Tag Spam :: The Next Big Thing

So, what’s the next big thing gonna be? TAG SPAM. That’s right !!

With the proliferation of fads in “Web 2.0″ you can rest assured that spammers and malware authors are just loving all the insecure code out there. How do I know it’s insecure? How could it not be?! The more complex a codebase gets, the more likely it is to have bugs and the more difficult it becomes to manage and maintain and update. But, on top of all that, more complex code also leans greatly toward less secure code. This is particularly true in these times of Web 2.0 fads and fashions. Everyone’s got diagonal patterns and fake drop shadows and glossy Apple mimicry. Everyone is also rushing to have AJAX stuff happening. They all want to be the next Myspace, Facebook, Reddit, Digg, Flickr, insert-the-social-networking/bookmarking-flavor-of-the-month-here site.

That’s great, except they’re all doing the same damn things for the most part. Anything new quickly gets copied by everybody else, including the big boys.

So let me get off the tangent: Comment Spam is here to stay. But Tag Spam is coming soon to a theater near you!!! You bet. That means all those tagging systems out there are new holes for potential SQL injection, XSS attacks (cross site scripting) and simple spamming. I don’t know how search engines really handle tags and tag clouds, but a full bore attack on any major site using tags could easily turn into a spammer’s attempt at SEO.

Some will say, “Well, that’s nothing! We’ll just make it a ‘members-only’ tagging system!” Well, yeah, like that’s gonna work… Uh, you know, no captcha has been proven hackproof yet. Not one. They take effort, but they’ve all been beaten. Not to mention the ability spoof e-mail headers and cookies has been around for over a decade…

Mark my words. Publicly exposed tagging is doomed. Aside from the fact that it’s kind of obnoxious that retailers like Amazon sucker customers into doing unpaid taxonomy work for them, and people will soon get sick of it, companies will soon realize that combating Tag Spam will waste a lot of programmer time, and a lot of system resources.

As RIA’s (Rich Internet Applications) take off more, you’ll also have disgruntled or unscrupulous employees exposing your API to the world. This already occurs with compiled, shrinkwrap software. What makes anybody think it won’t happen with web applications as well? Online Office suites? Nobody with half a brain finds those things sane or useful at this point, but if one of those apps takes off to the point of being a household word like YouTube or Google, you can bet your boots at the Sunday races that blackhats will be all over that like flies on pooh. (…from Russia with love)