Three Jeers for Google Groups

I haven’t written here for a while but I thought I’d take a moment for something not related to development. Google “improved” Groups, and now everyone’s email addresses are exposed. Sigh.

To use comp.databases.pick, I just changed my NNTP server, switching to nntp.aioe.org as recommended by a few of our colleagues in the past. I use a Usenet (NNTP) news reader because I just don’t like using a browser for this medium. If I can get a decent bi-directional email or browser-based forum for CDP, I’ll switch. But the Google Groups web page ain’t it.

As I was testing connectivity and checking my headers on the Google Groups web pages, and I noticed that Google Groups now has a new browser UI. You’ll notice that in the old UI we see people’s names because they use the email address like this:

“User Name” <do.not.display.real.name@bar.tld>

Google is nice about not displaying email addresses, so they munge them like so:

“User Name” <do.no...@bar.tld>

Enter the new and improved UI where they use the actual email address as the user name identifier, so the same message from “User Name” in the old interface now displays as from “do.not.display.real.name”. Well, that’s kinda stupid, especially since they’re still munging that text when they display headers.

I dunno about you but I don’t think it’s too tough to sew “do.not.display.real.name” with “@bar.tld” in order to get a real email address. Given this simplicity, it’s suddenly become much easier for spammers to programmatically get your email address, add you to lists, and clutter up email servers everywhere with junk for legitimate addresses.

You might say “I don’t have a problem with spam, I have great filters”. Sure, your mail server and your mail client might filter out 100% of the junk that comes in, but the volume of junk that needs to be filtered is always going up. Most traffic on the internet is spam. We pay for that in slow traffic, higher rates for better bandwidth, salaries for people to fight the problem, and improved filters. All of the solutions out there are re-active. One pro-active mechanism to reduce spam is not to allow the spammers to have real server names. Another is to not allow them to get real user names. My point here is that you should be upset with Google even if you don’t feel like they’ve just harmed you directly, but because they’ve just increased IT costs for everyone over time.

The real solution to spam is simply not to allow it to get into the pipes in the first place. I’ll never understand why traffic isn’t monitored so that rogue servers in China and Russia aren’t restricted from broadcasting crap onto the backbone. Don’t believe spam comes from overseas? That’s OK. A lot of it does indeed come from anarchists right at home. Email servers block spam that doesn’t come from authenticated servers, but that’s like letting criminals run the streets as long as we keep our doors locked. Isn’t anyone monitoring the source of data that floods the internet with spam? My ISP knows exactly how much bandwidth I consume every month so that they can ensure I don’t over-consume resources. Is someone going to tell me we can’t figure out where terabytes of traffic gets dumped onto the backbone destined for SMTP ports?

It’s things like that that just make me shake my head. Spam costs us billions of dollars per year in grief – and individuals pay for this in part with anti-spam, anti-malware utilities. People would rather spend their money on remedies than getting “the powers that be” to fix the problem. You won’t find companies that provide malware protection, network services, or disk storage complaining about this – the bigger the problem is, the better off they are. But when there is a fire, would you rather have the fire department putting it out, or would you rather that they come by to sell you water? Telephone services provide for a minimal amount of abuse prevention. They can find out where calls are coming from if required, and bar them at the source – why are email packets (often on the same wires) treated any differently?

It seems like people ignore the macro issues and favor the micro-issues that seem easier to solve – push the problem away so that someone else can solve it. But these large companies are the “someone else”. They’ve earned the big bucks to fix the big problems, but they often don’t. Heck, they don’t even fix the small problems – like exposing email addresses. I guess I have stopped being amazed that multi-billion dollar companies just can’t get simple stuff right.

• Google still can’t provide a long-term searchable archive for most groups. Go figure.
• Facebook struggles with usability issues and in their “New and Improved” UI all of your formerly threaded discussions are now presented in a single stream of thought.
• Skype hasn’t been able to organize contacts into collapsing groups since one of their earlier versions, when some developer decided that functionality wasn’t necessary. So now all contacts are alphabetical no matter what company they’re associated with.
• Twitter still doesn’t have an Ask to Follow mechanism. People start to follow you, you get an email of the fact, and you need to block them in order to get them to stop following. C’mon guys, just ask, like everyone else.

OK, perhaps me doth complain a bit too much. I’m just tired of the same problems going on for years without resolution.