Twitter Finding New and More Creative Ways to Fail

louisgray.com: Twitter Finding New and More Creative Ways to Fail:

On Monday, when I said "The Talk About Rules for Social Following Is Getting Out of Hand", I had taken a screenshot of my current Twitter ratio, at 1,534 to 1,441, after having worked for a good part of the previous week with Twitter Karma to get my ratio synchronized. Just a few days later, that data is carved to 672 and 1,236, prompting some to try and refollow me, and even more to flock to identi.ca. Twitter's gotten a lot of abuse on this blog in the past few weeks, as we've gone over issues with developers, uptime and changes to the API, but every time I think they've captured the market on a single route to failure, they find another way. The team's employees are talking a good game about getting this resolved, but seriously, Twitter, why should we believe you now?

I've been trying to decided what to do with twitter. I have great sympathy for the problem they're fighting -- the combination of growth way beyond expectations AND people discovering uses for a system that it was never designed for is close to my heart (and stress levels) -- but the trend lines are bad. I checked in this morning after yesterday's fun to see I'm only following 25 users. Makes twitter REALLY quiet, and I see no easy way to get my follower list back, and I have to assume if they were going to restore it, I have to expect it to be back by now. So having lost the one key set of data that ties me to twitter -- my follower list, if I'm going to rebuild that list somehow, or create a new one, or whatever, why do it on Twitter? I'd experimented with moving my twitter following to friendfeed, decided there were aspects of that I didn't like (* note 1), and moved it back. Mistake. And to be honest, I still can't see how twitter monetizes itself. it's not a service, it's a feature. well, monetizes itself other than selling itself to someone to be integrated into a service, but if I were looking to add something like twitter to a social network, I'm not sure I'd buy Twitter to do it, given how it's alienating its users, I'm not sure I'd buy it for the customer base, either. note 1: basically, I don't like how friendfeed hijacks replies onto friendfeed. What I really want is a tool like twitterific for friendfeed, one that recognizes where an item came from, pushes the reply back to that service, rather than suck it into friendfeed. I don't like the way friendfeed redirects the conversation off of the original service, not a bit (although I've noticed what seems to be a recent addition, which is an option to send a copy of the reply back to twitter also. progress, still not right). Friendfeed definitely seems to be a better answer to this kind of lifestream and discussion than twitter; I expect I may abandon twitter, or use it merely to monitor people who still use it. not absolutely sure yet, but twitter is definitely rolling off my list of things I pay a lot of attention to. The only reason I haven't is because twitterific does a great job of presenting and managing tweets, and friendfeed simply doesn't have an interface or tool that works for me as well (I've basically set it up so that I run friendfeed in a browser window in safari, and do the rest of my browsing in firefox... okay, not good, definitely not great. Twitterific being its own app adn window set works a lot better for me)

New and interesting uses for webmail...

For the last couple of weeks people at work have heard me muttering in the halls about "those damn geeks". I've been chasing down and cleaning up after a group that's been using the webmail system as a distribution system for -- stuff. Mostly warez cracks and video, from what I can tell.

Since this seems to be fairly widespread and flying under the radar at most sites I've talked to about this, I thought I'd give it some wider visibility and go into some of the details.

I want to emphasize this part:

Let me say right up front: no system cracking involved here, no security issues, no hacks, no cracks, no leaks, no bugs. They are simply using these systems as designed, not doing anything to penetrate or compromise the system.

Nothing was hacked in any way, this is purely (in its way) a social engineering hack taking advantage of free webmail sites all around the internet -- I saw at least 15 involved from my investigation.

I'd noticed some changes in network usage on the site the previous couple of months; bandwidth usage had doubled in both May and June, far beyond what I thought normal given the growth in new users we're seeing. It didn't seem too serious, though, so I stuffed it in the back of my head to investigate at some point.

Early July hits and I look at the numbers again -- and in the first 7 days of July we've used 10X the network bandwidth we used in all of June. We're talking orders of magnitude change, for no good reason.

That's generally a bad thing. So I went looking....

What I found was both fascinating and a little depressing. It was a group of people based in Poland that have turned public webmail systems into the equivalent of a Bittorrent network.

Let me say right up front: no system cracking involved here, no security issues, no hacks, no cracks, no leaks, no bugs. They are simply using these systems as designed, not doing anything to penetrate or compromise the system.

Here's how it seems to work: when they have a package to distribute, it is packaged up into pieces small enough to be attached to and sent as emails. Most webmail systems allow attachments up to about 10 megabytes. Files were split up and encoded in MIME as standard packages, although the details of name and type seemed to be ignored (lots of powerpoint files, in theory).

Then accounts were created on various webmail sites. In my sample of addresses, I see over a dozen different sites being used. The person doing all of this then emails the files to that mailbox, where they sit. Now, anyone who wants that set of files only has to get the access information for one of those accounts, log in via IMAP and let his email system download them. It looks like any given package is stored on between 3 and 8 different webmail accounts.

Account creation seems to be semi-automated. All accounts are of a similar format, a semi-random "word", followed by a 1-3 digit number. Passwords use the same format (but are never the same), ditto the "from" address and the "return-path" in the headers of the emails. Sometimes the files are stored in more than one account on a single webmail (another reason why I think this is at least semi-automated), but generally, it's sent to 4-6 webmail accounts on 4-6 different sites.

It looks like the actual account creation is manual, or semi-manual, because some of the sites involved use CAPTCHA on account creation and that isn't stopping them. I don't think this setup is sophisticated enough to have cracked CAPTCHA, so there are people involved in the setup. I think the account naming, and packaging is automated, but people are involved in the account creation and uploading. Once someone downloads the emails, there seems to be another script to put it all back together again, because it's not depending on the MIME data in the message to do naming or decoding -- in fact, that stuff is set up to (at least casually) make the content itself look innocent.

There's obviously a web site somewhere that tells you how to access the mailbox to get the content, but I haven't gone looking for it.

If you think about it, this is a pretty nice hack. With Bittorrent being scrutinized by many ISPs, they've set up a fairly low-tech, under-the-radar way of distributing "stuff" without easy detection. The original distributor only has to upload the files once, and then the rest of the resource costs are borne by the mail systems -- the webmail site pays the network to upload the files into the system, pays for the disk to store them, and pays for the network to distribute them back out.

Needless to say, I spent some time shutting all of this down. We ended up with a couple of hundred accounts that I closed out. All told I identified and closed a couple of hundred accounts that accounted for over 200 gigabytes of disk storage, and the network bandwidth they were starting to suck was going to be measured in terabytes, and we're a fairly small webmail site right now. One can only wonder what they're doing to some other sites....

The group is based in poland. 99% of the access of these files also came from Polish IP ranges. Fortunately, once you know what to look for, it's fairly easy to find these accounts, given the standardized naming, the limited IP range they're coming from, and the exceptionally large average message size. The latter is the easiest way to identify them, no "real" webmail account (at least on our system) has an average message size > 5Meg. Even accounts where users are parking files in their Imap for storage tend to have no more than a 1 meg average storage size.

This group spent some time experimenting with the site, evidently to see if we were paying attention. The earliest record I can find of them accessing the site is in April. In June, they ramped their volume significantly, and in July, they opened the floodgates (and I found it four days later, fortunately). It's hard to tell from the outside if this was them experimenting to see if we'd catch them and then ramping up when they felt safe or if this is a new network that was finally ramping up as they finished building it. Either way, it's clear there's a lot of network being used on a lot of webmail systems globally by these guys.

How to stop this? No easy answers. They aren't really "doing" anything we don't allow, it's more of a Terms of Service on content issue with policing. If the account creation was fully automated we could possibly plug that hole (and probably should on general principles; CAPTCHA might not stop this but it can't hurt, but some of the webmail sites being used have CAPTCHA enabled and it didn't stop them). On the other hand, there's no reason we should feel the need to let them pass around warez on our dime -- and they only have to use network to upload it once, and then the webmail sites pay for the bandwidth to accept and then deliver it as often as it gets downloaded, plus disk storage and the typical overhead of backups and etc.

What it really goes to show is that people will find interesting uses for any publicly available technology, whether or not you intended for them to be used that way. It also, I think, means we should be aware of what those possible uses might be and see if we can influence our systems to discourage the ones we don't like. For instance, a 5 megabyte limit on attachments might have discouraged these guys, but doesn't seem to significantly impact "normal" users -- I found very, very few emails on the system that large.

One of the things I've been pondering is ways to automate finding or setting alarms for this kind of "non-standard" behavior; quotas solve some problems, but not this one. I wrote a script that finds these accounts with really large average message sizes. It seems to me something that automates that process, or ways to monitor or rate-limit network usage on a per-account basis would be another way, or simply looking at accounts with the highest network usage.

Things that definitely don't help this kind of problem: quotas, looking for accounts at or close to quota, accounts with large number of log-ins, or even usage from many different IP addresses. None of those were true. I also didn't see any significant sign of multiple simultaneous users. The things I think of as "obvious" signs of abuse are missing here, it's a different set of parameters that become visible once you look.

One option I'm just starting to investigate is coming up with some kind of "typical" network usage per user, sort of a capacity planning number -- and then if the system deviates from that significantly it gives you a hint you need to look in more detail. I want to avoid having to monitor at the per-user level to the greatest extent possible, and find metrics at the system-usage level that might tell me if the system is within expected usage ranges or not.

In reality, there's nothing "wrong" going on here other than the sheer size of the operation and the costs it involves (and the fact that most of the content is likely illegal). technically it's pretty simple and straightforward -- a nice hack -- to shift the cost of distribution off to others in a way that's (in theory) low-key enough to not be noticed, at least until they get greedy in resource consumption. If they hadn't spiked usage in July like they did, I might not have gotten around to chasing them for a while.

My ultimate take-away, though, is that the users "use cases" for a technology are rarely the same as the developers. Sometimes the users innovate in really interesting and positive ways, sometimes they distribute warez -- but either way, people are going to see opportunities in your technology and that should be part of the discussion in designing those technologies.

My suggestion: if you run a webmail site that allows users to create accounts, you might just want to look and see what you find. Might surprise you.

Oh, for what it's worth, I've held off posting on this for a bit because I gave advance warning to the other sites I found involved in this. Of the 15 or so abuse@ accounts I sent the details to (including accounts, IP ranges, Received header data, etc, etc), one responded immediately and started their own search and destroy operation -- they happened to be one of the larger "white label" webmail, so that'll shut down any number of the domains involved.

But three of the webmail sites had their abuse@ addresses bounce as user unknown. One sent me email letting me know he was on holiday for a few weeks (in italian). And from the rest, including the two Polish ISPs where all of the upload activity intiated, total silence. Ohwell. Kinda sad, but hey, it's their network bill, if they don't mind paying it, I shouldn't complain... And I just did a check of our site to see if they took the hint, and I see no sign of them creating new accounts now or doing any kind of activity, so I think they're gone. Well, for now. I'll know if they come back...

Still broken: Dear Yahoo! If anyone is left there, please fix it so your system accepts @me.com addresses

Chuqui 3.0: Dear Yahoo! If anyone is left there, please fix it so your system accepts @me.com addresses:

Try setting up and validating a @me.com address onto your account, so you can, say, use it with yahoo groups as your subscribed address. Yahoo tells you foo _at_ me.com isn't a valid email address. which until a couple of weeks ago was correct

Just checked. Still broken at yahoo. And for those that were asking, yes, I tried to find a place on the yahoo web site to report this problem, but they hide it amazingly well. I did find a friend at Yahoo still at yahoo, and he filed a bug internally on it the other day.

But it's not fixed.

And yes, @mac.com still works. and no, I don't want to use an @mac.com address here. I'm moving my email to chuqui@me.com, and I might as well leave the subscriptions where they are rather than move them to @mac.com then move them again.

So yes, this has been reported.

Dear Yahoo! If anyone is left there, please fix it so your system accepts @me.com addresses

This is kinda sad -- mentioned it yesterday here, still broken. Try logging into your yahoo account. Try setting up and validating a @me.com address onto your account, so you can, say, use it with yahoo groups as your subscribed address. Yahoo tells you foo _at_ me.com isn't a valid email address. which until a couple of weeks ago was correct. I'm amazed Apple hasn't beating the crap out of someone over there over this, or maybe there's nobody left that can fix this and cares? (hey, people at Apple who read this, shouldn't someone be 'encouraging' Yahoo! to get this taken care of?) Having this broken last week as me.com was fully rolling out -- would have been annoying but somewhat understandable. That it's still broken now? But Yahoo! stopped being able to execute well a while back, no? At this point, I'm going to be curious how long this stays broken.

Blogging Jumped the Shark?

Has Blogging Jumped the Shark?:

Wow. Jason Calacanis is leaving the blogosphere. I relate to how he feels; this stuff takes a lot of time and thought and you have to have the nerves of a stand-up comedian to keep doing it everyday. His blog was a good read and he will be missed.

I bet Jason will be back though in some manner or other and soon. After all, he is the Brett Favre of blogging

Sorry, Ted, but no.

Saying Blogging has jumped the Shark because Jason's giving it up is like saying television is dead because the guy who's selling Oxy-Clean at 2AM wants to do "real acting" on Broadway.

Jason never blogged. He shilled, whether it was Mahalo he was shilling or Jason. I stopped watching his act long ago; in fact, I'm amazed at how many people still follow him given the lack of any interesting content. Mahalo was the Time-Life books of the blogosphere, nothing more.

And now, after years of doing the Cal Worthington thing (a reference for you Socal folks), now he wants to be taken seriously and get personal and intimate with his readers. or something like that.

More power to him. Too bad he didn't try that when he started. Now, at least for me, it's a bit too late to really give a damn. He treated the blogosphere like a marketing opportunity, not a community or conversation, and now he finds what he's doing hollow and shallow?

Gee. Count me as stunned -- that he noticed.

This is like Larry the Cable guy deciding he needs to get some legitimacy and taking on King Lear. I sympathize with the intent -- but I'm not going to buy tickets....

(and one of my favorite "calling bullshits" on this -- Tony Hung:

Deep Jive Interests » I, Too, Call “BullShit” On Jason Calacanis:

But let me join the chorus of doubters, nay-sayers, and “haters” (who Jason calls out on as a ‘reason’ to stop blogging) in calling BullShit on his “official” reason, above.

)

and anotehr good rant, from Matthew Ingram:

Jason’s long goodbye: Give me a break » mathewingram.com/work |:

is giving up blogging because he craves something more “acoustic and authentic.” That part stretches believability to the breaking point. If anything, an email newsletter is a step backwards into megaphone and pulpit land; which makes sense, I suppose, since I have a hunch Jason much prefers the one-way pulpit to the two-way blogosphere. And when Jason promoted his new email list on FriendFeed, he said it was an “insider” list and was for: “insiders only, please — no casual folks.” Seriously, who talks like that? Not even Jason could be so totally without even a stitch of self-awareness.

honestly? Jason's convinced me he's so full of himself that he could be that un self-aware of how he presents himself to others.

Quoting AP content

KuklasKorner : Hockey:

Note: The reason the quoted segment is short (or rather, virtually non-existent) is because of this Associated Press policy we pointed out last week, restricting bloggers from quoting more than 4 words of their articles without payment. The AP is uncredited at the top of the Globe & Mail link (ironically enough) but it is originally their article.

It's a truly silly policy, even moreso for this reason: If you don't abide by it, what are they going to do? $17.50 for a 50 word extract; enforcing their terms would bleed them dry. If you simply ignore them and quote anyway, how much will it cost them to send you invoices and actually try to collect? Or bring in lawyers to Cease and Desist you? The fastest way to kill a stupid policy like this is to play the conscientious objector game. If I want to quote AP, I will. If they want money from me, they can send me an invoice, and then try to collect on it. If they can do that and make money on $17, then more power to them. It's a stupid policy aimed at sucking a few bucks from stupid people who voluntarily pay up. Let them actually have to fund collection, and watch how fast the policy dies, because there's no way they can make money on it other than stupid money...

Daring Fireball Linked List: May 2008

Daring Fireball: Icahn Launches Yahoo Challenge

The problem with Icahn’s argument is that Yahoo’s stock price remains significantly above where it was prior to Microsoft’s offer. Yes, it’s still below what Microsoft offered, but not by much.

And the problem with this argument is that Icahn has been propping up Yahoo's stock by buying significant chunks of the shares. If you look at Yahoo's stock since the Microsoft deal collapsed, you can clearly see places where automated buying was kicking in every time the stock tried to drop below a given price point, and buying that was grabbing significant chunks of stock. In retrospect, it was clear Icahn (and probably others) were grabbing on weakness, but not letting the stock get too weak so that others might step in first. So the real question is "where would the stock be if Icahn wasn't buying all available shares?", and secondarily, if he changes his mind and liquidates, what will that do to the stock price? answer to these questions is far from positive for Yahoo. And the current stock price is not so much because that's where Yahoo ought to be, but because there are a bunch of investors seeing a profit to be made. If that ability fades and they all liquidate their holdings, watch out. Where would Yahoo's stock be? Certainly not $27 where it is now. Not $19, which is where it was when Microsoft walked in (but which, to me, was an over-reaction down that Microsoft saw as an opportunity) -- but $22? I'd bet on something around there. And frankly, if Icahn wasn't buying up available shares around $25, then some other shark would be buying them at $23 and willing to take a profit at $28 instead of $31. Even if Yahoo fights off Icahn (and few companies succeed there without losing at least an arm), there's another person like him who'll likely step in at the next price point down..

“If the news is important, it will find me”

“If the news is important, it will find me” - - mathewingram.com/work:

Think about that for a second — or longer, if necessary. I think that sums up, in ten simple words, what has happened to the way that many people (and not just young people, but those who use RSS readers and blogs and social networks as well) consume the news. Not only is there just so much of it out there that it’s virtually impossible to consume it all, but the very fact that someone you know — or trust — has passed on or blogged or Twittered or posted a link makes it more likely that you will read it.

And here is one of the great differences -- and changes for the worse -- of the move to online and social network news distribution. It's news by echo chamber.

If you get news from the circle of friends (or "friends"), you're being fed information from a group of people that at a first degree of interpretation have the same, or similar, interests as you do. So the news that finds you is most likely news that reinforces your existing interest areas and knowledge set.

One aspect of the traditional media that's being lost is the ability to tell people things they need to know but don't know they need to know.

Where does "The Jungle" or "Silent Spring" or "The Pentagon Papers" -- or hell, Watergate in its totality -- exist in the new reality? If you're not already interested in the environment, will your RSS feed push at you until you become interested in global warming? Or will you unsubscribe to the feeds that keep annoying you wtih stuff you don't think is relevant?

How will those issues that are important but not already on your radar GET on your radar?

My worry is we're creating an environment that doesn't inform as much as reinforce.

Is the best we can do in the future Michael Moore? Or will even that fade as people lock themselves further and further into the echo chambers they choose to be a part of?

More on... The Pirate Bay (tra la...)

Chuqui 3.0: The Pirate Bay: Is it illegal to point?:

but what if the PirateBay has non-infringing uses?

Here's the classic question about this issue. And at some level, a legitimate one. But -- if a "massage parlor" actually will perform massages, does that excuse the fact that 3/4 of the rooms are used for prostitution? Not in the eyes of the police. Even if the massage parlor isn't formally involved in the bonking and doesn't take a cut of the proceeds, it gets hard to ignore the sounds coming from the rooms and be able to say you had no idea with a straight face ("I'm shocked. shocked to find out there's gambling going on in this place!" "your winnings, sir")

Look, if the Pirate Bay way all about legitimate uses, why did they call it the Pirate Bay? If my mythical massage parlor was all about deep therapeutic shiatsu, why did they call it "tickle your fancy asian cathouse massages (nudge nudge)"?

The reality is, if these services were primarily about legitimate content, we wouldn't be having this discussion. It's not that 5% of the material is being pirated, it's that it'd be amazing if 5% of it was actually legit. It's like a massage room where 29 of the 30 rooms have a mattress saying the massage table in the 30th room makes it all okay.

What bothers me about this is the double standard so many of these people have: they show a complete disregard about the control and protection rights of the content owners (whether those rights are appropriate is irrelevant to this), but they have a cow and a half whenever they think some corporation has violated the GPL. So often, the argument boils down to "if this is what I want, it should be legal".

Stop and think about the reaction of the geek community if a group of corporations got together and decided to ignore the GPL and use the software as they wish and pass around copies of it that violate the agreement. All hell would break loose.

Now, stop and ask yourself just how that's different than what the Pirate Bay is doing to media content. Answer: it's really not, except in one case, it's something you value (the GPL software and agreement) and in another, it's something you want. But in reality, both are enabled by the same rules, and when you blow them off in one direction to your benefit, when someone returns the favor, why should you complain?

Update: from the comments:

Chuqui 3.0: More on... The Pirate Bay (tra la...):

While I think I basically agree with you, my concern is more about how this will be handled legally,

well, yeah, but... should people who are blatantly ignoring the laws because they don't like them have any real room for complaining that the other side isn't playing by the laws fairly? Sort of like rioters who are breaking store windows complaining that the police shouldn't be allowed to use tear gas, if you ask me...

Microsoft Goes After Yahoo - First Take

Given I said this last night before bed, imagine our surprise and amusement this morning to wake up to this:

Gartenberg is (as usual) on the mark here: buying Yahoo is the easy part. This is, I think, a good thing for Yahoo, whether it works or not -- it's at the least going to force a merger or a sever shakeup, which Yahoo needs. Now, if I'm Yahoo's less-than-week-old net CTO, I'm probably much less amused. The fact that Yahoo just announced a new CTO is a good indication this is both pretty much a surprise, and Yahoo wasn't quietly planning for this...

Michael Gartenberg - Microsoft Goes After Yahoo - First Take:

We'll have lots to say about this as more details emerge but so much for a slow news Friday. In one sense, this is no surprise, rumors have been floating since 2006.

It's clear that Microsoft is facing increased pressure from their competition with Google and this is a bold move for them to make, especially given Mr. Ballmer's disdain for doing large acquisitions like this.

It's also clear that a merger with Yahoo isn't necessarily going to be a panacea that solves all of Microsoft's problems. Like most things, the details are what will matter, particularly in how these two very different companies will be able to integrate their efforts. The real work isn't going to be getting a deal done. The real work starts the moment the ink on the contract is dry.