Now blogging at diego's weblog. See you over there!

spambots get smarter


Since today started as a "spam kind of day"...

Something I noticed over the last few weeks is that I've started to receive spam that is way more targeted than before. In what sense?

Well, let's say this: I'm getting spam that not only knows my full name, but also my address. Okay, not my current address, but I've already gotten spam that explictly mentions both my New York address (from 5+ years ago) and my SF Bay address (from 2+ years ago). This is bad, not only they know my email address, but they also know where I live(d)! Yes, we know that with time and money you can get a lot of information on anyone, but this has to be done automatically and massively, or otherwise it wouldn't be a practical option for spammers.

Clearly, one way this could happen is if someone (say, buy.com) has been selling their customer information. Since I usually take care of buying online only when my privacy is more or less protected, this is unlikely, though certainly possible.

There's a more likely way in which this connection was made: Google.

Google not only knows the web, it also knows other information... like phone numbers (at least in the US). Jon mentioned this some time ago.

A spambot to get "connected information" would work like this. Say you write an automated script to go through phone numbers on Google. Then the script takes the address data and the person's name, and then googles the person's name. It takes the first few results (or maybe only the first one) and scans the resulting pages to match an email's name to the person's name. Sure, this won't be 100% correct, but spammers don't care about that. And Google's reach makes it reasonable to think that you'd have a reasonably high hit rate. You could even write a program that uses the GoogleAPI for it.

Sure, we could say, as Scott McNealy does, that "you're privacy is gone, get over it". Even if you agree with that statement (and I don't, at least I want to resist it!), this is nevertheless disturbing. And the question that follows is: does Google have any responsibility for this? They'd probably say that they're providing a service by integrating yellow pages information, which would be true.

I'm not picking on Google, rather Google is the example here because of its reach and pervasiveness, but I'm sure that similar things can be done with other search engines and if not it won't be long before you can. Can we fix this at all? If so, how?

Since this is the tip of the iceberg, my main thought at the moment is that I'm a character from Lost in Space and all I hear is "Danger Will Robinson! Danger!".

Categories: personal, soft.dev, technology
Posted by diego on January 6 2004 at 5:10 PM

Copyright © Diego Doval 2002-2011.
Powered by
Movable Type 4.37