SSL weakness affecting links from pa

John Deters jad at dsddhc.com
Mon Apr 21 11:32:06 PDT 1997 

At 03:32 PM 4/20/97 -0500, Adam Shostack wrote:
>	Thats true, but can they avoid it?  I'm considering writing a
>database pollution bot, which runs around, claiming to be Mozilla or
>IE, and randomly following a link once per minute.  Why?  Database
>pollution.  If there are a few thousand of these randomly collecing
>links and creating arbitrary (or perhaps biased) viewing habbits in
>the databases of the advertisers, then their individual data becomes
>worth less.  They'll need to actively solicit peoples permission to
>collect data before doing so, to avoid people polluting their
>databases.
>
>	Similarly, putting a randomly generated email address in those
>sign up fields produces pollution in the data used by spammers, which
>costs them (and no one else) money.  If you run your own site, you can
>even bit bucket the email, trading their bandwidth for yours, and
>making them think they're delivering more junk email than they are.

You are forgetting to separate the marketers from the businesses being
marketed here.  While they're occasionally one and the same (see Cantor &
Siegel), in today's world, the marketing is being handled by a third party
(doubleclick).

These marketers get paid by hit-count ratings:  if they deliver the message
to 1,000 browsers, they get some amount, say $15.00.  If they deliver it to
100,000 browsers, they get $1500.00.  They're not paid by the number of
respondents, referred sales, or even valid e-mail addresses snarfed.  So,
you'd only be artifically inflating the cost of the marketers to the
advertisers.

Here, your hope is that the advertisers notice a diminishing ROI for
marketing costs, but that's a big hope.  The numbers for a small site might
look something like this:

January -  20,000 hits, 50 sales
February - 22,000 hits, 60 sales
March    - 25,000 hits, 70 sales
April    - 50,000 hits, 90 sales  <-- pollutionbot strikes 20,000 times

So, you've watered it down a bit.  To make the pollutionbot truly
effective, you'd have to hit a site by at least 10x the general population
strikes:

May      - 440,000 hits, 100 respondents <- pollutionbot strikes 400,000 times

In the meantime, they're billing the business:
Month        Hits   Sales  Billing    Cost/sale  Pollutionbot hits/inflation
January  -  20,000   50     $300        $6.00            0     $0
February -  22,000   60     $330        $5.50            0     $0
March    -  25,000   70     $375        $5.36            0     $0
April    -  50,000   90     $750        $8.33       20,000   $300
May      - 440,000  100    $6600       $66.00      400,000  $6000

Hopefully, the advertisers will pull out at this point.  It's easy to see
that something "bad" is happening, and that they're not getting the bang
for the buck that they need.  However, with some megasites (where they
reportedly get 2,000,000+ hits per day) subscribing to doubleclick.com,
it's doubtful you could make a noticable dent unless you started your
attack from a T3 connected backbone site.  And even then, are you sure you
want to spend your resources this way?

The marketers will also try to keep this sham up by saying to the
businesses, "It's the Internet, who the hell knows?  Keep going another
month, it'll get better.  In the meantime, just pay your bills."

Even if you were successful at flooding doubleclick, many of their
advertisers are Big:  IBM, Micro$oft, HP, etc.  They don't even care about
direct responses, they're just after name recognition.

Ultimately, it'll reduce the ability of Mom & Pop (or Cantor & Siegel) to
advertise on the same playing field as Micro$oft.  Doubleclick won't go
broke; neither will Micro$oft.  The only good hope you may have is of
breaking a "mom & pop" version of doubleclick, and keeping the world less
polluted.  But, doubleclick will still be around and be able to move in and
fill the void.  What have you gained then?

John
--
J. Deters "Don't think of Windows programs as spaghetti code.  Think
          of them as 'Long sticky pasta objects in OLE sauce'."
+--------------------------------------------------------------------+
| NET:   mailto:jad at dsddhc.com (work)   mailto:jad at pclink.com (home) |
| PSTN:  1 612 375 3116 (work)          1 612 894 8507 (home)        |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)                |
| For my public key, send mail with the exact subject line of:       |
| Subject: get pgp key                                               |
+--------------------------------------------------------------------+

More information about the cypherpunks-legacy mailing list