Interesting, though I'm a bit confused: Does the "Supporting DOX" section represent a bunch of actions the author doesn't spell out in detail?
It seems like a bunch of easy Google searches and whois looks-up, which I followed along with ("Oh, sure, okay. Yep, easy, that makes sense.") And then out of nowhere: Bank document? Passport?
From the article, it would appear he found these images from a "Lativan photo blogging site used by him". Why would he upload an image of his passport to a photo blog?
It's possible he's using the photo sharing site along with Twitter or something similar and doesn't realise that images attached to private message are still become public.
It could be social engineering. Once the author got his address and phone number, I presume he just sent an official looking mail or made an official sounding phone call to have the documents mailed to him.
This whole story reads was interesting as a reminder of what public information people leave on the internet unconsciously, and how to find it. More interesting than most crime stories :)
And best of all, blog author didn't do any wrong, except maybe violating SOPA. He just published information that is already publicly available all over the internet, and thus can't be accused of harassment.
I have the same problem sometimes. I run a small wiki and wikis are pretty popular with spammers since there are lots of abandoned wikis at well-ranking domains that can easily be spammed.
I followed the links and they obviously didn't care much for their privacy either. Using a combination of Whois and some private information database I could easily figure out the people behind it, including lots of their private information, pictures of them and their family members, etc. But now what? They are operating from the United Kingdom and Poland and I have no idea how to proceed.
Anybody who does this (chasing spammers) more often know what to do after you have all their private information?
I help run a couple of wikis, and I think another reason they're a target is that the available third-party Akismet plugin doesn't "close the loop" - there's no "mark as spam" option to help fix the oversight.
I enjoyed the post in a pitchfork waving sort of way but I really don't think publishing this guys full details and passport is fair game.
Xrumer spam is a huge problem for a lot of webmasters. It's the same level as email spam, only the people that pay for it seem to kid themselves into thinking it's not.
If you have a good quality site, play to your strengths. You don't need to adopt junk techniques like Xrumer.
This is stupid. Not only is publishing private info like this immoral (probably even illegal, which comment-spamming isn't), way more immoral than auto-posting some annoying comments, but it doesn't serve a purpose.
It may stop this guy, but it won't stop blackhat SEO. Blackhat SEO is done because it works.
It's actually often a neccesity for small business owners who have to spend their time running their small online store and supporting their customers instead of writing a blog about their products that nobody but Google will ever read.
This is a huge problem with the current Google algorithm - if information isn't your business you shouldn't have to spend your days writing just to please Google. Until Google somehow can determine not only what information is best, but also which businesses, products and services are best, Blackhat SEO will be rampant.
While you are probably right about this being immoral and maybe illegal, I've had to clean up my share of xrumerservice.org spam from forums and can tell you that I'm no longer against immoral practices if they hit this specific guy. The amount of other peoples time this guy wastes is probably several life-times every fucking day. I think you have to be a forum admin to understand the deep, deep urge that can build up to hit this particular spammer as hard as possible and not even caring anymore if that will get yourself in legal troubles.
> ... [P]ublishing private info like this ... doesn't serve a purpose
Come on, that is obviously false. If being a blackhat is likely to result in bad stuff, fewer people will be blackhats. (It's obviously still vigilante justice, with all the usual pitfalls. But immoral doesn't imply ineffective.)
Even if Google could determine which businesses, products, and services were 'best', it wouldn't matter to spammers. Presumably most of the participants in Blackhat SEO don't offer the 'best'. The driving motive is that they want their stuff to appear in people's search results, not some altruistic goal of providing people access to their high quality offerings.
If small businesses are spending time writing articles that only Google will read - they are doing it wrong.
I imagine the problem with most of these small struggling businesses isn't a bias in Google's algorithm, but rather they have entered a highly saturated market with a mundane/unmemorable/uncreative website that no one wants to visit.
My point is that they shouldn't have to write articles at all if that's not what their business is about. How good you are at writing (or how much you have to spend on it) and how much you've written isn't a good indicator at all for judging how good your product and customer service is. It's actually a pretty horrible one.
The Google algorithm is heavily biased towards the big guys who can afford to buy content, publicity and links. I'm obviously not talking about content/information businesses (where content obviously should be king), I'm talking about the small businesses who are creating small niche products.
There's only so much you can write about door stoppers for example until you start repeating yourself. Then you're already in greyhat territory since you're essensially spinning content. After a while you start realizing that nobody is ever going to link to your articles about door stoppers, so you start building links manually. Then you're already blackhat.
For a lot of small non-content businesses the choice is often between blackhat or not making any money (from the internet at least). You can't blame them from chosing the first option.
As the other commenter said, not making money isn't an excuse to start spamming people. It's a greedy response, profiteering off dishonest practises that waste other peoples time who have to spend time cleaning up all this stuff.
Also if I want to buy door stoppers, I'd much rather Amazon came up in my search than a small site I've never heard of which I'm far less likely to spend money on. Trust is a big part of search results.
If a company tells me they can't outrank Amazon or some other big popular site for door stoppers I would ask them why they are trying to sell the same door stoppers as Amazon is, you're competing with a giant on a product no one will want to buy from you. You need to offer something Amazon doesn't. Maybe this is hand painted door stoppers, funny shaped ones, those are actual niches you can profit off. Door stoppers shouldn't be considered a niche in my opinion, it's far too broad.
In regards to the lazy trend of 'niche information sites' that have low quality content and adverts to make money from, aimed to be the middle man between a search and a product sale, these are the bottom of the barrel websites and I hope every time I search in Google that these sites don't come up. They also waste everyone's time, are extremely uncreative and are diluting quality in the general web experience for everyone.
No, I'm pretty sure I can blame spammers and people that employ them for spamming. It isn't Google's fault and it being their "only" option to make money is not an excuse either.
Way more immoral than auto-posting some annoying comments? Really?
Morality is a social construct, a contract that we all essentially buy into. Immorality is the violation of that.
If anything is immoral it's stealing 100s of 1000s of people's precious time (multiple times per day) with robotic systems--simply so you can make a few bucks, by providing no social value whatsoever. It undermine the fabric of what holds us together.
Personally, the response seems elegant and appropriate. A highly targeted activity that is likely to affect only the intended target. Maybe someone that lives in Latvia will go buy a cream pie and throw it in his face as he leaves his house!
Good, that guy wasted your time, bandwidth, annoyed your real customers and users. This amounts to money out of your pocket, it's only fair he see some sort of money out of his, hopefully the release of his info will cause this. But more likely you have trained him how not to get caught the second time around. I doubt he will face any penalty, as he is in LATVIA!!! If you really wanted to stop him you should board a plane and show up at his door.
It seems like a bunch of easy Google searches and whois looks-up, which I followed along with ("Oh, sure, okay. Yep, easy, that makes sense.") And then out of nowhere: Bank document? Passport?