One Man's Fight Against Forum Spam 245
JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."
Illegal (Score:1, Interesting)
No matter your reason, it's illegal to access other peoples email accounts without their permission. Even more so when you disable the accounts.
If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.
Re:Illegal (Score:1, Interesting)
He says it's "a legal gray area".
Can you say specifically what laws he has broken, and in what jurisdiction?
It's not very clear to me exactly what he did, so I'm on the fence as to whether he committed a crime.
In order for me to say he committed a crime, I need to know very specifically what law was broken and what evidence supports the accusation. Generally, my standard for evidence is an approximation of the federal rules of evidence, but I am not very strict about it.
Re:So silly.... (Score:3, Interesting)
The reason why
Re:Illegal (Score:5, Interesting)
If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.
So, just as an analogy, if the police decided to stop enforcing laws against auto theft, you believe it would be wrong for others to do so. I don't think that holds water. What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so. The simple fact is that the government is not able to even begin to scratch the sheer volume of spam, nor is it interested in going after spammers unless it can wrench a large settlement and some headlines out of the deal. If we wish to preserve the Internet as a medium for the exchange of ideas, some of us must take action to protect it from those who exploit it at a very real, monetary cost to innocent people.
Re:Illegal (Score:1, Interesting)
That's not at all what he's claiming. He's claiming that since a robot is operating the account, and he disagrees with the motivation behind the running of that robot, it's OK for him to hack into someone else's account. He even admits that a human being has to initially open the mail account before turning on the software to run it.
I dislike people who have their POP clients set to download email every minute and process it using filters to put any email from me into a special folder. Does that give me the right to then hack their email accounts and take them over? Using the logic RD outlined above, it very much does. Which should show just how spurious his logic is.
There's a reason why your mother taught you that two wrongs don't make a right. The world would be a better place if more people remembered that.
Spammers are getting good (Score:5, Interesting)
As someone who deals with forum spam on a daily basis, I'm rather surprised at how intelligent the spambots are becoming.
Of course there's always the blatant, obvious spam (99% of which are video encoding tools for iPad, iPhone, etc). But I've recognized two other types of very covert spambots.
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.
The second type uses a database of sentences harvested from other websites, and attempts to post a sentence that matches keywords in that topic. Usually I can spot those because they aren't exactly on topic to the thread. I've also seen these modify various throw-away words, like adjectives and articles, so the sentence isn't an exact copy of the original source.
Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
I've also noticed that the vast majority of spambots use yahoo.com email addresses, so yahoo's captcha must be weaker than gmail / hotmail.
Now on the topic of this story, I don't quite understand. The forums I moderate have a few spambot accounts created daily (using recaptcha and custom implemented captcha). So it's not like there's just a couple spambot accounts causing all the trouble. Over the course of a month it around a hundred different accounts. So I don't see how this hacker is helping anything going after accounts one at a time manually.
Re:So silly.... (Score:4, Interesting)
Anyway, slashdots system isn't perfect, and is designed to do more than kill spam. Regardless I think it works fairly well for what it does.
For eliminating spam in forums and comments, all you need to do is this:
Give the readers the ability to mark comments as spam with one click, and, as long as the reader has a decent history of not abusing the priviledge, the message will disappear immediately.
This isn't that hard, but to do it well isn't trivial either. Probably best done by a company like Disqus where it is their business.
There would need to be some checks and balances, where a person can get reported for erroneously marking something as spam. The system needs to be scalable, so that the admin of the forum doesn't have to deal with much, as all the work is done by users, and there is a checks and balances system to determine how much to trust users.
The nice thing is that over time it reduces the incentive to bother spamming the forums, since (typically) the first person who sees a message, eliminates it. Also, on a system like disqus, where you have a global identity with some history, it could be smarter about how prominent to make posts if the person has no history of posting without being marked as spam.
Re:Illegal (Score:5, Interesting)
Well, his other point was, who’s going to complain? the robot?
Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.
Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...
Re:Illegal (Score:4, Interesting)
I think you're right, but is it more illegal than spamming? I believe the kind of spam sent by these people/bots is illegal in the United States and several other countries (though I'm not american, so I may be wrong). The sender is hiding his identity, deliberately getting around spam prevention systems and offering no method for opting out. So we're dealing with criminals here, and what is law enforcement doing about it? Random Digilante writes in his blog that he contacts ISPs, who would normally be expected to investigate these people (who inclusively break the ISPs own terms of service), but they usually do nothing. So while the taking over of e-mail addresses registered by criminals for the sole purpose of breaking laws and annoying the hell out of everyone may not be exactly nice, shouldn't you save your indignation for the actual spammers, their customers, ISPs, law enforcement agencies and lawmakers? Or for people who are out in the streets embezzling, scamming, mugging, kidnapping, raping and murdering?
Re:Spammers are getting good (Score:5, Interesting)
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts. ... A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
For another example of this exact thing, just look at slashdot user clint999.
http://slashdot.org/~clint999 [slashdot.org]
Last post was yesterday... it’s still active. Funnily enough it almost always posts exactly 30 min. after the hour, but not every hour.
Re:So silly.... (Score:5, Interesting)
Re:Illegal (Score:4, Interesting)
But he is doing this on other people's sites. Including mine, coincidentally. I already have spam filtering methods in place. Spambots can register but they can't do much of anything. I "trap" them quite effectively.
I'm rather annoyed that he is breaking into spambot accounts on my site and sending me messages to deactivate their accounts. I don't need to deactivate their accounts--they are well-contained already. His "helpful" messages wind up being a greater irritant to me than the spambots themselves. I don't need you to tell me how to run my site, thanks.
Re:Illegal (Score:3, Interesting)
As a juror, I would have a hard time voting to convict a person for such an offense. There is very little you can do legally against spammers, so just as the legal system turns a blind eye to their actions, there's nothing wrong with doing the same to vigilantes going after them.
Ballot and jury don't work across borders (Score:3, Interesting)
And that action should go through the boxes in the correct order without skipping any. Jumping right to the 'ammo' box isn't the right way to do things in a lawful society.
Soap, ballot, jury, ammo: Ballot and jury fail unless the parties have substantial assets in the same jurisdiction. So I don't see anything wrong with skipping to ammo against judgment-proof [wikipedia.org] spammers.
Re:Make a filter (Score:2, Interesting)