(random comments are bolded)
(all quotes and ideas expressed in this post are intellectual property of Eric Allman)
Standing in front of the stage with his bright orange shirt, Eric Allman humbly responds to a dramatic introduction given by a Tech Fest founder. Allman explains that his talk is called "Meditations on Messaging", starting with homing pidgeons and the Greeks and Romans.
Early forms of messaging where FTP and things like that. Allman calls Ray Tomalson (spelling?) the true founder of email, but Allman authored SendMail. He also made a Star Trek non-graphical program, early utility tools, SysLog,
In 1974, Allman was at Berkely, working on database research. He used a relational database (rare at the time) system, and he was supposed to be doing work on it. Somewhere along the line, they got a small DARPA grant, VDH Interface was created (a slow, slow modem). He says that everyone at the department wants to send ARPAnet email. Sharing the 256 user accounts had to be done, and the amount of memory was 112 Kbytes, nothing at all. Someone had built a network at Berkely to send files. Allman thought he could write software to tie these things together, DeliverMail. He learned that lots of people had similar problems. Allman says it was an awesome time at the university, he met someone who did their best work when avoiding something else. The first Berkely software distro was a PASCAL interpreter. DARPA decided they needed a single platform to manage research on the net, it was running on assorted machines and needed to be unified. Berkely got the contract from DARPA, and whilst this was happening, ARPAnet was transfering to the internet. From Allman's point of view, email was a first-class protocol (SMTP, that kinda stuff). While Allman was working on his database, he was called on as the obvious person (post DeliverMail) that during nights+weekends, he would work on this DARPA mail. He changed the name to "SendMail". Allman mentioned that the original mail client had IM capabilities, very cool. He didn't implement these because the technical text was way too cumbersome for the user. After this, "nothing" happened in the internet for the next decade (until 1996/1997). April 12th, 1994 will live in fame, says Allman. Lawyers in Texas sent out an ad to every newsgroup on the net, the beginning of spam itself!
This, Allman says, brings us to the talk on spam. The first spam that Allman could find reference to was in 1904 on the telegraph system. ARPAnet in 1987, someone sent out a message about their new hardware program to every single user on ARPAnet (the worst part was he wasn't technically adept and it was a disaster).
Economics of spam: On the internet, it's really cheap to send a message, but relatively expensive to recieve the message (storage, etc.). The sending cost is not zero, but it is very very nominal. Compared to the physical world, it was a huge advantage (no materials, etc). Sending out an ad, in SnailMail, is a waste. In spam, spammers have every incentive to send out as many emails as possible "because somebody might be interested in that body enhancement product".
What do we do? Put in filters. This increased the imbalance, making it more expensive to recieve this, all the cost is paid by the recipient. What's really expensive is human processing time, it's worth it to "throw silicon at the problem". Ultimately, the battle will be lost. When Allman started working on mail, it was not a reliable protocol. Things got lost, a professor's grant mail was lost (ouch!). Allman put a lot of work into making SendMail hyper reliable. The spam filters can now actually eat legitimate emails, a "serious bummer" so says Allman. Allman says we can send the cost back to the senders, a few years ago he was pushing it extensively. Computational postage, the concept, is great. This would be worthless as an anti-spam technique. Spammers have close to infinite resources, it costs them almost nothing too. The other thing about spam is that it was getting nastier. Early spam was snake oil advertisements. The next step up was the Nigerian spam (evolution in action?) and now phishing. Phishing is different because it tends to be more down-to-earth than the 419 spams (Nigerian scams), it's much more subtle and effective, much more of an issue. It's a flat-out crime. Identity theft is the gift that keeps on giving. $800 per person, on average, if you're phished. Spearphishing is targeted phishing, to target you with other information. People trust things that have their personal information on it. Spearphishing will be the next major problem. Allman says the phishers are getting very smart with their emails. Balanced with all this are legitimate businesses that want email access badly. It's a valuable market message, whether or not you want to see it, but it can still be opt-out spam. Europe has gone into an opt-in system. Some ads are cool, like the new tech catalogs, says Allman. The economics are wrong, and we're getting to the point where people are talking about lowering the accuracy rate. Spam filters can't tell if it's been requested or not. DKIM is the idea (by Allman) that it's email identification, identity based filtering. DKIM is a basic signature that uses a public key, if it's signed by DKIM, then the signer had the access to the private key (they're who they claim to be). We note that spammers do this, we respond, they respond, we respond. An endless arms race. DKIM solves only a tiny part of the problem, it isn't enabling technology, people will make new tools. We'll get out of the arms race. DKIM can prove who it came from but not not who it came from, emails could (without the DKIM) be forged.
Beyond spam, says Allman. Someone wanted to make a penpal system, and Allman thought that was so cool (emailing between Chicago and Moskow children). There's a guy Allman knows, anonymous in CA, parents live overseas. He doesn't see them a lot and his father is having medical problems (watches TV a lot, not mobil or anything, lack of stimulation). The friend says "wouldn't it be great if I could interact with them on a daily basis?". He sets it up SSH style, VoIP, Video Conferencing and installs the box in their living room. Now, he routinely visits his father virtually, improving his father's mental state. His dad's getting better, and he's getting closer to his father. Here's a bad story, says Allman: Allman says we're so centered on our cellphones, it's antisocial. "Turn off the damn thing", he says. The ugly, now, says Allman. Now, in this country, the 1st ammendment allows us to speak freely, but the 4th ammendment lets us shut up. This isn't a high school civics class, but this limits gov't rights to limit our communications (mail, phone calls). It's worked for our history, because of the need for physical access. The digital world comes along, and the government passes a law CALEA that requires "tap points" to be present, it now covers VoIP and IM (YAY!). The gov't can now do this remotely and watch people on the ISPs. And honest, they won't use it without a warrant. This is pretty scary stuff. And now there are the NSA "secret rooms" where they are keeping track of every piece of data. This is kinda scary, says Allman. How do we know our phone calls aren't being covered for "scary words" by algorithms? It's reduced our privacy! But, hey, doesn't everything? The phone did, email did, IM did. How bad is this? I've got nothing to hide, I'm no terrorist! Most people don't care about their privacy, but the people who care won't do something about it because it's inconvenient and expensive.
People, Allman says, like to receive legitimate messages. We will see less spam, but more valuable marketing messages (so called "wanted" spam). Ultimately, spam and phishing will never ever go away.
No comments:
Post a Comment