Would Spam Exist if the Internet Wasn’t Free?Written by Paul Cunningham on November 11, 2009
Last month I joined a new discussion forum. The owner of the forum decided to charge members a monthly access fee of $1.95. I gladly subscribed because the value of the forum far outweighs the membership cost.
Now several weeks later and with thousands of members joining the forum I realize the biggest benefit of the membership price – there is no spam.
For the average internet user everything they do online is free. After they have paid for a computer and an internet connection from an ISP most people will not pay another cent for any of the intangible experiences that the internet has to offer.
Thousands of popular websites offer streaming videos, games, instant messaging and social networking without charging a cent for access. Email is the ultimate free communication medium, costing nothing to acquire and use. These services all attract spammers.
Free online services face a difficult challenge in preventing spam. Their users want free access, but also resist overt monetization efforts by the website owner. And yet without a revenue stream the websites can’t afford to invest heavily in security and support. Without the money to fund a developer focus on proactive spam prevention, and a support team to handle reactive spam prevention, the spammers have a large window of opportunity to exploit these free services for their own gains.
The fallback monetization strategy for most of these websites is simple advertising. MySpace added advertising early on. YouTube is slowly introducing advertising models to support their massive infrastructure costs.
Facebook’s advertising system has an ironic twist – spammers can indirectly exploit the system by using free Facebook apps and games to gain access to users’ profile information, then use that information to personalize advertisements and target them more closely to certain demographics. These advertisements are often unethical – for example targeting 15 year old girls to sign up their mobile phone (paid for by their parents) to a ringtone subscription service in order to earn more points to use within a popular Facebook game.
The irony is that so much money is made by the advertiser, who in turn pays fees to Facebook, that the spammers are largely responsible for generating the revenue streams that make it more feasible for Facebook to invest more in security and spam prevention. Would this problem exist if services such as Facebook were not free?
This idea meets with a predictably mixed response. A decade ago people my age spent money every month in phone calls and postage stamps communicating with our friends and family. These days we do it for free online, but the concept of paying for this service is not out of the question for most.
Younger generations are more used to the idea of instant, global communication at zero cost. Paying for such access seems ludicrous, despite the obvious irony that many of them spend hundreds or thousands each year on computers, internet access and mobile phones to make use of the free services.
A monthly or yearly fee would no doubt lower the signup rate for these websites. Would Facebook have 350 million users today if each had to pay $30/year? Not likely, especially if free alternatives (even lower quality ones) existed. Would they prefer to have 1/100th of the users if it meant a consistent revenue stream and more secure experience? Probably not. Success online is measured in eyeballs not dollars.
Would charging for Facebook or Twitter accounts solve the spam problem on the internet? Not completely. For the spammer the target audience is perhaps much smaller, but the ultimate free spam vector – email – still remains available to them. Only now the attacks are easier.
Consider the success of bank phishing scams. The emails are effective because they play to the fears of the victims – that their hard earned money may be in jeopardy if they do not take the action the spammer asks them to (e.g. verify their account password because of a recent suspicious transaction).
When you attach a value to something it makes phishing that much easier. Losing your free Facebook account is a minor inconvenience. Losing your paid Facebook account is a blow to the hip pocket. Just like the bank phishing email for a specific bank, although the Facebook phishing scam would reach fewer actual Facebook users but each would be more likely to fall for it because of the higher value of the account.
As long as email is free spam will exist. A spammer doesn’t need access to Facebook, free or paid, to exploit the popularity of the service in order to trick victims into giving up their account passwords or installing malware on their computer. All they need is the ability to send email, which comes at a cost so close to zero that almost any level of success can lead to a positive ROI.
This ultimately means that the responsibility for preventing spam rests with businesses and end users. You must take ownership of the risks and protect yourself instead of waiting for free online services to deliver protection for you.