The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Thursday, May 10, 2007

“Common sense? We don't need no steeenkin' common sense!”

At the botton of an email I received from a friend today, I following bit of legal verbiage appeared:

NOTICE OF CONFIDENTIALITY: The information contained in this email and any document attached hereto is intended only for the named recipient(s). It is the property of XXXXXX XXXXXXXXXX XXXX and shall not be used, disclosed or reproduced without the express written consent of XXXXXX XXXXXXXXXX XXXX. If you are not the intended recipient or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this email or its attachments is strictly prohibited. If you have received this email in error, please notify the sender immediately by return email or by calling (561) XXXXXXXX. Thank you.

I found it amusing.

[The following three paragraphs were written based upon an incorrect assumption. See below for an update]

Let's see … the company my friend works for (and it's not a law firm by the way) is claiming ownership of a stream of bits that have been delivered to my inbox. Well, I think they're claiming ownership of a stream of bits—it can't be the electrons because the electrons used to transmit the bits have long since been recycled into other bits streaming hither and yon. I can't see it being the magnetic flux on the harddrive that's storing the message, because once I delete the email, there is no message with which to claim ownership over (okay, technically, deleting the message isn't enough since the bits comprising the message still exist on the harddrive unless I overwrite the message with a different pattern of bits, which I may have to do).

So, they're claiming ownership over the bits that comprise the message. Or rather, the bits in the order they appear in the message, because the bits in a different arrangement:

((())), ,, ,,,…‥156:ACCD EEF FIIIIIIILNN NOOOTTTTT XX XXXX XXXXX XXX XXX XXXXXXXX XXXXXXXX XXXXXX XX XXXXXXXY aaaa aaa aaa aaaaa aaaaaaaaaaaaa aa ab bbb bbbccccc cc cccccc ccccdddddd dddd ddd ddddd ddd dd ddddd eeeeeeeee ee eeeeeeeeee eeeeeee eee eeeeeee eeeeeee eeeeeee ee eeeeee eeeeeeeeee eeeee ee eef fff fff fff fggggghh hhhhhhhhh hh hhh hhhhhhhh ii iiiii iiiiiiiiiii iii iiiiiiiiii iiii iiiiiii ii iiiiiiiiii ii kll llllllll lllllllmmmmmm mmm mmm mmnnnn nnnnnnnn nnnn nnn nnnn nnnnnnnn nnnn nnnnnnnnnnn no oooooo ooo ooo ooooooo oooooooooooooo oooooooppppp pp ppppprr rr rrrr rrrrr rr rrr rrrrrrrrrrr rr rrrrrrrr rssssssssss ss sss ssss ssssssss ssst ttttt tt tttttt tttttt tttttt ttt tttttt ttttttttttt tt tttttt uuuuu uu uu uuvvvvv vwwwx yyyyyyyyy yyyyy yyy

lose all meaning (except for the preponderance of “X”, which I used to cut out any identifying identification, you can determine with a high likelihood of chance that the text was originally written in English due to letter frequency). Unless they really are claiming ownership of the bits reguardless of order they're in, but that's not made clear.

Now, the part that goes “shall not be … reproduced without the express written consent …” Obviously, I don't have written consent to reproduce the message here on the blog (although I could claim “Fair Use” in this instance) but in reading the email initially I didn't have prior written consent because the very act of receiving the email caused a reproduction to be constructed—a copy from the bits streaming in from the network to electrical charges in memory and then a copy from said electrical charges in memory to the magnetic flux on the harddrive.

Two copies in which I had no written consent for reproduction.

And then there's the four reproductions made when I viewed the email initially (from disk to memory, from memory to network, from network to memory, and from memory to video screen).

I'm thinking their lawyers need a clue-by-four in how email works.

Then there's the last bit that goes “[i]f you are not the intended recipient or the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this email or its attachments is strictly prohibited.” Assuming I wasn't the intended recipient of this message, I would have had to “disseminate” the message (from the server to me) and “review” it to see that it was in fact, not intended for me. The theoretical legal implications of this are staggering.

Which is why I found this all so silly.

(And to my friend who sent this—yes, I realize you have no say in this, but that still doesn't mean your company isn't silly for including this in the first place)

Update some time later today

I misread what they were claiming ownership of—the information, not the actual bits.

When I was constructing the different arrangement, I briefly debated about using the original, non-censored paragraph, since the letters would be scrambled anyway. Then I thought that no, someone could conceivably reconstruct the censored portion, by removing the letters in the known portion, and unscrambling the remaining letters, which wouldn't be that hard. Scrambling the letters didn't hide the information enough to my liking, so I kept the Xs (which is what I use to censor information in case the associated CSS isn't used).

Which meant, it really was about the information.


How desperate do you have to be to spam someone? Part II

Okay, two days later and I have more information about that spammer: they're not trying to send email, they're trying to spam guestbooks and forums.

Before I get there, let me explain how the Obligatory Email Notification System works. When you fill in the form, your email address is added to an “optin” list, and an email is then sent. Only when you reply to that email is your email address moved from the “optin” list to the “verified” list and it's from the “verified” list that emails are sent when I make a new entry.

So I decided to check the “optin” list, and boy, was I in for a surprise. I haven't checked the actual “optin” list for, oh, three years or so? It would be an understatement to say the email addresses were predominately sex related. I grabbed one (hcl_tab_tramadol@hotmail.com) and lo, look at all that guestbook spam.

My guess: the spammer searched the net for HTML forms that looked like guestbook for forum forms, and since many guestbook forms have an email field (usually named email) they tagged my Obligatory Email Notification as a possible guestbook script (since it, too, has a field named email).

But here's where things get weird: the only fields they fill out, in regards to my Obligatory Email Notification form, are the fields defined in that form. I had hoped to see some additional fields being sent in, like comments or message (which wouldn't do anything anyway) but nope, the only fields they sent in were the fields defined for my form.

I thought maybe because I didn't have a field named comments or message they weren't sending in such a field. So I added a field named comments (it's a <TEXTAREA> but with a style of display: none).

Still, only the fields I had originally defined were being sent in.

Checking the logs, and yes, the spammer has definely cached the original form (because the spammer is simply doing a POST to the form, and not retrieving it before doing the POST). I'm going to rename the form and see if that has any effect.

One more thing though: It's one spammer doing all this, and while you would think I could just block that one IP address, I can't. That's because this particular spammer, running their script from 72.232.102.130, is using a series of open web proxies to submit the form, so the actual IP address to block changes all the time. So anyone who is getting spam to a guestbook or forum, and you're running Apache, you might want to check the environment variable HTTP_X_FORWARDED_FOR.

Obligatory Picture

[“I am NOT a number, I am … a Q-CODE!”]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.