Security

Simplicity, Shame Work Best in Securing Craigslist

Craigslist often relies on very simple mechanisms and the kindness of honest users to combat fraud on its pages, the site's founder said on Wednesday.

"Our first line of defense against the bad guys is the flag for removal," said Craig Newmark, founder of Craigslist, speaking at the Authentication and Online Trust Summit in Seattle. "If you see an ad on the site which is wrong for whatever reason, you can flag it, and if others agree with you, then the ad is removed automatically."

Craigslist's best defense against users trying to buy things with bad checks is the simple warning against accepting cashier's checks that it displays on the site, he said. "We get regular feedback that people see those warnings," he said. "Some people don't read them and they will get scammed, and our heart goes out to them, but I don't know what else to do. We do ask for suggestions."

Newmark employs another even simpler method for combating fraud, which essentially amounts to shaming the offenders. When in New York City, he'll often visit apartment brokerages that he knows have "been too predatory for too long," he said. "I like dropping in unannounced. I'm typically met with disbelief, then panic, then photography."

Craigslist sites also have discussion boards where users can talk about issues that they have on the sites or techniques for avoiding fraud. People help each other out there, Newmark said. "People give other people a break ... It's not a matter of technology, it's that simple," he said.

Still, Craigslist does employ a number of more sophisticated tools to guard against fraudulent activity. Just last night the site implemented a new Captcha system. "It's an ongoing fight, but I'm hoping we can increase the pain of spamming our site to the point where the cost exceeds the value to the spammer," he said. Captcha asks users to type in characters that they see on the screen, a technique that can prevent some automated spam mechanisms.

For the future, Newmark has high hopes for authentication technologies like digital certificates to combat fraud, but he's been impatiently waiting for that technology for more than 10 years, he said.

Subscribe to the Security Watch Newsletter

Comments