Yahoo! has announced that it will discontinue Y! Briefcase service. Well it was about time as really never knew anyone who actually used this service.
What Y! Briefcase did contribute to was a series of innovative abuse-prevention measures. When the service was launched, storage of any kind was very expensive and Yahoo Briefcase offered 30MB of free storage online. (Remember these were the days when your email capacity was few MB’s). It was frustrating when you had more than 30MB to store online and one had to buy a premium user accounts to store more.
Some intelligent hackers decided to write a small application, which would go to Yahoo Briefcase, create few thousand accounts and then take large amounts of data, split them into chunks of 30MB, and spread them across these accounts. So you had free, almost unlimited storage online and this application was using Yahoo Briefcase in the background. These applications were suddenly using up more than 60% of the system resources alloted for Y! Briefcase. How would one stop this ?
I was privileged to be part of the team that had to solve this problem. Udi Manber who was the Chief scientist at Yahoo! at that time decided to step in and help with these problems. We had just heard about a small research project named ‘CAPTCHA‘ which was being tested in Carnegie Mellon University. We looked at it, played with it and finally decided to roll it out to remove automated creation of accounts. We had few hiccups, and over time learnt to build a bulletproof CAPTCHA product. This as far as I know was the first large scale deployment of CAPTCHA which of course today is used in almost all web applications. Of course some people got around the CAPTCHA problem by using real human.
A lot of other anti-abuse and rate-limiting measures were first introduced thanks to Yahoo! Briefcase which are used across Yahoo as well as across many web applications today. This was also the only project which I ever had to write entirely in C++ (I’m still a big fanboy of procedural programming languages). Though the service is dead, it did help fuel a lot of webapp security tools which everyone uses today.