
Ask HN: What is the most unethical thing you've done as a programmer? - 88e282102ae2e5b
There was an article a while back about how cell service providers were selling extremely granular location data, and some of the programmers working on those systems immediately showed up on HN to comment on their moral dilemma. I suspect it&#x27;s not an isolated case.
======
iamleppert
I created software that was used by call center agents to bid on “bathroom”
break time slots and kept track of who was on break and actively punished
those who didn’t follow the rules. It rewarded those that had higher
performance and who took less breaks with higher priority. If an agent didn’t
come back from their break a security guard would automatically be dispatched
to find them. For the same company I also made software that reduced the same
call agents to numbers and effectively automated the layoff/termination
process. It would contact security with orders to have people escorted out,
and had a sinister double verification process that would check to verify the
agent was actually fired, or else the responsible security guard would be
punished via the same point system. Everything was done via e-mail and would
come from “System” and at the time used fancy HTML e-mail templates that
looked official. I would frequently hear people talk about how they received a
“System e-mail” with a chill in their voice, not knowing I was the one
responsible. People who I ate lunch with sometimes didn’t even really know.
Embedded in each e-mail was a count-down timer to create a sense of urgency to
do whatever was being asked before a “punishment” was applied.

After an agent had been terminated, their punishment points would decay over
time until such a time they reached zero (or another configurable threshold
depending on how desperate the company was for warm bodies), at which time
they would be sent an e-mail to their personal e-mail (which was collected
during the application process), inviting them to “re-apply”. Being an early
telephony company we also would send them a robo-call with the “good news”.
This process was known as a “life-cycle” and it was common in certain labor
markets for employees to have many such lifecycles. Another way employees
could stave off automated termination was to work for unpaid overtime, which
offered to reduce their point values per unit of overtime worked. Everything
was tracked to second granularity thanks to deep integration with phone
switches and the adoption of the open source Asterisk CTI.

This orwellian automation terrorized the poor employees who worked there for
years, long after I left, before it was finally shut down by court order. I
had designed it as a plug-in architecture and when it was shut down there were
many additional features, orders, and punishment_types.

~~~
fao_
I have to ask, why did you choose to take the contract? Financial pressures?
Or did you not feel that such a system is morally reprehensible?

Personally while I'm opposed to programmer certification, systems like these
certainly make me wish such a thing existed.

~~~
derefr
Personally, as both a writer and a programmer, I often consider implementing
the systems that I’ve written dystopian fiction about. Not to create a
dystopia, but for the same reason I write: to point one out, such that people
can get incensed, laws can be made, etc.

To put this another way: the most efficient way we could have possibly found
to get the use of nuclear arms in war globally banned, was to have someone use
one. The Cold War would have been far riskier if the world hadn’t seen
Hiroshima and Nagasaki—it would have been a stand-off to the use of weapons we
would have as-yet had no understanding of the consequences of using. It
probably would have ended with the use of hundreds of bombs, rather than just
two.

It’s sort of the moral equivalent of a “work to rule” strike: the best way to
get through the lesson that something is bad, is to stop pushing back against
it and just let it happen for once.

~~~
andy_ppp
You’re actually suggesting being a sociopath is a good thing because it’ll
make all the bad ideas eventually die by us trying them. This is simply not
true, we have to make bad ideas die by reason and logic, before we do too much
harm.

I suppose doubling down of fossil fuels and burning of rainforest is great,
we’ll just have to adapt quicker to the super extreme weather. But we can
adapt with more aircon! Yay!

Maybe we are just monkeys who can’t actually learn from things that we haven’t
experienced but then we’ll be replaced by nature any day now. I’d rather learn
things the easy way, if at all possible.

~~~
mindslight
This is an extremely uncharitable reading. Infosec is a field rife with
kneejerk dismissals until people actually see the exploitation in action. How
long has the (ethical) tech community been warning people about the NSA and
Faceboot, until Snowden and Cambridge Analytica actually happened?

~~~
andy_ppp
Infosec is totally different because it’s exposing problems people have
already created in a standard way. This is using technology for maliciousness
in the first place. Try telling to those people who were abused by that system
they were just collateral damage in a bigger plan.

------
movedx
Not a programmer at the time, but a system administrator. I won't mention the
company. This was 2011-2012 -ish.

We hosted dedicated servers and most of the time, they were mostly Plesk or
cPanel servers run by people selling email and or web hosting to hundreds of
clients from a single server.

This one time a client joins the network, buys a server from us, and migrates
from Rackspace. We wondered why he'd move from Rackspace given they were
better than us, and it turns he was kicked off of their network because he
basically submitted tens of support tickets daily asking for all kinds of
optimisations, improvements, and silly stuff not covered by the support
contract. Rackspace had decided he wasn't worth it and booted him.

We ended up with him and boy was he a pain in the backside. Anyway...

Long story short, he cost us more in engineering time than he paid us and this
irritated the owner of our business. The owner had my team leader find someone
on his team willing to do the following: dump the guy's Plesk database
containing all of his customers and make a copy of it on our network. I took
on the task and was told it was simply a backup. I was young and didn't really
think things through. I feel bad about it now because...

The customer was booted from the network a month later and all of his
customers were offered free email and or web hosting for the year, including
migrating them over to our network... the owner absolutely annihilated the
guy. He contacted all his customers and simply wiped him out.

That same owner is now a highly respected business man and an MBE.

You might be able to do some digging and find out who this company and owner
is, if you look hard enough.

~~~
typpo
UKFast is a UK-based web host whose CEO has received an MBE.

Probably not that many other web host CEOs with an award from the Queen.

~~~
TeMPOraL
[https://www.ukfast.co.uk/images/2018-redesign/logo.svg](https://www.ukfast.co.uk/images/2018-redesign/logo.svg)

> UKFast - your future is our business.

Turns out it's meant seriously.

------
cdoxsey
So my dad told me this story once,

He was working on a large, industrial construction project and they were
nearing the end of it, so a QA engineer was scheduled to do a walk-through,
and before that happened a higher-up purposefully damaged finished work,
dented a pipe with wrench, unscrewed a bolt, etc... That way when the QA
engineer did his checks, he'd find these obvious, easily fixable defects and
mark them, whereas if he had found no problems, he would end up digging
deeper, since he'll feel like he has to find something, and then he might
potentially uncover some major, catastrophic problem that'd be impossible to
fix and still hit the customer's deadline.

Theoretically everyone's happier at the end of it... QA because they did their
job and found stuff wrong, the client cause the project was finished on time,
and all that for an afternoon of extra work.

I worked for a company with an extensive QA process and on occasion I found
myself being less then thorough before handing the code off. I knew there were
bugs, but just left them in there, because they had bug quotas they had to
meet, and we had a tight deadline, etc... At least that's what you tell
yourself to justify the behavior.

Sometimes I wonder just how much of this kind of greasing-the-wheels goes on
in other industries...

~~~
scott-smith_us
I used to do this defensively when submitting 8-bit games for publication back
in the 80s.

The non-gamers at the publishing company seemed to feel they had to get back
to you with a handful of changes. If your game was really polished, the
changes would be pointless or even harmful things. I quickly learned to leave
in a few obvious things that were trivial fixes, e.g. blocky bitmaps,
misspellings, jarring colors.

Instead of coming back with:

> we really like the game, but couldn't the snake be an F-15 fighter, and
> couldn't the scrolling be vertical instead of horizontal?

...it would be more like:

> Change that color, fix that icon, correct that spelling

~~~
makapuf
See also the story of the duck and the queen on game battle chess
[https://en.m.wikipedia.org/wiki/Battle_Chess](https://en.m.wikipedia.org/wiki/Battle_Chess)

~~~
icc97
The source of that is from a codinghorror post [0]

[0]: [https://blog.codinghorror.com/new-programming-
jargon/](https://blog.codinghorror.com/new-programming-jargon/)

------
akudha
Not me personally, but the company I started my career with (was an intern
there for a few months).

ERM software. When a new client comes onboard, install the product and
database, but make sure not to make any optimizations, not even the basic
indexes in the DB. Depending on the usage, the DB will get slower and slower
in a few months. Then send a "consultant" who will simply run a script and add
indexes etc and test a bit (no more than an afternoon worth of effort) and
charge a high fee for it.

We had a project once for conversion (not getting into details). My team found
a tool online. Boss bought it, finished the entire project in one day. Boss
bills for month (which was the original estimate), puts the team to work on
another project for the next 29 days, gets paid for that too. The only decent
thing in this story is that we didn't know _before_ the quote, that such a
tool was available. Some would say this is smart way to do business, it felt
shitty for me though.

~~~
Raed667
For the second part, I dont think about it as you sold a month of work. You
just agreed with a customer that this task is worth X amount of money. If you
managed to do it in one hour, that's just good business.

~~~
radicalbyte
In this case you got lucky; other times you'll underestimate the amount of
effort required. In the end it'll even out.

~~~
scott-smith_us
I still think they could have charged for less than the full month. The
goodwill and trust that would have engendered would probably have been more
than worth it in the long run.

~~~
user5994461
Absolutely not. The client will either take you as shady or incompetent for
being that much wrong in your estimate.

------
beaker52
I worked on a penny-bidding site. These guys "auctioned" items like
PlayStation, tvs, cars to the user who placed the final bid on an item after
60 seconds of no further bids. Each bid would increase the final price by 1
pence/cent, but each bid would cost 50 pence/cents. You could "win" a $20,000
car for $500.37 and the house would have taken 50,037*50 cents. It might be
okay if that was it -- but I was asked to code some "house bidders" who would
outbid players until a certain threshold was met. I left that job shortly
afterwards.

~~~
beagle3
I think it's more often referred to as a Dollar auction[0] - an example where
a series of rational decisions leads to irrational behaviour.

[0]
[https://en.wikipedia.org/wiki/Dollar_auction](https://en.wikipedia.org/wiki/Dollar_auction)

~~~
beaker52
It has many names.

[https://en.m.wikipedia.org/wiki/Bidding_fee_auction](https://en.m.wikipedia.org/wiki/Bidding_fee_auction)

~~~
beaker52
And I'm a brit. I did the math in cents for greater universality. Maybe a
mistake after referring to a penny.

------
3pt14159
I suspect you're not going to get many personal stories here because it would
be self-incriminating. But I have a couple from some people I know in tech.

1\. I know the guy who, pre-Snowden, actually designed many of the pieces of
network gear needed for the dragnet. His perspective was basically: Yes it's
wrong, but what do I know? I just design electronic circuits.

2\. Same guy also mentioned how at another company he worked at they used DNS
tricks to exfiltrate data out of their enterprise clients. Nothing crazy,
mostly just analytics to aid in things like product design. They got caught
though. First Intel went out, then a couple hours later 4 other big tech
companies (including Apple and Microsoft). Then a huge swath of devices
stopped reporting. They got acquired shortly afterwards for a large, but sub-
billion dollar amount.

3\. I know a couple people that crack into devices and sell the 0days to the
highest bidder. I consider this practice for anything cyber-physical (self-
driving cars, etc) to be so unreasonably unethical that it should be against
international law. It's one thing to sell these things to an allied
government, it's quite another to have them on the open market.

~~~
atmosx
I am not sure I understand the distinction you make between a government and
the higher bidder? How can you be reasonably sure that your findings will not
be used wrongfully by X gov official?

~~~
3pt14159
You can't, but if the NSA or CIA wanted to kill a bunch of people they could.
Whereas ISIS and company can't. Not knowing who is buying your 0day is
dangerous to public safety.

------
ndh2
Was fed up with Quake Live not providing any matchmaking, so I tried to make
my own. Of course they didn't have any API, so I needed to scrape their
website to get the match results. I sent a lot of requests.

So when they blogged about their web site becoming occasionally very slow, I
sheepishly emailed them, and asked if this might be due to my scripts. I
assumed that of course they'd have some sort of IP based limiter in place in
case I got to greedy. Well, they didn't. They requested that I send them my
scripts, which I happily did. They also banned my account, which I thought was
quite petty.

They might have unbanned me a couple weeks after that, but I quickly lost
interest in Quake Live.

~~~
rajacombinator
This is about as far from unethical as you can get...

~~~
ndh2
Well, the title asked for "most unethical", so, yea. It was against the terms
of service...

~~~
emilfihlman
That's some low key ethical bragging you have there

~~~
ndh2
Thanks!

------
scott-smith_us
There was an ongoing prank in my high school (late 70's) to insert John
Holmes' name whenever/wherever possible. For example, one trick was to ask
someone in the front office to add to the end-of-day announcements "{popular
girl}, John Holmes won't be able to give you a ride today". Eventually the
front office caught on, and it got riskier and more difficult to do.

I was asked to write an Applesoft BASIC program to help the front office
collate and remove duplicates from attendance lists taken first and second
period. At some point, I added some obfuscated code that would add John's name
in when the total number of names was over some threshold.

Believe me, I'm very very ashamed of myself...

~~~
Timpy
I didn't know who John Holmes was. Don't google it at work guys.

~~~
kulahan
FYI for the morbidly curious, he's apparently an adult film actor.

------
hjek
Worked for a company that was contracted by DOW to make an app promoting some
extremely toxic agrochemicals, such as Forefront. They talked about this being
so poisonious that if animals eat grass sprayed with it, then crops grown with
their manure will be unsuitable for human consumption. Was also asked to fake
("round up") the calculations of how much money you'd save if by those
chemicals.

Read up a bit about DOW and the Bopal disaster and started to feel horrible
about my work.

Tried to gently bring concerns up with the management, and was laid off
immediately.

I feel really bad about doing that work, but trying to make up for it by not
eating animal products anymore.

~~~
secfirstmd
Why not channel your feelings and talk to a journalist, NGO or regulator
willing to act in the public interest?

~~~
dabockster
People have been known to disappear for less.

~~~
smnrchrds
Have they really? It is the sort of thing you see a lot in fiction but not on
reality.

~~~
Doxin
At the very least you'd end up being sued for defamation or whatnot by DOW for
the next century or two. DOW is not a company you want to tango with.

~~~
secfirstmd
Its fully possible to tip a journalist or regulator these fays with a level of
anonymity these days.

~~~
krageon
And what if they can tell from the information leaked who leaked it? This
person's life will be destroyed by armies of lawyers. Just so some journalist
can report on something that'll be out of the news in a few weeks and change
precisely nothing.

~~~
secfirstmd
True.

That is always a risk when someone does something in the public interest. But
doing stuff for the betterment of others at risk of your own lifestyle is a
noble endeavour that many have undertaken despite these reasons.

~~~
krageon
My point is that others are not bettered by this action, because the action of
leaking to a journalist no longer improves anything. Just as it hasn't the
last few times this happened. It is arguably a good idea to sacrifice
something for everyone's benefit, but it is always a bad idea to sacrifice if
nobody benefits.

------
throwawaymath
I've done a lot of work involving scraping, data analysis and reversing
private API access from mobile applications. A lot of this work is legally
defensible (if you do it correctly) and not particularly unethical. After
doing a bunch of this type of work I started to accrue subject matter
expertise in the area that led other companies to come to me with more
questionable projects in mind. I turned down many of these, but two projects
stand out to me as unethical or borderline. In fact, this was the reason I
eventually stopped working with these companies.

The first project was for a large, (now) well-known fintech company. They
needed to develop login integrations with consumer banks to acquire customer
account information for verification purposes. But many such banks didn't
particularly want to grant them any special API access. More importantly,
these banks typically forbid scraping and made it explicitly difficult by
implementing JavaScript-based computational measures required on the client in
order to successfully login. I helped this company develop methodologies for
bypassing the anti-scraping measures on several banking websites. However, I
stopped working on this because 1) I felt uncomfortable with the cavalier way
they were ignoring banks' refusals, then using the reversed integrations and
onboarded customers as a bargaining chip for more formal partnerships, and 2)
performing huge amounts of analytics on customer data acquired as part of the
account verification process.

The second project was for a tech startup working on insurance and credit
analytics. This company is one of several that popped up in recent years to
use machine learning and social data in order to develop a more "complete"
credit score (in their eyes). They had an impressive team of machine learning
researchers but their data acquisition team was comparatively mediocre. So I
worked with them to improve their acquisition methodologies for a variety of
social media websites. I stopped working with them for three reasons: 1)
fundamentally, I lost faith that their product was actually generating a
meaningful signal over traditional means, 2) I was worried that the data they
were collecting might introduce spurious correlations or illegal biases, and
3) if any team was going to do this correctly, I didn't think this particular
team was the qualified one to do it.

~~~
jscholes
> A lot of this work is legally defensible (if you do it correctly)

Could you expand on the correctness aspect? I'm currently working in this
space for what I believe to be good reasons (to improve the accessibility of a
particular service for visually impaired users). But I'm eager not to abuse my
position and knowledge.

~~~
throwawaymath
To be clear, I'm talking about scraping. I think the sibling commenter is
talking about developing competing products via reverse engineering ("clean
room implementation"). I am also not a lawyer, so I can only tell you the
guidance I received from one for the projects I worked on.

Technically speaking you can scrape data in a legally defensible way if you do
not need to accept any terms of service explicitly prohibiting scraping in the
course of grabbing the data. The distinction is that browsewrap T&C have
plausible deniability, but clickwrap T&C do not. And if you receive a cease
and desist order, you abide by it with a mea culpa. This also means you don't
scrape so loudly as to be noticed, which has the happy side effect of probably
not disrupting the target's service.

But again: The grey areas of ethics are a separate question from legality.
Please engage a lawyer for your specific work.

~~~
user5994461
Depends on the jurisdiction. For instance Europe allows reverse engineering
for inter compatibility. Terms of services carry little value here (none for
this clause that's already covered by a specific law).

However, it would be interesting in the case of bank services. Accessing the
account from the customer probably let you initiate a variety of actions like
money transfers or loans, it's sensible to argue for limited and controlled
inter interoperability.

Also, customers are not allowed to share their credentials and he is in breach
of his contract. The account should be considered compromised and be locked.

------
netaustin
After Jared Kushner originally bought the New York Observer, I was hired to
lead the tech team, which I did for a year and a half in house then for three
more as a vendor. He asked me, out of band, to blackhole articles critical of
his commercial real estate colleagues and I complied.

~~~
Rzor
You should've used a throwaway.

~~~
netaustin
I appreciate the sentiment, but I've been open about this on Twitter and to a
team that wrote a profile of him in the wake of the election. That a
_newspaper publisher_ would participate in an administration that labels the
press the enemy of the people is a total betrayal of the journalists and other
media professionals who worked hard for him for years.

~~~
tootie
CNN just put this on their front page. Did they ask you for comment?

[https://money.cnn.com/2018/08/07/media/jared-kushner-new-
yor...](https://money.cnn.com/2018/08/07/media/jared-kushner-new-york-
observer-articles/index.html)

~~~
netaustin
They did not.

~~~
firemancoder
Not questioning your story a bit, I'm sure it's true. But shouldn't we all be
a little concerned that CNN is posting a story as fact without verification or
even talking to the person making the claims? The article even implies heavily
that they've talked to you.

That scares me.

------
spo81rty
I made software 15 years ago to automatically buy concert and sports tickets
from Ticketmaster and other websites. At the moment tickets went on sale we
used hundreds of computers to buy up the good tickets.

I'm sorry your daughter didn't get Nsync tickets.

~~~
CPUstring
That's just arbitrage, right? If you're able to sell them at higher prices,
the venue should've done it themselves.

~~~
sincerely
I mean, without scraping, it basically comes down to whether or not you care
enough about the event to be online refreshing the page at exactly 10 AM or
whatever. with scraping it becomes about whether you have more money. some
artists prefer the audience be more of the former and less of the latter

------
iamdave
I once got pulled into an arbitration hearing to explain how certain code
functions operated. While not necessarily unethical it was a moral moment
because I knew the inquiry came with the loaded intent to twist whatever
explanation I gave into the worst possible extreme.

Sure enough that's exactly what happened and a really hard working and honest
developer lost their job so an executive could save face.

Left that company a month later but I still feel horrible

~~~
charmides
Without giving away more details than you feel comfortable with, could you
share more about what the developer was fired for and how it made that
executive safe face?

~~~
iamdave
It was a feature set that was supposed to provide additional reporting views
and expose data to customers when queried. Turns out one exec had some very
embarrassing transactions that emerged from this and he wanted that info
suppressed and the person who leaked it fired.

The feature worked as designed, and this exec was the one who pushed for it to
go to market despite all warnings that a review of the depth of exposed data
was needed first. Nothing was ever leaked, as I mentioned it worked exactly as
we were instructed to build by the product managers and our engineering lead.

The outcome is the outcome scoped for.

Fwiw many engineers left after that moment. We were already at odds with
leadership and when they showed their colors in that incident it resulted in
nearly the entire engineering department bailing.

This never made it publicly, it was an internal product demo to the whole
company leading up to launch. To my knowledge no customers or media outlet
caught wind of the transactions or the internal coup that resulted.

~~~
insomniacity
Are we talking personal transactions on behalf of the exec that happened to be
in scope because they were also a user of the software/in the data set? Or are
we talking about business transactions by this exec that were professionally
embarrassing?

------
SamReidHughes
I built my computer graphics final project in Haskell so that the TA wouldn't
be able to run it and grade it. Then for our presentation, I babbled on and on
about the math and went over time so we wouldn't have to give a really crappy
demo.

~~~
dirkt
Wouldn't have worked back when I was TA ...

First, I'd have been able to run it (or grade it even without running it). And
yes. I've seen a lot of crappy Haskell code. I've written a good amount of
that myself when I was learning Haskell back then.

Second, assuming I didn't know Haskell, I'd have stopped your babbling in the
presentation at some point and asked you to run it.

Third, any student that does unusual things is either very good or very
cheeky, so those students deserve special attention. So 10 minutes at your and
my convenience to run the demo in my office would always have been an option.

(But then, teaching at my university probably was quite different from
teaching at your university).

~~~
wean_irdeh
What does crappy Haskell code loook like?

~~~
kaku_s
The most common thing I can think of is putting everything in IO/ST, also
known as "C++ in Haskell".

------
calabin
During the Ashley Madison incident, a partner and I put up what was either the
first or one of the first online tools for checking to see if a particular
email address or phone number had been exposed.

I'm still not sure whether or not that was net good/bad. I'm sure that the
tool has caused some real familial stress. We could fall back on the "well if
not us someone else would have" but that's a cop-out.

Our site was checkashleymadison.com. Later on we got rid of the domain. We had
a ton of interest from advertisers, but we thought it best not to try and make
money off of the exposition of others. Overall we took in something like 1.2mm
uniques over 24 hours. It was a pretty crazy day, and my first time speaking
with the media. Looking back, I'm glad that I didn't say anything too dumb.

Originally we intended to stay anonymous, but I forgot to tell a The Hill
reporter of that wish and my name was published. After that I spoke on the
record to whatever journalists were still interested.

------
curare
At a previous employer we used the data referenced in the question. We bought
the "anonymised" telecom data from one of the big providers in the USA. We
would then analyse that data to figure out where the phone spent 6-8 hours
during the night to determine where the phone owner lived. Then we'd pull the
USA consensus data(free!) so the system would know what demographic the user
probably belongs to. We got a surprising amount of data from the consensus, we
had things like ethnicity, income, age.

Then we'd loaded all this in google maps and let users of the app figure out
what demographics frequent particular locations on the map. For example a use-
case of this would be a coffee company figuring out where to open a new coffee
shop.

~~~
pc86
Is there anything even remotely unethical about this?

Compiling publicly available data with purchased/proprietary data is basically
the foundation of competitive/market research, isn't it?

~~~
forgottenpass
Whether something is the catercorner of a business model has no bearing on if
it is ethical or not.

~~~
pc86
Market research is not unethical unless you think capitalism is unethical at
its roots. And if you do I'm curious why you're spending time on a venture
capital forum.

And catercorner means diagonal to, not sure what word you're trying to use
here.

~~~
forgottenpass
I am not saying market research is unethical (also not not saying that). I was
just pointing out what looks like a total non-sequitur.

It was supposed to be "cornerstone" not "catercorner" but I guess autocorrect?

------
Raed667
(I didn't go through with this, but considered) While I was a student I worked
for a small shop that sold online services. I was something between an intern
and a junior developer/security guy.

The boss (non technical) privately asked me one day to do some research about
automating some data entry processes, basically reading from excel files, some
databases, formatting and putting it all in another database.

I found out later that if that script is made it would lay off a number of
people doing data-entry. I didn't go through with it for many reasons.

~~~
insickness
There is nothing unethical about this. In fact I applaud your boss. If you can
automate something instead of pay people to do it, you should do it.

~~~
Raed667
Some of the reasons that stopped me:

\- He asked me privately during a lunch, without telling the people that do
the actual work about it.

\- I only knew that he intended to fire these people later when started
putting the spec of the project.

\- He asked me (someone very junior/intern) instead one of his more confirmed
devs, which means he didn't want the company to know yet.

\- I had a lot of sympathy and even kind of a friendship with those people.

\- I wasn't paid enough for it.

~~~
solarkraft
"I wasn't paid enough for it" is probably close to the best reason.

To even consider doing it (for me) the value I gain should at least relate to
the value I'd produce.

~~~
pc86
It's the only thing close to a justifiable reason, honestly. But even then, if
you're paid for a full-time job as a developer, and asked to develop a piece
of software, you can't very well say "I'm paid enough to develop all the other
stuff you want, but not this one thing" with a straight face. You could
certainly use your development of it as a good reason for a raise, though!

While there are some truly bad things in the top-level comments, it seems a
non-trivial percentage of the responses here are some form of "my employer
attempted to make money, sometimes even a profit, in legal ways."

------
craftyguy
I once used curl to continuously upvote a family member's art submission to
some national contest. The contest site did _no_ validation so continuously
sending POSTs with was almost too easy to game it. They won and got a free
trip across the country (among other things).

~~~
brokenmachine
Did the family member know you were doing it, or was it a "present"?

------
mkoryak
In my first job out of college i worked at a big consulting company on a
project at a company that used interwoven teamsite cms. Teamsite was a cms
written in Perl, JavaScript, and Java with lots of xml sprinkled in. It was a
horrible system.

I blogged about it on my personal blog. All the posts were about how to solve
issues I had using it. This was before stack overflow.

After I had about 10 such posts I wrote a post titled "interwoven teamsite
sucks" and linked all the other posts there.

I started noticing traffic to that post from specific ips accross the country.

A week later I was pulled into a meeting with the top see directors and told
to remove my blog. Interwoven was an Accenture client.

I removed it.

~~~
hjorthjort
I like how you dropped the name of the "big consulting company" in the end,
there.

~~~
mkoryak
Yeah that was a mistake on my part, but you can easily find it on my resume
anyway.

------
throwaway-18
Worked quite a while for an "Internet Cafe" SAAS company. If you're confused
by the quotes, these internet cafe companies basically sell internet time to
users and with each minute purchased, you also get an entry into a sweepstakes
where the prize is a jackpot. The sweepstakes entries would be redeemed
electronically by way of slot machines, video poker, etc. They're basically
legalized gambling. I suppose that in and of itself isn't unethical, but we
didn't exactly operate by by the book.

In order for this to be legal, the sweepstakes games have to have a defined
number of entries as well as a defined number of winners and losers. None of
our games did, it was just too prohibitive. We did provide to our customers,
by law, our average payouts and our games did adhere to those through averages
over time. But there were many occasions where the games didn't pay out
jackpots regularly or paid them out too frequently, hurting stores that were
using our software. Our recourse was to provide them more "entries" to
distribute to sell to their players, which of course cost us nothing.

Business was good for quite a while, but stricter laws and states cracking
down really killed profits. I just feel like any type of gambling in
unethical, it seems to really pray on people's dopamine addictions. And these
internet cafes, in particularly, are largely occupied by retires who, I'd
wager, can't really afford to be throwing their money way.

Years later, my Aunt and Uncle became addicted to gambling on those casino
boats and have now lost the house my Grandmother left to them when she passed.
I don't necessarily believe in karma, but that certainly made me rethink it.

------
vidanay
Didn't do it, but I was asked to "pre-package" the results of a piece of test
equipment. Basically, we didn't have a clue what we were doing, and we were in
way over our heads on the project. The customer was coming in to do the final
approval and we were nowhere near complete. The boss told me to make sure the
test results matched the specification "no matter what".

I quit instead.

------
iammiles
Circumvented browser features to force autoplay on videos with high volume on
our websites. While not a morally bankrupt thing to do especially compared to
some of the other examples, we all felt dirty doing it.

~~~
j88439h84
> While not a morally bankrupt thing to do

Could you explain this position? (Honestly asking.)

~~~
iammiles
Aside from the accessibility issues pointed out by another comment, this was
mostly an annoyance upon our users that the higher-ups decided converted well.
FWIW we did try to argue against it but profits dictate behavior in a large
corporation. :-/

Either way, it doesn't exist any more and if you were ever bothered by it (I
apologize), there are no over-arching effects that you have to worry about.

~~~
Nasrudith
I doubt it leads to actual profits but the morons at the top think it will for
some reason.

~~~
user5994461
Most of the dark patterns lead to more profits, or sign ups, or something
measurable. That's why they are everywhere, they really have a purpose.

~~~
Nasrudith
I believe the key word is 'something measurable'. People remember their
obtrusive ads more so they think mission accomplished even though they now try
to avoid them as 'the guys with the obnoxious advertisements'. It might be
ultimately detrimental to the company but their bosses think it is a good
thing and they get rewarded for it.

Metricitisis is a major management disease of our times and neither corporate,
nor government nor nonprofits are safe from missing the point completely in
the quest for meeting irrelevant metrics so they can say they are a good
manager.

~~~
TeMPOraL
Also, the question is, who did the measuring?

I worked once for a small company that had a social media marketing side
(separate from what I did for them, but we sat in the same open space). From
what I've observed, the social media marketing business mostly boiled down to
our people writing reports which shown nicely growing metrics to customers who
then happily paid. The metrics might or might not have been correlated with
any real-world increase in profits, and really neither side understood any of
that. But it looked believable, so customers paid.

I suspect a lot of that is happening in adtech these days - people with no
understanding of statistics bullshitting each other with pretty charts.

------
thom
As a gentle satire of a much-hated London-based design company we were working
with during a project for a major brand, I added something called 'disco mode'
to the customer's site if you crafted the correct query string. It
progressively added more and more random jQuery effects to the page on a
timer, while the customer's logo jumped to a beat.

~~~
hjorthjort
How did you get that past code review?

~~~
thom
It's cute that you think every company, even the kind that did brochureware
sites for brands more than 10 years ago, does code review.

~~~
svnsets
Yeah there are plenty of companies that don't do code reviews still to this
day. I worked for an ad agency for a bit and we were still using SVN (afaik
they are still using SVN for many projects today). Everyone would just push
code straight to trunk with no review process.

I created a cool little easer egg where if you clicked in the bottom left
corner of the browser window and dragged in a circle, the site would flip
upside down. A coworker and I also photoshopped some of the client's imagery
that was used on the site and hosted it on another domain. If you typed a
variation of the Konami code while on the site, the images would be replaced
with our meme-ified versions of their imagery. Even if we had a code review
process, none of my coworkers would have even noticed that little bit of extra
code in the mess of jQuery spaghetti that was their codebase.

------
CM30
Most unethical?

Probably pre checking one of those cookie policy checkboxes or what not.
Wasn't too happy about that, especially when the software used removed the
feature before for exactly the reason you may expect.

I also previously used a mod to read personal messages on a forum once, though
that's one of those things which is heavily, heavily debated about on
community management sites, with about half the audience saying its an
unethical breach of privacy and the other half saying either that it's their
site and property deal with it or that it's a good way to stop poaching and
abusers.

But that one wasn't exactly coded by myself, so eh, it's an edge case for this
question.

So probably a tie between those two, depending on what you count by 'as a
programmer'. Fortunately, everything else I've been asked to do in my career
has been pretty normal/ethical.

------
ConcernedCoder
There was this Australian company that had this fly-by-night looking empty
office near South Park, San Francisco... I'm serious, and not exaggerating,
when I say it was a few bare metal folding chairs/tables bare walls, and way
too much open space for the 1/2 dozen people working there...

In any case, the startup I worked for previous was split up and sold/aqui-
hired out to two different companies, and myself and the technology I'd
created, and the million+ email addresses we'd collected went to this one.

I went along with it because they were one of the few companies I knew of with
access to the twitter fire hose feed, which interested me, and they had dept.
of defense contacts - which ( in my mind ) legitimized their presence in the
U.S.A. at the time.

Out of the many shady-feeling project, the one that made my skin crawl the
most was an automated fuzzy matching system I was ordered to create, that
tried its best to match users on Twitter to users on Facebook, using nothing
beyond the normal publicly available meta data ( name, age, icon, the regular
profile stuff ) and the followers/people followed on the twitter side, and
friends and likes on the Facebook side.

It was surprisingly easy to match people, and felt more than a little wrong to
me when I really thought about it... but the tech/challenge was just too fun
to work on to routinely give it more than a perfunctory thought.

------
northwest65
I was subcontracted as development resource to a short terms loan company.
They had me implement a piece of software that lets people enter their online
banking details (yes their name and password, that thing that the bank says if
you reveal to anybody you have no protections on your account), store them in
a database, and then use those credentials to scrape their bank records so
that their loans could be approved without the user having to send their bank
statements in.

I wasn't comfortable working for a company that preys on the fiscally
challenged, so I found another job and quit the contracting company I worked
for.

~~~
devwastaken
I've been on the receiving end of this once and the company refused to not use
the automated system. The automated system didn't believe my savings account
was a savings account since my bank had it under 'passport savings' or some
such nonesense. Even through emailing they basically said if the system
doesn't do it then there's nothing they can do about it. I think it's a big
invasion of privacy for a system that doesn't even work well.

------
everdev
One of my employees was contracting out his entire job. His performance was
great and then fell off a cliff. Turns out he stopped paying the contractor
and the contractor stopped doing his work for him. When he had to do it
himself it was horrible.

~~~
hirundo
I don't fault the guy for the arbitrage, just for not fulfilling the contract.
It would be about equally unethical if he were doing the great work himself
and got bored and wandered away.

~~~
dantheman
I strongly disagree. Even if we ignore confidentiality and security issues,
there is a fundamental difference between contractors and employees. Employees
are generally paid less than contractors and are provided stability inn return
the company gets a stable employee.

Contractors are expected to be shorter term and change tasking if new
opportunities arise, even for a short time.

If both parties enter into a deal then it's fine, if one is misrepresenting
themselves it's not.

~~~
crankylinuxuser
Oh, so companies can engage in these tactics, but not the little people?

How quaint.

~~~
ada1981
If you have more power / control your behavior is generally more ethical.

/s

------
dav
I did some contract work for an online “payday loan” company for a bit. It
didn’t take me long to realize I was ashamed of working with such a terrible
industry, but my professionalism kept me there until I finished the job.
Definitely a low point.

~~~
albertgoeswoof
Payday loans are bad but they are not that unethical. The alternative option
for people reliant on payday loans are actual loan sharks, which will turn out
a lot worse for the debtor. So don’t be so hard on yourself.

I think it would be difficult, but possible to run an ethical payday loan
company that focuses on building people up and out of long term debt.

~~~
diminoten
I love the Freakanomics podcast that gives both sides to the Payday Loan
industry: [http://freakonomics.com/podcast/payday-
loans/](http://freakonomics.com/podcast/payday-loans/)

~~~
dav
I'm going to give that a listen this afternoon, thanks!

------
armagon
Its an entirely standard thing, but I feel it is unhappy knowing that my
paycheque depends upon thousands of mobile game players watching advertising,
and feel that it is ethically dubious that my job is to try to cram more ads
down their throats.

~~~
Aeolun
It’s great. Just as long as you reward me for watching an ad as opposed to
making them a forced part of the experience.

E.g. watching an ad to double my score/gems, sure. Making me watch an ad after
every level before I can continue, hell no, that’s an instant uninstall.

~~~
Schwolop
As a hypothetical since I'm working on a game that may use this, how would you
feel about the following? For a multiplayer .io-style game, you get a score
per level, and a cumulative score. The top few players by cumulative score are
shown to everyone and celebrated, etc. If you ever get zero points in a level
though, you'll lose your cumulative score - unless you watch a video ad.

Is that acceptable, or does it feel like blackmail?

(FWIW I'm discussing this with a lot of other gamedevs too, but since you
brought it up I figure you might have a "different community" opinion worth my
knowing!)

~~~
Aeolun
In general, I think I'm happier with being rewarded for watching an ad, than
being punished for not doing it.

I'm not a compulsive player either, so in the described situation I'd probably
just end up with a permanent score of 0 while having some fun playing.

------
powvans
I helped build Grindr, which of course I don't think was unethical. But I've
been surprised by some people's reaction to it. It generally comes up in some
conversation where someone asks "what have you worked on that I might have
heard of?" Occasionally they follow up with (paraphrasing) "how do you sleep
at night?"

~~~
austhrow743
Grindr the service isn't unethical but I recall a thing about them having a
lot of third party tracking. Which given the nature of the service seems to me
way worse than tracking elsewhere on the internet.

Know anything about that or the extent of it?

~~~
powvans
I don't know anything about the current architecture or third party trackers.
It's been over five years since I did any work with Grindr.

I will say that when I worked on Grindr, Joel (CEO, founder) was adamant that
we would not track location history. We only stored the most recent location
we received from a user.

------
amingilani
I may have created and taught others how to create phishing pages and in high
school and then used those generic pages in spear-phishing campaigns. Also I
may have come up with some really good growth-hacks to gather credentials
which resulted in a some inappropriate messages sent by a kid to another that
he denied while he was suspended. No idea who actually sent them because maybe
the phishing group was too large.

I may have infected my classmates with RATs in school with another partner and
uncovered a large number of class romances.

I may have been an asshole as a kid. I'm just glad I grew up.

------
puzzle
In high school, I got a summer job at this local accounting firm. I don't even
remember what I was hired for —probably paperwork— but pretty soon I was doing
some programming for them. The owner was rich, but cheap, so he asked me to
write a simple invoicing tool for their smallest clients. That way, he avoided
a costly upgrade for his existing software, at a fraction of the price. I knew
I was being underpaid big time, so I would make a mental note of the bugs I'd
find, but avoid fixing some of the minor ones. I did not plant deliberate
ones. Invariably, when school started, they would call me to go in once or
twice a year to fix something. I'd chat with the guys most of the afternoon,
change the code over a few minutes, then collect my "tip". I didn't feel too
guilty because the owner was paying me a pittance, but acted like he was
showering me with millions and treating me very well. I was young, but not
naive. I could and would have done a lot more if only he hadn't been so
condescending. Plus, some of his business and clients sounded a bit sketchy,
although I had no proof.

In another occasion, I cracked the copy protection on one of their
applications. They had a full license, but the protection relied on a magic 5¼
floppy disk and their new machine only had a 3½ drive.

I promised myself I'd never work on accounting software again. Later, I
ignored the owner's questions about what kind of internet businesses to invest
in. He was dangling some of his money in front of me, but I didn't fall for
it. Which was a good call, because a few years afterwards, he got in trouble
for aiding his sketchy clients I mentioned above.

------
ruskie
When a deadline had passed sent blank tapes to clients and then claimed the
postal services had wiped them when scanning with xrays, asking the clients to
send back the tapes so we bought a few more days

~~~
Paul_S
This also happened more recently in the CD era with intentionally badly burned
CDs.

~~~
Grangar
Even in the internet era. In high school I often just renamed some random file
to a .doc extension and sent that in. No teacher ever had any idea. I'd just
play dumb that I had a bad computer.

------
throwawayayayau
Worked on an automated system to skim tips from crowdsourced 'contractors'
without them realizing it was being done. Don't worry, legal says it wasn't
technically against the law and the fine print of the contracts said we could
do it.

------
INeedToGetOut
I live in a dictatorial country with 90%+ of the tech, industrial, and service
sector owned directly by the president's family. So I kinda feel like whatever
work I take on in this country is evil in one way or another.

I haven't had to hack independent media agencies and opposition parties yet
and I plan to keep it that way.

~~~
nyolfen
can you give us the continent at least? ;)

i have a couple of guesses.

------
crunchlibrarian
Used some of the more advanced features in git to delete commit history and
cover up bunch of illegal activity shortly before an acquisition.

I used to feel really bad about this, but apparently there are whole teams
dedicated to this sort of "cleanup" in M&A nowadays. Now I just feel bad about
everything!

~~~
gnuvince
Without going into specifics, can you outline the kind of illegal activities
that might appear in a git commit history? I'm guessing copyright
infringements mostly?

~~~
crunchlibrarian
Basically lots of tracking of users and reselling that data in extremely
detailed ways. Whatever the marketing team demands or you're fired, that kind
of environment.

------
throwaway0255
I was once assigned a task that had been estimated at 8 hours of development
time, but only required the modification of a single line of code.

I finished it in 5 minutes. My boss asked what happened, I told him, and he
told me to revert the code, work on other tasks, and redo it at the end of the
day so he could bill for 8 hours (in addition to billing for the other tasks I
worked on).

I did it and didn’t say anything. This was just a few weeks into my career.

I’m surprised this kind of thing doesn’t happen more often, to be honest. The
people handling the business and writing the checks never seem to know
anything about software. You could probably get away with telling them just
about anything.

I’ve only ever seen it happen once, though. Software industry has been pretty
honest in my experience (at least as far as billing goes...)

~~~
danso
Guess I haven't had enough coffee -- I'm struggling to remember the joke in
which the punchline is the professional telling the client something like
"You're not paying me to do [one simple/small thing], but for the years of
experience it takes to know that [it's that one simple thing]".

The problem with trying to charge for programming work is that so much non-
trivial work can be summed up as a few keystrokes, or an addition of a single
line, or even producing _less_ code (by deletion/refactoring). That said, I
don't understand why your boss thought this subterfuge was necessary. If the
client is non-technical enough to approve 8 hours of billing for something
that takes 5 minutes to fix, how is that client competent enough to look
through the git history to know that it was only 5 minutes of work?

~~~
ColinWright
Available in many, _many_ places, but here's one:

[https://www.buzzmaven.com/old-engineer-
hammer-2/](https://www.buzzmaven.com/old-engineer-hammer-2/)

------
hirundo
I wrote telemarketing software. Not sure if I'll go into the same circle of
hell as telemarketers, or something worse. But it is an incentive to live as
long as possible before going to my reward.

~~~
tedeh
Ha, I write telemarketing support systems for a living and feel your pain. It
might not be sexy work but sure helps to grease the wheels of commerce and put
food on the table.

~~~
Rjevski
Telemarketing does not help grease the wheels of _commerce_. It helps grease
the wheels of scamming.

Commerce is when people buy stuff they do need and that provides value to
them. Telemarketing is conning people by pushing them to buy shit they never
needed and that won’t provide any value to them. It is not commerce, it is
scamming.

I’m not criticizing you for doing the necessary things to put food on the
table, but please don’t justify it by saying it helps commerce.

~~~
austhrow743
Nothing about conning or no value in the definition of telemarketing. It's
just outbound sales. Some of it is scams, plenty isn't.

~~~
Rjevski
I disagree.

You wouldn’t need “outbound sales” if you had a product that people wanted.
_They_ would be calling _you_ with their wallets open if it was the case.

You only need outbound sales/scammers if you have a product that you _think_
that people need even though they’ve been living without just fine for ages.

> Some of it is scams, plenty isn't.

Please give me some examples of how _some_ are scams but _plenty_ are not.
From personal experiences it's always been the opposite for me. I feel like
telemarketing is only used where the product/deal is so bad/unneeded that it
wouldn't sell through normal, respectful channels, requiring the use of a
telemarketer to put pressure onto the innocent victim to push them towards a
purchase.

~~~
austhrow743
People aren't omniscient. People at best look for known unknowns, but not
unknown unknowns. Particularly when it comes to tech, that covers a very broad
area of things that they don't know are possible.

The idea that if you need to tell people about it for them to know about it
and potentially buy it, then the offer is a scam, is baffling to me.

As for inbound leads, their existence doesn't stop outbound sales being
productive. they're not mutually exclusive at all. In fact they're
complimentary. Outbound sales results in customers, having customers creates
awareness of product in the market, people that hear about it through those
customers become inbound leads.

Regarding people living fine without the new product. You're just arguing
against progress there. Which as a definite luddite and potential anarcho-
primitivist, I am all for. But "scam" isn't a synonym for just "bad", and any
definition that includes just creating needs would have to include most of
modern commerce. Definitely including any and all software developers.

~~~
Rjevski
People are not yet omniscient, I agree. But lately there's this wonderful new
tool called the Internet which allows people to become omniscient as far as
product discovery is concerned.

If you have a product that solves problem X, make a website, blog posts, send
samples to journalists for reviews, etc about how your product solves problem
X, and let search engines & organic growth do the rest.

> You're just arguing against progress there

I'm not arguing against progress. I'm arguing against the (potential) progress
of _your wallet_ , which is not at all correlated with progress of humanity as
a whole. Again, if a product was truly progress then organic growth would be
more than enough. As far as your wallet is concerned, you can make it progress
through other, less annoying means, and actually create value in the process.

~~~
austhrow743
I'm definitely getting the impression that you're just asserting that outbound
sales is "bad" in some general sense rather than specifically that its use
means the business is a scam.

Microsoft has one of the highest quality sales teams there is. Many of which
are outbound focused. Do you consider Microsoft products to be scams?

Most (all?) silicon Valley b2b startups utilise outbound sales heavily.
/r/sales is full of people either in or looking to get in to saas. It's
basically only behind medical devices in preferred products to sell as a
salesperson right now. Do you believe the majority of b2b software companies
are scams?

If so, what is a scam to you?

Sorry for the clarification request, and I will assume good faith if you get
back with a reasonable answer, but I just can't see how the lines of argument
you're putting forward pertain to your original assertion.

~~~
Rjevski
Well every “outbound sales” interaction I had was bad, so that’s my reasoning
for not liking them.

If I need something, I will search for it, read your website/marketing
material and decide for myself. It is an automatic turn off if _you_ call me
first because you’d be taking my time, possibly interrupting me, and putting
pressure on me to buy _now_ that I otherwise wouldn’t have if I was evaluating
the products myself.

> Microsoft has one of the highest quality sales teams there is. Many of which
> are outbound focused. Do you consider Microsoft products to be scams?

Define “high quality”. Is it high quality by conversion rate or is it by
customer satisfaction, churn rate, etc? Because I too can build a “high
quality” sales team by holding my future customers at gunpoint and achieving a
100% conversion rate.

While I don’t consider _all_ Microsoft products to be scams, I definitely know
a few that wouldn’t exist if it wasn’t for clueless people being conned into
buying it by salespeople or consultants.

> Most (all?) silicon Valley b2b startups utilise outbound sales heavily

And I guess this is why Oracle, IBM and similar shitty companies are still in
business, because they rely on clueless people falling for their sales tactics
instead of actually making great products.

> If so, what is a scam to you?

A scam is something I would fall for that I wouldn’t normally fall for if it
wasn’t for pressure/ideas from an uninvited salesman/scam artist. So like if I
evaluate your product and decide it’s not for me, and then fall for it because
of a salesman playing with my emotions (technically that wouldn’t work on me,
but a lot of life insurance telemarketers will for example use the “think of
your family” aspect to get a sale) or similar, then I would consider it a
scam. A legal scam, but a scam nonetheless.

------
unethical01
Anonymous account for obvious reason.

We're a software contractor for: DHS, ICE, CBP and more. Took the job knowing
that was some of our clientèle.

Was in a tough spot. That job was hiring. Didn't have other bites. Food and
living expenses is nice to have (and so is not living in a car).

I also have a clean criminal record, and nothing exciting in my history.

------
throwacake
I present security research in big conferences. This means that I find a
serious security threat that affects many systems, and then I do not say
anything to anyone for 6 months so that, when I do, I can get more publicity.

~~~
jessaustin
Don't you typically inform the system's owner as soon as you discover the
vuln? You still get "credit" in that case, don't you? Somehow I suspect you're
not _really_ a security researcher...

~~~
dabockster
In a lot of non-tech business, they would probably not award credit. Some
would even sue you for even implying that their "perfect" brand could be
vulnerable.

~~~
jessaustin
It's not really theirs to give, is it? If a researcher has a credible
narrative of what she found, when she found it, some logs and other records,
and any history of research at all, most people would believe her even if the
owners of the researched system said "nuh uh we're perfect don't believe
anyone who says otherwise!" Especially since such a system would be less
likely to be fixed at the time of the presentation, so anyone interested could
verify the vulns for themselves.

Of course the courts are open for business no matter what the circumstances,
so a researcher might not take credit so as to not be sued.

------
VLM
Interesting the comments are all "The companies business model sucked" and
nothing from

[https://en.wikipedia.org/wiki/Programming_ethics](https://en.wikipedia.org/wiki/Programming_ethics)

Also WRT ageism and changing ethics over time, "we don't have automated
testing infrastructure" was BAU in the 80s/90s yet today would be an ethical
WTF moment.

Something that probably still happens today is the old "address ... economic
.. issues related to work projects" Pointing out this thing is never going to
run a net profit just means I'll get downsized first; everyone who's numerate
could run the numbers if they wanted to and they're all theoretically
responsible adults at the meeting table, so ... If you mean address the
fundamental economic issue, as in make sure my resume is updated while
avoiding a meaningless fight with execs, sure...

Oh and edited to add, WRT taking responsibility, a couple of times I've
optimized and improved processes to the point its a one line shell script
wrapping a grep or echo and that's kinda queasy taking responsibility for
"writing" that. Replace half the job responsibilities (and presumably employee
slots) of a department with a one line sql query in a cronjob, that kind of
thing.

------
brightball
When I was in college I finished a couple of programming projects late. My
professor said if we could prove that it was done on time he wouldn’t penalize
us so I found a program that would let me alter windows time stamps.

I’m sure he knew and accepted it anyway because he was a great teacher that
seemed to enjoy letting us creatively solve problems more than sticking to
specific curriculum. Was my favorite class in school.

I still feel a little guilty about that though.

~~~
rootsudo
That's so complicated. You could've just changed the system time or hex
timestamps.

~~~
brightball
Honestly, I don't remember why I went that route. It was 1999 and we turned
our programs in on 3.5" disks (aka - save icons).

------
gjpolly
Exposed private chat messages...

It was a small 30 person company with an overbearing founder.

We ran a chat program called Pandion to allow non-IT staff to quickly ask each
other work questions.

The boss had already asked us in IT to set up journaling in Outlook so he was
getting a copy of every email sent and received by his staff.

Next he turned his attention to Pandion and I was tasked with setting up a
regular report containing all chat messages that were logged on the server.

I knew everyone in the company personally and didn't care to read their
private messages...but the boss wanted to get a copy right away before it was
announced to staff.

So I send a copy to him, containing the last few days of messages that had
been sent.

Of course a couple of staff were dating. Apparently Glen* and Amy* used
Pandion for personal messages to each other.

I'm sitting with the boss explaining how the staff don't know their messages
are being reported on and we can start publishing the report after the next
team meeting, but the boss wanted none of that...

So we start going through it together. One of the first messages is from Glen
telling Amy that she's as tight as the seal on his lunchbox. The boss had a
good sense of humor and we both pissed ourselves laughing, but it still goes
against my values.

------
wordswordswords
Implemented ads to be served to customers who had specifically paid for an
“ad-free experience.”

~~~
albertgoeswoof
How did that work?

~~~
wdr1
Don't call them "ads." Call them "promotions."

~~~
wordswordswords
Bingo.

------
RomanPushkin
On one of my previous jobs they asked to implement WebRTC session recording
without recording indicator. I didn't do that.

------
d21d3q
I was asked to generate fake data from renewable energy sources. Solar panels,
wind turbines, heat pumps, all in EU project. Company needed to prove that
estimations (about energy production provided in application) were correct in
order not to return money. I was pulling data from weather api and "scaling it
to power", and making monthly reports of energy balance (electricity, heat
which was bought, produced, lost) Fun part was when guys from committee saw
those reports, they told: "Finally somebody made right reports. Let us make a
copy and show it to others as example" :)

------
nickjj
Back in the day I wrote some "AOHell style" apps for AOL and Yahoo chat.

Also trolled my non-programming friends who had computers by installing a
personally developed backdoor that allowed me to open and close their cd-rom
tray remotely. That was really fun.

~~~
TeMPOraL
In high school, almost all the IT work was done by the students who were
trusted by the computer class teacher. That trust was often used to facilitate
light-hearted mischief.

A colleague of mine developed and infected every student-accessible computer
with a remote-access tool listening over a TCP socket. We'd mostly use it to
open and close CD trays. Another colleague was unsatisfied by how the TCP
approach made the CD trays go off one-by-one if you tried the batch mode, so
he wrote another remote-access tool, this time masquerading as a Windows
service, and listening over UDP. Then he'd use UDP broadcast to simultaneously
open and close CD trays everywhere in school.

Fun times.

Oh, and one of the first things they did to me when I was getting to know them
was installing and hiding simple PHP script in my WWW folder on my account on
school server. The script would basically evaluate its input param in
backticks. That is, a minimal remote shell accessible in my public folder.
AFAIR it took me couple of months to track down why some weird things were
happening to my account from time to time.

------
jedberg
I wrote the initial SEO optimizations for reddit.

~~~
dpatrick86
So, to be clear, the real problem here is the "upvote this so that when people
search..." meme that you inadvertently created. :)

~~~
jedberg
Apparently. Although in my defense that didn't happen till much later once
reddit got a lot more popular.

------
nyxtom
Ad retargeting analytics would be one. The ability to track even anonymous
users in an attempt to “nudge” users towards purchase behavior felt especially
wrong. I didn’t work at Facebook but this was definitely a selling point for
their hiring team. The tough part about this is that most of the internet is
funded by this single business model. Collect data and behavior about users
and non users.

------
ivank
not mine, but someone programmed The Drop
[https://www.youtube.com/watch?v=pCOCKS5AJI8](https://www.youtube.com/watch?v=pCOCKS5AJI8)

~~~
hjorthjort
Is this real? Can't find any sources on it.

~~~
ivank
I don't think that particular feature made it onto the record, but Garret's
confession rings true because AT&T did have a lot of capacity problems for a
few years after the iPhone launch, especially in New York and San Francisco. I
can find a lot of articles from 2009 mentioning dropped calls.

------
top_throwaway25
Throwaway account.

In high school (2010-ish), I was on the student council so I had insider
access of sorts to a lot of the inner workings of the school administration.
One day, during a short meeting with them, the principal told us on the
council that the IT department was installing wifi for personal device use.
Since we had difficulties with getting school bonds passed by voters at the
time, the wifi was supposed to enable us students to bring our laptops from
home and use them in the classroom (since most classrooms only had 3-4
computers, with older schools only having 1-2 computers per classroom for
staff use only). Naturally, we were all on board since it would enable us to
finish our schoolwork without fighting over computer space.

Fast forward two months and I notice that the wifi seemingly hasn't been
installed yet. I ask the principal and was told that it was supposed to be
installed and working perfectly. So I did some digging on one of the school
computers. This is where I found out how the school district's IT department
submitted updates.

The IT department ran an old Novell Netware server for account login, Faronics
Deep Freeze on the end user machines to protect against student abuse, and a
Windows network share for unattended updates. Since the Windows Netware client
cannot assign local Windows permissions (or it wasn't configured properly in
my case), everything inside Windows was ran with admin privileges (you were
logged into Netware but ran under a local admin user account in Windows).
Since Deep Freeze reverted changes to the file system on reboot, the
assumption was that the students could completely wreck the install all they
wanted with a simple reboot being all that was needed to effectively reset the
machines to the default configuration.

This strategy worked well, but there is a huge flaw. Because you had local
admin rights, you had full access to whatever resources you wanted under
Windows XP Professional (the OS of choice back then). This includes the
ability to install software or games (we had some epic district-wide Halo CE
LAN parties), see network information (MAC address, IP octet configuration,
etc), and everything else you could do to a local computer. The only caveat is
that whatever changes you made would be erased on reboot. I guess the
assumption with this is that the average inner city high school student
wouldn't have the technical expertise to know how to read this information,
let alone access it. But, with me being gifted with tech skills at an early
age, I could do some damage.

Back to the wifi story. I noticed in my digging that my Novell account
credentials would let me into their update share. I was able to mount the
share as a network drive and look through it. I saw everything from MS Office
VLKs, the Faronics uninstaller, network diagrams, etc. I did have _some_
ethics back then, so I didn't touch anything related to a license key. But I
did find the wifi deployment timetable document.

It turns out that the IT department had already deployed the wifi to my school
and was fully functional...for them only. They had made it as a hidden network
only accessible to them for "maintenance purposes". (Keep in mind that most of
the school and administration was under the impression that it was going to be
for student use.) The timetable document also listed the wifi password for the
hidden network. With that information and the MAC/IP pattern I swiped from one
of the school machines, I was able to log onto the "maintenance" wifi with my
own personal laptop. This made me the talk of the student body ironically,
with even one of the assistant principals asking me for help because the IT
department had stopped communicating with the administration regarding the
rollout.

Anyways, I used my newfound wifi powers to do my work and prep for college.
Never used any of the serials or anything, just wanted to stop fighting over
computer use. Ended up keeping the timetable document on a thumb drive until
graduation before sticking it in my desk for a few more years. When I moved to
Seattle for work, I ended up tossing the drive into the ship canal under the
Fremont Bridge. (If someone finds it, I'll buy them a beer.)

Anyways, that's my unethical story.

TL;DR: Hacked into a network share to get wifi access in high school because
the IT department embezzled funds.

------
pbhowmic
I used to work for a company that used a provision in the tax code - I can't
remember if it was a California state or US tax break - for training their
employees. They used to count meetings as training sessions and would make
attendees sign attendance sheets to present that as "proof of training".

------
throwaway44345
I’ve fired people on behalf of more senior managers too cowardly to do it
themselves.

------
ryan-allen
It's not really unethical but in that vein: I made a program on the TI83 that
you could punch numbers into in order to get results on an electronics exam
(this was in high school).

I made it for fun, not really to cheat or anything, but once other students
found out about it they asked for copies of it. Within a day or two the whole
class had a copy of this program.

I didn't understand operator precedence, nor did I bother to test the program.
Everyone used it in the exam and the whole class flunked due to BODMAS
shenanigans.

------
INTPenis
Not really as a programmer but I've hacked an online cooking competition to
win a kitchen aid. It was just extremely poorly setup.

------
crookintheyard
Worked in a company making internet scams.

My first project was an 'X-Ray': for a fee user could upload a photo of person
and see them naked. The website just applied a picture of naked body to the
uploaded face. We collected all of the resulting pictures and displayed them
in a slideshow on a TV in the office for laughs.

The big project was 'download anything'. We had an affiliate program where
partners were driving traffic to us and received 70% of profit. All the
traffic was coming with ?search=keyword URL parameter and our landing page
looked like a file sharing website with search results for 'keyword'. It was
2012, downloading shit from file shares was a big thing these days. Depending
on the USER_AGENT, the visitor downloaded keyword.exe or keywork.apk. On
Windows, it was an 'installer' that asked user to send an SMS to premium
number in order to 'activate the download'. On Android, it was an app that
just sent the premium SMS by itself — easy money!

We had a lot of fun and profit doing that, and I left that job not because of
guilt, but because I burned out. Only after I left I was able to look at it
from a different perspective.

------
diamondo25
Our crappy ActiveX object was made for the windows xp era. When it started to
glitch, my boss told me to 'just disable UAC' on our customers pcs (instead of
fixing the issues). Did not do it and instead told him what to fix and fix
some things myself...

Another one is installing basically trackware on the website, from an external
party, that recorded certain input fields so it could mail you later when you
didnt buy the product...

------
jdowner
I once mixed tabs and spaces.

~~~
gitgud
Unbelievable, how do you sleep at night?

------
beaugunderson
I lied to the C-levels at a previous company about how hard it would be to
monitor and log the instant messaging traffic of everyone at the office.
Everyone was using AIM and there was no encryption, so it would have been
trivially easy (I verified this, which was scary).

I then lied and told the CFO and CEO that it would be prohibitively hard to do
and they dropped it. :P

------
eof
Very short backstory: I was very severely punished for breaking security on
our pcs at school (utilizing interactive startup on windows 95 to not start
the "fortress" process.)

For a final project presented which was ostensibly a limited auto-translation
application, I made an application which just popped up an alert, "program
unable to run due to security"

Got an A!

~~~
aidos
Upvoted you because me and a friend did exactly the same thing. The IT guy was
_really_ pissed about it, but we didn’t think it was such a big deal. Nothing
came of it in the end but I think we were banned from the computer lab. Pretty
backwards priorities on behalf of the teacher in retrospect.

------
sudhirj
While working at a services / consulting company, I've been privy to cases
where we put our own interests over the client's, essentially getting them to
pay us to screw them over.

~~~
icedchai
You’re kidding. I can’t even imagine something like this happening in
business.

~~~
atmosx
The Big Short - nice movie, check it out :-)

~~~
icedchai
I agree. I’ve both seen it and read the book.

~~~
atmosx
Ok, so you are trolling. Sometimes is hard to tell.

Good movie indeed, I will make some room for the book.

~~~
icedchai
Yeah, I should've put a "/s" after my original comment, sorry.

After 20+ years in the business, I'd be more surprised if a consulting company
_didn 't_ bill for extra hours and screw over their clients. haha.

------
throwaway9258jj
I worked for a major gambling tech company. There was almost no oversight and
I pretended to work when I really didn't.

------
api
I wrote a ton of IRC war bots and scripts back when I was a teenager including
something called the "Sumo nick collider" and the textbox.irc script. The
latter was a general client enhancement script but had tons of extensions for
"war."

For you spring chickens "war" was exploiting the IRC protocol to take over
channels, kill users, etc. The protocol was pretty vanilla back then and was
vulnerable to a lot of those things. This was back in the 1990s.

This included inventing "DCC RAW" based "clonebot" code in the old Unix ircII
client. I figured out you could just open a socket with the client so you
could write a simple client script to create huge numbers of sock puppets. I'm
not 100% sure but I _think_ I was the first one to do this.

I learned a lot from that stuff but these days I wouldn't wreck a public
volunteer chat network.

~~~
boomlinde
On the IRC bot note, I have a petty-unethical story of how I made an IRC bot
that would pick up movie titles, search for them on IMDB and respond with a
randomly chosen spoiler marked trivia bullet.

My most benign bot simply played back the subtitles of Robocop in realtime on
a loop.

------
nodesocket
The one example I am willing to share is in high school economics class there
was a stock market simulation. The person with the highest portfolio balance
at the end of the year received a substantial amount of extra credit.

First of all, this was 1999, and the market (tech-stocks) were in peak
ridiculous bubble mode. The hack was that the software used to simulate trades
and track portfolios used delayed quotes. So, I simply used real-time quotes
looked for gains in a short period and bought held for a bit, then sold.
Essentially I had a time machine. I think at the end of year my account had
over $500 million in it. The teacher knew I was "cheating" but still gave me
the extra credit along with another student who didn't "cheat". An extra perk
is the cutest girls in that class constantly asked me how I had so much in my
portfolio.

~~~
rootsudo
Not unethical, just information asymmetry and arbitrage.

------
wdr1
Worked at Ticketmaster.

~~~
vumgl
I worked at a company that was acquired by Ticketmaster, and I have a change
to talk to one of the executives in casual way. They are not as bad as the may
seem, but the business model is definitely intriguing. They go to a venue that
hosts, say U2 for a concert. Say a U2 wants to sell a certain ticket for $100.
Ticketmaster says: Look, If I get exclusive rights to sell your tickets, you
will get not 95%, nor 100%, but you get 105% of the price of ticket, because I
can charge whatever fees I want. So when you complain about Ticketmaster's
high fees, hate then just slightly less, and hate U2 a bit more because they
are ripping you off by pretending that Ticketmaster is the only bad guy.

~~~
wdr1
Yep.

Ticketing is actually fairly complicated, both technically & as a business.

------
lima
The story mentioned:
[https://news.ycombinator.com/item?id=17081684](https://news.ycombinator.com/item?id=17081684)

------
jonnyrockit
Hard to believe there's no mention of working on projects for the NSA.

~~~
pmiller2
If you worked on something evil for the NSA, would you mention it? I’d like to
think most HN posters aren’t that stupid.

~~~
ryan-allen
Not only that but they quite possibly could face jail time? Security
clearances are pretty serious business!

------
pnloyd
I wrote a tampermonkey script that automates this:

[https://blog.bench.co/blog/how-to-hack-
priceline](https://blog.bench.co/blog/how-to-hack-priceline)

~~~
Rjevski
Doesn’t look unethical to me. The site is making money by intentionally
withholding information and getting people to pay more than what they should.

It’s only fair that someone uses this trick against them and defeats their
bullshit business model.

------
golgoth3
When I finished my studies I was sold as a trainer for Microsoft training When
I was assigned a course, I had about 2 days to a week to discover the
technology and prepare the course. Often I didn't even know the name of the
technology I was supposed to be an expert on.

When you looked at the official conditions of the training, you had to have 10
years of experience just to have the right to follow it, I was supposed to
have passed diplomas to have the right to line up. I finally realized that my
company had to produce fake degrees with a fake resume or I must have been 10
years older developpers.

It is obvious afterwards that employees, or even managers of training centers
were in the scheme, there is indeed in my country a law that obliges companies
to spend money in training every year. The company was doing this scheme on a
large scale, we were 40 The worst part was that most of my colleagues were
younger trainees than me, only three or four of us were officially employed
and had real diplomas, so we were sent to the most difficult cases.

The advice we received was to be aggressive with the students to prevent them
from asking too many questions, to be impeccably dressed and to be "handsome".
It was not easy to teach to 15 years older So that my classes were not too
pathetic and to make a minimum illusion I often prepared my courses the day
before until 5 o'clock in the morning.

The trainees who gave the training deemed easier were recruited on the line,
preferably if they were foreign, they were sent to give a test training and if
it went badly they were sent back on the spot without remuneration. I don't
know how or why, but I did about nine months of this before I left.

------
gabcoh
Not necessarily unethical but certainly annoying, reply all has an episode
about the creation of the popup[[https://www.gimletmedia.com/reply-
all/3-i-didnt-mean-to-brea...](https://www.gimletmedia.com/reply-
all/3-i-didnt-mean-to-break-the-internet)] From the show notes: “Twenty years
ago, Ethan Zuckerman did something terrible on the internet. And he's still
living with the consequences. “

------
_throw_away
Ran an illegal live streaming site for a few months. Had a lot of fun with it
and used the experience to transition to a legitimate job in that space, but I
probably cost some people some money, and for no other reason than "I could".

I also worked at a startup briefly that was run by a convicted con man. The
business was legit but it was immediately clear he was using the same
confidence techniques on everyone - clients, employees, etc. Not a good scene.

------
alanbernstein
I reviewed allegedly infringing code for plaintiffs who might be described as
patent trolls.

------
lunulata
Implemented APIs for clients that were based on scraping data from other
competitor sites that did not give permission, it's some kind of service hi-
jacking. Similarly, implemented some clone sites that just rip off other
people's work #zuckerberging Some bug bounties ask pentesters not to hit their
production servers hard with automated tools... I've ignored this to find some
bugs in production servers on occasion.

~~~
Rjevski
Scraping is not unethical IMO. If you make the data public then everyone has
the right to use it for whatever reason.

Arbitrarily restricting what the data can be used for is what I would call
unethical.

~~~
jessaustin
Scraping becomes unethical when it turns into a DOS, doesn't it? In some cases
it wouldn't be an issue, but some scraping definitely makes the service less
responsive.

~~~
Rjevski
Yep, this is the only thing which I agree with. When I scrape I always try to
use as little resources as possible and make sure it’s appropriate for the
size of the site I’m scraping (I wouldn’t care about sending 1k
requests/second to Facebook, but wouldn’t send more than a dozen few per
second to a little e-commerce store).

------
z0mb3e
I used to help out at a bed company selling matresses in their WooCommerce
store. The owner was obsessed with „metadata“ and SEO.

He regularely told me I should copy and paste the meta title and descriptions
into a Word document (ugh) so he could edit on them. When he was done I was
supposed to put them back in, manually of course.

Now, normally I‘d tell a client that such a task could be easily automated.
However he was a very shitty boss and I was getting paid hourly.

So I simply built a crawler that analyzed every site and pulled its metadata,
put it in an Excel table (I convinced him it was easier for me to copy/paste)
and sent it to him via email. He then gave me the updated table, for which I
simply wrote a script to execute some SQL queries to put them in.

This turned what what’s effectively 2 hours of work each time into 20-30
because of the number of pages.

One time I remember I forgot to update the metadata one of the pages. When he
complained and I realized, I quickly ran the script and told him he‘d have to
„refresh his cache“ or something. He never noticed any of this.

~~~
capevace
I had one of those SEO obsessed bosses. They’re the worst since they never
understand how SEO actually works and throw around buzzwords.

If he really was shitty otherwise too, good on you.

------
unclean_scholar
Once I've developed a tool that replaced a couple of employees for a (client)
company.

In another occasion, I was assigned to a project that I didn't find motivating
at all, so my plan was to "slack off" and work on my own stuff as much as
possible. The only question was how much did I have to work to make the
management believe I was giving it my 100%. There was another member in the
team, who was a great guy but an average dev, and I realized that I could
easily make 2x more progress than him in the eyes of the managers and still
have almost half of the day "free", so that is exactly what I did. Later I got
a bonus for my "hard work".

But the one I regret the most is installing keyloggers on several computers in
high school (msn era) and obtained passwords for most of my classmates. At
least I was careful enough and didn't tell anyone at the time.

------
southphillyman
Give positive references for developers who I know are crap because they are
nice guys and I feel sorry for them.

------
scott-smith_us
A few years back at my last job, I was approached by a senior guy on a product
team asking me to game some tests so we could get our Windows certification.

I just kind of brushed him off at the time. I'm still sorry I didn't collect
evidence and then report him. He was a real dirt bag.

------
SurgeonOfDeath
When I was in highschool there was an online competition every week.

So one week there was this very hard problem. I didn't knew how to solve this
but I figured out that there is one answer per 10 tests.

I bruteforced easy tests and send program with different answers
std::cout<<30<<endl; ... So I send like 500 different programs. Then I just
combined correct result with size of test ;p. I use while true to figure size
for every test ;p

I passed every test. Week later my solution was removed and I got very nice
e-mail about what I did and how wrong It was to exploit platform.

I still managed to be in top 10 at then end of competition but It was mistake
huge mistake

Ps. Competition was with very good prizes but still I am ashamed of myself for
that.

------
ada1981
I wrote code to automate my 15 hour per week grad assistant job.

One or two clicks and some php magic.

~~~
Rjevski
Not unethical at all. They were paying X amount of money to get Y work done.
You were providing that just fine (I’d say you were providing them even better
value because you eliminated human error).

It’s not your fault if they would rather hire a human to do some automatable
task.

------
skc
I let a brash, know-it-all, developer shoot himself in the foot instead of
pointing out that the things he was doing would lead to a catastrophic data
loss.

I was pretty young so it's not something I would do today.

------
taitems
Not going to incriminate myself with any of my own stories, but a friend did
work for a phishing take down company that was paid per site they removed. Of
course the people who sign off on these things are never that technical, so
the company was paid a non-trivial amount (say $1,000) for taking down each
subdomain.

Think, contact.bankna.me, support.bankna.me, aus.bankna.me, customer-
support.bankna.me, login.bankna.me etc etc.

They would often take down the subdomain and leave the parent name intact so
they could keep cutting off the individual heads of hydra, if you will.

------
pippolong
Amazing there’s nothing here about crypto.

~~~
CPLX
Probably because the people in question are still drinking the Kool Aid.

~~~
dabockster
Sounds about right. I've only met a handful of devs in crypto. They were all
in college or recently graduated individuals. I don't know if they were
getting paid in cash or tokens, but it was hinted at that they were being
paid, at least in part, under the table.

Most of the crypto workers I've met in the last six months have been mostly
freshly minted MBAs or marketing people with tons of money to burn.

------
TrolTure
Take people's content and put ads on it. TOS compliant but shady.

~~~
wand3r
Do you work at Google?

------
rjay925
While working with a client as a contractor in US, I was told by him, that my
Manager had promised to get PhD/MS with 5 to 10 years experience. I had 4
years experience after my after Bachelors from another country. The client
appreciated my work and kept my contract as long as possible. In the three
years that I worked, I saw 10 people come and go. It hurts me every time I
think about it.

What hurts most is that it is still in a common practice in that company and
industry.

------
Theodeus
I built campaign sites for the automotive industry. Always felt wrong. Was
asked to pitch for a client in the petroleum industry and declined. That felt
great.

~~~
bigfudge
I remember working for a heart/health charity at the same time as a large fast
food company. That felt weird.

------
throwaway_0hjpo
I wrote (copy pasted / edited) a cheat for an online game that was in beta,
when I was around 13. I released it (with no anti cheat protection), probably
got a few thousand cheaters banned...

I then sold the cheat source code to a forum of cheaters, who integrated it
into their own offering and paid me a small royalty. The source code was
pretty much copy pasted from a guide with minimal changes to work on the
correct memory addresses.

------
jrenouard
I worked on dating websites. The codebase was awful but more importantly,
99.9% of female profiles were fake, poor guys were trying to get a date when
in fact they were chatting with some other guy in Africa... It was really
depressing doing a job that wasn't adding any value to the world and being
part of a parasite economy. I had to this for financial reasons but left as
soon as I could.

------
dawnerd
I had to migrate a site for a well know fitness personality many years ago and
their database contained plaintext passwords and! Credit card information.
Didn’t bother to really fight it at the time. More reason to never give your
credit information out if you don’t have to.

Also helped build a site that tricked google into ranking us higher.

------
throwaway14b141
Took liberties with our interpretation of a third party TOS so that we could
utilize a product. I surfaced this to leadership when I realized we were not
in compliance, but we kept the outcome of what we needed from it, although we
did cease to use the tool. I chose less career friction over fighting further.

~~~
xauronx
Saving data from something like google places API?

------
xchip
I used to crack games just for fun, in fact the fun was in cracking the game
and not in actually playing the game.

------
throwaway3883
I worked for a company, which had insiders at Google steal various data to
improve their SEO. I don't know the details, but I think it may have involved
some cute girls. I built systems to work with the stolen data to improve their
SEO. They are one of the most popular websites on the internet.

------
Err0r404
My boss asked me to log a user's credentials in cleartext so he can connect to
his account and get confidential data... I resigned the next day after

------
cartercole
I built a toolbar ad network for about 200k users and would do inline ads on
every page and replace all search results with ad api feeds

------
siliconc0w
Moral questions come up surprisingly often in product development. Especially
for smaller companies looking to grow fast or things like how aggressive to
get with opt-ins and other 'dark patterns'.

Online lending, for example, is a pretty tricky area. You have to subscribe to
a pretty hardcore version of a capitalist moral philosophy to justify the %xxx
percent interest those places charge. Especially as the 'ideal' customer isn't
the one who pays you back, it's the desperate population who continually re-up
their ridiculously expensive loans.

------
adultSwim
_silence from our fellow engineers in the "defense" industry_

------
jakobloekke
Made a regular cms-based website as an SPA. Using Angular.

~~~
dabockster
If the actual content was simple enough, you could have just wrote it in
straight HTML with some Apache magic and no one would have been the wiser.

------
black_13
Call centers are on a lower ring of hell.

------
stevehiehn
Is this a trap?

~~~
dabockster
Is this loss?

------
efiecho
Let me answer on behalf of programmers employed by Facebook.

 _The most unethical thing I have done as a programmer is going to work
everyday._

~~~
dabockster
I still hear from a lot of the younger programmers there that feel like
they're still working on revolutionary social tech. Aside from everything that
has happened in recent years regarding Facebook, these people always cite the
fact that Facebook has connected a lot of the world together in the social
graph and that somehow outweighs all the negative consequences.

------
gworley3
I was a graduate student living off a stipend and working for the university
teaching math and CS courses. It wasn't enough money, especially with my
wife's medical bills, so I got desperate and...taught for ITT Tech.

If you've never had the displeasure of being a student or teacher at ITT Tech,
I'd describe it as a cross between community college and vocational school but
where everyone is pretending it's a 4-year college. It felt like a place where
dreams go to die, and no where did I see that more in the way they set me up
to teach classes.

Now, first I should say I have a lot of sympathy for my students there. They
were generally folks who honestly wanted to make better lives for themselves
and got duped by ITT Tech into thinking it was a place where they could do
that. Those students are now stuck with a lot of crappy debt they can't easily
get out of and also didn't learn much, because as I learned from teaching
there, the goal was not really to teach anyone anything.

I taught two classes: software engineering principles and Linux system
administration. I had not special qualifications to teach either of those
classes, but they needed someone to teach them, I had an MS in CS, and I had
some idea of what to do. The SE class consisted of two students and we'd meet
for 4 hours every Saturday for 3 months. We'd sit together and read the
textbook, then do some problem sets out of the textbook ("how would _you_
design this system or organize this work?"). Nothing truly objectionable, just
the same shit the passes for "education" in most school. I think I gave both
of the students As at the end of the semester.

The Linux system administration class was another story. I had three students,
although one showed up maybe 3 times all semester, and they had all in theory
already taken a class teaching them Linux/Unix basics, but as became
immediately apparent none of them had actually _used_ Linux before, just read
about it in a book. So began our awful semester of them pretending to learn
and me increasingly transitioning from teaching to pretending to teach.

They started out needing to install Linux on their laptops. This was around
2010, so not quite as easy as today but already very easy (the worst case
scenario was you failed to get hardware acceleration for graphics or something
like that, not non-functional input devices). Yet somehow every week for the
first month we had to reinstall Linux. I don't know what was happening in the
week between classes, but somehow Linux disappeared from their computers and
we had to go through it all over again. This obviously put us way behind.

Once we got Linux running on their computers we started to try to do some
basic system admin stuff (there was a syllabus telling me what stuff they
should be able to do by the end). I don't think we ever really made it past
creating users and installing packages (is installing packages even still sys
admin work?). They constantly got stuck on basic things, forgetting how to
`ls` and `cd`. By the end of the semester I think they still couldn't reliably
`sudo` on the first try.

I knew this was bad and had been talking to my supervisor about it, but he
kept telling me it was fine just do my best and work with them where they
were. When the end of the semester came I didn't know what to do about grades
because they had tried but were just unprepared for the class. At university I
would have failed them, but ITT Tech insisted I give them Cs. I was pretty
unhappy about that whole situation but what could we do.

When they offered me classes for the next semester I declined. I didn't want
to be part of a system that was all about pretending to teach people things
while also charging them a bunch of money. But for one terrible semester I was
complicit to a system of exploiting desperate folks (some of my students had
been in prison and were trying to get their lives back together and giving up
a lot to pay for classes to be there).

------
machiavelli1024
While I haven't done anything nefarious other than putting a few
tracking/analytics frameworks into our product, I have heard a few stories
from my colleagues...

E.g. at a contractor company, a client wanted to lease 5 developers for a
project. We didn't have enough free developers, so they assigned a single guy
to the project, who was making commits from 5 different accounts. The client
was paying for 5 devs of course.

There was also a client who was building slot machines, and we wrote the
software for it. We ran experiments to figure out the best way to rip off
gambling addicts.

The first company I worked for took EU innovation grants and when the deadline
came, they simply copied their existing product, replaced the logo and
showcased it as something they used the grant for.

------
spork12
Me and a friend setup a fake electronics store on the dark web and ended up
making a lot of money when bitcoin spiked in value.

~~~
movedx
Brutal.

~~~
jrs95
Personally I don’t think scamming people who intend to buy stolen electronics
is particularly unethical anyways. It’s sort of like...profitable vigilante
justice.

~~~
Rjevski
Unless the electronics were branded as stolen I wouldn’t immediately assume
malicious intent from the buyers.

People might have all kinds of reasons buying those electronics anonymously -
maybe there are no other channels to get them from (oppressive government
restricting features like VoIP in iPhones, etc) in which case the “dark” web
is the most logical place to go to get a clean device.

~~~
jrs95
They weren’t branded as such but the store(s) only existing on the deep web
plus the incredibly low pricing made it obvious that these couldn’t have been
obtained legitimately, if they were really selling anything at all and not
just scamming people out of BTC. I highly doubt anyone capable of finding and
using these sites could actually be dumb enough to believe it was anything
other than stolen electronics (or a scam).

~~~
user5994461
The stolen or the oppressing government are not good arguments. It doesn't
allow either party to buy or sell.

We had the case of an ex student who opened a company selling electronics and
mechanical parts. Some shipments were stopped at the border by the local
equivalent of the NSA and the company received a visit shortly afterwards.
Turns out that some stuff can be used to manufacture military equipment.

That day, we learned that they take it pretty seriously and the onus is on you
to prove that it's legit and going to a legitimate party.

~~~
Rjevski
I don't really get how this relates to my point? All I was saying is that
buying on the "dark web" is not _always_ synonymous with bad intentions. I did
not say it _legally_ (I assume that's what you meant) allowed parties to
trade, although I will say that it does _physically_ allow parties to trade,
as "dark" markets have been thriving for years now.

~~~
user5994461
I meant to illustrate that dealing in physical goods is well defined and
regulated, any trouble will have no regards for intentions or what is
physically possible.

------
WillPostForFood
Did a project using Cold Fusion.

~~~
bswitzer8
I have been working in Cold Fusion for the past year and I feel the same way.

------
jgalvez
Nice try, FBI.

------
stealthmodeclan
Alright, i know this guy from NYC - he would offer payment processing to
companies who could not get payment processing in their own country.

Initially, everyone will be paid out on time and later he will refuse to pay
holding 500-1M from each company.

He made 10s of millions doing that you'll be surprised that everyone
threatened with a lawsuit but never reached the court.

Now, he has a lot of real estate in NYC.

------
thewarpaint
Worked with PHP for four years.

