MagazinesPost Magazine

Byte torrent: How we're becoming more vulnerable to spamming

Our inboxes may be less clogged with junk but that doesn't mean the spammers have been defeated. Oliver Burkeman investigates how your attention has become even more vulnerable to abuse

 

One Sunday evening in the spring of 1864, messenger boys employed by the London District Telegraph Company appeared on the doorsteps of several MPs and other prominent figures across the British capital. Each boy carried a telegram in a sealed envelope, and an urgent message, at so late an hour, naturally prompted alarm. "Having only arrived from the country on the previous day," one recipient later recalled, "I feared that a fire or some other casualty had occurred subsequent to my departure."

But there was no fire, nor any national crisis. As Matthew Sweet tells the story, in his book Inventing the Victorians, the telegram was from Messrs Gabriel, a sketchy firm of dentists and purveyors of a tooth-whitening powder "as used by Her Majesty". The message was a friendly reminder of their opening hours.

"I have never had any dealings with Messrs Gabriel," an anonymous correspondent bellowed in a letter to The Times the next day, "and beg to ask by what right do they disturb me by a telegram which is evidently simply the medium of advertisement?"

Today, the letter is included in the archives of the Computer History Museum, in Silicon Valley, in the United States, and with good reason: that telegram was arguably the first example of what would come to be known as spam.

It's tempting to think of e-mail spam as a largely historical phenomenon, too. Sure, messages touting knock-off Viagra do still arrive, along with pleas from the daughters of dictators looking to launder "15,000,000.00 (15 million) US Dollars", and wondering if you'll help. But they're intercepted by spam filters or else easily identified and deleted. (Human vanity doesn't evolve much: tooth-whitening products are still a popular topic.) There was a time, in the 1990s, when serious commentators predicted that spam might kill e-mail altogether. But these days, barring the occasional ingenious twist - what if your friend really did have his wallet stolen at the airport and needs cash? - you'd be forgiven for concluding that the era of spam was over. Yet the alarming realisation you come to after meeting Finn Brunton, a New York University academic and author of the new book Spam: A Shadow History of the Internet, is that it's only just beginning.

Partly, this is down to the law of unintended consequences: the campaign against spam has worked so well that it's no longer an option for ordinary, slightly dodgy marketers; instead, it's the domain of organised crime. But it's also because the basic logic of spam - that you can foist your message on millions of people, whether they like it or not, at essentially no cost, and that as long as a tiny proportion of them respond, you'll make a profit - has seeped across the rest of the web.

Early in his research, Brunton discovered that defining spam was far harder than he had imagined. Where is the line, exactly, between an unsolicited e-mail or a spam blog comment and "clickbait", those seductive Huffington Post-esque headlines that suck up your attention but don't deliver what they promise? Or branded tweets from Pepsi or Samsung that you never asked to see? Or any form of online advertising? Or, for that matter, the people the writer Merlin Mann calls "personality spammers", endlessly polluting your Facebook feed with their frenzied need for self-expression?

Spending years immersed in spam has given Brunton, who is 32, a degree of sympathy for spammers.

"In the early days, being a spammer didn't involve having a lot of technical capacity; it just meant being able to absorb a lot of hatred," he says. "I wanted to understand what it felt like to be that kind of a loathed figure."

His work abounds in genuinely detestable figures, such as Davis Hawke, the American up-and-coming neo-Nazi leader who decided to become a full-time spammer after it emerged that his father was Jewish, undermining his prospects as an Aryan supremacist. (He is now on the run from authorities, possibly in Thailand or Belize.) But it's hard not to feel for the more hapless characters in Brunton's narrative: overzealous marketers who didn't grasp how much rage they'd be unleashing among anti-spam activists until they suddenly started receiving stacks of pay-on-delivery pizzas and automated nuisance phone calls 40 times a night. And it's hard not to admire the ingenuity that led to Pitcairn Island, a windswept rock in the South Pacific, becoming the world's largest per capita source of spam, not because its 60 or so residents are all spammers, but because their computers have been remotely commandeered by a "botnet" system, which lets criminals elsewhere use the islanders' computing power to send millions of messages for free.

You could argue that a society is defined by what it deems unacceptable; likewise, Brunton argues, the decisions we've taken about what should count as spam, and what to do about the offenders, make the internet what it is. Ultimately, life online is a struggle to control people's attention. And while the battle against the promoters of bogus Viagra may be nearly over, it's much less clear who's winning the war.

 

SPAM TODAY ACCOUNTS for somewhere between 70 per cent and 90 per cent of all e-mail sent, depending on which estimate you trust, and e-mail spam is far from the only variety. Yet it took years for the inventors of the internet to realise that it might be a problem. Early on, in 1971, an anti-war activist at the Massachusetts Institute of Technology, in the US, sent a message to all users of his network, the Compatible Time-Sharing System, with a headline in caps - "THERE IS NO WAY TO PEACE. PEACE IS THE WAY" - but all he got was a slap on the wrist. ("But this is important!" he protested, when his boss told him off.)

It was 35 years ago, in 1978, that the first real spam arrived in the inboxes of users of Arpanet (the Advanced Research Projects Agency Network, the precursor to the internet): a dull invitation to a demonstration of new hardware manufactured by the Digital Equipment Corporation. And it was probably later still, some time in the 80s, that the word "spam" was first used to describe such messages, a reference not so much to the canned meat as to the Monty Python sketch in which the conversation gradually becomes clogged with repeated, nonsensical references to it.

As the internet exploded, so did spam, and the challenges it posed weren't merely technical: they prompted a surprisingly deep philosophical dispute about what the net, and the nascent world wide web, should be. Some of its founding fathers were hippies, dreaming of a new society based on trust, in which policing and government wouldn't be needed; but spam threatened that. The growing ranks of home users, meanwhile, resented paying steep monthly phone bills to download what turned out to be newsgroups full of unwanted ads. And they responded with aggression.

Spammers got the aforementioned pizzas and phone calls, floods of retaliatory e-mails and "black faxes", all-black documents designed to waste the recipients' ink. But such shaming tactics worked only as long as spammers could feel shame. The watershed moment is widely agreed to have occurred in 1994, when two married immigration lawyers from Arizona, in the US, deluged the Usenet discussion system with a message about green cards, then refused to slink away when confronted. The incident made national headlines and one of the lawyers gave defiant interviews to newspapers. The geeks were welcome to their romantic ideas about the net, she said, but what mattered was the law, which couldn't touch the spammers.

Plenty of anti-spam laws did follow, in America and elsewhere, but they always struggled to combat the monumental forces of human vanity and avarice. Spam needs only a minuscule proportion of recipients to be duped in order to be profitable - even before anti-spam laws, 0.2 per cent was considered an excellent response rate - and that proportion can be relied upon. In 2003, a security flaw at Hawke's company, Amazing Internet Products, exposed the details of people who'd paid US$50 for a bottle of a herbal "male enhancement" product called Pinacle, which promised to add "three full inches in length". According to Wired magazine, they included the president of a Californian aircraft parts firm and the manager of a US$6 billion investment fund.

Such lapses aside, spammers have always benefited from the fact that people who fall for cons generally don't want to publicise their gullibility (or their insecurity about their genitals). The exceptions have arisen when the sums involved have been too large to brush off. In 2000, Brunton reports, a US businessman named James Adler tried to sue Nigeria's government and central bank after he paid out more than US$5 million as part of a mail-based 419 scam (the classic "Dear sir, I am a Nigerian prince" advance-fee fraud) in the expectation that he'd someday receive a 40 per cent cut of a far larger sum. It takes a special blend of cynicism and naivete to fall for a 419: on the one hand, the trick feeds off racist assumptions about Africans being corrupt; on the other, it relies on the victim's confidence that the offer being made is wholly honest - and that, when the funds finally arrive, nobody at the bank will raise an eyebrow. "Which is crazy," Brunton says. "Banks and law-enforcement agencies monitor and investigate unusually large transfers all the time."

Not surprisingly, Adler's case didn't get far. Three years later, a Czech retiree walked into the Nigerian embassy in Prague to demand help recovering US$600,000 that he'd spent on a 419 fraud, much of it borrowed. When informed that no help would be forthcoming, he pulled a gun on the consul and shot him dead.

The reason this kind of spam is less of a nuisance these days isn't primarily legislation, though. It's the huge advances that have been made in filters, which use complex algorithms to learn to sift the bad e-mails from the good. The systems now in use don't need to rely on identifying especially spammy phrases, such as "Nigerian prince" or "male enhancement". Instead, by comparing vast corpuses of legitimate e-mail and spam, they're able to determine which combinations of seemingly innocuous words mark a message as suspicious. To use one of Brunton's examples: any of the words "madam", "guarantee", "sexy" and "republic" might appear in legitimate e-mail, but an effective filter will learn that they almost never all arise together except in spam. ("Litspam", those incongruous snippets of old novels one occasionally encounters in spam e-mails, is an effort to beat this system by deceiving the filters.) Oddly enough, one person who deserves credit for the relatively unclogged state of your inbox is Kenneth Lay, the late and disgraced chief executive of Enron. Academics who developed spam filters had trouble finding sufficiently large quantities of non-spam e-mail to study, until US authorities published the 619,000 internal e-mails they'd seized in the course of investigations into the bankrupt corporation.

And yet the decisive blow that filters struck to old-school e-mail spam may only have helped it mushroom elsewhere. Much modern spam isn't designed for consumption by humans at all; instead, it's "robot-readable", created by one non-human entity for the attention of another - specifically, the "spiders" that crawl the web compiling data for Google - in the hope of pushing a junk page higher up the list of search results. Meanwhile, the rise of social networking has seen the growth of numerous new types of spam, including the creation of vast armies of fake Twitter followers. If you've ever been suddenly retweeted by scores of obviously fictional accounts, it's because a spammer somewhere is building a stable of fake personas, engaging in plausibly human-seeming online activity, so that he or she can charge someone else money for ostensibly boosting their followership. (And if you're ever tempted to buy Twitter followers yourself - there are numerous such services online: HK$150 or so will buy you 20,000 - you can assume that they're not real people.)

Not that classic spam no longer exists; it has just slipped beyond the reach of law into the purely criminal world of phishing attacks and online banking fraud. In 2011, researchers analysing the money trail behind one e-mail advertising Viagra-style drugs found that the web domain involved was registered in Russia, hosted in Brazil and managed in China, taking payments through a Turkish server to an Azerbaijani bank, with the product eventually dispatched from Chennai, in India.

Define spam in the abstract way that Brunton prefers, though - as "[using] information technology to exploit existing gatherings of attention" - and it becomes easier to see that, in a sense, it's everywhere online today. One example: Demand Media, the "content farm" that operates sites such as eHow and Livestrong, pays humans (poorly) to write articles selected on the basis of what web users are searching for. Hence such eHow masterpieces as How to Wear a Sweater Vest and How to Sign Up For a Yahoo E-mail Account and How to Catch a Horse. Is that spam?

The web, Brunton points out, has been colonised by clickbait - "vast algal blooms of linked content with catchy titles, top-10 lists about trending topics, wild claims and needlessly contrarian stances, all delivered with only a few hundred words per article". Are their publishers spammers? And, if so, why not also "the canny [newspaper] editor who knows that sex, serial killers and how-to stories sell"?

There can't be definitive answers. The point is simply that human attention is a resource, and that it's possible for others to consume yours at little cost to themselves, which means it's a resource that's easily abused. Of course, society couldn't function if people weren't allowed to impinge on your attention to some degree. But how to draw the line between acceptable and unacceptable intrusions, and how to fight the unacceptable ones?

Such questions matter, because they end up determining how we spend our attention online, and thus - in an increasingly connected world - how we spend our lives. For prompting us to reflect on such things, perhaps the penis-enlargement salespeople of the world deserve our grudging thanks.

Guardian News & Media

 

Share