The Experience is the Brand

Grab scalpal… remove nose

Corporations Cut Off Nose to Spite Face

Corporate security concerns are certainly valid, but this is a little bit like saying, “we’re not going to receive mail anymore, because the risk of there being a letter bomb is really too high.” Will it cut down on the “fun time” of employees? Oh gee, maybe. But let’s see how much more productive employees are without net and email access. I can hear the middle managers preaching the corporate mantra now: “There’s nothing wrong with the fax machine… and they’re perfectly secure means of communicating with the outside world.”

Googlebombing

Today’s topic: Googlebombing.

If you’re not familiar with the idea, read this and this. We’ll wait for you to finish.

Ok, ready. Here’s the idea which is, sadly, not really mine. Combine a Googlebomb with a text ad, and you get something that’s now called a bombsticker. The idea is that you could create such a sticker, distribute it to multiple sites, and then effectively deploy your googlebomb across any sites willing to participate.

The problem is, everyone who wants to deploy a googlebomb has to round up a network of “affiliates” willing to display it. But what about this: create an affiliate network that distributes text ads, let people sign up for that network, and then insert a single piece of code (like you’d do with a *cough* *cough* ad banner *cough*) on their site, and voila! You could even have people sign up as affiliates for one or more “channels”, so that they could control the type of content appearing in their bombstickers.

There’s really two ideas here: the first is an affiliate-network for text ads, which is simple enough. Just use a piece of javascript to document.write the content of the ad, served dynamically from a server. The other idea is to use this for distributing googlebombs, dynamically. Hey, if you wanted to, you could even charge for the googlebomb distribution, and split the fee up among the affiliates. (Now that there’s a way to get paid for this, I’m sure someone will do it.)

So far as I can tell, there’s only one rub: I don’t think Google, when indexing a page, is going to interpret the JavaScript. It’ll read the code, but not execute it. So, as for doing this client-side, the idea is essentially bunk for distributing googlebombs/bombstickers. I thought it was a good idea if only because it would make it exceedingly easy for an affiliate to participate. Alas, if Google won’t execute the javascript, then for this to work as a googlebomb, you’d have to insert the ad into the blog server-side.

I’m puttering on this one now. Any ideas?

Freenet

I’ve wondered about Freenet before, and got quite interested at one point in trying to contribute to a solution to the ThinkCash problem. The basic idea is:

Given a distributed P2P architecture where two of the primary goals are anonymity and the indiscriminantly free flow of information, how do you develop a method of ensuring that computer-generated insertions of content into the network (or computer-generated requests for information) are minimized. That is, how do you ensure that the entity requesting or inserting information into the net is human, and not computer. Some further constraints:

• The test must be able to be generated by a computer, and the results judged by a computer.
• The test must be relatively easy for a human to solve.
• The test must be relatively difficult for a computer to solve.

After some careful pondering, I gave up and waited for this one to stew. It looks like a solution has emerged, at least in part:

Carnegie Mellon University’s CAPTCHA Project

Yahoo! Mail uses this technology to keep automated registration bots from creating Yahoo Mail accounts and using them to spam. The basic idea is this:

• Randomly select a word from a dictionary.
• Create an image of that word.
• Apply a filter and a background, making OCR exceedingly difficult.
• Ask the user to view the image, and type in the word that appears there.

Yahoo does an admirably good job of this, and further thwarts automated registration bots from defeating the validation method by not permitting multiple guesses. If you type in the wrong word, Yahoo simply returns another randomly generated word, similarly treated.

Several other problems that arose in the discussion over ThinkCash are also dealt with.

• The code for CAPTCHA is publicly viewable, so anyone can implement it. (I don’t know yet if it’s open source, but the philosophy behind CAPTCHA is that the code must be open, and thus not rely on obscurity to prevent breaking of the algorithm.)
• The concept does not rely on a specific language, so it can be internationalized. A user would have to indicate what language they wanted to take the test in, however.
• I think it’s relatively impossibly to defeat, without exceedingly good OCR (the type which, to my knowledge, does not yet exist.

So far, I can only find one big, gaping hole: The idea poses serious accessibility problems. Blind users, for example, are shit out of luck and won’t be able to gain access (accessibility, as a rule, typically relies on the machine-readability of content.)

Still, I do wonder. An audio version of this test would probably not work quite as well, but I’m not entirely sure. (Voice recognition technology seems to be quite a bit more evolved than OCR, to the point where many specialized systems need no training and are able to extract sensible commands from a high noise environment. And on the side of the tester, it’s markedly more difficult to generate human-sounding speech, in multiple languages, dynamically.)