2112
12-01-2006, 02:47 PM
Charles Arthur
Thursday November 23, 2006
The Guardian
The other day, while administering the Free Our Data blog (freeourdata.org.uk/blog if you haven't stopped by yet), I came across an unusual piece of comment spam - a remark left on one of the blog posts. It was advertising a site offering share tips. No surprise there: "pump and dump" spam, as we've pointed out, has become a principal form of email spam, and spammers seem to have found that people are searching for share advice online (a worrying enough thought on its own).
Article continues
The surprise was that despite the automated defences to prevent such junk being posted by a machine, it had got through. The junk filter stops hundreds of such attempted spams daily without a murmur; so far it's stopped 10,000 spams while allowing 377 human comments. So why had this got through? The electronic trail explained: the "captcha" (Completely Automated Public Turing test to tell Computers and Humans Apart) had been filled in.
The captcha is the junk filter's last resort. Because it's easy and cheap to program machines to post any sort of junk on blogs, a captcha (which puts numbers or letters in an image, which a machine in theory can't read) shows whether you've got a real live person giving their thoughts, or just a dumb machine trying to up some spammer's search-engine ranking.
If the captcha was filled in, it must have been done by a person; if it had been done by a machine, the spammers would have cracked the problem of solving captchas and would be busily spamming every blog they could find.
So who had done this? The junk filter had recorded their IP (internet) address. It resolved to somewhere in India. Which rang a bell: earlier this year, I spoke with someone who does blog spamming for a living - a very comfortable living, he claimed. But he said that the one thing that did give him pause was the possibility that rival blog spammers might start paying people in developing countries to fill in captchas: they could always use a bit of western cash, would have the spare time and, increasingly, cheap internet connections to be able to do such tedious (but paid) work.
A few days later I read a stunning report by George Packer in the New Yorker magazine - regrettably, it's not online - about the sprawling mega- city of Lagos in Nigeria. It's the world's sixth largest city, and growing fast; the concept of urban planning has collapsed and life is eked out from the margins of existence. Corruption isn't an occasional hazard; it underpins a near-feudal society. While there, Packer was approached by one of his guides, who offered him the promise of riches looted from a despot; the classic Nigerian scam.
Packer declined politely, attaching no blame to his would-be scammer: "He would have been regarded locally as a fool if he hadn't tried to exploit [me]," he noted without rancour. Elsewhere this week, deliveries began of the hand-powered laptop, Nicholas Negroponte's computing gift to the developing world.
I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business.
· In January I suggested that "spam has passed its peak". Oh well. I guess I'll have to sit in the corner with Bill Gates, who declared in January 2004 that "spam will be solved in two years". After you with the pointy-D hat, Bill.
Thursday November 23, 2006
The Guardian
The other day, while administering the Free Our Data blog (freeourdata.org.uk/blog if you haven't stopped by yet), I came across an unusual piece of comment spam - a remark left on one of the blog posts. It was advertising a site offering share tips. No surprise there: "pump and dump" spam, as we've pointed out, has become a principal form of email spam, and spammers seem to have found that people are searching for share advice online (a worrying enough thought on its own).
Article continues
The surprise was that despite the automated defences to prevent such junk being posted by a machine, it had got through. The junk filter stops hundreds of such attempted spams daily without a murmur; so far it's stopped 10,000 spams while allowing 377 human comments. So why had this got through? The electronic trail explained: the "captcha" (Completely Automated Public Turing test to tell Computers and Humans Apart) had been filled in.
The captcha is the junk filter's last resort. Because it's easy and cheap to program machines to post any sort of junk on blogs, a captcha (which puts numbers or letters in an image, which a machine in theory can't read) shows whether you've got a real live person giving their thoughts, or just a dumb machine trying to up some spammer's search-engine ranking.
If the captcha was filled in, it must have been done by a person; if it had been done by a machine, the spammers would have cracked the problem of solving captchas and would be busily spamming every blog they could find.
So who had done this? The junk filter had recorded their IP (internet) address. It resolved to somewhere in India. Which rang a bell: earlier this year, I spoke with someone who does blog spamming for a living - a very comfortable living, he claimed. But he said that the one thing that did give him pause was the possibility that rival blog spammers might start paying people in developing countries to fill in captchas: they could always use a bit of western cash, would have the spare time and, increasingly, cheap internet connections to be able to do such tedious (but paid) work.
A few days later I read a stunning report by George Packer in the New Yorker magazine - regrettably, it's not online - about the sprawling mega- city of Lagos in Nigeria. It's the world's sixth largest city, and growing fast; the concept of urban planning has collapsed and life is eked out from the margins of existence. Corruption isn't an occasional hazard; it underpins a near-feudal society. While there, Packer was approached by one of his guides, who offered him the promise of riches looted from a despot; the classic Nigerian scam.
Packer declined politely, attaching no blame to his would-be scammer: "He would have been regarded locally as a fool if he hadn't tried to exploit [me]," he noted without rancour. Elsewhere this week, deliveries began of the hand-powered laptop, Nicholas Negroponte's computing gift to the developing world.
I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business.
· In January I suggested that "spam has passed its peak". Oh well. I guess I'll have to sit in the corner with Bill Gates, who declared in January 2004 that "spam will be solved in two years". After you with the pointy-D hat, Bill.