Hacker Newsnew | comments | show | ask | jobs | submit login

Here's an example of the fig leaf in action: http://willmoffat.github.com/FacebookSearch/?q=HIV%20test...

We decided the redactions reduce the impact without actually offering any privacy at all. (That's up to Facebook and the users).




"Full disclosure" is a discussion about the ethics of publishing an exploit. Publishing exploits is customarily done in a descriptive manner -- I've never seen it done by publicly sharing the spoils of using that exploit.

Did you try publicizing it without the full identifying data available and measuring the response? Did you consider a strategy of escalating outrageousness, instead of going straight for this course of action?

What about automatically contacting the affected users first, and attempt to rouse them to action?

I'm sorry to be so harsh in a public forum, but when someone takes it upon himself to say that the affected lives are going to suffer for a good cause, then he'd better accompany the resulting campaign with a very thorough -- and thoroughly-vetted -- piece of argument explaining exactly why the ethical balance is in his favor. Two guys deciding they'd get more pageviews by going with plan A, and leaving the moral debate for blog commenters after the fact is not a thorough vetting.

There were already numerous forces at play which could potentially result in FB getting things straight. Your app won't have accomplished anything that wouldn't otherwise have been accomplished, except perhaps to cause a few more people to suffer.

-----


> What about automatically contacting the affected users first, and attempt to rouse them to action?

You mean contacting 98% of facebook's users?!?

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: