Elliott C. Back: Internet & Technology

There’s a new spam stopper for Wordpress called Akismet. It works by submitting every comment you get to a centralized comment-checking service, and echoing back a “spam” or “not” response. Hurray. I can identify a few problems with this idea, however:

1. You are trusting your user feedback to another company. Do you really trust them?
2. A DDOS or any downtime of their servers allow spam to clutter up your moderation queue again
3. Comment posting will have increased latency based on however long it takes for the roundtrip, and them to decide if your comment is spammy or not. There’s no SLA for this service, either, which is bad
4. We have no idea how it works

Then, looking into the code, I notice some sketchiness:

1. Communication is in the clear, so a Dolev Yao attacker can spoof Akismet and trick you.
2. It automatically deleted your old archived spams and optimizes the wordpress comments table every time a comment is submitted, spam or not. This is a big performance problem, in theory.
3. There’s a spelling error or two in the admin panel. Automattically?
4. Is there anything to prevent a spammer from posting to the admin page that his comment is not spam? I don’t see authentication in this file.

Amazon.com is tracking all of its pages with a unique embedded identifier in the footer:

<!– whfhkE05658FO84R0lbTlBW+NOVDWu2Wmu+L –>
<!– whfhtrMHSy1yzbzpsbkGb2rjgSD7wcnWd31m –>
<!– whfhj2bIFwQfRrGe3/jOsxEgoPn7LyfqVsY+ –>

This changes every time I refresh the page. The probable reason for this is completely unknown for me, unless they want to correlate page-rip-off with a specific access time and ip address.

When you’re considering the decision tree for some part of your life, you need to consider the human “veto” element, or the null response. Whenever you have a decision to make, a crush to pursue, or any other human interaction with a future component, you should be thinking about the game trees involved. For example, when negotiating the price of a car, at any stage you have a number of options, such as asking for a lower price, taking a test drive, and walking away. These have certain effects and may preclude other actions. For example, walking away will prevent you from doing anything but waiting for a callback and closing the offer. Asking for a lower price may succeed in getting a lower price or not, and will increase the dealer’s level of irritation and willingness to continue to lower the price.

However, when dealing with people, they always have the null choice, where they do nothing. And at that point, there’s no chance of forward progress. They just kill the entire tree of possibilities and refuse further interaction of whatever you’ve planned. Most people don’t think of this as a player’s option, but it is.