Make love, not spam, finis.

04 Dec 2004

Perhaps one of the most controversial corporate-sponsored acts of poplar electronic activism in the history of the Internet (and certainly this year), AAP published an article which was picked up by the Sydney Morning Herald at 10:44 this morning (GMT +11, Sydney time) in which Lycos is cited as terminating the campaign, in face of criticism from (unspecified) “security experts”. The original article may be found on the Sydney Morning Herald website (reg. required).

Lycos spokesperson, Kay Oberbeck, is quoted as saying that “the [Make Love not Spam] campaign was only meant to be temporary”, it’s primary goals being to spark discussion and raise awareness — something which it has unquestionably achieved, perhaps in a realm far greater than that of just unsolicited spam marketing (I refuse to use euphemisms here — spam is unsolicited, intrusive, trespassing, unrequested and undesireable — not “direct marketing”). The campaign has raised questions regarding the state of regulation of the Internet, both in terms of anti-spam legislation, and the legality of “electronic sit-in” tactics, up to and including the use of distributed (collaborative) attacks on a centralised point.

Arguments over the semantics of what exactly constitutes a DDoS attack have also arisen as a result of this campaign: Whilst it’s generally accepted that this is indeed a distributed attack, the curious nature of the application, in that it attempts to raise the costs of spamming but not altogether “deny service”, coupled with the fact that participation in this campaign is user-driven (by way of active participatory choice), mean that this cannot be likened to virus-driven DDoS attacks seen in recent times, such as those upon The SCO Group’s website.

Not only is the basic question of what constitutes a (D)DoS attack raised, but also the question of what, exactly, is required for this attack to be considered “distributed”. Legally speaking, the attack has not been launched from any one co-ordinating point. The software distribution point and directory listing points were centralised, however these were not responsible for the independent actions of over 100,000 users¹, who downloaded the software, and ran it.

Collaborative attacks such as this make litigation remarkably difficult, considering the very distributed participation — how can Lycos be sued for something they didn’t do? And, even if they could be sued for “something” they didn’t do, is it even legitimate to prosecute over a “denial of service” attack such as this? Some have commented that by connecting a computer to the Internet, you accept the possibility of such attacks implicitly — admittedly, this was posted on Slashdot, a (slightly more Left) IT news source, but the point bears consideration.

Was the campaign a “good” thing? In accordance with the stated goals presented to the world in hindsight, yes. Having said that, however, Lycos appear to have been standing on defensive footing for much of this campaign, denying events which the rest of the world seem to have witnessed, beyond most reasonable doubt (speaking specifically of the denial of the compromise of their website, either by a direct hacking, or DNS poisoning). Starring, the agency responsible for developing the Spray website (an arm of Lycos) and the Make LOVE not SPAM campaign, maintains the intention of the campaign is to increase the costs involved with SPAM advertising (as well as awareness raising and a promotional utility for Spray mail), something which everyone took as implicit, but (so far as I’ve seen) Lycos hasn’t explicitly stated².

So what’d they do wrong, from a constructive perspective? Well, it was of a closed nature, for one. Lycos copped a surprising amount of criticism for this one from the mainstream media, specifically as “independent verification” of the nature of sources was unable to be performed — fears that the lists of offenders were corrupted remained unresolved, as public access to this information was not readily available ³. If Lycos’s present stance on the project is legitimate, then the project rather deliberately remained closed in nature — if it were open, they would have an AOL-style Gnutella on their hands (admittedly, the situation of recall is remarkably similar, but the project hasn’t been able to get out of control due to a lack of publically available source code), arguably a worse corporate nightmare than the legal mess in which Lycos may find themselves entangled.

An open project would have allowed the project a greater chance of success, in that criticism pertaining to the validity of targets would be quelled, and even an official end to the project would likely permit a host of child-projects, all with the same goals in mind. The disadvantage to this, of course, is that community-powered vigilantism is far more susceptible to dubious attacks on innocent websites, due to it’s (comparatively) unregulated nature (if Lycos’s claims regarding the checking process are to be believed).

Will this spurn a host of similar projects? Probably. Such projects already exist, on a smaller scope — one project targetting Nigerian scammers is already in place — however none of them have enjoyed such widespread media attention as MLNS has from conventional press. Lycos’s position as a dominant European (and, to a lesser extent, American) portal has meant that their actions are far more closely scrutinised than those of small community bodies. Having said that, the popularity of peer-to-peer file-sharing applications didn’t come about as a result of mass media propagation, but rather through grassroots communication between peers, recommending the software to others.

Information Technology publications (both physical and electronic) played a part in making early adopters aware of these technologies, however the bulk of the work may be attributed to communities online who spread awareness of this software on a peer-based level. This technology has similar potential, on a far greater scale — it’s media exposure at launch was massive, and whilst it was rapidly removed (or censored), the amount of interest it generated offers projects which adopt a similar vein in the future a greater chance of success.

From a media perspective, future projects such as this will attract a mention, if only because of their similarity to this high-profile one. The ramifications of MLNS are great in scope; arguably, greater than Lycos have foreseen in the launch of this. Ultimately, this project demonstrates the power of the Internet as a tool for activism and collaborative empowerment — the true impact of these is something for which the world must wait and watch.

Notes

Actual downloads may far exceed this figure, given the rapid propagation of mirrors of this software, and the (highly questionable) actions of some backbone providers in blocking the official website, MakeLoveNotSpam.com — which raises a whole new set of questions pertaining to digital activism, if the providers to this form of self-enforcing electronic democracy are actively denying access to “questionable” facilities!

I’m quite open to being proved wrong on this point: so far as I can see, they haven’t stated that — I’ve been sifting through a decent amount of news material on the subject, but it’s more than possible that I simply missed it. If you feel otherwise, feel free to leave a comment/send me an email.

Admittedly, it was possible to access http://backend.makelovenotspam.com/xml/ for the data, but this wasn’t a highly publicised fact, and the methods by which this data was attained and verified remain shrouded in doubt.