No Daddy! How “Webhosting” Giants are Ruining the Internet

Preface

The potential of the internet is in self-publishing, self-representation, and self-control of data. The internet equalizes men with corporations in their ability to sell goods and services, publish entertaining content, or just be visible to the rest of the world. Many corporations who look to capitalize on the internet are destroying all of those things.

Low Quality Service

There are several dozen giant corporations who spend millions of dollars on advertising and marketing to attract new internet users to their services. Website Hosting and Website Building are two of these services they sell. They offer you low costs and on the surface it sounds great but when you dig in past the shiny packaging you see it’s smoke, mirrors, and a lot of shit.

Do-It-Yourself Tools Discourage Users

A lot of people who are relatively new to the internet want to build a website, to promote their business, to share their ideas in a blog, so on and so forth. It’s an exciting frontier to them and these corporations have spent years convincing you that all you need to do is sign up for their free service and position a few boxes. But it’s not that simple, and their tools are never as user friendly or as powerful as they’d have you believe. What you end up with is a third rate product which you won’t feel proud of and which feels inferior to the popular internet sites which got you excited about the idea in the first place. This discourages users, they think they’re not good enough to join the internet and they give up, which is a shame.

Control of Intellectual Property

When you sign up with one of these services, regardless of the specifics of their terms of use, you are giving them control of your data. Nearly all of them include clauses that allow them to shut off your website for any reason they can dream up, and some even go so far as to say they can claim ownership of anything you publish! You would be right to think that is insane. That is not what the internet is about. The real power is in self publishing, as disconnected from giant corporations as you can possibly be.

Incompetent Support is The Industry Standard

One thing all of those gigantic website hosting corporations have in common is terrible support. They don’t hire technology experts to man their support desks, they outsource the entire process to large call center operations. The support people operate from scripts and they don’t know anything about computers or how the internet works. Anything more advanced than their scripts gets “escalated” to actual technicians or engineers, who are understaffed and have terrible turn around times. If your website is important, for example for a small business, this stuff destroys the usefulness of the internet for you.

Reliance on Corporate Services

All of these negative consequences are not only the result of their greed and exploitation of users, they serve a second purpose as a marketing tool to drive you toward their corporate branded Facebooks and Twitters, which strip 100% of content control from your hands in exchange for software which “Basically Works”. Now you are selling their service with your brand name, you’re basically an unpaid celebrity spokesperson. The bigger your brand, the more you are being ripped off.

What can we do?

Don’t use giant corporations. The internet is an amazing beast, built entirely by individuals and much of it is run by entirely free software that many of those individuals have simply given freely to the public, to share their creations and to improve the world. Use that free software. There are amazing tools like WordPress that make building websites easier (Not Easy, but Easier), and completely free.

And don’t worry if your website looks kind of like other people’s websites. That’s okay. There are standards of design and layout that are re-used in lots of places because they are the best ways to present certain types of information. Your readers will appreciate your menus being in standard locations and your fonts being readable instead of fancy.

System Adminsitrators: Disregard “Reputation” when fighting SPAM

Envelope with an @ symbol

Preface

A number of companies offer a service where they provide “reputation” scores for various domains and IP addresses based on reports of SPAM originating from those networks. These “reputations” are meaningless however, and E-mail Server Administrators should completely disregard them, for a number of reasons.

One: False Reporting

Probably the most significant issue is that the majority of E-mail reported as SPAM, does not actually fit the definition. SPAM is clearly defined as Unsolicited Bulk E-mail. The first requirement is it must be unsolicited. If you do business with a company, you sign up on their website or you order a thing or you just send feedback to an E-mail address of theirs, you have opted in to receive E-mail from that company. Under the rules of the CAN-SPAM act that company has to include in it’s marketing E-mails a link which allows you to easily unsubscribe from those newsletters, but because you initiated contact with that company it is by definition not “Unsolicited”.

The second requirement is that the E-mail has to be bulk E-mail. This means it has to be sent to a lot of people, and is not targeting specific individuals or businesses. If you post a comment on a website forum about gardening, and another reader of that forum builds a mailing list which includes your name and then sends you individual marketing information about his gardening products, that is not SPAM. It may be unsolicited, but it does not qualify as bulk, because he is targeting you as an individual.

Most users don’t understand these requirements. The average person in our society believes that SPAM is any E-mail they don’t explicitly want to receive. And they will often click the “SPAM” button in their E-mail clients when they should instead be clicking the “Unsubscribe” button in those E-mails. For this reason, the vast majority of SPAM reports, which “reputation scores” are based on, are false.

Two: Maintenance

It is practically impossible for the operators of reputation lists to maintain those lists with anything resembling accuracy. A lot of spammers will rent cheap servers from legitimate providers (those with a zero tolerance for abusive customers such as spammers), send millions of SPAM emails from their cheap server, and then when they get booted off they order a new server under a new identity. A lot of SPAM is also sent using servers which have been compromised because their owners are not keeping them secure. The result of this is that the IP addresses of those servers or even their parent networks get a lower reputation. Digital Ocean is a great example, they have a strict zero tolerance policy toward SPAM, but Outlook.com will often block entire subnets of the Digital Ocean IP range, because of the momentary behavior of a few unrelated servers on their network. The people selling these “reputation” lists are not checking up on individual IPs every week to see if the SPAM has stopped or if the operators of those IPs have been booted off the network. The information is almost always going to be outdated.

Three: It hurts legitimate businesses

One of the greatest things about The Internet is how it empowers any person to create small businesses from nothing. It’s extremely cheap to set up a website and start operating a business. It is extremely frustrating when you are a small business owner, to discover you can’t email one of your customers because they use Outlook.com for their E-mail, and you use a respectable hosting provider who just happens to be blocked by Outlook.com’s idiotic reputation list.

Four: There are better ways

There is an accepted “best practice” for E-mail Server Administrators to deal with the threat of SPAM. E-mail which is suspicious should be shuffled into a “Junk” folder in the recipient’s inbox, where it can still be reviewed. There are a number of tools available to help identify suspicious E-mail. A sender’s DNS information should include an SPF record, which tells recipients which IP addresses are authorized to send E-mail on behalf of that domain name. It should include a DKIM public key, which is used to verify the authenticity of each individual E-mail by comparing it against the DKIM signature which should be in the headers of all outgoing E-mails, and it should include a DMARC record which instructs recipients on precisely what steps should be taken when an E-mail fails either the SPF or DKIM tests. These methods are effective at identifying the majority of SPAM. For example any SPAM sent from hijacked servers is going to fail both the SPF and DKIM tests.

In addition to this, there are public “Blacklists”. Unlike “Reputation Lists”, the publically maintained domain blacklists are actually trusted. They contain lists of Domains which have contributed obscenely to the SPAM problem. Furthermore there are steps which can be taken to have a domain removed from a blacklist. It’s possible to check the status of your domain name and see if it is on any of the public blacklists, because they are not commercial services. Reputation Lists are commercial products and so a provider of those services is not necessarily going to let you see your own score unless you pay them, which makes it impossible for a domain owner to petition for changes. On top of this, some “Reputation Lists” are known to take bribes to “whitelist” your domain name. The public and trusted blacklists cannot be paid off.

Conclusion: Reputation Lists are garbage

So to summarize, if you are an E-mail Server Administrator, do not use “Reputation Scores” to identify SPAM. Use Blacklists, ensure that your server is performing tests against SPF and DKIM, and following recommended behavior in DMARC records. Configure your server to label suspicious E-mails as potential SPAM, and dump those into a “Junk” sub-folder of your users’ Inbox. Encourage your users to try the “Unsubscribe” link instead of reporting an E-mail as SPAM.

If you try SPAM filtering methods which are too aggressive, you are going to lose users. As an E-mail Server Administrator, your first priority is to ensure that 100% of legitimate E-mails sent to your users are reaching their destination. Everything else is secondary, and if you can’t provide that then your users are going to find someone else who will.

Google’s “NoCaptcha ReCaptcha” product is slave labor.

US Flag - Distress

Google are Crooks.

Google has been in trouble over their ReCaptcha product in the past, and they are bound to face the fire again. Their “NoCaptcha” service advertises itself as being user friendly, by presenting users’ with a single check box they click to pass the test. However it very rarely works like this, especially if you use any sort of adblocker or privacy protecting addons in your web browser. Most of the time it presents the user with a photograph, or a series of photographs, in a 16 square grid. It then asks the users to click on each square which matches a specific description.

If you don’t answer the captcha to Google’s satisfaction, the challenge becomes more annoying. For example after clicking a square you might have to wait for that square to reload. The time it takes that square to reload is adjusted by Google, based on how much they “trust” you. So while some users might only have to click 3 squares, others might have to click 6, and wait for as many as 10 seconds for other squares to reload. And then when you perform the tasks they demand and you click ‘verify’, it will often start the entire process over again, for no explicable reason as you answered everything correctly.

What is really going on?

What is actually going on here? Is the system broken? No. What is happening is Google has a massive database of images, billions and billions of images, and they are using the unpaid labor of millions of computer users to add digital tags to those images. “This Image contains a Car” or “This Image contains a Mountain” and so on. The entire system is automated. On it’s rosy surface it would appear as if the labor of those users is being used to improve the captcha system, but that’s not what it’s for. It exists to force millions of users to do the work that Google is required by law to pay people to perform.

This is slavery.

This is slavery. We haven’t tolerated slavery in this nation in nearly 300 years, but Google thinks they can get away with anything they want because they think the world depends on them. It doesn’t. We don’t need their stupid search engine, there are a number of 100% equally useful search engines such as Bing and DuckDuckGo, in fact some have found those engines provide better results for their searches. We don’t need their free E-mail service, as there are countless providers of that same type of service, none of whom use it to spy on their users the way Google has done for years. The truth is Google does not provide ANY valuable services to the world, and they are raping the information market in new and disgusting ways to make a quick profit.

Stop Google.

It’s time we put a stop to it. A class action lawsuit should be raised against Google again for their “NoCaptcha ReCaptcha” service, and the FTC needs to step in and force them to stop.