Against Institution Inc.

Post Reply
User avatar
wehaveitall
Posts: 627
Joined: Fri Jun 22, 2007 12:40 am

Against Institution Inc.

Post by wehaveitall » Wed Apr 16, 2008 1:47 am

Note: I was going to send this directly to the developers through the feedback form, however it was too long. This is partly why it's in letter form.

I'm very glad you have released version 3.0 of the Wot Site advisor. However, I think that you should start to create more than just a site advisor.
I understand that user reputations is a big part of wot, which is still easy to use in other ways, including ways related to security, and even a few that can be browser add-ons.
One way you could use the user reputations, is for a spamfilter. It could be a browser spamfilter for email clients such as gmail and yahoo mail, or it could be for email clients like outlook express, or thunderbird. (I'd reccomend a browser spamfilter)
Another way you could use user reputations is for virus scanner, pc optimizer, or firewall. Users could decide what is and isn't a virus, and decide what programs to block or not block. Any without enough reputation data could be the choice of the user. If you were talking about a pc optimizer, users could rate some things they reccomend doing to improve pc performance such as turning off search indexing, compressing files, etc. This could also be used in a similar way by making a program that works based on user reputations that can help you decide what to change and what not to change on your computer. For example, if you are about to change your mouse speed to a very high amount, it can alert you that you shouldn't do this. Or if you are unsure what applications you should have open, user reputations can help you decide.
If you were to encorporate some or all of these, you could also consider making a browser of your own including all of these. Wot, a spamfilter, and other components based on user reputations.
Wot is a great site advisor and Against Institution Inc. is a great company. In not that long however, the wot site advisor will be completely perfected. Extending the security features you offer will benefit the wot community, and continue to help Against Insitution Inc. be as good as it can be.

connorscomputershow
Posts: 13
Joined: Fri Dec 21, 2007 12:32 am

I agree

Post by connorscomputershow » Mon Apr 28, 2008 1:05 am

What you said should be done.

woova
Posts: 24
Joined: Sat Apr 26, 2008 8:34 am

big hopes and bigger dreams

Post by woova » Tue Apr 29, 2008 12:17 am

I would also hope to see WOT offer more diverse services but, no, not spam-related services.

When you refer to 'email', if you are specifically referring to web-based email (read by the user from within the browser UI) and you are suggesting "in addition to showing WOT icons for links embedded in search result pages, I wish the WOT add-on would ALSO show icons for links present within my webmail"... I would not argue against the idea. However, I couldn't recommend/support that idea.

Not "frequently", but occasionally, I've received multiple, seemingly redundant email newsletters (aka "weekly deals" email notices) from sites where I've made a purchase. By going to the effort of checking the mail headers, I see that all copies were sent from a "strange" sender address and each was addressed to a different (nonexistent, actually) username. The multiple copies wind up in my "catch-all" inbox for the domain usually due to the spammer's use of a "legitimate" (and whitelisted) reply-to address. No, I cannot believe that the "big name" shopping site(s) are spamming me -- instead, I believe the spammers are copying and RE-distributing some "real, valid" content from the shopping sites. I intentionally use a text-only mailreader client. Peering at the HTML it's obvious that the spammer is embedding a "web bug" image, expecting the mail to be read as "webmail". By logging the web bug requests, the spammer gets feedback as to which target addresses are "live"...

which brings me to the point:
By facilitating "email link rating", WOT would be depending on the saavy of the "average" (webmail interface) user. X times out of 10, certainly the user would be mistakenly "punishing" the site(s) reflected in the spam's embedded links.

Historically, many spam retaliation efforts have been misguided. Punish the sender? Consider this: often the spam mailpiece has been generated on, and sent from, an "innocent" whose PC has been exploited by malware. Besides, mail headers are often spoofed; across several domains I own from which I have *never* sent mail, I cannot count the myriad "bounce" replies I continually receive due to spoofed mail headers. Even when headers aren't "spoofed", a kneejerk reaction to block mail received from a given mailserver IP usually results in a LOT of innocent people being punished -- because the spam often (I'll say usually) is sent from domains "hosted" on shared servers, where a single mailserver IP is shared by literally HUNDREDS of domains.

User avatar
wehaveitall
Posts: 627
Joined: Fri Jun 22, 2007 12:40 am

I don't exactly understand your point

Post by wehaveitall » Sat May 03, 2008 3:37 pm

I don't quite understand what you mean...
Godaddy sends emails almost every other day, and they aren't from spammers, they are from godaddy. Sending many emails is simply marketing. If it's a legitimate site, spammers wouldn't get a hold of the email from that site.

woova
Posts: 24
Joined: Sat Apr 26, 2008 8:34 am

the point: I believe that a

Post by woova » Sat May 03, 2008 9:43 pm

the point:

I believe that a "a spamfilter... based on user reputation (ratings)" would be highly inaccurate, because many end users aren't able to distinguish "whom to blame". In other words, suppose the spammer places YOUR email address ( weHaveItAll@whitehouse.gov ) in the reply-to header... I expect that many recipients would slap the poor-innocent-you address/domain.

"If it's a legitimate site, spammers wouldn't get a hold of the email from that site."

Ah, maybe you're suggesting WOT setup a honeypot domain & as WOT users are out surfing, they "signup" at various sites, using a distinguishing (one-time-only use) mailbox @honeypot.tld ... and WOT would monitor which addresses received spam. That would be a great idea, however it would probably be redundant. I believe WOT is already utilizing the blacklists which are maintained by SpamCop, SpamHaus etc

User avatar
wehaveitall
Posts: 627
Joined: Fri Jun 22, 2007 12:40 am

You don't get me

Post by wehaveitall » Mon May 05, 2008 12:11 am

Honestly, I still don't quite understand your point. If someone saw whitehouse.gov as the email address, unless they know government officials, they could probably figure out it's a spoofer.
The way you're making it sound is you don't trust the wot community in making decisions about spam. Wot has a system where the more trustworthy you are, the more you're rating counts. So if you've never rated a site before and you rate a site red, it would do nothing, just as if you rate the sender of your first email red, it wouldn't do anything.
"instead, I believe the spammers are copying and RE-distributing some "real, valid" content from the shopping sites."
Concerning that, the only way that is possible is if you entered your email into an unsafe site which faked being the reputable company, similar to phishing. Reputable sites like godaddy DO send you lots of emails, especially if they know you purchased something, because they know you're more likely to buy more than a random person who might not even have a website. Spamming as I said is sometimes marketing and LEGITIMATE SITES WOULDN'T GIVE SPAMMERS YOUR EMAIL. It's that simple.

If rating websites works, im sure rating sender addresses can't be that hard either.

woova
Posts: 24
Joined: Sat Apr 26, 2008 8:34 am

redundancy

Post by woova » Tue May 06, 2008 12:07 am

Regardless of "trusting the competence of the WOT community members to assess"...

SpamHaus et al already handle this, admirably and with good result.
Why ask the community to REDUNDANTLY attempt to perform such an assessment?

re "If rating websites works, im sure rating sender addresses can't be that hard either"

Thanks for clarifying, and thereby underscoring, my earlier observation.
With the best of intentions, you would focus on "sender address" ???

qwehraldafjkdf AT happydaze.tk
qwehraldafjkdf999 AT 1823756419873431234134.happydaze.tk
qwehraldafjkdf AT happydaze.cx

If so, you would be chasing your tail.

User avatar
wehaveitall
Posts: 627
Joined: Fri Jun 22, 2007 12:40 am

Im done arguing

Post by wehaveitall » Tue May 06, 2008 12:44 am

I'm done arguing about this. Read this carefully because you won't see it again.
First off, your posts haven't made enough sense in many cases for anyone to understand your point. You mentioned that if they saw a white house email address they would consider it dangerous. If they saw a whitehouse email address, why would they consider it spam? They would either realize it's an important white house official, or its a spoofer, and I'm sure the wot community is smart enough to figure that out. You can say that people may mistake a dangerous site as a safe one too, but it's worked so far. Email is just a slightly different approach, and is just as liable to work as rating websites. (DO NOT QUOTE ME ON THAT AND THEN SAY ITS WAY HARDER THAN THAT -_-) MANY addresses are unsafe, and send spam or phishing emails on a regular bases. It wouldn't hurt to have a rating system similar to wot's for sender addresses, so people can be forewarned before believing the phishing or scam attempts.
A spamfilter isn't a necessity, but it would certainly help.

woova
Posts: 24
Joined: Sat Apr 26, 2008 8:34 am

In a webmail UI (probably

Post by woova » Tue May 06, 2008 11:08 pm

In a webmail UI (probably the same in Outlook as well) the user would "see" the whitehouse address... how? where? This is key to the point I was raising -- waaaaaaaay too often, the user would be reporting a SPOOFED "From" or "ReplyTo" address, because A) the UI doesn't present them with the raw headers, and/or B) the user lacks the ability to discern which, if any, of the header content has been spoofed.

When a user "sees" and erroneously reports "whitehouse.gov", the rating system accepts their input and enters a vote to add that domain to a WEB and mail blacklist???

Ben, I admire your good intentions. I'm not arguing, just pointing out (and reiterating) that a "rating system similar to wot's for sender addresses" already exists. Hopefully the SORBs blacklist (www.sorbs.net) is among the sources referenced by myWOT in determining domain ratings.

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 4 guests