Subject: Cancel Messages: Frequently Asked Questions, Part 2/3 (v1.1)
Supersedes: <4i2711$kee@vixen.cso.uiuc.edu>
Date: 25 Mar 1996 18:17:41 GMT
Summary: This is a list of Frequently Asked Question about cancel messages
. on Usenet.  It mainly discusses how cancels work, who issues 
. them, their history, and what to do about them.  It is more of
. a general purpose FAQ than anything else; it's not required 
. reading anywhere, just more of a reference.

Posting-Frequency: monthly
Last-modified: 1996/03/18
Version: 1.1
URL: http://www.uiuc.edu/ph/www/tskirvin/cancel.html

Cancel Messages 
Frequently Asked Questions
Part 2/3

This document contains information about cancel messages on Usenet, such
as who is allowed to use them, how they operate, what to do if your
message is cancelled, and the like.  It does not contain detailed 
instructions on how to cancel a third party's posts.  It is not intended 
to be a fully technical document; its audience is the average Usenet user, 
up to a mid-level administrator.

This document is not meant to be a comprehensive explanation of Usenet
protocols, or of Usenet itself, but a basic knowledge of these concepts
is assumed.  Please refer to news.announce.newusers, RFC1036, and/or
RFC1036bis if you wish to learn them.

Disclaimers: The information contained within is potentially hazardous;
applying it without the permission of your news administrator may cause
the revocation of your account, civil action against you, and even the
possibility of criminal lawsuits.  The author of this document is in no 
way liable for misuse of the information contained within, nor is he in
any way responsible for damages related to the use or accuracy of the
information.  Proceed at your own risk.


Table of Contents..> = In other parts of the FAQ
=================
>I. What are cancel messages?
>II. How do cancels work?
>III. So your post was cancelled...
IV. What does it take to cancel messages?
   A. I want to cancel posts!  How do I do it?
   B. I'm not kidding; I really do want to do it.  How do I do so?. 
   C. What is a cancelbot?
   D. Sounds cool.  Where do I get one?
   E. What?  Why not?
   F. Fine then, I'll write it myself.  
   G. Right; I've got a cancelbot.  Now what?
    1. Who is going to be affected by this, and how will they react?
    2. What kinds of problems will this cause legally?
    3. Is this a moral thing to do?
    4. Do I really have the time to deal with this?
    5. Do I know for *sure* what this program will be used for?
    6. Have I double- and triple-checked my code?
    7. Do I know what's happened in the past?
    8. Am I following all of the rules?
    9. Do I actually have to do *this*?
V. That idiot forge-cancelled my posts!
   A. My post is gone; it was forge-cancelled, wasn't it?
   B. No, I'm sure, it was cancelled.  Why?
   C. How do I track the bastard down?
   D. Who's done this before?
   E. What, are there only bad guys?
   F. Is there anything I can do on my own?
    1.  Notify the postmaster at the offending site, or upstream site.
    2.  Alias out the offending site.
    3.  Call in the official authorities.
VI. What moral issues are involved with cancel messages?
>VII. What's going to happen to cancels in the future?
>VIII. What about these other things?

>Changes
>To Do
>Contributors
>Pointers


IV. What does it take to cancel messages?
=========================================
 A. I want to cancel posts!  How do I do it?

 .You must be kidding.


 B. I'm not kidding; I really do want to do it.  How do I do so?

.*sigh*  Well, I'll bet you really haven't thought about it very 
much yet.  Read this section before you do anything, alright?  

.Anyway...

.On a small scale, you can issue them by hand.  On a large scale,
you're going to want a cancelbot.


 C. What is a cancelbot?

.A cancelbot is a program that searches for messages matching a
certain pattern and sends out cancels for them; it's basically an
automated cancel program, run by a human operator.


 D. Sounds cool.  Where do I get one?

.If you have to ask, you don't get one.


 E. What?  Why not?

.Giving out a cancelbot is like handing out loaded guns with no
safeties.  Even if the recipient is well-intentioned screw-ups are
fatal; you need the proper training first.

.Until you know *exactly* how to use a cancelbot, nobody will share
the code.  This is done for a variety of reasons, not the least of which
is that they're dangerous, and can be used irresponsibly.  More than
that, though, if you screw up with a cancel-bot, you can cause *large*
problems.  For these and other reasons, it's generally accepted that
only those that are willing to write their own cancelbot are able to get
one.


 F. Fine then, I'll write it myself. 

.Sure, go right ahead, but a word of wisdom: make sure you know
what you're doing.
  
.Richard Depew (red@redpoll.mrfs.oh.us) was one of the first
people to use cancelbots in a large way.  One of the most famous
cancelbot-related incidents of all time was the ARMM cascade, in which a 
simple spelling error on his part caused a large spew in news.admin.policy
before it was turned off.  It was generally considered a Big Oops.

.Richard's incident was also far from the worst; that honor would 
have to go to the incident where a misconfigured cancelbot was auto-
cancelling everything from netcom.com.  Bigger Oops.  And these examples
just scratch the surface of what can go wrong when writing a
cancelbot...

.Before you test out your cancelbot on actual Usenet stuff,
double and triple check to make sure it *works*.  Make sure that you've 
gone through all the potential bugs and vulnerabilities -- add safeties, 
redundancies, internal logic checks, and what have you.  Start a local 
group, test it out in that group *only*.  Whatever.  Just remember, you 
only get one chance at this; do it right.

.While writing a cancelbot, make sure you follow the conventions
that you plan on using ($alz, etc).  In addition, once you've got the 
basics down, mail Chris Lewis (clewis@ferret.ocunix.on.ca).  He'll give 
you some more tips.


 G. Right; I've got a cancelbot.  Now what?

.Well, the obvious thing is to start using it.  But don't.
Before you do so, make sure you've considered *everything*; cancels
raise plenty of interesting questions, and using a cancelbot isn't
something to enter into lightly.  

.Before you do anything, make sure you've thought a _lot_ about
_all_ of the following issues.  Trust me, you'll need it.

  1.  Who is going to be affected by this, and how will they react?

.Cancelbots tend to affect a lot of people.  By running one, you
are messing with a lot of people -- and, generally, making them upset.
Many are going to complain.  Many are going to retaliate.

.Succinctly, before you start up your cancelbot, make sure you've
got procmail installed, that your machine can stand up to persistent
cracking attempts, that you are on good terms with all of your bosses and 
administrators, that you have made your phone number unlisted, and that
you've got a good lawyer handy.

.That's a start, at least.

  2. What kinds of problems will this cause legally?

.The best information available about the legality of cancel
messages says that non-content-based third party cancels are legal, and
that content-based ones may not be.  However, this has just plain not
been tested in anything resembling a court of law.

.This will cause you problems if you expect to cancel posts.

  3. Is this a moral thing to do?

.Even if cancel messages are perfectly legal, they still aren't
the nicest thing in the the world.  You *are* deleting somebody else's
words; by many, this will be called censorship, and in many cases they
are probably right.

.The most commonly used moral argument about cancels is known as 
the "slippery slope".  The use of cancel messages leads down the road to
censorship, which is a Bad Thing; however, it is possible to keep the
system under control if you stay near the top.  The further cancels go,
however, the more likely it is that they *can't* be controlled, and once
that happens, all is lost.  But in the mean time, those small steps can
help the functioning of the system immensely.

.Common practice says that non-content-based cancels are not
censorship.  Instead, they are based on how "loud" the message was said;
it's not censorship to disallow someone to blare their message out in
the middle of the night using a megaphone.  Hopefully, this means that
spam cancels and the like are not out of control, that we haven't gone
too far down the slope to return; however, that point is definitely up
to debate.

.Before you do anything, make sure you know what you might be
causing.

  4. Do I really have the time to deal with this?

.Operating a cancelbot takes a lot of time.  Just on a technical
level, the 'bot has to be written, the parameters have to be set, and
the thing watched to make sure it works; that, though, is the least of
your worries.

.Once you've got it going, people are *going* to take notice.
As a result, you will get comments, you might get praise, and you will
probably get complaints.  And you've got to deal with them.  If you
expect your bot to continue working, you're going to have to put out a
lot of time to deal with it all -- be it positive, negative, or neutral.

.It may seem like a small issue, but it's definitely something
worth mentioning.  Being held up to constant public scrutiny isn't easy.

  5. Do I know for *sure* what this program will be used for?
.
.Remember, if people don't accept what your cancelbot is doing,
your cancelbot will not be effective.  Before you start cancelling, make
sure that you won't be rejected from the job.  Make yourself some rules.

.As a recap, the standard uses for third-party cancels are spam
cancels, moderated group cleanup, binaries in non-binary groups, spews,
forgeries, and the like.  See section I.D for details.

.One more thing on this: remember that you may give out your code
here at some point.  If you were to do so, how could your cancelbot be
used?  Have you put in some safeguards?

  6. Have I double- and triple-checked my code?

.Again, screwing up your code can cause *big* problems.  Before
you're ready to go operational, make absolutely sure that you know that
the code works 100% of the time.  There are no second tries here.

  7. Do I know what's happened in the past?

.The history of Usenet and cancels goes back a long, long way;
it's not only fairly interesting stuff, but it teaches interesting
lessons.  Before you start the cancelbots, you should probably know what
they were used for before.

.With knowledge comes power, after all.

  8. Am I following all of the rules?

.While they may not be conventions, there are certain basic rules
that are usually followed by operators of cancelbots that should
probably be followed.  A notice of the cancel should be posted to
news.admin.net-abuse.announce; the original poster and their postmaster
should be notified; a representative copy, or link to such, should be
appended to the cancellation notice.  And, of course, as usual, all
official conventions should be followed exactly.

.If you're not doing them nicely, you're going to get more
complaints than otherwise -- and rightfully so.  

.Also, it has been proven time and again that nice, polite
cancel notifications make less enemies than flamish ones.  It's probably
a good idea to make your notifications as happy as possible -- though
they should also include as much information (or links to information)
as you can possibly fit in.

  9. Do I actually have to do *this*?

.If you hadn't figured it out already, cancelbots are a pain in
the butt.  If for no other reason, you should probably think very
carefully over whether this is really necessary.

.Are you ready to do this?  Talk about it with the regulars of
the groups you're dealing with.  Make sure they know what's going on.
See if someone else is willing to help you.  It might help; it might
not.  It's worth a shot.  If there are problems with too much irrelevant
traffic, it might be a good idea to moderate the group; see news.groups
for details.

.Are cancels the best solution to the problem?  Sometimes,
writing letters to the offenders is a good enough solution; people will
generally solve the problem themselves, if given the chance.  If that
doesn't work, try mailing postmaster at the offender's machine (in some
cases, the correct address would be abuse@site), so the user's
administrators may try to help.  

.Even if reasoning with everyone you can think of doesn't work, you
can still try other approaches.  Post about it to news.admin.net-abuse.misc;
the regulars there have been trained to deal with obnoxious sites, and
will help you if necessary.  In many cases, you can stop the problem
with judicious use of killfiles.  And, if all else fails, you can try
NoCeM; see section VII.D. for details.

.In general, just make sure you've tried *every* alternative
before you start cancelling.  It's a pain.  Trust me.  



V. That idiot forge-cancelled my posts!
=======================================
 A. My post is gone; it was forge-cancelled, wasn't it?
.
.Before you do anything, check section III; double-check to make
sure that someone really *did* cancel your post before you get all upset.
Remember, no cancel message, no cancel.


 B. No, I'm sure, it was cancelled.  Why?

.There are as many reasons to cancel a post as there are cancel
messages, and it shows.  Most cancels are issued for valid reasons
(which are detailed in previous sections), but sometimes they are done
for what many people would consider illegitimate reasons.  The people 
that issue such cancels are known as "rogue cancellers"; they are the 
ones to worry about.

.Why do they do it?  It depends.  One popular excuse, started by
the infamous Church of Scientology, is that the message was a "Trade
Secret" which has to be protected.  This excuse is generally considered
bogus, and will rarely stand up to scrutiny; kids, don't try this at
home.

.What are the *real* reasons, though, that someone did this?
Well, there are two basic reasons: they want to keep something out of
the light, or they don't like what you said.  Both are pretty bad.  

.In any case, rogue cancellers are *not* accepted by the Usenet
community.  End of story.  The hunts to track down rogue cancellers
often reach near-epic proportions, and virtually always end with, at the
very least, the cancels ending.


 C. How do I track the bastard down?
.
.If you have the cancel message, the best first step to tracking
down the canceller is to post one of the cancel messages to
news.admin.net-abuse.misc with an explanation of what's going on.  The
people on that group are veterans at tracing Usenet messages; they can
probably help.  While you're at it, they may also explain why your
message may have been cancelled legitimately, in case there's anything
you missed.

.For rudimentary analysis of who cancelled your post, check the
NNTP-Posting-Host: header of the cancel.  While it is possible to forge
this header, it generally will say which machine was used to issue the
cancel message.  Other possible headers may be the Path: header and
possibly the Sender: header.


 D. Who's done this before?
.
.In the past, there have been many rogue cancellers, of various
skill, competence, and intelligence.  Some are gone; others are still on
the run, but appear occasionally.  Here are a few of the most famous.

.Kevin Jay Lipsitz: "Krazy Kevin", as he calls himself in his
spams, has cancelled many posts on news.admin.net-abuse.misc concerning
his spams.  His theory is that, by cancelling the posts, it will take
more effort for his spams to be cancelled.  To this point, he's failed
miserably.  Instead, he encouraged the creation of Dave the Resurrector
by Chris Lewis.  Kevin has been kicked off many ISPs, but is still at
large.

.CrackerBuster: CB was an unknown computer person that decided a
while back that he didn't like alt.2600.  Because of this, he decided to
wage war on the group -- and anyone that supported it.  He issued
cancels for every message in the group, as well as alt.current-events.
net-abuse, and them flooded them with his own messages.  All of this,
though, is not without its good side; as a result of his work, Chris
Lewis, a prominent spam canceller, fixed up his cancelbot, got a better
detector, and got to work at cancelling spam.  Netcom eventually
cancelled CB's account.

.Crusader: several months ago, there was a *very* large neo-Nazi
e-mail spam sent through several systems.  Many systems were involved in
one capacity or another, most of them cracked.  To slow down the
trackers, the perpetrators cancelled all messages about the spam to
news.admin.net-abuse.misc; all that was accomplished was the creation of
a short-term mailing list to track him or her down.  The e-mail spam has
since stopped, and the cancels ended.

.The CancelBunny: the Church of Scientology, a remarkably
paranoid organization, has several "secret scriptures" that have long
been distributed over Usenet.  To stop this, the evidence shows that
they have called in someone with computer knowledge to cancel posts that
contain any of their scriptures -- or anything that they didn't like.
This brought the entire religion to the attention of Usenet, and 
alt.religion.scientology is a very well-read (and high traffic) group as
a result.  

.The cancels, however, were generally accepted to be Bad Things.
Therefore, a group of people decided that they were going to hunt down
the (anonymous) CancelBunny, as it had been named, by checking from
bunches of sites.  Several CancelBunnies have been tracked down and lost
their accounts; more keep popping up, only to be bashed back down just
as quickly.

.The cancels by the CancelBunny are generally on comp.org.eff.talk
and alt.religion.scientology.  Cancels to a.r.s are reported by Lazarus 
(VIII.C).


 E. What, are there only bad guys?

.No, of course not; they're just the most prominent.  There are 
plenty of important good guys, too -- the ones that perform the thankless 
job of cancelling spam, spew, MMF, and all the rest, basically keeping
Usenet usable.  

.Most of them hang around on news.admin.net-abuse.misc.  The most
famous are the CancelMoose (moose@cm.org) [retired], Chris Lewis
(clewis@ferret.ocunix.on.ca), John "jem" Milburn (dogbert@xpat.com),
Jonathan Kamens (jik@mit.edu) [inventor of the best scanning software to
date], Benjamin "Snowhare" Franz (snowhare@netimages.com), and Richard
Depew (red@redpoll.mrfs.oh.us).


 F. Is there anything I can do on my own?

.Of course.  

  1. Notify the postmaster at the offending site, or upstream site.

.If you can determine where the cancels are coming form, mail
postmaster at that site with your complaints, or, in many cases,
abuse@site.  If this doesn't work, you may want to try notifying the
people that give the site its feed; for details on how to determine
this, check the Spam Tracking FAQ.

  2. Alias out the offending site.

.Your news administrator is capable of making your machine not
accept posts from a certain other machine.  If necessary, this can be
used to ignore the cancel messages on your own site.  

  3. Call in the official authorities.

.As was previously said, forged cancels are in a legal grey area.
If you want to call in the legal authorities, you probably can, and
something may be done.

.The general recommendation of this, though?  Don't do it.  Any
kind of legal judgment on this matter sets a precedent; at this point,
we're almost happier without one.  



VI. What moral issues are involved with cancel messages?
========================================================
.I'll answer this question succinctly:

.Lots.
.
.The moral issues related to cancel messages are among the most
interesting, and distressing, part of the issue.  Third-party cancels,
spam and binary cancels, retro-moderation, moderators in general, the
"slippery slope" argument, the "Usenet is an anarchy" argument, "you're
violating my first amendment rights!" and "without cancels, Usenet would
have died under the weight of the spam long ago"...  

.This FAQ, though, isn't really the best place to get into it.

.For lack of space and time, I cannot get into these issues in
detail here, however important they may be.  If you want a start on this
matter, read the news.admin.net-abuse FAQ, along with the newsgroup.
It's at least a start.

--
Copyright 1996, Tim Skirvin.  All rights reserved.
http://www.uiuc.edu/ph/www/tskirvin/cancel.html
