Hacker News new | past | comments | ask | show | jobs | submit login

Are you asking if the maintainer of 'requests' decides to spy on computers and phone home information?

What packages do this?

Not a laywer, I'm just picking nits. It seems to me when you pip install a package, you are saying "download <this thing> and run its setup.py file". What if requests did something you didn't like, something simple like write a new directory or change the name of a certain file. Could you sue over that? Where is the distinction?

No one would be suing. This would be criminal.

I was thinking that a simple way this would be illegal in the US would be

"[accessing] a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer"

See a2C here: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...

I'd assume you can make a decent case that the person only authorized the installation of a piece of software, not the gathering of identifying information.

IP addresses can be used as identifying information especially when paired with a timestamp.

Being an American citizen living in the US I would not want my name on this paper.

Ah fair enough, that makes more sense. It's definitely an unethical experiment, glad my name isn't on it either.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact