jQuery Dev Bemoans Overwhelming Spam On Google Groups 251
angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting:
"The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."
Perhaps a new mail header? (Score:2, Interesting)
Maybe if we created a mail header with the pgp signature of the message in it we could train our spam filters to filter on that. Google could silently inject the header into its mail clients... no one would need training. Email would look the same. Clients unaware what to do with the header could ignore it. Inside systems like Groups you could see "verified" or not on the email.
Tragedy of the Commons (Score:5, Interesting)
I used to be an avid newsgroup participant way back in the day. The flamewars were legendary, and the amount of technical information exchanged on some of those groups was beyond description.
If there were a way to use spammers for fuel, I'd have no qualms solving our energy woes that way ...
Yahoo chats have had similar syndromes (Score:3, Interesting)
Yahoo chat as well seems to be overtaken by this spamfest. They have tried to address it with captchas, but the spammers simply go ahead and entire the captcha code and keep spamming. They could require credit card verification to make it harder to open massive numbers of accounts, i suppose. Maybe they could have some sort of scanner that would look for sequences that could identify common patterns in spam messages and flag these messages for moderation. Even moderation itself is ripe for abuse with moderators who abuse that power that they have. Perhaps another solution is a voting system on particular messages like that on slashdot, in this case, simply as to whether the message is spam or not, the messages which are voted to be spam are basically collapsed but could be opened with a click, or can be shown with a show "spam marked messages" feature. Could be useful both on chat and also on message boards.
and Blogger too (Score:4, Interesting)
Re:Perhaps a new mail header? (Score:2, Interesting)
sounds like a good idea, it seems. For this to work, can the correct signature be made only by the users private key, on the text in the email message, so someone couldnt just take the public key or whatever and spoof the signature?
Time to bring back the cancelbots? (Score:5, Interesting)
If this is a Usenet group that Google Groups is just providing an interface to, I guess it's time to bring back the cancelbots. UDP against Google. It's come close before.
If this is one of the Google Groups that's a web forum, then they need to require that you actually log in before posting.
Unusable indeed (Score:2, Interesting)
I've been wondering if/when Google would make some sort of effort to deal with the problem. You'd think that a company that's gone out of their way to hire brainiacs could come up with *some* sort of solution. I'm a little surprised they've let it spin this far off into the weeds.
Re:Tragedy of the Commons (Score:3, Interesting)
> I used to be an avid newsgroup participant way back in the day.
I still am. Competent news services such as Newsguy are able to remove enough of the spam to make it tolerable.
Re:Finally, someone important points out the obvio (Score:4, Interesting)
Maybe it's because they want to encourage you to use Gmail, which they control and can extract some income from, instead of Usenet, which they have only a passing acquaintance with and can't squeeze a penny out of.
Re:Yahoo chats have had similar syndromes (Score:2, Interesting)
Ebarassing for group admins (Score:5, Interesting)
I created and admin a Google group for my son's high school team. We have coaches about 120 parents in the group.
Even though it's a pain in the ass, I chose to moderate messages for new members. Still, spam gets through. As the group's admin, it's embarrassing to see graphic messages and know that all the parent's on my kid's team are seeing it. Also, moderation means that some messages may not get through in a timely manner.
I'm looking to migrate the group to an alternative now.
Spammers are spoofing Google Groups (Score:3, Interesting)
Re:Join the 21st Century (Score:3, Interesting)
Nope. I belong to the AVS (audio-visual science) forum for awhile, and stated matter-of-factly that digital TV has reception problems and the converter boxes from Dish are junk. I was banned.
You can't have free speech in a system where the Sysop is like a dictator - deciding what can or can not be said. Even a benevolent dictator can be bad. Usenet offers a place that is libertarian in nature - people police themselves - and nobody gets censored even if they are whackjob KKK members.
Re:Perhaps a new mail header? (Score:5, Interesting)
If a spammer can easily spoof a legitimate user's cryptographic signature on a given block of text I would be very surprised. The only practical way that could happen would be if the user's private key was compromised - if that's the case you just issue a revocation certificate for the compromised key.
Requiring users to sign up using their public key and then requiring all posts to be signed isn't completely ridiculous. It may be a OTT for most groups and possibly beyond the ken of a lot of users, but it could be done. You would just have to parse the all incoming mail to make sure they had a valid signature and that the signature was made using a key that matched a register group member. Although I couldn't comment on how much processing overhead that would create.
Re:Finally, someone important points out the obvio (Score:5, Interesting)
Re:Tragedy of the Commons (Score:3, Interesting)
Re:Join the 21st Century (Score:3, Interesting)
I'm not the OP, but I use Slashdot's web UI because they haven't created an nntp gateway for me yet. :-)
Once that is done, you won't see me using this web-based interface, believe me. I'd be using Yarn here, or maybe slrn with slrnpull.
The content here is decent for the most part (STN ratio is often quite good). It's the interface that sucks.
Re:Time to DIY (Score:3, Interesting)
1. How can you steal a service that's provided to you for free?
My internet service is not provided to me for free. I pay for it. I reserve the right to accept or reject advertising as I see fit. People who not only force advertising on me, but do it in a deceitful manner, deserve nothing more than forcible, unlubed sodomy during the half time show of the Super Bowl. Spammers are roaches and should be treated as such.
Re:Block posts to Usenet via Google (Score:3, Interesting)
I have 2 Gmail accounts but access them via POP3. Gmail's spam filters work perfectly. I get zero spam. Although there are hundreds of spam messages in the spam folder none of them get through to me. Why can't they do the same thing to newsgroups?
Is there a reason to keep archives private? (Score:5, Interesting)
This is more to do with Yahoo Groups than Google Groups but they seem similar. Recently I've joined several Yahoo Groups about specialized ham radio topics. Nearly all of them keep their archives private. I have apply to join (basically push a button and say who I am) and then wait for approval from the admin. Once approved I can read the archives and also post. Posting from members is usually unmoderated. It's painless enough but still very frustrating when I'm just searching around for information and a quick look at the archives is probably all I want.
I don't mind having to join if I want to post but do they achieve anything by keeping the archives private? Yahoo obscure the email addresses so spammers' 'bots are not going to get much from them. I've asked several admins "why do you keep the archives private?" and have not received a convincing answer. It usually goes something like "I understand your frustration but we have a lot of trouble with spam" and sometimes goes on to imply what a silly question I asked. Well ... I still don't see how keeping the archives private helps to reduce spam. I haven't been a group admin so maybe I'm missing something.
I can understand keeping archives private or non-existent for a group on a personal or private subject but that doesn't apply to these groups.
My guess is that this is Yahoo's default setting when a group is created and few admins really think about it. Of course Yahoo want as many people as possible to join.
Re:Finally, someone important points out the obvio (Score:3, Interesting)
Bingo. They need a moratorium on new products for 3 years while they chain the engineers to big, burly product managers and get all of their offerings on the same page.
Of course, that's (more or less) what happened at Yahoo!, and Google took the opportunity to fly right past them.
Re:and Blogger too (Score:3, Interesting)
Blogs ARE spam 99 times out of 100, its hard to implement spam filtering when the content in and of itself might as well be spam.
Re:Join the 21st Century (Score:1, Interesting)
Just look at any project that has both mailing lists and forums. The technical discussion will be on the mailing list while the forums only seem to exist as a honey trap for retards.