Hacker News new | past | comments | ask | show | jobs | submit login
Craiglist introduces phone verification systems; spammers are not happy (blackhatworld.com)
48 points by prakash on July 16, 2008 | hide | past | favorite | 34 comments

I always imagined "underground" stuff like this was on member-only forums...

"They've just started doing this in the computer services section too. I'm seriously freaking out now because I make the majority of my income off that section. I'm a freelance designer.

I don't know how I'm going to pay my bills if I can't find a way around this. Anyone have a suggestion? Please?"

What about finding legitimate work that creates value instead of destroying it?! Fuckwad.

edit: I'm craving for a blockquote feature. Double quotes + italics is a poor substitute and double quotes alone are downright confusing if there's more than one paragraph.

edit2: I note that there's 2 requests for a blockquote feature in the appropriate section and they almost have no upmods. Is that representative of the opinion about the (non-)usefulness of such a feature? (hope you don't mind the offtopicness)

(I work at Craigslist)

It's surprising that most of those spammers forums are totally open although there are some attacks not described or discused in any of them. Spammers, as individuals, are far less technical that we think (most of them are just users and costumers of a limited set of programs) and need those forums to contact to each other and solve their problems and technical doubts.

It was known beforehand that there would be a phone number and verified account black market. It's possible to block most of them (most) as there are federal databases that can be queried for the origin of a given number (whether is voip,cell or home line).

Making them pay for the priviledge to autopost can lead to interesting spamming blocking techniques as we just try to increase their cost per post beyond profit (which is very low for a single post). This is not the only cost increasing technique we are using but sadly it is impossible to share or discuss or ask for feedback of any of them on an open forum.

You do realize that craig is dedicated to this 'game' just as we are. There are measures he could put in place to rid spam completely, but luckily for him spam actually inflates the page view statistics for CL. Which in turn drives up the sales of post for the RE and jobs sections. This is due in part to the 'spam'.

EDIT: It is a quote from the submitted link.

I really hope I'm misunderstanding.

You're saying spammers benefit CL by dramatically reducing the average quality of postings down to almost nothing and that the illegitimate page "views" of bots make up for loss of legitimate page views by actual users that are lost by aforementionned loss of quality and that Craig actually loves it?

You're out of your mind.

By the way I'm interested in knowing that secret to "rid spam completely" that Craig sits on.

edit: Really interesting to see the kind of lame excuses people can come up with. I guess when you're dishonest with everyone then you're also dishonest with yourself. Or is it the other way around?

Oh, I'm sorry. I didn't read all the posts to the end.

Well, that timely illustrates one of the many problems stemming from the lack of blockquote! I thought you were writing in italics just for kicks.

I've never thought of myself as someone who could get pleasure from other people's suffering, but I guess I was wrong. I really enjoyed reading those messages.

One of the purest form of joy is other people's suffering, as it containts no drop of envy.

At least that's what I think when I deal with these people

Blockquoting is on my list to add soon.

One of the things I like about not having block quoting is that people tend to be far more careful about what they quote. It keeps the discussion focused while also being visually pleasant.

So, "Yay!" blockquotes, but a bitter-sweet "yay" and one that includes a, "Can it be done better?"

I don't find it visually pleasant at all when I get confused about what's quoted and what's not, and when everyone is forced to come up with their own quoting scheme since it's not supported. Some use double quotes, some use italics, some use double-quoted italics...

It's a mess. I'd much prefer a consistent representation for blockquotes for ease of reading and semantics. It's the Right Thing.

Actually that is worrying. It would be bad if blockquotes led to a nastier style of arguing.

Like macros?

Actually, constructively, opt-in blockquotes might be interesting: you have to click to expand what was quoted making it clear if someone is quoting too heavily.

You could disallow blockquoting from previous posts in the thread.

Well, there could be a limit to the number of characters in the BLOCKQUOTE element.

One of the blackhats proposed a clever outside-of-the-box solution:

1. Create a site that promises free ringtones.

2. Once a visitor enters their cell number, forward it to Craigslist, who sends a verification call to that number.

3. Ask them to enter the verification code on your ringtone site.

4. Redirect the verification code to Craigslist, and send your visitor a ringtone.

This is how CAPTCHA's got cracked as well: by embedding them into porn. ("Would you like me to take off my dress? Enter this code") It sounds hard to beat.

Any other outside-of-the-box solutions that you can think of?

I didn't think of that.. pretty creative, and it looks like it would work, although it's kind of sad that this creativity is going towards blackhat practices.

Free ringtones might work, but I doubt a lot of people would give their phone numbers to a porn site...

Thank God! Craig's List is a cesspool for BS Ads - hopefully this will cut the craptacular of manipulative ads that have been on there traditionally.

It is f'n funny to see the low-life, scumbag, POS, donkey-raping, child molestering, masturbating monkeys(wait, Linus reserved that one for the OpenBSD community) that make up the "professional spammer community" whining about loosing their free ride. Boo-hoo. Maybe CraigsList will be worth a crap now.

By the end of the thread there is price competition for batches of 100s of verified accounts. I'm not terribly optimistic in how successful this will be.

But are "100s of verified accounts" scalable? I don't know that "100s of verified accounts" will make a big, long-term dent. How long before CL cancels those accounts? I'm sure CL is watching this like a hawk and will shut an account down quickly and for little reason in an attempt to prevent early gaming-the-system.

I wonder if it would be worth my while to create a web service that does this for any site?

this looks pretty much like it http://www.phoneconfirm.com/

Thanks for the link. I think there is room to improve on the pricing. I wonder if there are other outfits that do this.

Another one is http://www.maxmind.com/app/telephone_overview

This is a classy company, very reliable. We've been using them successfully for years for fraud prevention in online credit card charging.

How does phone verification work with customers who are deaf? Does the API could provide an option where the computer calling the customer plays Baudot code [http://en.wikipedia.org/wiki/Baudot_code] instead of speaking the numbers in English?

Text messages could work in that case, no?

Here. here. We use MaxMind.com for their GeoIP product too

Maybe, but on the other hand it would be painful if many sites would start using phone verification.

Good idea. And integrate is as a hosted/managed service similar to discuss.

Was anyone else tempted to give that forum a taste of its own medicine!

It's such a shame that they're spending this much effort trying to ruin something so useful for short term gain.

fair game

what they need to do is come up with a better captcha method, ie. right now all of them are just trying to make the image itself as hard to read as possible, and for a lot of them you can try 5 times w/o getting wtf the captcha says.

you can always use vumber and tossabledigits

From reading the thread, it seemed that these didn't work, or were not cost-effective.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact