Trackbacks Are Dead

 

Jeff Atwood has a recent post on why he finally gave up and disabled Trackbacks on his blog. My blog is the tiniest fraction of his and I had to disable trackbacks just for sheer spam volume back in October (inspiring an anti-spam rant of my own).

Jeff lays the blame for Trackbacks' demise on Six Apart--the outfit that created the standard in 2002. Ah, those heady glory days when you still had to explain to people what a blog was. Trackbacks were a great idea. They still are a great idea. But Jeff is right, the simplicity of the standard has left it wide open to abuse and that abuse has killed them dead.

So my question is (to Jeff or anyone else), how would you alter the design to make the standard more robust?

My initial take on it was to alter the standard to incorporate a public key exchange and a signature. But then I realized that, hey, spammers can create asymmetric keys as well as anyone else can. In other words, the problem isn't being able to authenticate the link--it's being able to evaluate the linked post.

Jeff's current stop-gap of finding links to his posts through Technorati seems like a reasonable short-term solution. Introducing a third party is problematic, though, because it leads to inevitable issues in finding a trustworthy third party that will carry the authentication burden for you (as well as traffic and processing costs as people ping them for link verification). Indeed, Akismet (a popular stab at trackback filtering) has those same third-party screening issues and isn't substantively different from Jeff's use of Technorati.

I suspect that the problem might not even be in bad design by Six Apart, however. The thing that makes Trackbacks so popular and led them to be so widely adopted is that it allows the creation of inter-post linkages from unaffiliated sources with very little effort. I'm afraid that any solution to the trackback problem is going to necessarily involve increasing the effort of unaffiliated linking to a point where it becomes much less attractive.

A Stab in the Dark

That said, here's two thoughts about potentially rewarding avenues for solving the problem picked up from spam solutions in other realms.

First from email spam, and recognizing that I'm pretty thoroughly ignorant of the underlying mechanisms involved in Bayesian content analysis, I wonder if there might be some useful application for content analysis here. Spammers are increasingly sophisticated in overcoming content analysis, though. Trackbacks may be easier to analyze, though, because they have an easily available comparison text (the originating post). It may be easier to compare your post with that of the linker and come up with a tougher analysis than you can in, say, a lone email. I don't know about that.

Second, the key to the success of spamming is that they have such a very low cost per "signal" (email, comment, trackback, what have you). Their only incremental cost is bandwidth to find blog posts and to send trackback signals. Raising those costs can have a significant effect on spam. This is essentially the key to Captcha's success in curbing comment spam. If a trackback request prompted a user-interactive Captcha-like query, that alone may well be enough to stem the vast majority of trackback spam. Perhaps a design amendment that included a short interaction on a trackback ping would be successful in cutting spam back to manageable levels.

In looking at those two ideas, it occurs to me that the main problem with a Bayesian solution is that it places the burden (both in implementing the Bayesian algorithms and in processing the incoming links) squarely on the target of the spam. This can lead to an unwanted side-effect by leaving your blog much more open to another Internet dirty trick--denial of service attacks. Frankly, you don't even have to deny service to affect a lot of private bloggers--attacks that increase their bandwidth usage would be as unwelcome to many as a full-on denial might be. After all, it doesn't cost you extra hosting fees when your blog goes down.

So maybe that means I only really have one thought/solution/suggestion. Bayesian analysis would be cool for the AI geeks, but not terribly practical in the constrained environment confronting most bloggers. I wonder what it'd take to create a Captcha mechanism in trackback notification?

21. December 2006 11:59 by Jacob | Comments (2) | Permalink

Spam: Not a Tragedy

The tragedy of the commons is a well-recognized break-down in any free-market. To summarize brutally, any resource held in common ownership will tend to be overused. You don't have to go further than your own kindergarten experience to know that you eat the candy shared by the whole classroom before you eat what you brought for yourself. Well, candy is pretty straight-forward, but some resources are renewable if husbanded carefully (the name comes from common grazing grounds for sheep). Over-use will destroy the resource, but since nobody owns it, nobody has any incentive to cut back and a very real incentive to use the free resource while it lasts.

I bring this up because I often see spam presented as a tragedy of the commons--the common being internet use, first email, but recently blog comments and trackbacks. In other words, the internet is a shared resource prone to over-use. I think this is a flawed diagnosis and leads us to ineffective corrective action.

Not a Commons

The first problem is that spam doesn't use a common resource. Somebody owns the emailbox and the blog posts that are being high-jacked for selfish purposes. Trackbacks and comments are a way to build community and are for the use of that community. Co-opting the community space for unrelated adverts just because you can is the equivalent of someone burning down the commons because they want to roast marshmallows.

Fair Use

The second is a bit more wobbly because it involves a judgement. Since it is, in this case, my judgement I'm okay with that. The reason the usage of a commons is a tragedy is that two goods cannot be satisfied simultaneously--you cannot open the commons to community grazing and have a healthy commons. Spammers serve no useful purpose. Spammers are parasites on the stupid, playing the long-odds because their costs are so low they can afford a business plan that consists of fractions of a percent response rates. I know five-year-olds who know better than to believe any claim presented in all lower-case. Spam exists because standard marketing methods--methods that are, make no mistake, fifty million times more effective--won't work for their products. And that's assuming any of the spam actually leads to product changing hands.

Not Giving Up

Unfortunately, discussions about spam seem to me to have a certain sense of doom and the inevitability of eventual defeat to them. It's like we've given up because solving the problem is simply too hard. Yes, the evil is large, but the fight is worth it. That's my paladin side. Here's my rabid part:

Things to do about spam
  • Support those who are fighting the technical side of this battle. Bayesian filtering techniques are a good start and other technical hurdles are being put in place to weed out the college boys and also-rans. This is a good thing. If you are being annoyed by spam, look for and implement the solutions other smart people are creating to fight the menace.
  • Mock anyone stupid enough to fall for the snake-oil. Seriously, with response rates that low, every denied sale is a win. People too old or too young to know any better should probably be, kindly, escorted to more age-appropriate activities. Anyone stupid enough to go from receiving spam to sending someone money probably shouldn't be allowed near electricity.
  • Advocate laws with some real teeth in them. I'm not talking the useless piece of crap I have to put up with here in Utah*. I'm talking something with maybe a geometric fine structure--i.e. $1 for first email, $5 for second, $5 million for every one after that. Or real drug-dealer-type jail time. Or any of my previous ideas if you think they're feasible (probably not).
  • Look for opportunities to hit back. I have to be careful here, because I'm not talking about physical violence (necessarily). I'm talking about learning who they are, what they do, and applying your own creativity to how to go about hurting them.
  • And finally, if you ever actually learn the identity of a spammer, don't hold back--within legal limitations, of course. Let them know what hard-working, honest folk think of scum-sucking parasites like they are. Be colorful (and complete) in your own personal idiom. Make them fear exposure like those perverts being caught on camera making appointments with 13-year-olds. Fear is healthy--particularly for fart-weasels like these.

I'm honestly not plugging to become Mr. Angry or anything (though I can go into a good rant now and then). I have just come to despise the total waste of skin embodied by these leeches and want them to die in screaming balls of metallic wreckage.

*summary of Utah's "anti"-spam law: small-claims court, $12 per spam. note: it costs $40 to place a small-claim--potentially recoverable as damages, but that's a bet with long odds...

 

Technorati tags: , , ,
18. October 2006 14:52 by Jacob | Comments (0) | Permalink

Spammers Suck

There's been an uptick in spamming lately. Some believe that it's a result of growth in the number of botnets out there (groups of computers that have been compromised by third-parties to run whatever the third-party wants them to). Personally, I think it's because the penalties for spam aren't stiff enough. After cleaning up my trackback backlog, I'm ready to consider anything. I'm ready to lobby for tar and feathers if that'll help. Judging by the amount of spam for drug suppliers, I'm thinking we can kill two birds with one stone and clear out the FDA's backlog with a population sleazier than an ex-lawyer, used car salesman, turned politician. And if we run out of FDA backlog, I've a few suggestions we might try. I know cyanide is reputed to be harmful, but have we tried it lately? And since we can't seem to decide as a society what constitutes torture, let's get together and try some edge-cases. Maybe not, though; I'm not sure how my reaction might relate to actual people, thus invalidating the exercise. 
Also, it occurs to me that spammers are a pretty technical lot--they have to be in order to do the job that they do. So here's the question: what do you do if you meet one? Seriously, chances are that I'll run into a real, live spammer at some point in the not entirely distant future. Since I firmly believe in the efficacy of ostracism as a way of enforcing societal norms, I'm thinking that mocking may be in order. It's not entirely out of the question that I'll spend odd moments in the next week or two thinking of good ways to make clear what I think of a spammer's upbringing, lineage, and personal habits. Anybody who would work for spammers deserves to be banished naked and penniless to a tropical island with natives willing to perform non-stop their brutal rituals of shame. We can't have entirely stamped out those old island head-shrinkers, right?
 
Technorati tags: , ,
18. October 2006 01:17 by Jacob | Comments (0) | Permalink

Calendar

<<  March 2017  >>
MoTuWeThFrSaSu
272812345
6789101112
13141516171819
20212223242526
272829303112
3456789

View posts in large calendar