Look at your pull-based system for things that push

December 31, 2009

Here is a corollary on how push technology breeds spam: even if you have carefully built a pull based system that is thus insulated from spam, you need to carefully take a fresh look at it to see if you have any features that do (implicit) push actions that could be exploited by clever spammers. You'll probably have some push features (because they're useful for your users), in which case you need a plan for dealing with spam through them.

To be clear here, by 'push features' I do not mean things like 'invite your friends' email (that's a whole different issue); I mean any feature that lets user A put something in front of user B without user B explicitly asking for it. Internal private messaging is an obvious push feature but there are lots of others.

Twitter makes an interesting example for this. In theory Twitter is all about pull; you decide who to follow and who not to follow, and that's it. Except that there are at least two push features, and spammers exploit them both:

  • people are notified when you start following them. So you follow somebody and either hope that they'll reflexively follow you back (in which case you start spamming) or look at your profile and perhaps your website.

  • people can be notified if you reply to one of their messages (or to them in general). So, well, you reply to messages with spam or (possibly vaguely relevant) marketing messages.

Both of these features are clearly useful to real users, which is presumably why they exist, but spammers have figured out how to exploit them just as we'd expect.

Written on 31 December 2009.
« Real world support periods are shorter than they look
Why free things are so attractive in universities »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Dec 31 01:04:10 2009
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.