Junk futures
Posted by aogThursday, 04 May 2006 at 13:59 TrackBack Ping URL

It looks like other people are noticing something I posted about a few days ago (via Winds of Change).

The basic problem concerns application hosting services (AHS). In contrast to a webhost, which provides a virtual host machine on the Internet which the client configures with the desired applications, an AHS provides the application directly. Typepad is an example which provides the Movable Type application, or Smugmug which does photo galleries. Such services are proliferating because, for clients who really only want the provide application, they are cheaper and enormously easier to set up. From a junk point of view, the key features are that such services generally provide the ability to put up user generated HTML content in at a domain address for free.

While I agree with PT that being netsearch engine friendly and trusted are desirable characteristics of AHS targeted for colonization by junkers, I think that is secondary to them providing a source of free domains. I certainly see a lot of junk from obscure hosting services (such as u-blog.net and phlog.net). It is also the case, as I noted, that hosting services that don’t protect themselves against this kind of colonization will ostracized from the larger community1. From a junker point of view, even if a particular AHS becomes such a pariah that is is useless, there are always more of them waiting to be used and discarded at no monetary cost to the junkers.

What are the likely responses to this? One I have seen in a few places but I expect to become much more common is requiring a valid credit card even for free services. This service as a form of confirmed identity. It is not that one can’t fake that, but it would require engaging in a much more serious criminal act that is easier to prosecute and it would be trivial to detect the re-use of the same identity for large numbers of service instances.

I don’t think we’ll see much of a move toward invite only communities, as those don’t do very well unless the sponsor is already well known (e.g., gmail and Google). Not that such things won’t exist, but they won’t be a significant factor in the overall AHS market. Or, alternatively, the meaning of “invite” will be diluted into meaninglessness just like invitations to get a credit card2.

Internal policing will be important, but I am not sure how effective that will be given the scope of the problem. Absent some sort of gatekeeper software, no economically feasible staffing level could keep up with junker softbots registering new service instances.

Weblog defenses will continue to improve, although at this point my defenses are handling new variants with very little tweaking (I did end up banning the .fr domain). But this is limited as well, because of the fact that the point is to allow anonymous and unexpected communication.

Ultimately, the solution will be expensive (in some way — money, time, effort, latency) identities. As noted, credit cards can serve as a proxy for that today, modulo the problem of potential clients being unwilling to provide the information3. Any such identity system doesn’t have to be perfect, it just has to raise the bar high enough to make junking infeasible.

1 And even that might not be enough, as there’s no reason that the colonized host can’t also be target for junk from the same hosting service.

2 One does wonder if the junk market is sufficiently lucrative that, should credit card numbers become an important identity system for AHS, it would be worth it for a junker to sign up for every card he could, as that would not involve fraud.

3 This will be less of a burden as more people shop online and become used to providing that information to obtain online services.

Comments — Formatting by Textile
Jonathan Bailey Thursday, 04 May 2006 at 14:39

One thing I’ve noticed is that different types of spammers seek different qualities in services. SEO sploggers want blogs which will perform well in search engine rankings, comment spammers want new domains that haven’t been blacklisted and the list goes on.

I have noticed more spam from obscure domains but much of that seems to be from spammers setting up their own hosting and their own services. For less than ten dollars a year you can buy a domain and then, for five dollars a month, you can host it with unlimited subdomains. Software makes it easy to go from there.

While I agree that some kind of gatekeeper system is needed, a credit card system would unfairly prejudice teens and those younger than eighteen (who can’t have a credit card). Also, people who are scared of giving out credit card information online and those that simply don’t believe in debt are barred.

On that note, I see a brave new future in “identity only” credit cards. Cards that offer no actual credit, but can be used for identification.

Obviously though, some kind of ID method is going to be needed. I don’t have the answer for what though. Nothing we have right now really seems to fit the bill.

Annoying Old Guy Thursday, 04 May 2006 at 15:12

Don’t all of them want domains that haven’t been blacklisted? The obscure domains I have seen aren’t set up by junkers, but are (for instance) online communities in other nations (u-blog.net is an example, as it’s Blogspot for France and owned by Six-Apart, the Movable Type people).

As for credit cards, I am not endorsing the idea, I simply think that it’s going to be one of the waves of the future. Long term it might well be replaced by identity only cards but that will be many years from now. The prejudice against teens might well be a selling point for the adult market as it would tend to segregate the online communities (because the identity verified community will end up banning the non-verified).

On the other hand, if you get a no-fee credit card and don’t charge anything to it, you can have an identity only card today for free.

Jeff Guinn Thursday, 04 May 2006 at 20:17

This is probably fairy tale land, since my expertise is nowhere near either of yours, but even a micro charge ($0.001, say)per comment would seem to put paid to most spammers.

For a legitimate poster, even the most impovershed, for whom volume isn’t an issue, such a charge would be invisible.

It would be crippling to spammers, though.

Annoying Old Guy Thursday, 04 May 2006 at 22:01

Mr. Guinn;

In order to charge people 0.1¢ to make a comment, they need to be identified. If we can do that accurately enough to charge money, then it’s accurate enough to control junk. That’s the kind of thing Mr. Bailey refers to in his comment.

My mention of credit cards is another variant of the same concept, in that it uses an identity system strong enough for financial use but has no need of actually charging anyone.

Post a comment