Regarding legality of the DDoS system... > IMO, I prefer not to participate in illegal activities even if I > won't "get > caught". I believe it to be against common decency.
This injects some morality into the equation, but I would first want to know for sure whether the activity in question is *actually* illegal, and on what arguable grounds. That's a question for the (US) legal system, and I'm not sure at this time there's a precedent to determine whether it actually is. If the activity were NOT illegal, then I think morality plays a less substantial role. In other words, the "two wrongs don't make a right" idea doesn't hold up unless there are TWO proven wrongs. Technically speaking, spamming HAS been proven to be a wrong (at least when looking at the US legal system and the CAN-SPAM laws), whereas DDoS against spammers has not (yet?)(really?). Personally, I too despise the idea of doing something illegal on the basis that I won't get caught. However (if the precise activity under discussion were proven illegal), I would have to balance that against the illegality of what the spammers are doing (where there DOES appear to be court rulings and precedent), and the idea that the activity could be seen as a means to stop the abuse of my network and resources... by shutting down the abuser in some way. A thin line? To be sure. But not as black and white, again IMO, as the statement would make it out to be. A hard truth that may or may not be relevant is, "If the Internet were a haunt of 'common decency', we'd not be seeing the spam problem in the first place." ;) Another hard truth is that the Internet plays by a completely different set of rules, and that it has a way of self-correcting things. The Lycos DDoS screensaver could be seen as the Internet environment "self-correcting" the overabundance of spammers/spam. If the DDoS screensaver becomes a problem, the Internet will self-correct again. (All speculation or opinion, of course). In the "balance of illegal activities", the spammers are IMO much more on the down side. If one were to argue "the lesser of two evils" point of view, they are participating in "much more illegal" activity than we are by simply trying to make their (NOTE: *proven* illegal) activity less lucrative. If you see this particular "right and wrong" comparison as a black-and-white issue, this argument obviously does not hold up. Some of us will not see it that way, of course. So I guess #1 - "Will I be sued/am I legally vulnerable?" stands to be answered in the future, when the first lawsuit against such a system actually rears its ugly head... and whether you are willing to be in the initial "risk group" of pioneers. Again speaking strictly to the legality/possible illegality of DDoS against spammers, to a certain extent, the spammers and/or their network provider(s) would have to answer a big question before starting litigation against a DDoS spammercide system provider like Lycos: Are we willing to expose ourselves as spammers or supporters of spammers to win their case? Maybe that's not a real concern, I don't know. What seems to be pretty clear is that there is already legal precedent against spammers, and it has no teeth. The Internet has a whole new set of (global) rules... and it's looking like a new one is "if you are a spammer, prepare to have your destination sites DDoS'd". I'm guessing we'll see even more DDoS apps pop up, in the form of more screensavers, tray/background services, and the like. Assuming that the DDoS system is accurate and only attacking actual spammer websites (a big assumption right now, I know), I welcome opinion on this: Spammers have more incentive to host their sites outside the US, because of (albeit relatively toothless) US CAN-SPAM laws. Since the DDoS created by Lycos' screensaver system is able to DDoS sites outside our borders, how can a DDoS from the US, to say India or Brazil, ever even be considered illegal unless determined somehow by International law? Even if the DDoS system were made illegal in the US against US-based sites (which should subsequently be dealt with by the CAN-SPAM laws), the same system could be configured to only attack spammer sites outside our borders. Likewise, if Lycos has international presence with this system, what's to stop them from listing US spammer sites in their database/DDoS system located outside US borders... a non-US database used only by non-US nodes, to attack US spammer sites. Again, in this case, legality takes on a whole new problem -- international enforcement. The same things we face every day dealing with the TBs of spam. I guess I would pose this hypothetical: Assume that it were absolutely guaranteed that the Lycos database would only contain legitimate spammer websites -- the websites that are the direct link from UCEs. Assume that Lycos has in place a direct, legitimate, simple means to have the website verified and quickly removed from the database if found to not be in direct support of a spammer's UCE. Assume that no legal system on the planet has ruled this particular activity illegal. Assume that the system had enough participants to make all these concerns worthwhile, and that the system was actually working -- that spammers were having a difficult time trying to make their UCE useful, because the sites where the purchases would be made would be unavailable. On what grounds would you (everyone here, nobody in particular) still be unwilling to approve of such a system? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Joe Raykiewicz > Sent: Tuesday, November 30, 2004 8:47 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Lycos screensaver tackles spam websites > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Marc Funaro > Sent: Tuesday, November 30, 2004 7:33 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Lycos screensaver tackles spam websites > > Absolutely correct. I wasn't denying that it's a DDoS, only making the > point that it would be difficult for the law to prosecute any one person, > which was the concern that I think I was hearing here. The > whole idea, of > course, revolves around using the screensaver tool to create a > DDoS against > spammer websites... that's not the debate. A question... has anyone ever > seen the (US) legal system go after the owners of individual > nodes involved > in a DDoS? > > The concerns that are created by such a spammercide system seem to be: > > 1. Will I be sued/am I legally vulnerable? > > 2. Will I be attacking an innocent netizen? > > 3. Could I myself be attacked by such a system? > > 4. Am I harming the Internet as a whole? > > 5. Where in the world is Carmen Sandiego? > > IMO, (#1) is taken care of by the relative inefficiency of the (US) legal > system; the idea that Lycos is likely the one that would seem > most at legal > risk; that proof against an individual DDoS node owner (willing > or not, that > would hold up in court) would seem to be difficult to come by; and by the > apparent lack of precident in lawsuits related to DDoS attacks. > > IMO, (#2 and #3) might be countered by the fact that Lycos is > not creating a > fully *automated* system... that there are humans to > maintain/populate/extract sites from the list of "spammers". My > concern is > how easy they would be to reach, should either #2 or #3 actually > happen... > which could actually be answered by Lycos themselves (?). > > IMO, (#4) is a direct result of the answers to (#2 and #3) more than > anything else... spammers already seem to be doing a lot more harm. > > #5 is just stupid, listed here only because I've had too much > coffee yet am > still very groggy. > > Please note that I'm not escalating this into a flame war... and > I've tried > to qualify all of the above statements with IMOs and "seems" and > other such > wishy-washy minutae. I'm enjoying the conversation and equally respect > other's concerns that a spammercide system like Lycos' screensaver COULD > become more of a problem than a solution. I'm just leaning more > towards the > "let's see what happens" side of things. > > It's an emotional stance to be sure, and maybe tomorrow my emotions won't > play as much into my position, but right now I'd love to see the > jerks that > run these sites, attack my mail servers, and interrupt my > clients with junk > in their inboxes get what's coming to them, and this seems like > it might be > a great start. > > There was a list or article or something, published somewhere > that I can't > remember (anyone?), that shows how a large majority of spam comes from a > relatively few number of sources overall. Even if Lycos only > listed the top > 10 worst, long-standing offenders in their database, and had a > REAL number > of screensaver/system participants, it would increase the costs to those > offenders to a point where they'd have to reconsider what they > were doing, > wouldn't it? It would seem that we could all agree that there > are certain > types of spam that are just "obvious spam"... not spam for the sake of > creating an attack on a legitimate site... that would be obvious > choices for > the Lycos (and similar) spammercide DDoS databases. > > I absolutely welcome opposing viewpoints. > > Marc > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of R. > Scott Perry > > Sent: Tuesday, November 30, 2004 8:08 AM > To: > [EMAIL PROTECTED] > Subject: RE: [IMail Forum] Lycos > screensaver tackles spam websites > > > > >... It's not a specific, > dedicated, unrelenting attack against > a site from > >your > > >machine... > there is plenty of space between each "hit" to the > sites in their > > >database, and it rotates among six or seven sites within the > > screensaver... > > > > In other words, a DDoS attack. > > > > My website www.DNSstuff.com is currently under a DDoS attack, > from > malware > that is installed on 10,000s of computers. It wasn't > designed > > to be a DDoS > attack -- the malware author simply wanted > information from > my site. It > wasn't a specific, dedicated, unrelenting > attack, and there > is plenty of > space between each hit. But multiply 100 hits/day times > 10,000 > computers, > and you have 1 million hits/day. > > > > In your case, it may be 3MB/day per machine. That might be within > > "acceptable limits." But if you intentionally try to get an unlimited > > number of people sending those 3MB/day, the intent is a specific, > > dedicated, unrelenting attack. > > > > -Scott > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
