping out over their networks . [indiatimes.com]
Or how about this: McColo's termination followed closely on the heels of an incendiary report released by researchers from numerous security organizations and companies, including McAfee, Trend Micro and Arbor Networks, detailing shady criminal practices of ISPs like McColo and their connection with spam and cybercrime. [crn.com]
So it wasn't due to unanswered complaints sent to upstream providers, it was because upstream providers were notified of the issues by security researchers (to whom I referred as "experts").
Parent
Re:This isn't anywhere near vigilantism (Score:4, Insightful)
Parent
Vigilantes happen spontaneously (Score:5, Insightful)
When you have no law, nobody with legal authority, vigilantes and posses will form to deal with issues. Human history is filled with evidence of this. Usually, the citizens demand a code of law to emerge from the chaos after some gross miscarriage of justice is perpetrated by an overzealous vigilante. The internet hasn't had that yet.
The internet is still in the stage where vigilantes mostly take care of it, and likely will be for some time to come. Certain nations lay claim to certain aspects of internet behavior of their citizens (we almost all agree that child porn is bad, for example.) But the more restrictive you get, the fewer people are in agreement. We'll never get the whole globe to agree on standards for porn, political content, religious content, etc., so it will be almost impossible for a Global Internet Police Force to arise.
I think the undefined-but-pragmatic status we're in will last quite a while longer, and the vigilantism will increase. Maybe the future will hold an odd-bedfellows agreement along the lines of the UK/USA spying deal. U.S. vigilantes will not be extradited for committing a good-faith takedown of a Russian spammer. And Russian vigilantes will not be extradited for taking down an American spammer.
Re:Vigilantes happen spontaneously (Score:5, Insightful)
This isnt about vigilantes, or international law. No one went and did anything to these spammers, illegal (in any jurisdiction) or otherwise. Their OWN upstream ISP shut them off, presumably after it became aware of TOS violations. The day it becomes illegal to either report spam to an ISP, or for that ISP to shut off its customers that it determines are sending spam (or for any other cause [including the infamous 'for any reason we want' clause] listed in the TOS the customer agreed to), is the day the Internet dies.
Now, I'm sure the spammers are unhappy that volunteer citizens around the world track their spammy activities, and will do their best to whine and try to paint it as something illegal or wrong, but that doesnt change what happened.
Parent
Re: (Score:3, Interesting)
Yeah, and vigilantes have a long history of killing the innocents that happen to be near the Big Bad Man(tm) when the big brown slimy hits the fan. There's a reason we have laws, and a police force -- and it's partly to keep our casualties to a minimum. Vigilantism is nothing more than frustration combined with a big ego... And a hero can be properly defined as "someone who gets other people killed". Sure... it's just an internet connection... But the ethics are the same. Security researchers so often have
Re:Vigilantes happen spontaneously (Score:4, Insightful)
You live in a bad neighborhood. The local Dominos Pizza, their delivery drivers having been robbed numerous times when making deliveries in your area, have decided to effect a boycott of your neighborhood. They now refuse to drive down your street because your neighborhood is too dangerous.
Is it Dominos Pizza's fault that you share a neighborhood with scum and malevolent ilk?
It might not perfectly mirror the "sharing a network" analogy, but please don't complain about the poor widdle innocent third parties
These alleged innocents have chosen to NOT perform any diligence on the NSP that will be their upstream. These innocents have chosen to engage in business transactions with, and give money to organizations that finance or support criminal operations. Anyone helping the spammers are just as guilty as the spammers. Even more odd are the network providers that use their legit customers as human shields against the spammers. Obviously they have decided the income they make from the spam operations are more important than their legit customers.
Why does everyone insist on treating the internet like it's a public resource? The Internet is a collection of private networks (and private property). Peering operates through cooperation and agreements to play by the rules.
Place the blame exactly where it belongs with a caveat emptor to boot.
Parent
Of course there is (Score:5, Insightful)
Of course there's an element of vigilantism. This is the sort of situation that vigilantism is for.
Hopefully better ways to deal with the problem will come along soon. In the meantime, I hope the body count among innocent bystanders stays small.
And why is vigilantism just assumed to be evil? (Score:5, Insightful)
Does this "only the government shall administer law" doctrine apply to the civil rights movement? Greenpeace? Software piracy? Or just things we don't like?
One person's vigilantism is another's social activism.
Re:And why is vigilantism just assumed to be evil? (Score:5, Insightful)
Parent
Spammers are like Roaches. You can never (Score:2, Interesting)
No authorites needed to enforce a TOS agreement (Score:5, Insightful)
Re: (Score:3, Insightful)
Be careful what you say there. 'Illegal activities' can also mean a whole pile of other things we take for granted, like P2P copyright.
What are you talking about? What he says doesn't matter. Every connectivity provider already has TOS in their contracts that allow them to disconnect you based largely on their whims and fancies.
Spammers taken down by Vigilantes ?? So what (Score:2)
Hey, in the late 80's when the first spammers showed up, if the administrators/ISP's didn't close they're account, they'd get kping/attacked and taken off line.
Then the 90's came, with the STUPID aol metoo'rs. All the sudden, money became more important then integrity. Spammers' had a heyday, and everyone was afraid of the lawyers. The Internet started to really SUCK (is there anyone left out there that remembers archie and ftp?).
Now, all the sudden some security researchers are working with the press t
Re: (Score:2)
Yup, the good old days.
Back then, when google results actually returned something useful instead of 20 pages of useless links to price-grabber or experts-exchange.
Back then, when the newsgroups were still good.
Back then, when you could still post your picture of the Enterprise without getting on the wrong end of a law suit.
Back then, when most of the people online had an IQ in three digits.
Back then, when you could happily host a copy of the Jolly Rogers Cookbook without being called a terrorist.
Back then,
Re: (Score:3, Informative)
You bring up an excellent point. In response, I have edited my google.xml search file (C:\Program Files\Mozilla Firefox\searchplugins\google.xml) thus:
Old values:
And kill net neutrality? (Score:2)
So wait, you want net neutrality, but you don't like this so-called "vigilantism"?
Does. Not. Compute.
I'm sure the US government would love to help you (along with other private interests)
Re: (Score:3, Insightful)
The entire colo? (Score:2)
If I understand this right, the entire colo's link was taken down because they were hosting spammer servers. Fine and well for us I guess, but what are the chances some other, innocent folks were hosting servers there too?
I host a few web servers at a colo. I have no idea what my neighbors are serving up. If my sites were shut down without notice I'd be pretty unhappy.
Re:The entire colo? (Score:5, Insightful)
> I host a few web servers at a colo. I have no idea what my neighbors are serving up. If
> my sites were shut down without notice I'd be pretty unhappy.
Well, then you would sue the colo operator, wouldn't you? They are the ones who contracted to provide you with service. Would you blame the power company if it shut down your colo operator for breaching his contract with it by not paying his bill? Then why blame your colo operator's upstream provider for shutting him down for breaching his contract with them?
Parent
Re:The entire colo? (Score:5, Insightful)
I probably would too. Which is why one of the questions I ask before deciding to deal with a hosting or colo provider is "What kinds of customers will I be sharing a network with?". I look at what this provider's reputation is, what sort of history they have when it comes to spam, malware and similar things. Do they have a lot of complaints about spam and malware originating from their network? Are they known for investigating and taking action when problems are reported, or do they have a reputation for ignoring the problem for as long as possible? Do I find them showing up as a place to go for "bulletproof" hosting? Do I see their netblocks showing up in spam e-mail, attacks on my firewall or lists of netblocks known to originate malware? I make sure I've got answers to those questions that I like before I decide to do business with them.
Part of your responsibility when you start a business relationship is to know who you're getting yourself involved with. If you choose not to, don't be suprised when it comes back to bite you later.
Parent
Vigilantism (Score:3, Insightful)
You say that like it's a bad thing (Score:2)
Vigilantism, means, at the root, being vigilant. While it might be nice in theory to sit on your hands and wait for someone else to be vigilant on your behalf, we're doomed as soon as everyone takes that attitude.
If there's a guy in a tower with a machine gun taking shots into the crowd bellow, and some subset of the crowd has the ability to DDos, what would you want them to do?
--MarkusQ
Re: (Score:3, Informative)
DDos isn't going to do much against a guy with a machi
Two separate things here... (Score:4, Insightful)
As I understood, the colo in question was not shut down per se, it was simply severed from its internet connectivity as its upstream/backbone internet providers terminated their contract with them. Nothing special about that; business relationships are initiated and terminated all over the world every day.
Consequently, there was no "vigilanteism" in the strict sense as such, where normals citizens take the law in their own hands and act as if they had higher authority than they really have.
It was simply a case of concerned security researchers going to the upstream providers with evidence and saying "look what scum you do business with by providing connectivity, this is bad for the internet on the whole and it hurts your reputation", and the ISPs in question took action. If innocent customers of the rouge colo got hurt when the lines got cut, then they simply have to suffer the consequences of picking a bad host to buy services from.
Of course, if the proof the security researchers had gathered also proved that the shut-down colo in question had committed crimes, then the appropriate authorities need to be involved. But that is another chain of events, separate from the disconnection of the lines.
Re: (Score:3, Interesting)
> If innocent customers of the rouge colo got hurt when the lines got cut, then they
> simply have to suffer the consequences of picking a bad host to buy services from.
No, they need to sue the colo for breach of contract (a class-action might be appropriate here).
Not vigilantes (Score:5, Insightful)
No, not remotely vigilantism. Its not like someone went to these people and cut their fiber cable with a hacksaw - *THEIR ISP* turned them off, after it received reports of TOS violations and (presumably) investigated same. We should live in a world where all ISP's have and enforce anti-spam TOS, and actually investigate take action, as appropriate, when they receive reports of abuse, regardless of who the reporter is.
Re: (Score:3, Interesting)
I wonder if the "Our wireless network was open! It wasn't us spamming!" defence would work for them.
Re: (Score:3, Insightful)
It's quite a double-standard that we live in a world where SPAM is evil and ISPs should cut them off, and yet it's not OK to cut people off for sharing files that infringe copyright.
Well, a TOS violation remains a TOS violation. If you get service from an ISP and agree to not infringe copyright, then you shouldn't be surprised if you get cut off when you start downloading loads of videos without permission.
OTOH, it is users who cause problems for other customers of the ISP who really get stomped on. Spammers do this. So do people who use bittorrent without limiting their upstream bandwidth to well below the physical capacity. (Please don't do that if you've not got a business-class upl
Neonazi, spammer, child-porn-apologists targeted (Score:4, Insightful)
Since the '90s, various groups have labeled other groups as "internet scum" and targeted them for banhammers.
Sure, providers of child porn an, in France and Germany, stand no chance against the national police. But everyone else - American Nazis, spammers, 409 scammers where protected by law, and those advocating unorthodox positions like "sex with children is okay" or "gay fags don't deserve to live" are generally left alone by governments.
Like-minded individuals like to get together and fight what they see is an abuse of the net and/or an abuse of free speech. Right or not, the party that "wins" is usually the party with the most political and financial might.
If a small church group goes at it alone against a well-funded Neo-Nazi organization, they will go nowhere. On the other hand, if a large denomination spearheads a global effort to get a lightly-funded neo-nazi organziation kicked off their ISP under threats of boycotts, bad press, etc. the neo-nazi organization's web site will soon go dark.
Oh, it helps to have the ISP's and upstream's moral-compass on your side: If the Neo-Nazi's ISP and upstreams are very pro-free-speech, you may not get far no matter how much influence you wield. If on the other hand they aren't very pro-free-speech but are pro-racial-equality, then they'll help you find an excuse to terminate their contract or not renew it.
Back in the days early days of spam, a major spammer paid handsomely for a very friendly upstream provider. However, the pressure finally got to be too much and they gave him a non-renewal or 30-day termination notice under the "we simply no longer want your money" clause.
Ultimately, society will have to decide if your rights to say anything you want to anyone you want who will listen on your Internet connection is a right that can be negotiated away by contract. Note the "who will listen" clause - that doesn't cover spammers, but it does cover people spewing neo-nazi propoganda and the like to people who ask to hear it. It arguably doesn't cover "force fed" material like content that lives beyond the current session or affects your computer outside the browser, e.g. malware, or even "surpise" material like Goatse, unless you specifically made an informed decision to download such material knowing full well what it was.
Whatever you believe... (Score:4, Informative)
undefined in this context; even so, no! (Score:3, Insightful)
Moreover, even if you're not as much of a persnickety douchebag as I'm being here, you're still forced to admit that this isn't really vigilantism: reporting to a provider that one of their clients is in breach of contract isn't "taking matters into your own hands," it's being a good netizen.
Let's examine this further: under some looser definition of "vigilante," examples of qualifying behavior include defacing offending websites, DoS attacks, threats of violence against SPAM purveyors, destruction of associated computer equipment, et cetera. All of these have in common that the "vigilante" is taking it upon himself to retributively violate the rights (or right-like constructs) of the offender in some semblance of justice.
It is from this violation that complaints against vigilantes stem, by most accounts: you have some rights, and they're considered inviolate except by the government (by which you somehow agree to be governed) just in the case that you violate a law. Having come to such an agreement, you find your rights abrogated by "vigilantes" who are not associated with the government and therefor whom you do not consent to enforce laws upon you.
It's pretty clear that even under this looser definition the above didn't violate any of the spammers' rights: that the spammers were violating their providers' terms of service was public information. Bringing attention to this public fact cannot be construed in any way to violate the rights of the spammers.
Vigilante too strong a word (Score:2)
Most backbone contracts state that their services cannot be used for illegal purposes. Researchers pointing out to those backbone providers that the contracts have been broken doesn't strike me as vigilantism. Neighborhood watch gets my vote.
I'm out of (Score:3, Funny)
Viagra! Damn it... I knew I should have bought an extra months worth. I'm about to meet my Russian bride-to-be (still waiting for an email), and my Nigerian friend is going to send me some info regarding a business proposition. Not to mention that I've got to re-register with Paypal as there has been a security breech and my bank wants to confirm my password too.
I know! I'll forward this on to all my friends. They can pass it on too and maybe I'll get lucky.
---
consort banana security boat
incongruous athletics opportunity
several thousand ants incorporated