On Mon, Sep 27, 2010 at 11:07 AM, Swaying Trees
<swayingtree(_at_)yahoo(_dot_)com> wrote:
I have some experience in fighting off intentional internet crime of a few
different types so I have that mentality and I'm interested in stop spam. I
love creating systems to catch the bad guys and I've been successful at it
in a few different arenas.
Types of spam being targeted:
1. Forum/comment/website/blog spam
2. Video spam (youtube)
3. Basically most spam but not email spam.
Basic idea: USE the eyes of the public. The public is the target of spam.
They're the ones that see it. Let THEM take care of the spam problem. They
will be happy to do so.
What is this assumption based on? We all know how poorly users
respond to "training" scenarios with email spam. Most of them just
don't want to see spam and have no interest in policing the internet.
All we need to do is this: Let 3 established users of that website flag the
spam and hide it. If reporters abuse this feature, their accounts will be
canceled or suspended so they have to be sure its really spam. Only let
users with a certain account age flag spam (3 or 6 months, for example).
People with new accounts can also flag it but it doesn't hide it right away.
Instead it goes into an Spam approval que where more experienced users can
take action. The problem is complex because these are human spammers so the
solution has to be significant as well.
This is not a well thought out system. You're assuming people want to
help you, that they will be accurate, and that they will be honest.
These are bad assumptions to make. I won't bother to point all all
the holes in this leaky boat, but consider what happens when one group
of users simply disagrees with another group or individual.
Scenario: Spammer posts comments on message board. 3 people flag it and its
deleted automatically and the spammer's account is disabled. It can be
renabled in case of a false alarm and if the user confirms they're not a
spammer. No system is perfect but if it stops 95% of the spam coming in, its
good enough. Spammers will realize that its simply not worth it if only 3
people can see their message and have the account disabled.
This would work for Yahoo messenger also. 3 people flag an account as spam
and that's it. Different checks and balances can be created to take care of
different "what if" situations.
Create a central website for example "flag the spam.com" (FTS). This is how
it would work: On every piece of user created content (comments, videos),
there is a "report" button, that makes a link to the FTS site. For example
there's a spammer on Facebook or Youtube. When the FTS site receives reports
from 3 people, it sends back an email to the website reporting the spammer's
username). Facebook/Youtube automatically takes immediate action, deletes
the comments and spam and disables the user account. The flag icon (looking
like a trash can icon) would become a universal "report spam" symbol.
Website owners could either let FTS do the work, or buy the software from
FTS to install it on their websites. I've thought of creating a system like
this and testing it out on smaller websites to the bigger ones can see it
really works.
As mentioned, checks and balances could be created to take care of security
and false alarms as much as possible. Secure keys and codes can be exchanged
to make sure messages being exchanges are genuine and not fake. When there
is so much spam going around, even if 3% of all reports are false, its still
ok.
For spammers who create fake blogs or websites for traffic generation, the
same approach can be used to send reports to Google so their site can be
excluded from searches. The goal once again: Make spam reporting quick and
easy for the public.
This is not true right now. Its difficult to report a certain website to
Google for spam. Similarly, Facebook spam gets reported to admins who take
action. Thats slow and there arent enough admins. Its very hard to report
spam comments on Yahoo news. Also, action taken is slow.
For email spam, let each email server obtain an anti-spam certification
which means, they take action against people who spam. Anyone who doesnt
have that certification, will get a "spam" point meaning, their email will
be more easily caught in spam filters. This creates a motive for email
server admins to get certified. Black listed email servers which dont take
any action against should not be entertained by other servers. They'll be
left out of the internet cloud with no choice but to fix themselves. A
system can be created to take care of cheats and other things.
Email spam is 95% of all emails sent. We cant fix this serious problem
without having a serious solution.
Does anyone have any thoughts?
A lot of very smart people have put a lot of thought into these issues
before. I think you might want to become more familiar with the
existing solutions and the theories behind them.
Steven
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg