McAffee SiteAdvisor offers quizzes to test users’ skills about sites that might lead to spam and spyware. I found them interesting. It’s not always possible to tell what site may lead to spam simply based on the site’s looks. And in some cases you have to do a reasonably careful reading of the site’s privacy policy to figure out whether use of the service may result in hundreds of spam messages within a few days of signing up.
This is an interesting idea, a potentially neat way to educate users about spam and spyware problems. The tool is lacking significanty in one domain though. I think it would be MUCH more useful if the results page included an analysis of the privacy policies to point out to users what it is exactly that should serve as a red flag in the various policy statements.
The survey I administered last Winter to a sample of 1,300+ college students about their Internet uses included a question about how often, if ever, students read a site’s privacy policy. It turns out that 37% of respondents never do so and an additional 41% only do so rarely. No wonder people are still struggling with spam problems.
Unfortunately, at some level it doesn’t matter what you do if your friends are not careful with your address. I have a very private address I had only given out to a few dozen people emphasizing several times that they should never enter it on any Web sites (e.g. ecards or whatnot) and should only use it for one-on-one communication (so also requesting that they avoid its inclusion on cc lines). Some of my friends couldn’t follow these requests and now the address receives about 40 spam messages/day. I realize that’s not a lot in the grand scheme of things, but the point is that none of that was due to anything I had done with the address given that I had never entered it on any Web sites and had only ever used it to send one-on-one emails to a few dozen people.
{ 24 comments }
Baptiste 08.19.06 at 7:15 am
May be your friends did not even need to be uncareful. I opened an e-mail account on gmail, with a not too easy to guess login-name (a combination of two French words), never used it, and it received spam quite soon afterwards…
LizardBreath 08.19.06 at 9:42 am
I got 6/8 right on the spam quiz, working purely from the graphic design — no reading fine print or the privacy policy. And the two I got wrong I knew I was shaky about.
Alex R 08.19.06 at 9:46 am
Two comments:
(1) My most spam-filled account is a gmail account which I have rarely used in “public” — I suspect that the spammers are exhaustively searching short, simple usernames on gmail, eliminating those that bounce.
(2) But you may be right that one shouldn’t give an email address to a website that doesn’t have a privacy policy. Should I post this comment anyway? :-)
I looked at a number of the blogs on CT’s blogroll, of them only scienceblogs.com (Pharyngula, Deltoid), Daily Kos, and TPM (Josh Marshall, Matt Yglesias) have real privacy policies. (Kos’s is admirably brief, though I wonder if it would survive a subpoena.) I’ll admit that CT doesn’t *require* that I enter a real email address, but should any website that solicits such information officially inform it users how it will use it?
Alex R 08.19.06 at 9:48 am
Oh, and I forgot to mention about the gmail account: despite the large amount of spam, it gives me very little problem, as Gmail’s spam filters are nearly flawless…
bi 08.19.06 at 10:43 am
7/8. As a rule of thumb, I looked at the graphics to see which site’s ads look more, um, shady — when that was too hard to tell I looked up the fine print. But this little quiz is a bit artificial… normally one’s not confronted with two web sites offering the same service which you have to choose between.
Oh, on a related note, Something Awful had something awful to say about EULAs:
… The next time you install Folding@Home to help cure cancer, you might wind up unwittingly signing a confession to the murders of Nicole Brown Simpson, JFK, and J.R. from Dallas.
w00t. That reminds, I need to put a privacy policy on my Pax Neo-TeX feedback page. Or not.
abb1 08.19.06 at 11:08 am
…now the address receives about 40 spam messages/day. I realize that’s not a lot in the grand scheme of things…
Is it true that an account can be “a little” spammed? I thought they share/sell/exchange the addresses, and once it becomes known to one spammer it’ll soon be known to all (or most).
anonymous 08.19.06 at 12:06 pm
I’d suspect that any site that trumpets “FREE” services (things, information, etc.) will lead to a lot of spam.
Eszter 08.19.06 at 1:36 pm
The private email account of which I speak is really not that easily guessable. And it was spam-free for about a year and a half.
My impression is that it is possible to be “a little spammed”. Perhaps over time (over several months or years) the address really does get passed around, but I have a few addresses that are doing okay except for a couple of sources of spam. (I can tell, b/c, for example, most of the spam is in one particular language.)
Anon, I disagree. The comparisons on that quiz are mostly of services that are all free and as the test cases indicate some of them really truly don’t lead to spam.
Niall Murphy 08.19.06 at 1:48 pm
Viruses and spyware also harvest addresses to sell to spammers, so it may have had nothing to do with your friends intentions…
abb1 08.19.06 at 2:06 pm
I think it can be a good reputable service with good policy and all that, but when the company goes under (as they often do), the temptation to get the last few thousand dollars by selling the client database is probably overwhelming. Or, suppose, the DBA gets laid off or fired. I still have CDs with a few databases from the good old dot-com days; I haven’t sold them, but I could.
Eszter 08.19.06 at 3:32 pm
Niall – Nope, this is highly unlikely in this case, not ony because I don’t have spyware on my machine (but let’s assume I do), but because I only access that account using Pine and that is much less likely to be affected in that way.
I guess it’s possible at my friends’ end, but then it’s still them not me.
Oh, and to clarify, I didn’t say that my friends intended for me to get spammed, I was talking about their actions.
cm 08.20.06 at 1:18 am
A friend of mine once committed the misjudgement of sending me an email from either an Internet cafe, or over a disreputable ISP. He sent it to my private address, and CC’ed my corporate address. A short time later I started receiving identical categories of spam on both (and still do after a few years), which is how I’m sure of the source.
The interesting part is that I’m getting more spam categories at my corporate account, which may indicate a “leak” either inside my employer, or one of its many outsourced business services that have my email address.
Elliott Oti 08.20.06 at 1:44 am
6 out of 8, based purely on the quality of the English in the disclaimer. I chose coherent legalese over chummy assertions that my privacy was being respected exery time.
Idiot/Savant 08.20.06 at 6:17 am
Reading privacy policies? Doesn’t everybody just lie about user details and use disposable email addresses for site signups anyway?
Helen 08.20.06 at 6:48 pm
A dating site called Plenty of Fish? Ugh! Who uses these things?
Tom Lynch 08.20.06 at 7:22 pm
A fair amount of my email on any account (probably a significantly greater amount than total unfiltered spam) is just mail I receive that I don’t want to read, whether it be work-related group mailings, joke-spam from friends (despite me asking them not to send it), mailing list threads I’m uninterested in, newsletters from organisations I want to be a part of but not receive periodic updates from, redundant order confirmations from companies I’ve bought things from online, etc. etc.
This email is not “unsolicited” by any canonical definition but it can still be a big efficiency problem, even with proper mailbox processing.
Eszter 08.20.06 at 9:09 pm
Tom, I’m with you. It’s all about filtering your email! Just have most of those messages skip the Inbox. I may post about this in more detail at some point, I’ve been meaning to.
Tom Lynch 08.21.06 at 12:41 am
I’d be interested to read your thoughts on that. Most clients’ interfaces for creating processing rules (from Outlook’s Rules Wizard to .procmailrc files) still seem lost in a technological backwater.
I’d like a one-click interface for auto-filtering mail from a given source (sender or list) into an automatically created mailbox, and then to be able to drag-and-drop other mail onto existing filterboxes to redirect future messages from their source to the chosen filterbox.
There are probably even smarter ways to do this based on content analysis. Bayesian stats extended to something other than just spam.
Eszter 08.21.06 at 5:45 am
Tom, my post wasn’t going to be about the technical aspects of all this. I don’t follow the developments in this realm that closely. I think GMail does a good job of allowing various filtering rules. It’s not a drag-and-drop process (it’s not based on drag-and-drop at any level), but it’s very simple and efficient, I think.
Alex Gregory 08.21.06 at 6:34 am
I’ve simply given up trying to avoid spam (my email address is listed plainly on my website for instance), and just trust my spam filter to do the work for me.
Thunderbird’s spam filter is great, and occasional checks of my junk folder reveal that it’s yet to slip up. The only problem is when I’m not at the pc and have to access my email via the web, and the spam sits there clouding out the rest of my email. That’s no huge hassle right now, but I may have to create a new email address for when I go backpacking next year.
Oh, and spammers certainly do simply send emails to random addresses. For a time I had my website set up so that any email sent to my domain was forwarded to my real account. I stopped this when it tripled the amount of spam I received merely because all sorts of random addresses at my domain were being sent spam despite the fact that the relevant addresses didn’t exist.
moriarty 08.21.06 at 9:09 am
When taking the spam test (and the spyware test), what were people looking for to tip them off? To me, it was just a guessing game.
McAfee concluded that I was at risk, which of course misses the point enitrely. Clearly the safe people are those like me who don’t give their email addresses to online games sites to begin with.
joe o 08.21.06 at 1:04 pm
I got 0 for 8 on the quiz because I wouldn’t give my email address to any of those guys.
Eszter 08.21.06 at 6:07 pm
Moriarty – I was looking at the specific wording in the privacy statement. Some will say that they will share your info with others, while others say they won’t. Of course, the former usually do so at the end of a very long sentence that is made to sound like they really really really care about protecting your privacy. But then they share with “relevant” third parties anyway. That’s the kind of thing I was looking for.
I think in some cases the examples are not good for such a quiz, because there are options (like “check here if”) to which you have no idea how the SiteAdvisor people reacted.
Alex Gregory 08.22.06 at 3:09 am
Moriarty,
I got 7/8 without looking at privacy statements. I took ads as a bad sign, particularly if its for porn, and bad site design (including way too much text) as another indicator.
Comments on this entry are closed.