Huge Security Flaw Within Tag Based Systems
By Dan Morrill
Expert Author
Article Date: 2009-08-05
Louis Gray pointed out a new reading system yesterday called Lazyfeed, and overall I am pretty happy with it, but like all tag based reading systems, spammers and other miscreants have so corrupted the general tag base to get their message in front of people that tag based systems need something else to make sure they are delivering good valid content for the search strings provided.
Tag based systems have always had one huge Achilles heel, and that is that people often either overuse, misuse, or abuse tags to try to get their message in front of as many people as possible. And while lazyfeed is absolutely awesome, it suffers the same problem that many tag based systems have, spammers have pretty well appropriated the tag system making it nearly meaningless as a way to get good information on the internet.
Here is case number 1 - tag hacking started coughing up page after page of the best Xbox 360 games to get your hands on. I was more or less looking to see what was happening in the hacking community with the new Firefox 3.5 Zero day and instead got a pile of link farmed Xbox 360 stuff that I really didn't need to or want to see.
Here is case number 2 - same tag, hacking, but further down the page, I like this one because it shows that you get some really interesting nonsense dealing with tag based systems that are auto generated by spammers (or systems engaged in spammy behavior) like the first entry in this picture. The context of the message is meaningless verbal nonsense, but entertaining to attract attention from other major systems and devoid of any real content.
Lazyfeed is not the only ones who have this issue, we have seen this with Technorati and other tag based systems. What needs to happen though is add a bit of human intelligence to the system, or allow someone to flag the entry as spam and let the community do the filtering for you. I also sent this along as feedback to Lazyfeed, but I also think this is important enough that people who are developing tag based systems need to have a way for the community to filter content, or put a process/human in place that will also filter out content based on the actual abuse of tags.
Tag abuse is something that is fairly common and seen far too often, people who are developing systems that rely on tags should work on a way to filter/limit/community reporting the abuse and a way to black list blogs/people that overuse/abuse tags in their entries.
Comments
About the Author:
Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.
|
