Liz Lawley was recently the recipient of a comment spamming google bombing attack. What happened is that someone placed comments in several weblogs, signed “Whiny Communist Bitch” and then included a link to Liz’s site.
There are two reasons for this: first, to associate those words with Liz’s site, hence the Google bombing; secondly, as people moved to clear up these comments, they automatically added her domain to their blacklists without checking first to see if it was a legitimate site. Hence, Liz’s domain would be blacklisted if she left comments in other sites.
Unfortunately, this type of attack is extremely easy to perpetuate and we’ve seen them before and will be seeing more of them in the future. I wasn’t surprised by the attack, especially since Liz does teach computer technology (nothing worse than a young, disgruntled and semi-adept student). But I was surprised at some of the responses Liz received in her comments.
Too many people had banned the IP addresses of the person who placed the comment, and then sent the IP address to Liz. This following so many weblog postings about the use of open proxies in order to hide the actual IP address of the postee. Secondly, too many people had moved to ban Liz’s domain without first making even an attempt to verify whether it was a legitimate domain. This following so many weblog postings about the dangers of blacklists, and the need to review all URLs included in comment spam.
Now, it’s true that there might be people in the list who hadn’t read these posts, but I find it more likely that these same people have been exposed to postings of this nature, but they would either skip what they would see to be a ‘technical’ post, because they aren’t technicians; or would only skim it, without bothering to take the time to understand how it relates to them.
I’ve long seen a trend among the non-tech webloggers to either blame the techs for not getting all this right; or to depend on the techs to help them when things stop working. Even when we write post after post about what they people can do to help protect themselves, they resist; the reasons for doing so are less that the technical material is over their head, as they don’t want to waste their time on technical stuff. Yet, isn’t it a greater waste of their time being the victim?
Of course, some of the material we write about is very complicated, and I have no blame for any non-tech who doesn’t want to touch code or the innards of MySQL, or needs help with installations or things that break. But understanding the concept of open proxies doesn’t require a technical background; nor does understanding the concepts behind ill-managed blacklists.
If we who write on these issues aren’t clear enough, we welcome questions and requests for clarifications. But this still implies that the non-techs take the time to read the material–to choose not to be a passive recipient of the whims of malicious people.
There are options such as using hosted technology or turning off comments, and hiring people to help manage your site. These are valid choices and more power to the person who makes them. But for the rest, if you don’t want to continue being a victim, you also have some responsibility to understand both your tool and this environment.
To this end, I’m in the process of re-publishing to the IT Kitchen, several of my writings where I’ve attempted to explain to non-techs how this environment works. Hopefully if the writings aren’t clear, I’ll get asked for clarifications. Or will I get silence as the non-techs skip over something that smacks of the faintly technical, in favor of another lambast at Bush, or cute cat quiz? I guess we’ll see in the next round of comment spam attacks.
I and the other techs will continue to work the issues of comment spam and it’s like, trying to find solutions that make it easier for the end-users. I’ve spent time this week on several different approaches in Wordform, to see if I can prevent automated comment spam posting, which is the most destructive and time consuming type. I am less worried about the individual comment spammer.
In the end, though, I have a feeling all the solutions are going to require equal participation from all, non-techs and techs alike. Personally, I think that Liz’s solution is the one that is most effective: maintaining a sense of both humor and perspective about the whole thing.
I wrote in the missive to Dana Blankenhorn, as detailed in the last post, that when a user is faced with ads in their syndication feed, rather than blame open source and the RSS 2.0 specification, they can exercise their freedom and unsubscribe from the feed. I said that this was the user’s responsibility in the open source equation.
Understanding this environment could also be considered an end-users responsibility, unless they want to give up all technical independence. Or continue to be a victim.
