From: John Deters <jad@dsddhc.com>
To: Adam Shostack <adam@homeport.org>
Message Hash: 31e60486d0fde4b40a115585e03103fb835e8171d4b212abd0206c29eba575f9
Message ID: <3.0.1.32.19970421133153.02551970@labg30>
Reply To: <199704192038.NAA19881@kirk.edmweb.com>
UTC Datetime: 1997-04-21 18:32:06 UTC
Raw Date: Mon, 21 Apr 1997 11:32:06 -0700 (PDT)
From: John Deters <jad@dsddhc.com>
Date: Mon, 21 Apr 1997 11:32:06 -0700 (PDT)
To: Adam Shostack <adam@homeport.org>
Subject: Re: SSL weakness affecting links from pa
In-Reply-To: <199704192038.NAA19881@kirk.edmweb.com>
Message-ID: <3.0.1.32.19970421133153.02551970@labg30>
MIME-Version: 1.0
Content-Type: text/plain
At 03:32 PM 4/20/97 -0500, Adam Shostack wrote:
> Thats true, but can they avoid it? I'm considering writing a
>database pollution bot, which runs around, claiming to be Mozilla or
>IE, and randomly following a link once per minute. Why? Database
>pollution. If there are a few thousand of these randomly collecing
>links and creating arbitrary (or perhaps biased) viewing habbits in
>the databases of the advertisers, then their individual data becomes
>worth less. They'll need to actively solicit peoples permission to
>collect data before doing so, to avoid people polluting their
>databases.
>
> Similarly, putting a randomly generated email address in those
>sign up fields produces pollution in the data used by spammers, which
>costs them (and no one else) money. If you run your own site, you can
>even bit bucket the email, trading their bandwidth for yours, and
>making them think they're delivering more junk email than they are.
You are forgetting to separate the marketers from the businesses being
marketed here. While they're occasionally one and the same (see Cantor &
Siegel), in today's world, the marketing is being handled by a third party
(doubleclick).
These marketers get paid by hit-count ratings: if they deliver the message
to 1,000 browsers, they get some amount, say $15.00. If they deliver it to
100,000 browsers, they get $1500.00. They're not paid by the number of
respondents, referred sales, or even valid e-mail addresses snarfed. So,
you'd only be artifically inflating the cost of the marketers to the
advertisers.
Here, your hope is that the advertisers notice a diminishing ROI for
marketing costs, but that's a big hope. The numbers for a small site might
look something like this:
January - 20,000 hits, 50 sales
February - 22,000 hits, 60 sales
March - 25,000 hits, 70 sales
April - 50,000 hits, 90 sales <-- pollutionbot strikes 20,000 times
So, you've watered it down a bit. To make the pollutionbot truly
effective, you'd have to hit a site by at least 10x the general population
strikes:
May - 440,000 hits, 100 respondents <- pollutionbot strikes 400,000 times
In the meantime, they're billing the business:
Month Hits Sales Billing Cost/sale Pollutionbot hits/inflation
January - 20,000 50 $300 $6.00 0 $0
February - 22,000 60 $330 $5.50 0 $0
March - 25,000 70 $375 $5.36 0 $0
April - 50,000 90 $750 $8.33 20,000 $300
May - 440,000 100 $6600 $66.00 400,000 $6000
Hopefully, the advertisers will pull out at this point. It's easy to see
that something "bad" is happening, and that they're not getting the bang
for the buck that they need. However, with some megasites (where they
reportedly get 2,000,000+ hits per day) subscribing to doubleclick.com,
it's doubtful you could make a noticable dent unless you started your
attack from a T3 connected backbone site. And even then, are you sure you
want to spend your resources this way?
The marketers will also try to keep this sham up by saying to the
businesses, "It's the Internet, who the hell knows? Keep going another
month, it'll get better. In the meantime, just pay your bills."
Even if you were successful at flooding doubleclick, many of their
advertisers are Big: IBM, Micro$oft, HP, etc. They don't even care about
direct responses, they're just after name recognition.
Ultimately, it'll reduce the ability of Mom & Pop (or Cantor & Siegel) to
advertise on the same playing field as Micro$oft. Doubleclick won't go
broke; neither will Micro$oft. The only good hope you may have is of
breaking a "mom & pop" version of doubleclick, and keeping the world less
polluted. But, doubleclick will still be around and be able to move in and
fill the void. What have you gained then?
John
--
J. Deters "Don't think of Windows programs as spaghetti code. Think
of them as 'Long sticky pasta objects in OLE sauce'."
+--------------------------------------------------------------------+
| NET: mailto:jad@dsddhc.com (work) mailto:jad@pclink.com (home) |
| PSTN: 1 612 375 3116 (work) 1 612 894 8507 (home) |
| ICBM: 44^58'36"N by 93^16'27"W Elev. ~=290m (work) |
| For my public key, send mail with the exact subject line of: |
| Subject: get pgp key |
+--------------------------------------------------------------------+
Return to April 1997
Return to “Steve <steve@edmweb.com>”