Are digital communications safe? Can they be used without hassles? Part 2

(Paywall-free popularization like this is what I do for a living. To support me, see the end of this post)

(this page is part of the Family Guide to Digital Freedom, 2007 edition. Please do read that introduction to know more about the Guide, especially if you mean to comment this page. Thanks)

Continues from here:

The plague of spam email and its impact on family Internet fees

One of the reasons why electronic mail is so terribly convenient to use is that it was designed in a more trusting world, with almost no security, privacy or authentication built-in mechanisms that would make its use less easy and flexible. One practical consequence is that, today, up to 80% of all the email on some computer networks is unwanted advertising, called Unsolicited Commercial Email (UCE) or spam, for everything from stocks to sexual stimulators. Carrying these billions of messages around the Internet or stopping as many of them as possible before they wastes a huge lot of people time are really expensive tasks. Unavoidably, the related costs end up increasing, even if they are never declared explicitly, the monthly Internet connection fees of businesses, schools and families worldwide

Spam exists because it costs almost nothing to send many millions of messages. Therefore, even if only one out of a hundred thousand people reads a message and buys whatever it advertises, the whole system is still profitable. Making people pay a fee for each email they send, as happens for traditional letters, would solve nothing: almost always the spammers infect the computers of other people with programs which send their messages automatically, counting on the fact that many Internet users are not competent enough yet to secure and monitor their own computers.

A bigger problem is the fact that many Internet access providers tolerate spammers operating from their networks or, fearing to lose business, do not immediately block the accounts of customers whose computers have been infected by spam-generating software. They don’t really care if this creates problems for their competitors, or for many more Internet users than they have, and drives up the cost of computer based communications, including those from public networks funded with your money.

Public black lists of Internet providers which tolerate spam do exist: if all families, companies and Public Administrations checked these lists every time they needed to buy any Internet service and began to refuse to buy anything from any company in those lists or from their resellers, it would be a big step forward in the fight against spam, one which eventually could lower the cost of many Internet connections.

False spam remedies which prevent communication

With the current email system, spam cannot be completely eliminated, but several of the proposed fixes look even worse than the present situation. There is one which is particularly annoying for its victims and damaging for its own users, especially because it is a method which often looks the most attractive to inexperienced ones: enter Challenge-Response (C-R) systems.

Their principle is very simple and terribly smart. Apparently, that is. Basically, every time somebody sends an email to you, the C-R software will hold it in a queue and send them an automatic reply (the “Challenge”) which asks to confirm that they are human beings with good intentions (rather than some spam-generating program) by visiting a website or sending another email formatted in a special way. Only after this “Response” the C-R software forwards the original message. Wonderful, isn’t it? In practice, C-R procedures are almost always one of the most effective ways to make sure that you will annoy a lot of people, including friends, potential employers, people on Internet support forums where you asked for technical assistance and, generally, innocent bystanders. Think about it:

  • spam is almost always sent with fake sender addresses. You will send confirmation messages to people who do not exist or never tried to email you anything at all
  • if everyone used this method, nobody would ever get any email
  • since every spam message generates a C-R challenge email and spam is the great majority of all email traffic, using C-R on a large scale would create much more congestion
  • in real life, only people to whom you owe money will go through the hassle of sending extra messages to be sure that you read their original requests. Everybody else will just ignore you and blacklist your address as a spammer (hey, you just sent them unsolicited email, didn’t you?). Potential employers who invited you by email to arrange an interview, for example, will simply trash your curriculum and call the next candidate if you bother them with such a procedure

In spite of all these shortcomings, some email providers actually have the guts to sell C-R services to their customers with the guarantee that “it will immediately stop 100% of unwanted messages, period” and without explaining any of the risks. A Brazilian email provider, for example, had the users of its C-R service unknowingly send annoying challenges to so many people that they set up a public invitation to boycott that provider and all its users. As a result, today many of those people are happy not to receive any spam, but don’t get any legitimate email either, and they don’t know why. Please check carefully before accepting similar offers.

Who writes this, why, and how to help

I am Marco Fioretti, tech writer and aspiring polymath doing human-digital research and popularization.
I do it because YOUR civil rights and the quality of YOUR life depend every year more on how software is used AROUND you.

To this end, I have already shared more than a million words on this blog, without any paywall or user tracking, and am sharing the next million through a newsletter, also without any paywall.

The more direct support I get, the more I can continue to inform for free parents, teachers, decision makers, and everybody else who should know more stuff like this. You can support me with paid subscriptions to my newsletter, donations via PayPal (mfioretti@nexaima.net) or LiberaPay, or in any of the other ways listed here.THANKS for your support!