What's That Noise?! [Ian Kallen's Weblog]

All | LAMP | Music | Java | Ruby | The Agilist | Musings | Commute | Ball
Main | Next day (May 23, 2004) »

20040522 Saturday May 22, 2004

Secure Blog Pings The spammers are onto us. They realize that they can inject their undesired noise into the stream.

If you want to have the appearance of having lots of attention on the net, the barrier to entry is not terribly high. Install some blog software, setup a five or six blogs that link to your site about lonely, sexy milfs in your area, octane booster for your libido and deals-of-the-century for mortgages and [badda-bing!] make a thousand DNS entries for each of these blogs. Then, whenever you update your handful of blogs with your wonderful content, programmatically ping all of the wonderful recipients of update notifications and.... [drum roll]

Ta-da!

You've spammed the blogosphere.

It's my considered opinion that this problem is going to continue to swell as more spammers catch on. As anyone who's had a friend descend into a Mister-Hyde's-gone-AWOL-on-a-heroin binge dirtball can attest, low life scumbags are often quite resourceful. We've already seen that demonstrated contending with comment spam. The underlying problem is that the event capture engines promiscuously accept anything into the stream. It's as bad as having an open relay in the SMTP universe... millions of mail servers in Asia and Eastern Europe can't be wrong!

Blog posts can be fingerprinted and checked for duplication but next thing you know, we're going to require bayesian filters -- I can easily imagine how to defeat the duplication checks; to catch a criminal, you have to have the capacity to think like one, I suppose. Weblogs.com already makes sure it doesn't take a ping for the same blog too frequently within a duration of time, but that doesn't address any issues concerning authenticity.

Anyway, the underlying problem with SMTP is that you can pretty much claim to be anyone and send mail to everyone when the SMTP server is an open relay. By extension, the ping stream suffers from the exact same problem.

I propose that the ping services become a network of trust. Pings should be identified with secure tokens; one way cryptographic hashes with regularly expiring keys would keep just about everyone except the NSA from anonymous pinging. Those found abusing the ping stream could have their ids revoked. That way, the only events making it into the ping stream would be known and identified entities. I believe that the earlier this is put in place, the sooner the blogosphere can wall itself off from purveyors of canned pork by-product products. ( May 22 2004, 05:32:34 PM PDT ) Permalink