Journal tags: spam

Running The Session and Huffduffer is immensely rewarding …most of the time. There are occasions when the actions of a few bad apples make it a real pain in the bum.

Yes, I’m talking about SEO spammers.

Huffduffer tends to get it worse than The Session, but even then it’s fairly manageable—just a sign-up or two here or there. This weekend though, there was a veritable spam tsunami. I was up late on Friday night playing a constant game of whack-a-mole with thousands of spam postings by newly-created accounts. (I’m afraid I inadvertently may have deleted some genuine new accounts in the trawl; if you signed up for Huffduffer last Friday and can’t access your account now, I’m really, really sorry.)

Normally these spam SEO accounts would have some pattern to them—either they’d be from the same block of IP addresses or they’d have similar emails. But these all looked different enough to thwart any quick fixes. I knew I’d be spending my Saturday writing some spam-blocking code.

Most “social” websites have a similar sign-up flow: you fill in a form with your details (including your email address), and then you have to go to your email client to click a link to verify that you are indeed who you claim to be. The cynical side of me thinks that this is mostly to verify that you providing a genuine email address so that the site can send you marketing crap.

Neither Huffduffer nor The Session includes that second step of confirming your email address. The only reason for providing your email address is so that you can reset your password if you ever forget it.

I’ve always felt that making a new user break out of the sign-up flow to go check their email was a bit shit. It also strikes me as following the same logic as CAPTCHAs (which I hate): “Because of the bad actions of a minority, we’re going to punish the majority by making them prove to us that they’re human.” It’s such a machine-centric way of thinking.

But after the splurge of spam on Huffduffer, I figured I’d have no choice but to introduce that extra step. Just as I was about to start coding, I thought to myself “No, this is wrong. There must be another way.”

I thought a bit more about the problem. The issue wasn’t so much about spam sign-ups per se. Like I said, there’s always been a steady trickle and it isn’t too onerous to find them and delete them. The problem was the sheer volume of spam posts in a short space of time.

I ended up writing some different code with this logic:

1. When someone posts to Huffduffer, check to see if they’ve posted at least ten items in the past;
2. If they have, grab the timestamps for the last ten posts;
3. Calculate the cumulative elapsed time between those ten posts;
4. If it’s less than 100 seconds (i.e. an average of one post every ten seconds), delete the user …and delete everything they’ve ever posted.

It worked. I watched as new spam sign-ups began to hammer the site with spam postings …only to self-destruct when they hit the critical mass of posts over time.

I’m still getting SEO spammers signing up but now they’re back to manageable levels. I’m glad that I didn’t end up having to punish genuine new users of Huffduffer for the actions of a few SEO marketing bottom-feeders.

Stephen Hawking has been quoted recently urging caution about the prospect of first contact with an extra-terrestrial civilisation:

We only have to look at ourselves to see how intelligent life might develop into something we wouldn’t want to meet.

This isn’t the first time that such reservations have been raised.

Both of the Voyager spacecraft are carrying golden records; snapshots and time capsules of our planet’s culture—a project with such a long timeline that it makes the clock of the Long Now look like a disposable gadget in comparison. As well as carrying instructions on how to decode the record—ingeniously using the fundamental transition of a hydrogen atom as the base unit of time—the records also have a map inscribed upon them. This is the same illustration that was included with Pioneers 10 and 11.

The map consists of fourteen lines converging on a central point. The length and angle of each line corresponds to the position of a pulsar relative to Earth. Those fourteen beacons point to one position in the galaxy: our home planet.

The responsibility for deciding the contents of the golden record fell to Carl Sagan. I highly recommend listening to this account by Sagan’s widow Ann Druyan of how the golden record may just contain the encoded patterns of love itself:

Many people at the time were upset that the pulsar map was included on the Voyager record, for the same reasons that Hawking is giving today: we are effectively hanging a sign around our neck that reads free food here.

I was talking about this with Tantek at South by Southwest this year and he had to admit that, with his Schneier-esque security hat on, those people have a point. What you really want to do, he said, is point to a drop-off box instead: a nearby uninhabited star-system that we can monitor from Earth. That way, if we ascertain that the alien civilisation is friendly, we can go and greet them but if they are hostile, we can simply lay low.

In fact, in Sagan’s book Contact—where the shoe is on the other foot and we are the alien civilisation responding to a message—this is exactly what happens. The origin point we are given is the Vega system, which turns out not to be the home of any alien civilisation but merely a way station: a routing point in the galactic network.

There may well be a galactic RFC for First Contact, which the Pioneer and Voyager probes have flagrantly disregarded. What is an alien civilisation to make of a message that effectively states:

Dear Friend,
Although you may be apprehensive as we have not met before, I come to you with great hope. I am a probe from an abundant planet that has recently acquired spacefaring technology. Please contact me at your earliest convenience so that we may transfer knowledge.
I await your response,
Third planet from an insignificant star

It’s clearly a honeypot designed to lure in the gullible of the galaxy.

Carl Sagan, my hero, looks like nothing more than a galactic 419 scammer.

If I’m on the tube listening to my iPod—because, y’know, that’s exactly the kind of situation for which the iPod was invented—and somebody steals said iPod, which is illegal, is that my fault?

If I publish my email address online—because, y’know, I actually want people to be able to get in touch with me quickly and conveniently—and it gets harvested by scum-sucking spammers who send unsolicted commercial email, which is illegal, is that my fault?

If I utter my date of birth or my mother’s maiden name—because, y’know, I don’t believe that information should be a state secret—and somebody uses that information to “steal my identity”, which is illegal, is that my fault?

If you answered yes to any of the above, I would like to remind you of something Bruce Sterling said at last year’s South by Southwest:

If I’ve learned anything from hanging out with the Eastern European dissident crowd, it’s make no decision out of fear.