pulsesystems

Security in Usenet and Newsgroups

The Usenet could be described as a kind of electronic bulletin board: The user writes a message in it and sends it off. A little later, it is readable by all other users of the system – and they can reply immediately. This chapter explains how you can safely use the world’s largest discussion forum.

Usenet and Newsgroups: Structure and Technology

To participate in the Usenet, you do not need much more than a special read and write program, the so-called newsreader, and access to a news server. The Usenet is public. The millions and millions of messages are stored in a global network of computers, the news servers. Among these news servers, there is a regular exchange, so that the delivered messages are up-to-date and available for every participant.

The Usenet is hierarchically structured and thematically divided into different groups, the newsgroups. For example, the group “comp” stands for everything to do with computers, the group “soc” for all social topics. Below this, the detailed subdivision begins. Using “soc.” as an example, the newsgroup “soc.culture.germany” would show you discussions on the topic of social culture in Germany. The group is deliberately kept “old” in general. Under “alt.binaries”, file attachments (binaries) can also be posted, for example movies, music or photos, in addition to the pure text messages. Because of their size and their partly critical content (illegal copies, pornography), the “alt.binaries” newsgroups are mainly run on news servers of commercial providers.

Risk when using the Usenet

As described above, Usenet is basically public and uncensored. It has no owner and no responsible person. The only form of “censorship” takes place when certain operators of news servers do not actually offer their customers all available newsgroups for use. This is particularly the case with the “alt.binaries” groups – on the one hand because of their data volumes, but on the other because of the hardly filterable content they contain. In principle, anyone can post whatever they want on Usenet. However, this also means a certain risk for the other users:

Copyright-protected content is posted in “relevant” newsgroups. Here the groups are therefore used to distribute cinema films, music files (mp3) or computer programs and thus offer them for public use. The distribution as well as the illegal use of copyrighted works can have criminal and civil consequences. In recent years, the film and music industry has massively intensified its fight against illegal copies (“pirated copies”). This threatens criminal proceedings before the courts and, in particular, enormous claims for damages.

A widespread problem – especially in the “alt.binaries” groups – in Usenet is the distribution of malware such asviruses, Trojan horses or worms under apparently harmless names. In these cases, the posters pretend that it is a harmless file. Instead, the downloaded files then start their malicious routines on the computer.

Not to be underestimated in Usenet is the danger for one’s own data protection and privacy. The messages posted on Usenet are available to everyone for decades via certain archives (such as Google Groups). Anyone who writes articles here without thinking about it, and in doing so may still be able to identify himself, may have to pay for his “youthful sins” years later. For example, there are known cases in which personnel managers also scan the Internet and newsgroups for the names of applicants when hiring new staff. Here, thoughtless remarks can still have a negative effect years later – which, of course, applies to the entire Internet.

Anonymous on Usenet

Users of Usenet must be aware that any contribution written can be traced back to its author. Each article contains a so-called header. This header shows which computer was used to send the message, the IP address, the time and date the news was posted, and which program was used. Obfuscation is only possible with the help of special programs, the so-called anonymous remailers.

Using Usenet safely

As an open, worldwide discussion forum, Usenet is an almost unmanageable pool of knowledge. Anyone who wants to use it safely and with minimized risks should consider the following:

Stay away from “relevant” newsgroups. It may be tempting for some to “buy” films, music and other copyrighted works on Usenet beyond the known file-sharing networks and p2p networks. But keep in mind that you will be in a lot of trouble if so-called “pirated copies” are discovered on your computer. A tip by the way: the vast majority of discoveries of copyright infringements are not based on targeted actions, but on accidental discoveries. This could be the self-burned CD in the car, which is discovered by the police during an alcohol check. But it can also be an examination of your computer, because you yourself have become a victim of a crime on the Internet, for example.

In particular, always check binary files when downloading from Usenet with a current virus scanner. It is better to refrain from downloading than to expose your computer to the risk of infection with viruses, worms or Trojan horses.
Always pay attention to the context in which the news you are interested in are placed. Immediate dangers (infected binaries, dangerous links) are often discovered before you by other users. They might have published corresponding warnings in response (Re:…) to the dangerous message.

  1. Place value on anonymity and data protection. Be thrifty with information that allows you to deduce your identity. If you want to use Usenet anonymously (this is often the case with self-help groups and discussions about personal diseases), you should use anonymous remailers. Access via news servers abroad is also conceivable, since access to the Usenet may not be logged in such detail there.
  2. If you have inadvertently downloaded dubious content onto your computer (such as files protected by copyright or child pornography that were not recognizable by the file name), delete it immediately. Also consider a possible cache function of your newsreader.
  3. If you want to use a commercial news server provider, be sure to observe the terms of the contract. Check whether the provider provides the relevant newsgroups for you. Consider which data the provider stores about you and your use and what happens to this data. Finally, when choosing a news server provider, you should also consider the terms and conditions of the contract. Some providers work here with seemingly cheap or even free “trial accesses”. Who then does not quit in time again, locks a long-term – and perhaps not necessarily wanted – subscription.