The Internet's ‘background radiation’ – who pays?
Letters We published some interesting statistics recently in our story Watching the Net's background radiation. OK, this is more curio than crisis, but we asked "Who pays?"
And you had plenty of suggestions.
Who pays? Well, the best way to motivate people to clean up their traffic is to bill them for it…
There's a problem though. My friend in Australia is on a metered broadband connection (he pays per byte after a monthly threshold is reached)... when he was hit with a virus, it generated a lot of outbound traffic, and that blew his quota and landed him with a big
If providers got serious about cost recovery (and ultimately, they will have to demand that users pay for that they use) users might find themselves paying for security vulnerabilities as well. This in turn will lead to litigation against Microsoft (being the ultimate source of many users' vulnerabilities) ... and an acceleration towards *nix.
If users are billed for what they use then inefficiencies in the system are uncovered and ironed out. Anything less propagates these inefficiencies, while lowering the quality of service provision, increasing the price consumers ultimately pay, and failing to encourage vendors to innovate.
Send the bill for the background radiation to Bill Gates.
He deserves it, particularly if "the theory that a lot of the Internet's static is generated by business computers, which are running Microsoft Windows" is true.
As to who pays , bill the polluters - those who send needless traffic, and those who leave their thrumming networks idling.
Spammers should be first against the wall, and the idlers should be 'billed' with proteins to fold, aliens to find or some such appropriate community service...
"And who do we send the bill to, at the end of the day?"
Answer: the billable will get billed.
- the Poll Tax
- the Child Support Agency
- undergraduate "top up" fees
- Equitable Life
We are dealing with bureaucrats, utilities (ISPs and telcos) and other semi-public bodies in this topic. Manufacturers don't come into it.
So expect the "big fat target" theory to apply.
- the underclass can't pay
- the fast/rich won't pay (will negotiate exceptions, etc)
- Joe Cable-Modem and John Broadband will have some incremental hikes
- SMEs will get baited-and-switched (like on energy bills)
- the military/industrial/academic complex will get a hike
- eGovt will suffer reducing QoS (i.e. their clients will pay)
Oh, walled gardens will have less litter. But you knew that. This might make them a viable business model (for the 5th time of trying....)
Without a doubt the bill should go to Microsoft. Having recently installed a broadband connection through my Linux box with a view to using the firewalling features of the OS I noticed a few things. Having turned on packet logging and watching my log files grow at an alarming rate I decided to do some investigation. The majority (approx 80%) of the packets rejected by the firewall as being unsolicited are NetBIOS broadcast packets. Even using a TCP/IP only stack on windows does not prevent windows from attempting to build master browser lists etc. With the explosion of the broadband market many more computers are now connected to the internet for much longer periods than recently. Many of these machines due to the Microsoft gestalt on the market will be windows based. Not having corporate firewalls (or any kind of firewall for that matter) to filter out this traffic, it is dumped onto the internet backbone. Along with the increase in the home market for broadband are the smaller businesses up to 20 or so staff who are also finding it feasible to have a broadband connection to the internet instead of the mail spooling and dial on demand setups they had before. These are also the sort of businesses to run MS only shops with little or no fire walling preventing this "noise" getting onto the Internet.
It is a simple matter of economics and skills. These smaller businesses have no skills themselves and at hourly rates are not prepared to pay an external consultant to spend the time necessary to put the necessary tools in place. Being one of these consultants I can say from experience that SOHO type organisations do not have the budget to concern themselves with this type of problem.
As more and more people and smaller organisations take advantage of the broadband offering this noise is only going to increase. The real problem is that windows is first and foremost a peer to peer network and as Microsoft strives to make the operation of the machine more transparent to the user it will always employ this type of architecture to hide the complexities of networking from the user. Linux machines have to have the facility specifically enabled and is possible to hide this traffic from the Internet (Samba) as part of the configuration. While I can't speak authoritatively for other non MS OS's I have it in the back of my mind that this a similar concept in that any peer to peer discoveries have to be specifically enabled as opposed to being an integral part of the OS like Windows.
Hence if you want the root cause of the noise to foot the bill I suggest sending it to Microsoft
The last IETF had a presentation from the IAB, done by Microsoft's Bernard Aboba. Ironic that he presented a similar graph, but it was about virii/spam. In that case, it is TCP connections which are being completed.
You are likely right on the ball about it being owned Windows boxes. What to do? Get rid of Outlook.
The virii problem is a direct result of intentional features put there by Microsoft. They ignored the IETF's careful and very long security considerations section of the MIME specification. A decade later, they still won't admit it was a serious mistake.
I'd be more worried about the 2w 2.5Ghz transmitter sitting INSIDE my den for wireless internet or my cel phone before giving a crap about historic radiation coming from space, but that's just me.
Thanks for an excellent discussion starter.
Two issues spring to mind
1) Volume taxation...should any form of taxation be introduced based on volume of data moving through an account would there be a "base line" that would have to be passed before applying - i.e. your 10mb of data per annum is free etc. and who is taxed...
2) Polluter Pays - this common theme in environmental economics is the concept that sprang to mind. Who is the polluter - the end user or the software manufacturer or even the IP owner? Could this mean that the writer of the software (or IP owner) that causes the noise e.g.Microsoft, SCO, Sun, HP could all end up with a hefty bill. This could turn into an "Asbestos Problem" for the software industry...
However, on the lighter side, one thing does spring to mind. Imagine if fear of a huge, eagerly chased after tax bill brought writing viruses to halt! Now there is a thought, something good from taxation!
There is a fairly easy solution and it's already available, thanks to the evolution of billing systems for mobile data.
While it's contentious, charging per bit transmitted onto the network has its advantages:
- ISPs have a new incentive to increase their users' available bandwidth, since their revenue will increase at least marginally with each capacity increase.
- If you set the cost just right, you can make it flat out un-economic to spam (or allow your relay to be exploited: it will cost you $$$s). How to make this stick across borders? Cross-charge, another commonality with mobile billing. If they don't pay, don't accept their packets.
- If there are particular problems you're hoping to tackle, set the costs on a per-port, or steadily increasing marginal rate with increasing data -- this way you don't punish innocent bystanders.
- A compromised host now starts to be expensive, and people better start paying attention to
the amount of junk their machine is spewing.
- Push the positive angle too: redistribute some of the revenue billed from junk traffic to sites that are well-managed (e.g. the lower quartile of junk spewers), by reducing monthly fees.
Not sure what a suitable rate would be, but it would probably best be governed by reference to relevant metrics. So ideally, initiating a connection to the SMTP port costs just enough to make current spam response rates uneconomic.
A million exercises for the reader.
"Watching the Net's background radiation"
Good article, albeit rather over-cutsie. I noticed that you mis-reported and failed to comment on something rather interesting. The fall-off is not exactly on the weekends: it's Sunday and Monday. Maybed that's the weekend in S.F., but not most places.
In fact, given PST's advanced (or, more exactly, retarded) position in the Time Zone scheme, traffic rising again Tuesday is actually almost Wednesday for most of the world. It's all very strange!
Pynchon gags on The Register? What a WASTE.
Thanks, all. ®
Sponsored: 2016 Cyberthreat defense report