[messaging] Spam-resistance of different systems

Arlo Breault arlolra at gmail.com
Tue Sep 23 15:15:48 PDT 2014


This probably doesn’t float but, is there anything gained from adding a round  
for unknown contacts?

msg from the unknown > rsp w/ random str > rply w/ str => msg moves to inbox

Do spammers have the capacity to respond to all the mail they send out?




On Tuesday, September 23, 2014 at 2:35 PM, Joseph Bonneau wrote:

>  
> On Tue, Sep 23, 2014 at 4:15 PM, Trevor Perrin <trevp at trevp.net (mailto:trevp at trevp.net)> wrote:
> > "Apple iMessage, Wickr and BBM Protected can all be described as
> > opportunistic encryption messaging systems that have been very
> > successful deployment-wise." - Joe Bonneau, [2
>  
> To that list we can apparently add Kik and its 150 million users. Interestingly, they don't seem to make any claims publicly about their security, but in their advice to law enforcement they say "The text of Kik conversations is ONLY stored on the phones of the Kik users involved in the conversation. Kik doesn’t see or store chat message text in our systems, and we don’t ever have access to this information." [1] It's not P2P, so this seems to imply that E2E encryption is happening. This is highly unusual of course-most apps make bold security claims publicly and undermine them in the fine print but the opposite appears to be going on here.
>  
> [1] http://kik.com/wp-content/uploads/2014/01/Kiks-Guide-for-Law-Enforcement_July-17-2014.pdf
>   
> Some other thoughts:  
>  
> >  1) Size of target population:  Email has a huge userbase, and email
> > addresses are widely shared, so spammers are able to harvest huge
> > target lists.
>  
> If you scale by people interested in/susceptible to spam, these populations may remain low. I think they lean young and tech-savvy. Also there is very little commercial use of these channels which makes spam stick out more.
>   
> >  2) Cost per communication:  Sending a single email is very cheap,
> > compared to (say) postal mail
>  
> This may be non-zero for messaging apps because all benefit currently from only being accessible via proprietary apps. I'm not sure which have been reverse engineered successfully-I believe WhatsApp and SnapChat have been at least partially reverse engineered but I'm not sure for the above. Surely a motivated spammer could create a compatible app to send spam for free, but that's a non-zero barrier to entry.
>   
> >  4) Ability to attribute and penalize the sending user:  Free email
> > accounts and easy signup make it hard to impose a cost on abusive
> > users.
>  
> Certainly these are all centralized systems with the ability to ban sending users. The key question is, how hard is it to create accounts? It would be interesting to survey what info each requires-which verify phone numbers, etc. Phone numbers are definitely a non-free resource. iMessage and BBM Protected may also utilize some sort of unique device identifiers which are even less free.
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org (mailto:Messaging at moderncrypto.org)
> https://moderncrypto.org/mailman/listinfo/messaging
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140923/bb6e7e36/attachment.html>


More information about the Messaging mailing list