InBoxRevenge KS Forum

http://www.prweb.com/releases/2013/1/prweb10342129.htm

End spam with SpamSit! The occupy spam protest tool.

SpamSit allows users the choice to have a sit-in protest at the websites that are advertised by the spam that each user has received. Available now for Windows from Kykas Corporation.

California (PRWEB) - January 21, 2013

SpamSit is a new and revolutionary tool to fight spam. Using the power of direct action protest users can disrupt the spam economy and force spammers to adapt opt-in advertising. Using the spam that a user receives SpamSit follows the web links embedded in the spam to identify the website host that is advertising with spam. The user may then choose to protest directly against that website host.

Like the Greensboro sit-ins, a user's protest occupies a seat (connection) at the website host. Since there are limited seats (connections) available, if enough users receive spam for the same website and choose to protest, paying customers have trouble getting through.

SpamSit provides useful information to the user to help with identifying whether the linked-to-host is spam advertised, or was included in the spam to fool the spam filter or user. The user can see at a glance if the linked-to page is related to the spam subject. The user can also look at the whois information for the domain and ip address as well as dns information for the domain. Additionally, there is a log of the url trace that can be informative.

All handling of email and linked pages is done in a safe way without running any embedded scripts that could compromise the user’s security. There is an option for the user to hide their username and/or domain name if embedded in the email.

Another type of spam that users may protest is the kind that asks for an email response. Most of these are the Nigerian scam emails. The user may choose to protest by sending a randomly generated reply to the scam. If a large number of users protest the scam, the scammers will have a difficult time finding the email replies from the poor fools that fall for their scam.

Softpedia wrote: "SpamSit is an application that was especially created in order to provide you with a means of protesting against spam messages in a simple manner". Free Downloads Center wrote: "Interface is highly intuitive", "user friendly", "terrific features" and "amazing program".

Asked why we should care about spam Janaka Stevens, the author of SpamSit, said "Besides the offensive invasion of privacy spam has a significant economic cost to society. That cost was estimated at $20 billion annually in a paper published in 2012 titled "The Economics of Spam" by Justin M. Rao and David H. Reiley, researchers at Google and Microsoft respectively. On top of that false positives by spam filters also lead to many important emails being missed."

Kykas Corporation, the publisher of SpamSit, was founded in 2011 by Janaka Stevens. For additional information contact Janaka at press @ kykas.com or visit our website http://www.spamsit.com.

Edited to remove live links -- Alpha

I wish you luck.

This forum was founded in the aftermath of the Blue Frog / Blue Security takedown by criminal spammers way back in 2006.

I personally don't think this approach is effective, but that may only be me. Additionally: since our major target right now - EvaPharmacy - uses 100% "someone else's" servers which have usually been abandoned or otherwise unkempt, this has zero effect on their profitability, since they don't even own these servers, and don't maintain them. It might finally wake the server owners up to the fact that their servers are poorly maintained and being used by criminals, but I doubt it. (I've been trying for years.)

Keep us posted re: any major successes and especially any threatening emails from spam companies.

I recommend focusing hard on any of the "This housewife made $8000 a week from home" scam sites and the recent bout of health / diet pill sites, both of which rely on building fake news sites with "editorials" to allegedly promote their stupid wares. That could be a good start.

Thanks for joining and notifying us.

SiL

@Janaka: What you're describing is a distributed denial of service attack. (It sounds like a syn flood attack strategy, based on your description.) It's not legal, regardless of how much the target merits it.

And since spammers tend to hack other people's servers and websites or send joe jobs that mention their enemies' sites, the target often doesn't deserve it.

Your users are going to shut down innocent sites on shared hosting. When the target site owners complain to your users' hosts or to the FBI, your users will be the ones held responsible. Their own ISPs are likely to shut down their accounts.

Looking at the screen-shots I can see some very useful tools have been integrated to give a good picture - IP address, WHOIS, URIBL lists etc.

I also like the sound of building a spam database.

You state:


However, as others here have noted, it sounds like a denial of service, especially since you describe it as:


It is not clear what the specified operating environment is for this 27MB program - Widows? Linux? until the user has downloaded it and reads the License Agrement


You do not list any prerequisites or dependencies - such as the .NET framework required before execution can commence.

You do not provide an Uninstall routine in the Set-up.

AlphaCentauri, it only seems like a ddos. There are some subtle differences though. The primary difference is that each user acts alone and only on the spam he receives. No individual user makes more than a few simultaneous connections. Nothing anywhere near a syn flood. The problem for the spammer website host is that the spammer sends out millions of spam emails and therefor may have thousands of individual protesters. The result of there being so many protesters is that the host my be flooded. The purpose of direct action protest is to force change. But it is not change by a few, it is change by the many.

The tools provided with SpamSit are there to help the user choose real spamvertised websites. If a lot of users make the wrong choices then an innocent site may be hurt. Host providers could be forced to be more vigilant about spamvertised websites on there servers. Some hosts are a bit lazy about it.

Fighting spam can have consequences, not fighting spam can have greater consequences.

We all agree that this is exactly what the spammers deserve. You send email invitations to 2 million people a day to visit your website, you ought to be prepared for the traffic. And if you get a lot of overage charges for extra bandwidth, hey, sucks to be you.

But it's when we talk about there being a limited number of connections that it sounds like a syn flood, and when we talk about their legitimate customers being unable to make connections that it sounds like a DDoS. Just because there are lots of people participating, doesn't mean it's legal. Look at how the government of Georgia was taken down by a lot of stupid people downloading a DDoS program onto their computers and running it just out of nationalist sympathy.



Again, you won't find a lot of disagreement here. And the people here are capable of looking over a list and choosing which sites deserve takedown. We use automated tools to help keep up, too.

But as we have seen with all the joe jobs that we receive, the majority of people who would like to fight spam don't know what the f--- they're doing. They'd attempt to shut down google.com if it appeared in a list you generated.

I guess part of the lukewarm reception you're receiving is that we've seen this before. It started with spam-vampire-like programs that increased the load on spamvertised websites. In cases like Blue Security, where there was a distributed method to submit unsubscribes, once spammers saw large numbers of people joining the network, they DDoS'd the server into a smoking crater in the ground.

And in the past spammers have used botnet hosting on trojan infected hosts to make it nearly impossible to slow down their websites based on heavy traffic. (Now, they are using Cloudflare to do the same legally.) Meanwhile, the accusation that antispammers are using illegal DDoS methods has muddied the waters. People still claim that Blue Frog was a DDoS. If we don't have the moral high ground, it makes it hard to get people to take us seriously.

We've taken a different strategy by escalating the issue from the level of the spammer to the level of whatever supposedly legitimate host or registrar is enabling them. We hold those entities responsible for the illegal activity they are supporting. We refuse to accept the excuse that "there's too much spam to try to stop it."

We've had a lot of success. We aren't the only ones fighting spam, but the fact is that spam volume is way, way, down. And spam promoting URLs has dropped the most -- a high percentage of current spam is advanced fee fraud that only has an email contact in the spam. Those email-address-based ones are the ones we're having to scramble to fight, and they're not addressed by spamsit, either.

Sorry I was a little slow in getting back. I wrote about SpamSit and DDOS on my blog and here is the copy. By the way, SpamSit does enable a way to protest scam spams.

Protesting spam with SpamSit is not a "Denial-of-service attack".

The wikipedia article on "Denial-of-service attack" differentiates between intentional and unintentional denial of service. If an individuals intent is to cause a denial of service at a particular website then SpamSit is not an appropriate tool: it is less useful than a web browser. Although users of SpamSit may wish that their protest will be effective they have no control over whether or not it will be. No individual user of SpamSit can do damage. And SpamSit does not provide for any coordinated action among users. The effective level of protest is determined by the actions of the spammer. If thousands of SpamSit users are each spammed with links to a website that they individually choose to protest then the spammers themselves are responsible for the results.

It would be more accurate to compare SpamSit to popular websites such as Fark, Digg, Drudge Report, Reddit, or Twitter. In this case the spammers are posting the links and SpamSit users are choosing which links to follow. This can result in the slashdot affect, otherwise known as being Farked or Drudged, or being under the Reddit effect.

SpamSit is different from popular websites or Denial-of-service tools in that it is a protest tool. And here we get to the crux of the issue. Protest is not an attack. We have a right to protest for political, social, and economic change. There is clear justification for a protest against spam.

Consider these two items from the CAN-SPAM Act of 2003;
SEC. 2. CONGRESSIONAL FINDINGS AND POLICY.
* (a) FINDINGS- The Congress finds the following:
*
* (12) The problems associated with the rapid growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal legislation alone. The development and adoption of technological approaches and the pursuit of cooperative efforts with other countries will be necessary as well.



* (b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY- On the basis of the findings in subsection (a), the Congress determines that--
*
* (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source


Think of SpamSit as a technological approach to declining to receive spam. The CAN-SPAM system of opt-out is very limited and only useful for the most trusted mailers who would not be spamming in the first place. Currently that leaves us with protest as the only effective tool for opting-out.

Regarding our right to sit-in protest we see in Brown v. Louisiana, 383 U.S. 131 (1966), the Court held as protected speech a peaceful, silent stand-in. Speaking of speech and assembly, Justice Fortas said "As this Court has repeatedly stated, these rights are not confined to verbal expression. They embrace appropriate types of action which certainly include the right in a peaceable and orderly manner to protest by silent and reproachful presence, in a place where the protestant has every right to be..."

The question that arises from the previous is whether a cyber sit-in protest occurs "in a place where the protestant has every right to be". In PULTE HOMES, INC. v. LABORERS’ INTERNATIONAL UNION OF NORTH AMERICA we find "Rather, like an unprotected website, Pulte's phone and e-mail systems “[were] open to the public, so [LIUNA] was authorized to use [them]." Also of note is the fact that the spam email has invited the protester to their website.

There is the question of whether a private website is an appropriate venue for protest. We believe so because the only public face for most spammers is the website they promote with their spam. In Agricultural Labor Relations Bd. v. Superior Court 16 Cal. 3d 392 (1976) we find "We do not minimize the importance of the constitutional guarantees attaching to private ownership of property; but as long as 50 years ago it was already "'thoroughly established in this country that the rights preserved to the individual by these constitutional provisions are held in subordination to the rights of society. Although one owns property, he may not do with it as he pleases any more than he may act in accordance with his personal desires. As the interest of society justifies restraints upon individual conduct, so, also, does it justify restraints upon the use to which property may be devoted. It was not intended by these constitutional provisions to so far protect the individual in the use of his property as to enable him to use it to the detriment of society. By thus protecting individual rights, society did not part with the power to protect itself or to promote its general well-being. Where the interest of the individual conflicts with the interest of society, such individual interest is subordinated to the general welfare." The previous was part of the justification of the Court in Robins v. Pruneyard Shopping Center , 23 Cal.3d 899 to allow protest at private shopping malls.

Another issue could be the question of damages to the host websites because of a sit-in protest. In NAACP v. CLAIBORNE HARDWARE CO., 458 U.S. 886 (1982) we find;
1. The nonviolent elements of petitioners' activities are entitled to the protection of the First Amendment.
2. Petitioners are not liable in damages for the consequences of their nonviolent, protected activity.
(a) While the State legitimately may impose damages for the consequences of violent conduct, it may not award compensation for the consequences of nonviolent, protected activity; only those losses proximately caused by the unlawful conduct may be recovered.

IANAL, but be careful how much protection you assume you get as a protester. Protesters get arrested and sent to jail all the time, mostly short symbolic sentences, but some like Phillip Berrigan have done hard time. It's related a lot more to how powerful the target of the protest is, rather than how sincere the protesters' intentions are.

If a targeted spammer has hacked a Fortune 500 company's server to host their links, and you bring their server down, guess who the FBI is going to come after?