Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

If you give stuff away for free, people will abuse it

If you give stuff away for free, people will abuse it

  • Comments 7

In what is starting to sound like a broken record, one of my favorite companies, Google, is being abused by spammers - again.  First we found spam blogs in Blogspot, then we found spam coming from Gmail users, and now I have found a third abuse - spammers are using Google Analytics to track visitors to their site.

If you're unfamiliar with Google Analytics, it's a tool that lets people track visitors to their site - where they are from, what browsers they are using, page references, average time spent on website, etc.  And, the tool is free.  It's a pretty neat idea, but it's obviously a new offering because Microsoft does not yet have a similar product.

Unfortunately, just this past week we found some spam sites that were using it to track visitors to their sites.  That's actually a very clever marketing tool and it comes as no surprise to me that spammers have figured out a way to use this to their advantage.  I suspect they'll use this to target particular demographics of PC users and probably geographical demographics as well.

This illustrates the title of this post - if you give stuff away for free, people will abuse it.  Is it any coincidence that spammers abuse email because it is such a low cost?  Is it any surprise they abuse Blogspot and Gmail because they're free?  In economics, the laws of supply and demand state that when demand goes up, supply goes down.  However, when those laws are circumvented we will get abuses; so, if the price of something is kept artificially low people will use too much of it.  The higher the price, the less people can afford access to it and this results in reduced consumption.  If all of these free tools that spammers use started costing them more money such that costs exceeded reward, it would keep spamming from being a profitable business.  On the other hand, trying to redesign the internet mail system is a task that may be trouble than it's worth.

On the other hand, maybe Google should just screen their URLs with a URL reputation service...

Leave a Comment
  • Please add 4 and 3 and type the answer here:
  • Post
  • So your logic is that if everything costed lots of money the world would be perfect? Except for the consumers, of course.

  • http://en.wikipedia.org/wiki/Tragedy_of_the_commons

    The Internet wouldn't even exist as we know it if email clients and web browsers had not been available (and able to accomplish their purpose) free of charge.  In which case neither you nor I would have the jobs we have today.

  • Although i hate spammers like the rest of us I think you’re off on this one.  The "spammers" are using Google Analytics EXACTLY as it was intended to be used.  It's being used to, as you said "to track visitors to their sites.”  No abuse there.  You’re just calling it abuse because the spammers are using it.  Their not abusing it (give them time) but your example is off.  Plus Google Analytics is not that new.

  • Thomas,

    That isn't my logic at all; rather, at the heart of my economics example is that circumventing supply and demand has noticeable effects.  For example, imagine that cars cost 75% less than they did today.  Would this be good for consumers?  I can think that we can reasonably predict that there would be supply shortages.  Is affordability at the cost of supply good or bad for consumers?

  • Bart,

    That's a good link to the Wikipedia article.  I don't necessarily think that the internet or email or other electronic tools shouldn't be free, but rather, I would assert that with this freedom comes the ability to abuse that freedom.

    Milton Friedman said that there is no such thing as a free lunch.  Even when it comes to technology, I agree with the late economist.

  • Rich,

    The spammers are using Google Analytics exactly as intended?  Your point about using it to track data is correct, but this is straight from their terms of use:

    "7. PRIVACY . You will not... use the Service to track or collect personally identifiable information of Internet users, nor will You... associate any data gathered from Your website(s)... with any personally identifying information from any source as part of Your use of the Service. You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites."

    Somehow, I don't think a phisher using Google Analytics to track users qualifies as using the tool exactly as intended, particularly when using it to track down financial information.  Furthermore, complying with applicable laws relating to the collection of information from visitors to the website is violated unless the spammers met the requirements of the CAN-SPAM act when they sent out the spam.

    "This Agreement shall be governed by and construed under the laws of the state of California without reference to its conflict of law principles."

    I don't know what anti-spam laws California has but I doubt spammers are complying with them.  I'm not a lawyer but I bet a good one, or a team of good ones, could come up with an argument that using this tool to track spam sites is a breach of the Terms of Use.

  • > Plus Google Analytics is not that new.

    Acknowledged that GA is not that new.  I was referring to the redesigned version, v2.0.

Page 1 of 1 (7 items)