A Distributed Denial Of Service [bbc.co.uk] attack is still a DDOS in my opinion.

Do the ends justify the means? Is this better than the only actual solution of registering and uniquely identifying every single sender of email?

Aren't DDOS attacks normally distributed anyways? Most I've heard of have been done with armies of compromised slave machines.

What's nice about this proposal is that it goes after the people selling the products being advertised. So it hits the source of funding rather than trying to hit the advertisers directly (which is nearly impossible).

On the otherhand, this is a pretty big step into balkanizing the internet by "legitimate" entities proactively attacking each other instead of simply refusing connections.

In Response to Dynedain (#23143):

And doesn't DDOS stand for Distributed Denial Of Service instead of just Denial Of Service?

I'd say that the ends definitely justify the means, especially since they're only trying to add a lot of traffic to the sites, not just shut them down like DDOS attacks.

However, I don't see how this can possibly be legal since, as you say, it's basically just a DDOS attack. The difference is that the distributed computers attacking the servers are doing so voluntarily, so it's not just a few hackers who are responsible for a self-replicating program, but everyone who downloads the screensaver.

But whatever. I have it running on my computer at home right now. Screw the spammers!

If you haven't figured it out yet, you can download the screensaver here [makelovenotspam.com].

In Response to Dynedain (#23144):

In Response to Dynedain (#23143):

And doesn't DDOS stand for Distributed Denial Of Service instead of just Denial Of Service?

And... who are you arguing with?

It's certainly not me.

I was asserting that a Distributed Denial of Service attack, no matter what it's being sold as, is still a Distributed Denial of Service attack.

But let's also be very clear that this isn't going after the spammers.

It's going after the ISPs that don't have decent methods of verifying identify of subscribers, and after ISPs that provide free hosting, and people who have had their webservers compromised.

I very very rarely get any spam that advertises something that is a known, fixed permanent kind of address. Almost all of it is for stuff that is several layers down from "/" on the server, or behind a script.

In Response to FeldmanSkitzoid (#23145):

I don't see how this can possibly be legal

I have it running on my computer at home right now

....

"Hello? BitTorrent Police? Yes, I'd like to report someone..."

.....

What if I think digital terrorism is a good idea?

In Response to deerboy (#23150):

What if I don't think anything you think is a good idea?

In Response to deerboy (#23150):

What if I think digital terrorism is a good idea?

It's certainly a better idea than other forms of terrorism.

You know, less dying.

In Response to zamphir (#23152):

... until we have to start worrying about those pesky artificial intelligences.

In Response to tynic (#23153):

... until we have to start worrying about those pesky artificial intelligences.

Yeah.

Particularly those ones that can fly airplanes all by themselves... and have insect-like predatory instincts...

In Response to zamphir (#23154):

yup. They're going to get really mad about digital terrorism.

They'll probably lobby a congressman, or something. Oh, the humanity!

In Response to FeldmanSkitzoid (#23145):

Well, they claim that the load is carefully less than that which would overload the servers. So if they gobble 91% of bandwidth and legit traffic makes up 10%, it still ends up as DDOS.

Even it is less than total DDOS, it degrades the QOS for people who want to go to those websites and buy the products. Why should you have the right to disrupt me trying to buy something? Why should you waste my time with slow connections? Isn't that the same as spammers wasting your time with junk mail?

Another concern is what sites get targetted. They are apparently using addresses harvested from the Spamcop block list. These are checked by people to make sure they are "bad sites". So what happens when the service is too big to check every site? Innocents are getting put on block lists every day and have to jump through hoops to get off them. Now they are going to get get attacked, and the other good businesses that use the same ISP will get hit too.

What happens when spammers start including random good URLs in their spam? Even more "good guys" will get caught in the crossfire.

The problem with vigilantism (and also spam in the first place) is the lack of accountability of the perpetrators for their actions. An eye for an eye and a tooth for a tooth and we all end up blind and toothless.

the only actual solution of registering and uniquely identifying every single sender of email

Apparently this would be an invasion of our freedoms. "Hum" me thinks. Don't we have to provide some proof of who we are for most services? You can get a post office box address for your mail, but you cannot use that for proof of identity, you need a real address. This is where the electronic world is let down by the anonymity it provides.

As for the ends justifying the means, I just do not know. In concept, I agree that if you splatter my in-box with trash then I should be allowed to splatter your in-box. However, this does not work because the spammers are very happy to receive e-mail; it proves the e-mail address is valid and allows them to send more spam.

So you find some anonymous way to hit back at the spammers, which is what Lycos have done. But hang on, isn’t this hiding behind a wall exactly the behaviour we bemoan of spammers? Am I permitted the right to break the law because you broke the law? This is a conundrum that I believe is very difficult to solve.

[option 1]
Two wrongs don’t make a right.
[/option 1]

[option 2]
Fight fire with fire.
[/option 2]

In Response to Nagy_Vilmos (#23158):

And so, having cleverly restated the problem our hero exits, stage left.

No, it's not a conundrum that's difficult to solve, dorkus.

If an action is illegal, it's illegal. That's all there is to it.

It's a distributed denial of service attack, and somebody is flat out going to sue Lycos.

And then send FeldmanSkitzoid to federal "pound you in the ass" prison.

I'm well aware of the privacy implications of the only practical way to solve spam. I also know that some people think you can wave a magic wand called "web of trust" to avoid those implications.

But, I'll tell you what, someone is the keymaster, and I intend to be on standing behind Bill Murray when the marshmellow starts to fall.

In Response to zamphir (#23159):

Dorkus enters stage left

Yup, it's illegal. So how do you stop it?

Lycos and/or FeldmanSkitzoid are easy to deal with, they are genuine (well Lycos is) and can be found. But how do you deal with the spammers, phishers and the like? That is my problem. The anonymity given by the web is protecting the original criminals.

You are right about the web-o-truss-2000. It would only take one untrussable person to get into the network and back to square one we go. It is the impossibility of being able to 100% know who is who on the web. You may well be a 13-year-old girl for all I know, I might be the same and we may both be 'pretending' to be adults. I know I'm older then thirteen and I'm pretty sure you are too, but there is no proof, just trust.

It is this proof of identity that is my problem. Nagy_Vilmos is the name I use on most web-sites. It isn't my given name, but it is a consistent moniker. Any one in the world could decide to use Nagy_Vilmos and pretend to be me; why they would want to do that is another matter.

The point I am failing to make is that the spammers will not adhere to the law, they will work around it. Legitimate users will continue to try to find ways to prevent the spammers accessing them. If you can give a workable solution I would be genuinely interested to here it.

Dorkus exits stage right with a slightly demused expression

In Response to Nagy_Vilmos (#23160):

It would only take one untrussable person to get into the network and back to square one we go.

Technically, this is not true. One untrustable person, once detected, would be removed from the network along with everyone they had vouched for.

If you can give a workable solution I would be genuinely interested to here it.
I already did give a workable solution. It's the only solution, too.

It is this proof of identity that is my problem.
And yet you probably already have a government issued identity card of some sort or another (and probably more than one, from more than one office).

In Response to unFalln (#23151):

So merely my act of thinking it makes it a bad idea?

I think you deserve copious riches and never-ending hedonistic sexual pleasure.

I also think skinny people are untrussable.

In Response to zamphir (#23161):

[stage direction]
The Dorkus enters from rear centre stage, smoking what appears to be a herring
[/stage direction]

So when I sign up for a web site I'll enter my passport/id card/social security number shall I? Everyone has a real physical identity. It is the transfer of that identity to the virtual world that is the problem.

I agree with your sentiment that we need to have an electronic identity that is ours and ours alone. But who is responsible for giving the identities? How do you ensure that who you say you is who you really are? These are questions for the virtual world and not for the physical where they can easily be answered.

I can resolve part of this with the use of asymmetric encryption. Using a cipher that identifies who the sender is and who the recipient is intended to be. Like an e-envelope, where you can see directly that an e-mail is for you and that it not for anyone else.

This is what I mean by a workable solution. Even super-dork can come up with an idea, it is the implementation that is the problem. How to make the system cheat resistant.

[stage direction]
Exit stage left
[/stage direction]

In Response to Nagy_Vilmos (#23165):

I can resolve part of this with the use of asymmetric encryption. Using a cipher that identifies who the sender is and who the recipient is intended to be. Like an e-envelope, where you can see directly that an e-mail is for you and that it not for anyone else.

What, you mean like S/MIME?

So when I sign up for a web site I'll enter my passport/id card/social security number shall I? Everyone has a real physical identity. It is the transfer of that identity to the virtual world that is the problem.

No, it's not really. There are a thousand technical solutions to this, at least ten percent of which are likely to be feasible and practical.

This is what I mean by a workable solution. Even super-dork can come up with an idea, it is the implementation that is the problem. How to make the system cheat resistant.

It's not workable if it doesn't solve the problem.

Governments have many many different ways of making even very impractical solutions "workable". And only some of them involve sticking a gun in your face.

But who is responsible for giving the identities? How do you ensure that who you say you is who you really are? These are questions for the virtual world and not for the physical where they can easily be answered.

Again, there are a thousand different ways to make it easy to identify someone in the "virtual" world.

And I've already answered the question of who assigns identities.

In Response to zamphir (#23167):

Before answering, please remember that I do agree with you on this subject.

I am trying to see how a system could be put in place that stops the spammers. I can see that a change is needed and I believe a solution is available. But how to go forward is the question.

If you had to pay for every e-mail you sent, would it stop the spammers? I don't believe so, we get enough paid-for junk mail in the snail-mail to prove that.

There is probably no way to stop spam completly. The junk cannot be removed from the real world, so what chance for the virtual one.
Bona-fida advertising through e-mail, or snail-mail for that matter, is annoying but acceptable. What I object to is the snake-oil salesmen and fairy-dust merchants.

In Response to Nagy_Vilmos (#23165):

But who is responsible for giving the identities?

Zamphir is.
 

In Response to zamphir (#23167):

No, it's not really. There are a thousand technical solutions to this, at least ten percent of which are likely to be feasible and practical.

Research and proofs please. Because everyone knows that 76% of statistics are made up.

In Response to deerboy (#23164):

skinny people are untrussable

Skinny people are harder to truss because of less anchor points agreed. My recommendation: elastic.

In Response to tor (#23177):

Just use those tiny chef's hats. They work for trussing a turkey.

And then send FeldmanSkitzoid to federal "pound you in the ass" prison.

But...that's what I sit on! I need it! Pounding makes it sad.