brown.edu spamming Wiki's

[PHP_Adam]

Today I noticed a strange additional page on my wiki, I was hovering over the delete button when I noticed the website linked too was a .edu

Here is the link they left on my wiki:
http://graffiti.cs.brown.edu/f7ed377...7638f201/info/

About

If you are visiting this page, then it is likely that you found some data that we placed on a MediaWiki site and are looking for more information. The Graffiti Networks Project is a research network storage system that leverages unprotected MediaWiki sites as its storage medium. What may look like spam or garbage on your site is actually an encrypted data payload, one of many that we have stored throughout the internet. We are trying to determine whether it storing data on multiple third-party sites on the Internet is a viable solution for data persistence in peer-to-peer systems.

Please contact Andy Pavlo if you have any questions about the project.

That's right, What I saw as lots of garbled spam was infact a portion of Ubuntu 8.10 Desktop Edition i386 FINAL.

I have never thought of Spam as a good idea, but a new concept for bittorrent gets an A+ from me.

Project Home Page

03/09/2009 - Rejection!
Our paper got rejected from IPTPS. One of the main points brought up by the reviewers was that our system was not a true peer-to-peer system. Most reviewers also seemed appalled at the idea of commandeering abandoned websites in order to store illegal content. Nevertheless, we are not deterred and will be searching for the next workshop/conference that is bold enough to take on the ideas of the Graffiti project!

New Technology, University Spamming .. Lots of fun stuff

[personne]

Spamming people's wikis (which have to be paid for somehow) does not legitimize p2p or free software. There is no good use for this project, it is vainglorious. I suggest anyone who is affected send email to postmaster@brown.edu,
ning@cs.brown.edu,
dept@cs.brown.edu,
rt@cs.brown.edu

[tuxus]

Spamming people's wikis (which have to be paid for somehow) does not legitimize p2p or free software. There is no good use for this project, it is vainglorious. I suggest anyone who is affected send email to postmaster@brown.edu,
ning@cs.brown.edu,
dept@cs.brown.edu,
rt@cs.brown.edu

How the heck is it vainglorious? I don't see an excessive amount of pride over the project.

though I agree this is pretty out there as someone has to pay the wikis hosting it is a consequence of leaving a wiki totally open, the same could be done with any content. If the wiki owner doesn't want this to happen than simply take precautions against it. Also this seems more of a test case than anything:

We will, however, be removing all the data that have stored on all sites on June 1st, 2009

[personne]

How the heck is it vainglorious? I don't see an excessive amount of pride over the project.

though I agree this is pretty out there as someone has to pay the wikis hosting it is a consequence of leaving a wiki totally open, the same could be done with any content. If the wiki owner doesn't want this to happen than simply take precautions against it. Also this seems more of a test case than anything:

The wiki owner taking action against spam is a completely separate topic than this project. It is obvious the project developers are seeking the glory of a breakthrough. The fact that it isn't a very good idea confirms this fact.

In response to the lack of user anonymity and long-term data persistence in existing P2P systems, we developed the Graffiti Network distributed file sharing protocol that uses multiple third-party storage sites as a data replication and transfer medium between clients. Our approach is to use publically available web sites to store multiple copies of shared content. We use the term graffiti for our work since we are storing data in a way that non-network participants may regard as unsightly or unwanted vandalism.

There's no chance their "solution" is going to solve these problems. I've seen this type before, they just saw something "cool" they could do and ran with it, looking for notoriety.

I sent an email and they have already been asked to take the site off line, "repair" any damage, and issue apologies. I did receive an apology, but it was clear they thought their academic position and my (intentionally) not enabling their idea of anti spam features was the bulk of the explanation. The fact that Brown, their CS dept, the supervisor and these two students and their DNS person would all let this "graffiti" project happen is beyond me. A large part of internet bandwidth and computing already goes towards dealing with spam. This kind of attitude is the last thing we need.

Anyway, I've raged enough. hopefully they will go onto better pursuits, like addressing spam rather than adding to it.

[PHP_Adam]

I don't think its vainglorious at all. Its not a complex idea at all, they are using IMO the wrong platform. Wiki's (those that are managed) get spam removed very quickly. Whereas you could put lots of content on a service like pastebin.com and its competitors.

If the wiki owner doesn't want this to happen than simply take precautions against it.

http://www.mediawiki.org/wiki/Extension:ReCAPTCHA

[tuxus]

The wiki owner taking action against spam is a completely separate topic than this project. It is obvious the project developers are seeking the glory of a breakthrough. The fact that it isn't a very good idea confirms this fact.

There's no chance their "solution" is going to solve these problems. I've seen this type before, they just saw something "cool" they could do and ran with it, looking for notoriety.

I disagree, it has little to do with notoriety and more to do with testing a theory on a large scale before drawing a conclusion. While at University students don't do projects for show. This may vary well be part of a larger scale project in the long run as they mention now.

check the site:

Please accept our sincerest apology for any problems that our project may have caused. It was never our intention to maliciously deface sites, but instead were trying to develop a proof-a-concept system in order to warn other researchers that such "attacks" were possible and to energize the community to help develop measures to prevent them. We regret if our project reflects poorly on Brown University or its Computer Science department, and stress that both the University and the Department do not condone our actions.

As of 3:00pm on 04/11/2009, we have used our removal tool to delete the encrypted data payloads that our system stored on third-party MediaWiki sites. As we cannot remove pages from sites without the proper privileges, the links below should help guide site operators in removing the pages from their MediaWiki installations permanently. We also highly recommend that site operators enable spam-protection technologies (i.e., CAPTCHAs) to protect from unwanted data postings. In particular, we found the reCAPTCHA project to be the most effective countermeasure in our experiments.

according to that it wasn't:

1. excessive elation or pride over one's own achievements, abilities, etc.; boastful vanity.
2. empty pomp or show.

Assumptions are a bad habit.

PS. it does solve anonymity and long-term data persistence to some extent.

[personne]

I would write some nonsense cloaked in "science" and "the service of humanity" to defend my ill considered actions too. But it doesn't at all resemble what they had stated was the project's purpose.

<quote>
In response to the lack of user anonymity and long-term data persistence in existing P2P systems, we developed the Graffiti Network distributed file sharing protocol that uses multiple third-party storage sites as a data replication and transfer medium between clients. Our approach is to use publically available web sites to store multiple copies of shared content. We use the term graffiti for our work since we are storing data in a way that non-network participants may regard as unsightly or unwanted vandalism.
</quote>

Please do compare the two. Anyway, I'm pretty sure other researchers would already know about spam.

The email I received from Brown's CS chair indicated he thought their project was about "measuring spam persistence in wikis" so I suspect there was an escalation of what the project was supposed to be about. But there's not much point conjecturing about it.

It does solve anonymity and long-term data persistence using the same ideal as smashing people's windows to spell messages (or spray-painting walls. I'm not particularly against afk-world graffiti by the way, but this is nothing like it). It was not a well thought out idea for a university department or anyone else legitimately trying to share content, and I'm quite surprised you're defending it.

[tuxus]

I wasn't defending it, only pointing out that you made an assumption about it's purpose and/or the goals of those involved which to me seemed a bit stupid to do. I agree an escalation may have taken place with the goals of the project...or someone may have misunderstood the goals along the way.

The ethics of the project aside my posts were to point out your misuse of the word "vainglorious" and your quick jump to an assumption without actual proof of what you were stating.

[AlexDawson]

does not legitimize p2p or free software.

Since when does P2P or free software need to be legitimised? P2P is a protocol and while it is now mostly outdated in terms of sharing files by the much more streamline torrent systems is a very legitimate method of spreading the distribution of a file over a widespread network. It has been in use for many years and certainly is not considered by anyone as an illegitimate system. As for free software, it goes without saying that the rise in open source projects have somewhat turned around the idea that software for free is less valuable than commercial projects.

[personne]

I wasn't defending it, only pointing out that you made an assumption about it's purpose and/or the goals of those involved which to me seemed a bit stupid to do. I agree an escalation may have taken place with the goals of the project...or someone may have misunderstood the goals along the way.

The ethics of the project aside my posts were to point out your misuse of the word "vainglorious" and your quick jump to an assumption without actual proof of what you were stating.

I'll clarify that I suspect their motivations are vainglorious. It's not a useful project, but it could be a sensationalist headline. Another alternative is they thought it "would be cool" to use other people's wikis to host torrents.

I'll continue making assumptions, based on my knowledge of the academic and general world. You're making an assumption about them too, that their apology reflects any reality despite the fact that their stated intents have shifted several times.

AlexDawson, this kind of illicit behavior tends to create associations.

Anyway, it doesn't deserve this much attention nor clarifying these petty details. Ciao.

[AlexDawson]

AlexDawson, this kind of illicit behavior tends to create associations.

Anyway, it doesn't deserve this much attention nor clarifying these petty details. Ciao.

What illicit behavior? I hope that was not meant to be a personal comment.

[tuxus]

I'll clarify that I suspect their motivations are vainglorious. It's not a useful project, but it could be a sensationalist headline. Another alternative is they thought it "would be cool" to use other people's wikis to host torrents, methods do change as projects evolve.

Not useful to you maybe, overall I'm willing to think outside the box and believe a use may exist such as showing how easy it would have been to use malicious code instead of chunks of a torrent file or even using it with pastebin type sites to keep torrents alive. What is your basis for your theories exactly?

I'll continue making assumptions, based on my knowledge of the academic and general world. You're making an assumption about them too, that their apology reflects any reality despite the fact that their stated intents have shifted several times.

I feel bad for you, you can keep making your assumptions but I suggest for the sake of accuracy and to avoid spreading misinformation that you research and use facts instead. What assumption did I make? I did say it had little to do with notoriety but I didn't just assume that, if the main goal was notoriety they would be all over the web posting about it and sharing their projects progress, Google gave me little on that front. The fact they made it a CS project also gave the impression from personal experiance as someone with a CS degree that they actually had a purpose beyond a personal project.

AlexDawson, this kind of illicit behavior tends to create associations.

Anyway, it doesn't deserve this much attention nor clarifying these petty details. Ciao.

Could you be more clear on this please?