The Australian, Thu 16 Sep 1999

Gibbering clones the future of Usenet?

By DANIEL RUTTER

Imagine, if you will, a public forum where anybody can stand on a soapbox and speak, and everyone can listen to any of the speakers they choose. What you're imagining is, more or less, Usenet. Usenet is an enormous collection of publicly accessible fora where you can post and read messages about more or less everything anyone talks about. Some postings are brilliant, some are less brilliant, some are inane, some are utterly unfathomable. But everyone with Internet access can have their say.

About fifty gigabytes of data is presently posted to Usenet every day, a number which seems set to double every ten months or so. About 90 per cent of Usenet content is binary files - programs, pictures, sounds and so on. The remaining five gigabytes, though, represents something in the order of nine hundred million words of text. Per day. For comparison, a really fat paperback spy novel might contain a quarter of a million words.

The amazing thing, though, is that ordinary users can actually deal with this incredible torrent of data. It's possible to drink from the firehose, as it were, because of the thousands and thousands of different newsgroups between which all of the data is divided, and also because of newsreader software that lets you easily follow a given "thread" of conversation. If everybody plays nicely, Usenet works stunningly well.

Unfortunately, everybody doesn't play nicely, and a new and hard to combat kind of nastiness has recently arisen.

Imagine the metaphorical forum above again, and imagine that in this forum there are people with the power to create a perfect duplicate of you, which can stand on one of the aforementioned soapboxes and talk absolute blathering nonsense. Nonsense like, for example:

"After other ingratiating marshlands, it can be almost differential aboard her model replenishment either wrestle after he has anew catered it. Anywhere each minus expeditiously that, messing earlier though higher. Back another but vainly another, conquering deeper plus better.

"Amidst no lamentation without an extension no shrill larkspur flogged no trundle pending every household, nor above each stammered the stanch phrasing reasoning - no same, the indolence, which you had powered underneath every orthophosphate of a farm atop every commissioner. Round all no brow he was the turntable at skin, all tempest plus all narcotic; nor excluding us he approximately gave a sufficiently unconscionable microscope down its exorbitant speedometer, no portico who had redecorated after our reharmonization."

You get the idea.

And imagine that the people who make these things can make not one, not ten, but hundreds of them, packing the whole place with gibbering lunatics that look just like you. Nobody's going to mistake any of the fakes for the real you once they hear a few words, of course, but there's no easy way for them to tell which is which without listening to them all in turn - which means, in all likelihood, that many of them will never find the real you. If it happens often enough, sooner or later everyone's going to just give up and go home, and newcomers will be both mystified and discouraged.

This extraordinary state of affairs is happening right now on Usenet, and it's called "sporge". Sporge is a neologism coined by German software developer Tilman Hausherr; it's a contraction of "spammed forgery". "Spam" is here used in its original meaning; not unsolicited commercial e-mail, but irrelevant or inappropriate messages posted to Usenet, which were annoying people long before Amazing Business Opportunities and come-ons for porn sites started routinely cluttering up e-mail in-boxes.

Like commercial spam, sporge is not something just any idiot can do - at least, not for long. Practically every ISP in existence has service rules which forbid the most common kinds of obnoxious online behaviour, and most of them are good at cancelling the accounts of offenders as soon as the complaints start rolling in.

So sporging will lose you your Internet account post haste, but the actual act of doing it, once, is no harder than serious spamming; you can do it with a lightly modified version of a Usenet power tool like HipCrime's somewhat notorious NewsAgent.

NewsAgent was originally created as a power-cancel tool, to let anybody pretend to be anybody else and spawn lots and lots of cancel messages, or "cancels". Cancels propagate through the Usenet network just like regular messages, except that a server that pays attention to a cancel will delete a message, specified in the cancel, instead of adding a message to its database.

Cancels can be "first person" - issued by the person who originally sent the message to be cancelled - "second person" - issued by an administrator of the system through which the message to be cancelled was sent - or "third person" - sent by anyone else.

Third person cancels of spam and related over-posted or inappropriate messages ("inappropriate", in this case, meaning binary files posted to non-binary newsgroups, for example, not rudeness or irrelevancy, although some newsgroups have moderators who cancel messages on content grounds) are common on Usenet. Exactly what kinds of third-party cancel are, or should be, acceptable is a topic of hot debate, in which the United States Constitution's First Amendment is often mentioned.

Those who reckon that anything a system administrator can do, they should be able to do too, are responsible for software like NewsAgent. The generic term for software designed to send lots of cancels, with the ability to cancel messages according to sender and/or content and/or newsgroup, is a "cancelbot".

Cancelbots are powerful and easy to misconfigure, and a misconfigured cancelbot can cause havoc. This is a bad thing, for the (very few) people that are trying to do sanctioned cancelling, but it's a good thing, for the people that want to cause havoc, and make a newsgroup whose inhabitants they dislike uninhabitable.

"Sanctioned" cancels generally contain the address of the person who's sending them - their "sender" field is, of necessity, faked to be the same as that of the sender of the message to be cancelled, but their "from" field contains their real address. These "good guy" cancellers also post notices about their activities to the news.admin.net-abuse.bulletins newsgroup, and notify the original poster and their ISP's administrator. The accepted policies for sanctioned cancels mathematically define what's cancellable, and apply only to similar or identical messages posted again and again - no single post is cancellable.

"Bad guy" cancellers, on the other hand, usually just pretend to be the person that sent the message. Actually tracking down these "rogue cancellers" requires decoding the headers of their messages, from which you can usually figure out what ISP they're using, and with the ISP's co-operation figure out which of their users is being naughty.

Rogue cancels aren't necessarily posted through the news server of the rogue's own ISP; they can also be posted through so-called "open servers", which allow anybody from anywhere to read and post news. A decent news server is expensive to run, though, and open servers are now routinely abused, so they're becoming rare.

Various news sites - America Online, Deja News (or just "deja.com", as they now call themselves), Newsguy (which used to be called Zippo) and lots of ISPs - do not honour cancels at all. They don't cancel messages on their own news databases, and they don't necessarily even pass on cancel messages to other news servers. This makes malicious cancelling of material in their databases impossible, but also prevents sanctioned cancelling of spam and sporge. And some rogue-cancel-prone newsgroups like, for example, the net-abuse groups where people talk about this very subject are watched over by automatic re-posting programs, the opposite of a cancelbot, which re-post pretty much everything that's cancelled.

For this reason, rogue cancelling is not a great way to render a newsgroup uninhabitable. It might be practically empty from the point of view of anyone using a news server that pays attention to the rogue cancels, but many users won't even know you're doing it - and you won't be doing it for long, because someone will figure out who you are, soon enough.

Sporge is a better way to be obnoxious than rogue cancelling. It doesn't take much alteration to a cancelbot to turn it into a "sporgebot"; it just needs a source of text to use for the sporge (originally, sporges used offensive posts from irrelevant newsgroups, or meaningless random letters; now, they use algorithmically generated, grammatically somewhat correct rando-text), and it emits ordinary messages apparently from the people you want to sporge, instead of cancel messages.

The good guy cancellers are on the case, of course. Sporge doesn't look exactly like real messages, because it comes in big blocks from one ISP. It's thus relatively simple for cancelbots to combat it; sporge messages are as cancellable as any other. But this only helps if you're accessing Usenet through a server that allows cancels. A sporged newsgroup is going to look awful on any news server that disallows cancels, because the sanctioned attempts to cancel the sporge won't get through. It's a neat dilemma for news server administrators; block cancels and you get sporge; let cancels through and the sporgers can switch back to rogue cancelling.

Deja.com claim that their automatic spam filters keep a large amount of sporge out of their gigantic Usenet archives in the first place, but a cursory examination of the archives for sporge-prone groups reveals that a great deal of it gets in.

The person who receives mail at the e-mail address identified as that of the sender of any message archived at Deja can "nuke" the message out of archive by following the instructions here. This lets truly dedicated people tidy up sporge-floods issued in their name, but that doesn't make sporged newsgroups any easier to read, or stop the sporgers from sending more torrents of nonsense.

There's not much you, the user, can do to filter out sporge at your end. The usual way for newsgroup readers to deal with people whose posts they'd rather not read is to "killfile" them. A killfile is a list of people whose posts won't be displayed by the newsreader software; the posters might as well not exist. Many dedicated Usenet nuisances deal with killfiling by regularly making up new identities, but if they don't, anyone with vaguely capable newsreader software need never be bothered by them. Killfiling doesn't work against sporge, though, because it appears to come from valid posters.

There is a way to silence the sporgers, though; cut off their Internet access. Since forging Usenet posts or e-mail is a violation of the terms of service of pretty much any Internet Service Provider you care to name, and sending thousands and thousands of nonsense messages is too, sporgers now have a hard time keeping an account for more than a few days. This doesn't stop them from doing it, but it does stop them from doing it for long, unless they're willing to get a new account every week. Or every day.

Somewhat startlingly, some of them seem willing to do exactly that, and as a result the lunatic pollution of some newsgroups continues apace. Thousands of messages per day, generally rather longer than the average; posts to just one religion group have amounted to something like a thousandth of Usenet's entire text traffic, if the figures on David Rice's page are to be believed.

At present, there seems to be little anyone can do, legally, about sporge, because free speech legislation doesn't cover it particularly well - if anything, it supports the spouting of nonsense in public. Sporge could be described as a rather perverse kind of denial-of-service attack, but since it's an attack on the users, not on the systems they're using, there's not really anyone you can call.

A version of Usenet with better user authentication could solve the problem, but don't expect that to happen any time soon. In the meantime, it would appear that those with the time and money to make nuisances of themselves in innovative ways will continue to do so.

And, in closing, let me say this:

He was unless no demander minus every west beyond Hitchcock. Under few classical shades, it shall be unimpeachably incertain excepting its paleocortical brucellosis but consign because he has moreover reeled me. And have they not suck upon quite a thaw? Amidst trillion erasers we were under every seepage, strengthening in our siren. Verbatim he doubled off a give.


[Press articles on Scientology]