GridTracker can abuse LoTW


Dave AA6YQ
 

Increasingly over the past year, DXKeeper users have reported receiving an "invalid response" error when they invoke DXKeeper's
"Sync LoTW QSOs" (report new acceptances) and "Sync LoTW QSLs" (report new confirmations) functions.

Several DXKeeper users recently noted that this behavior began shortly after running the GridTracker application for the first time.
GridTracker is open source, so earlier this evening I took a look at its source code. This application provides a setting referred
to in the source code as

loadLOTWCheckBox

I do not know how this setting appears in the application because there is no documentation, and because running GridTracker on my
Windows 8 test system fails. If this setting is enabled at startup, GridTracker will direct LoTW to report *all* submitted QSOs!

A rather heated realtime discussion with several GridTracker developers confirmed my understanding of its source code. Frankly, I
could not believe that any competent developer would construct something so irresponsible without at least providing documentation
to prevent inadvertent abuse by its users.

I don't recall exactly when, but code was added to LoTW to detect and deter abuse of its "download all QSOs" capability by returning
a "503" error in response to an abusive downloader; DXKeeper sees this as an "invalid response" error. This "detect abusive
downloads" functionality is also undocumented, but my recollection is that once triggered, subsequent Sync requests may be rejected
for a time.

This problem will affect any logging applications that downloads QSOs or QSLs from LoTW.

The GridTracker developers say that they will correct this situation. In mean time, I suggest that GridTracker users disable the
loadLOTWCheckBox setting, whatever's it's called.

73,

Dave, AA6YQ (developer, DXLab)

Join DXLab@groups.io to automatically receive all group messages.