Hacker News new | past | comments | ask | show | jobs | submit login

Yeah I wouldn't want to find myself in court hearing

>17000 computers were forced to execute [unauthorized] arbitrary code

Certainly a crime in the US, not sure about Germany.

Nice execution though!

I'm not so sure - were they forced? Could you take the maintainer of `requests` to court too? If someone types `pip install reqeusts` and gets something they maybe didn't expect, did you really force them?

Are you asking if the maintainer of 'requests' decides to spy on computers and phone home information?

What packages do this?

Not a laywer, I'm just picking nits. It seems to me when you pip install a package, you are saying "download <this thing> and run its setup.py file". What if requests did something you didn't like, something simple like write a new directory or change the name of a certain file. Could you sue over that? Where is the distinction?

No one would be suing. This would be criminal.

I was thinking that a simple way this would be illegal in the US would be

"[accessing] a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer"

See a2C here: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...

I'd assume you can make a decent case that the person only authorized the installation of a piece of software, not the gathering of identifying information.

IP addresses can be used as identifying information especially when paired with a timestamp.

Being an American citizen living in the US I would not want my name on this paper.

Ah fair enough, that makes more sense. It's definitely an unethical experiment, glad my name isn't on it either.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact