There was an article a while back about how cell service providers were selling extremely granular location data, and some of the programmers working on those systems immediately showed up on HN to comment on their moral dilemma. I suspect it's not an isolated case.
I created software that was used by call center agents to bid on “bathroom” break time slots and kept track of who was on break and actively punished those who didn’t follow the rules. It rewarded those that had higher performance and who took less breaks with higher priority. If an agent didn’t come back from their break a security guard would automatically be dispatched to find them. For the same company I also made software that reduced the same call agents to numbers and effectively automated the layoff/termination process. It would contact security with orders to have people escorted out, and had a sinister double verification process that would check to verify the agent was actually fired, or else the responsible security guard would be punished via the same point system. Everything was done via e-mail and would come from “System” and at the time used fancy HTML e-mail templates that looked official. I would frequently hear people talk about how they received a “System e-mail” with a chill in their voice, not knowing I was the one responsible. People who I ate lunch with sometimes didn’t even really know. Embedded in each e-mail was a count-down timer to create a sense of urgency to do whatever was being asked before a “punishment” was applied.
After an agent had been terminated, their punishment points would decay over time until such a time they reached zero (or another configurable threshold depending on how desperate the company was for warm bodies), at which time they would be sent an e-mail to their personal e-mail (which was collected during the application process), inviting them to “re-apply”. Being an early telephony company we also would send them a robo-call with the “good news”. This process was known as a “life-cycle” and it was common in certain labor markets for employees to have many such lifecycles. Another way employees could stave off automated termination was to work for unpaid overtime, which offered to reduce their point values per unit of overtime worked. Everything was tracked to second granularity thanks to deep integration with phone switches and the adoption of the open source Asterisk CTI.
This orwellian automation terrorized the poor employees who worked there for years, long after I left, before it was finally shut down by court order. I had designed it as a plug-in architecture and when it was shut down there were many additional features, orders, and punishment_types.
I was just starting out in my career and was more pre-occupied with the task at hand to have enough mental headspace to contemplate the full picture of what was happening. The system itself was designed by traditional software means: trial and error, trying to see what worked and didn’t, usually trying to maximize some KPI at the company. There was also the thought that punishment and reward should be applied fairly and be “data driven”; take the bias and human factor out of decisions and implement performance management in a predicable, deterministic and transparent way.
The problems arose when people realized that the same controls and abilities to instill this equity and “fairness” provided the platform to enable wide scale exploitation in the other direction. Want more profit? Change a variable that was a single number whose action would cause great stress for many people, but would produce a desired result. The goals and metrics would always start out resonable but eventually would cross a certain point, and once they did, there was no going back to the way things were.
Draw your own conclusions to the similarities in this system to our modern day technical web triumphs.
Personally, as both a writer and a programmer, I often consider implementing the systems that I’ve written dystopian fiction about. Not to create a dystopia, but for the same reason I write: to point one out, such that people can get incensed, laws can be made, etc.
To put this another way: the most efficient way we could have possibly found to get the use of nuclear arms in war globally banned, was to have someone use one. The Cold War would have been far riskier if the world hadn’t seen Hiroshima and Nagasaki—it would have been a stand-off to the use of weapons we would have as-yet had no understanding of the consequences of using. It probably would have ended with the use of hundreds of bombs, rather than just two.
It’s sort of the moral equivalent of a “work to rule” strike: the best way to get through the lesson that something is bad, is to stop pushing back against it and just let it happen for once.
You’re actually suggesting being a sociopath is a good thing because it’ll make all the bad ideas eventually die by us trying them. This is simply not true, we have to make bad ideas die by reason and logic, before we do too much harm.
I suppose doubling down of fossil fuels and burning of rainforest is great, we’ll just have to adapt quicker to the super extreme weather. But we can adapt with more aircon! Yay!
Maybe we are just monkeys who can’t actually learn from things that we haven’t experienced but then we’ll be replaced by nature any day now. I’d rather learn things the easy way, if at all possible.
This is an extremely uncharitable reading. Infosec is a field rife with kneejerk dismissals until people actually see the exploitation in action. How long has the (ethical) tech community been warning people about the NSA and Faceboot, until Snowden and Cambridge Analytica actually happened?
Infosec is totally different because it’s exposing problems people have already created in a standard way. This is using technology for maliciousness in the first place. Try telling to those people who were abused by that system they were just collateral damage in a bigger plan.
I think there's merit to his argument. People really are very stupid, especially in groups. Maybe you're smart enough to realize that burning rainforests and doubling down on fossil fuels is a stupid strategy, but there is no shortage of people in the US, who actually have an education no less (unlike many people in developing nations where the rainforests are being burned), who really think we can't hurt the environment and laws to protect the environment are wrong. In fact, there's probably a bunch of them right here on this site; they usually call themselves "libertarians", and will scream about "private property rights" in regards to this issue.
It'd be nice if humanity was smart enough and empathetic enough to avoid the horrible mistakes we've made, but we're really not.
Ironically this is sort of why I supported the 'Bernie or Bust' movement, I felt in order for us to get a social democratic leader, we needed Trump to ruin things and push us more towards a dystopia. I'm in utah anyhow, so red state doesn't matter, but as a principle it still mattered to me.
Not trying to hijack and turn things political here, but it was just an observation. Sometimes you need some chaos to bring about change for the good...sometimes the thing we fear most is what we NEED to happen in order for those in power to pivot and change their ways.
I would file this under 3. Moral Disengagement - A generalized cognitive orientation to the world that differentiates individuals' thinking in a way that powerfully affects unethical behavior.
But see, I can understand weapons building. The motivation is protective towards one's society, and that is the intended result, even if that might not be the actual case.
Whereas the intention of building an oppressive system such as the one described above is, what, selfishness? Laziness? Programmers, because of the high-demand nature of our role, do not tend to be subject to the usual financial pressures that other communities are. I'm not sure what would motivate someone to build such a system as opposed to walking and finding a better job offer.
>But see, I can understand weapons building. The motivation is protective towards one's society, and that is the intended result, even if that might not be the actual case.
If you work for a defense contractor, you are not 'protecting your society' - that's not even the intent. The intent is to make money by selling tools designed to kill other human beings.
Not saying this was likely, but one potential reason could be a kind of selfless penny-pinching.
Say you have a call center run as a co-op. You’ve got workers and HR people. Both the workers and HR people are shareholders. If you can eliminate the HR people, then the workers can each have a larger proportionate share for the same work. Automating HR eliminates the HR people.
Automating a job is one thing. Some people may consider it unethical. But it is going to happen.
But writing coffee to terrorize people is something else.
Eventually someone will come in and say the system in the OP was necessary for the company to stay afloat, pay its employees or retain value for its retired shareholders.
There is a difference between defending your nation and defending your country.
But in this particular case, some of the things described are actually illegal. While building a weapon is not necessarily illegal. Ignoring the ethical implications.
There is not really all that much difference. Weapons are used to terrorise and murder people. What this person wrote will give some humans stress but it will never cause physical harm.
That you think one is justified and the other is not has very little to do with their relative harm, which is by no means a solved problem or a given. It has to do with your view of it, and those views will differ between different people.
It enables cooperation. Human nature is such that it's hard to keep working hard when others slack, you feel taken advantage of and a fool. This way, you know everyone's doing their part.
It creates jobs. A lot of people don't have the self-control to keep from taking longer and longer breaks, either costing the company money or getting fired. Some jobs pay more to hire people that do have this self-control, but there are only so many of those people. This creates a business model that works when supplied only with the lazier employees who are left.
Another system like this is the timeclock. It's a tyrant and getting out of bed on time every morning is the hardest thing I've ever had to do, but there's just no way to run a factory without it.
I’ve always looked at these systems as “if someone else built this, it would be worse.” Doesn’t the same moral conundrum exist anytime you build a system that dehumanizes people for profit. Ad networks? Drug trials?
Ad networks - people can just disconnect or look away if they like.
Drug trials have benefit to society.
I would argue that creating a system to fire people in an automated fashion when they take too many bathroom breaks like this is morally worse than both of those systems you mentioned.
However using that as an example, there are people who work as vermin exterminators, or people who work in labs that have to euthanise lab mice. They probably don't enjoy it, but when there's a need for something you'll find someone to do it.
It's not a straw-man, because it's using your literal point. I can't get any closer to your argument than that.
> However using that as an example, there are people who work as vermin exterminators, or people who work in labs that have to euthanise lab mice. They probably don't enjoy it, but when there's a need for something you'll find someone to do it.
Yes, but that does not serve as a reason why I should be the one to do it (instead of them), that only postulates that there are other people out there to do it, which is an irrelevant point.
Woah. That's just scary. Also: didn't know about the whole "life-cycle" thing before, is such re-use and re-termination of workers common in this industry?
I often say that telemarketing should be considered a less honourable occupation than prostitution (in the latter case, you have two people voluntarily exchanging value; in the former case, you have one person trying to scam the other). Now I'm beginning to suspect it also has worse working conditions.
Since you mentioned it in this thread, you clearly are aware that such a system is morally "challenged". How did you rationalize it to yourself? Was it something that started innocuous and evolved to become worse, or were you aware of how insidious it was from the start?
This isn't fiction anymore. Amazon uses systems essentially identical to this to manage their warehouse "pickers". Their performance is continuously tracked and they're retained or terminated based on those performance metrics.
First i thought that this is scary but I've had many friends who told me that they they play games all day at their office and once boss called them in their cabin and they expected to be laid off but were given a small raise instead.
"I take lots of cigarette and bathroom breaks to fix my makeup/hair and Snapchat my friends. I can't see myself working hard. I am not a sheep". Those are the exact words.
This is a scene from a government organization in Romania.
Now, i am in the US and I've not witnessed it here but here i am in executive role so i hangout with different people.
I asked them why not do your job properly? They answered, if they are going to do their job then they'll most likely receive a promotion, raise and more responsibilities come with it. For them more money = more problem.
They told me that for them money does not matter and all they want is experiencing different cultures, traveling etc... and work has no place in it.
This is something I had never heard before!
They somehow managed to rationalize not performing their jobs.
I don't slack off, but I feel like there's a position as a Software Engineer past which I wouldn't want to be promoted. I see folks in the higher levels and the stuff they have to deal with has zero appeal to me. My salary and bonus at my current level are already more than enough to sustain my lifestyle and save plenty for retirement - I don't need more.
A lot of people are attracted to the idea of "getting more responsibility", and they like the prestige/visibility that comes with a fancy (e.g. "Principal" or "Staff") title. Me, I just want to put in my hours solving problems and go home do something else.
This is a I believe a common sentiment in post-communist countries, esp. for anyone working for the state/city/municipality. It's normal for people to take a one or two hour break to go shop for groceries, or even leave at noon if they don't feel like working longer. There is even a common saying in ex-yu countries: “They can never pay me so little that I can't do even less work.” (sorry for the bad translation).
Why would you consider such a system unethical? As a customer constantly annoyed by laziness and incompetence of the low-level support employees, I can only thank you for working on such system.
Not a programmer at the time, but a system administrator. I won't mention the company. This was 2011-2012 -ish.
We hosted dedicated servers and most of the time, they were mostly Plesk or cPanel servers run by people selling email and or web hosting to hundreds of clients from a single server.
This one time a client joins the network, buys a server from us, and migrates from Rackspace. We wondered why he'd move from Rackspace given they were better than us, and it turns he was kicked off of their network because he basically submitted tens of support tickets daily asking for all kinds of optimisations, improvements, and silly stuff not covered by the support contract. Rackspace had decided he wasn't worth it and booted him.
We ended up with him and boy was he a pain in the backside. Anyway...
Long story short, he cost us more in engineering time than he paid us and this irritated the owner of our business. The owner had my team leader find someone on his team willing to do the following: dump the guy's Plesk database containing all of his customers and make a copy of it on our network. I took on the task and was told it was simply a backup. I was young and didn't really think things through. I feel bad about it now because...
The customer was booted from the network a month later and all of his customers were offered free email and or web hosting for the year, including migrating them over to our network... the owner absolutely annihilated the guy. He contacted all his customers and simply wiped him out.
That same owner is now a highly respected business man and an MBE.
You might be able to do some digging and find out who this company and owner is, if you look hard enough.
One of the HostGator former admins actually doxxed one of my old accounts on reddit by typing my full name in response to some random comment. When I asked him how he knew it, it's because my reddit username was the same as my domain name at the time, and he remembered looking through my server. Whenever the admins would get bored, they'd just dig through peoples' servers and see what they had. He remembered mine because I had a lot of sheet music on it.
They get people like this because they put their admins through the puppy mill process. Basically hire anyone not braindead, train them to do basic shit, and then pay them peanuts. The company men eventually get a high position in the hierarchy for a negligible pay bump and then help keep the new ones in line.
Such a shitty company, but I don't host anything sensitive there and it's been reliable for the last 10 years so I haven't migrated anything yet.
He was working on a large, industrial construction project and they were nearing the end of it, so a QA engineer was scheduled to do a walk-through, and before that happened a higher-up purposefully damaged finished work, dented a pipe with wrench, unscrewed a bolt, etc... That way when the QA engineer did his checks, he'd find these obvious, easily fixable defects and mark them, whereas if he had found no problems, he would end up digging deeper, since he'll feel like he has to find something, and then he might potentially uncover some major, catastrophic problem that'd be impossible to fix and still hit the customer's deadline.
Theoretically everyone's happier at the end of it... QA because they did their job and found stuff wrong, the client cause the project was finished on time, and all that for an afternoon of extra work.
I worked for a company with an extensive QA process and on occasion I found myself being less then thorough before handing the code off. I knew there were bugs, but just left them in there, because they had bug quotas they had to meet, and we had a tight deadline, etc... At least that's what you tell yourself to justify the behavior.
Sometimes I wonder just how much of this kind of greasing-the-wheels goes on in other industries...
I used to do this defensively when submitting 8-bit games for publication back in the 80s.
The non-gamers at the publishing company seemed to feel they had to get back to you with a handful of changes. If your game was really polished, the changes would be pointless or even harmful things. I quickly learned to leave in a few obvious things that were trivial fixes, e.g. blocky bitmaps, misspellings, jarring colors.
Instead of coming back with:
> we really like the game, but couldn't the snake be an F-15 fighter, and couldn't the scrolling be vertical instead of horizontal?
...it would be more like:
> Change that color, fix that icon, correct that spelling
Came here to say this! I've told this parable of the duck before, but I did not know the origin of the story... "get that duck out of there please otherwise looks OK"
I did this in our University laboratory for OHS, we called it window shopping. By giving the inspector a few easily visible, but not dangerous issues out in the open, he was satisfied we were up to scratch safety wise but could also tick all his little boxes. An out of date MSDS for chemicals we no longer had, a not tested and tagged electrical cable used prominently, a drink bottle left next to the lab computer by a student.
I've done this, leave an obvious trivial bug for the QA to find otherwise they'll keep digging until they find something pointless and hard to fix, which is not a problem in the first place. they have to find something to justify their jobs.
Not me personally, but the company I started my career with (was an intern there for a few months).
ERM software. When a new client comes onboard, install the product and database, but make sure not to make any optimizations, not even the basic indexes in the DB. Depending on the usage, the DB will get slower and slower in a few months. Then send a "consultant" who will simply run a script and add indexes etc and test a bit (no more than an afternoon worth of effort) and charge a high fee for it.
We had a project once for conversion (not getting into details). My team found a tool online. Boss bought it, finished the entire project in one day. Boss bills for month (which was the original estimate), puts the team to work on another project for the next 29 days, gets paid for that too. The only decent thing in this story is that we didn't know before the quote, that such a tool was available. Some would say this is smart way to do business, it felt shitty for me though.
For the second part, I dont think about it as you sold a month of work. You just agreed with a customer that this task is worth X amount of money. If you managed to do it in one hour, that's just good business.
I still think they could have charged for less than the full month. The goodwill and trust that would have engendered would probably have been more than worth it in the long run.
That's not ethical if it's a time&materials statement work agreement (because it's an estimate; if the actual work takes 10% over you bill that).
If it was a fixed-bid, then yeah it's completely fine. Though usually I'd say there should be a bit more time spent delivering some additional (canned) documentation and the like.
That would require that you eat up the cost if something takes more time. Most of the time the customer will pay for the additional time or at least part of it.
We had a 'missing indexes' consultant do a big job for us. The database quickly got really slow. Needlessly to say we do not hire them any more and do not recommend them to anyone else. The index problem I fixed in five minutes plus eight hours waiting time.
Sounds like a dream job or a nice side gig if you just want a job. Login, run script, log out, bill for thousands, then go back to doing your own thing.
Intentionally withholding stuff without offering an upfront option is shady though.
Where do you draw the line? My grandma was once contacted by a scammer who offered to "optimize" her laptop, and she ended up paying roughly the same as the price of a new laptop.
We have a mechanic now that constantly surprises us by billing us something like 2-5x times less than we expected. Turns out, he's good, and he bills us for actual time spent and parts cost. Like last time, I expected to pay ~$270, ended up paying $65 - $32.5 for parts, $32.5 for work time.
This guy only takes work from existing customers and people referred by them, because it's widely known in the local community that he's good, and has way more people wanting his services that he can handle. He could rise his prices, but it turns out, he's a decent human being.
An IT person who used to do be an engineer on a merchant ship told me that in IT finding the problem takes time but the fix is quick. But in physical mechanical work finding the problem is usually easy but the fix takes time. Sounds cute at least!
I worked on a penny-bidding site. These guys "auctioned" items like PlayStation, tvs, cars to the user who placed the final bid on an item after 60 seconds of no further bids. Each bid would increase the final price by 1 pence/cent, but each bid would cost 50 pence/cents. You could "win" a $20,000 car for $500.37 and the house would have taken 50,037*50 cents. It might be okay if that was it -- but I was asked to code some "house bidders" who would outbid players until a certain threshold was met. I left that job shortly afterwards.
A few years back I was house hunting with my wife. We found a lovely house that was a short sale, and put in a bid.
Holy crap, that process was all kinds of frustrating and drawn out.
About 3 months after we placed the offer, the bank put the house up for auction on another site, to try and drum up more offered. On the auction day, I checked in routinely no one was bidding. All was looking great. About three hours before closing, a bid came in that was lower than our offer. OK, still good. Then another about an hour later. Still good. Then the "final hour" of the auction happened and it slowly but surely started ticking upwards, bids started trickling in and the price started climbing higher and higher. About 20 minutes before the end it got past our offer and my heart sank. As the end time drew near it started getting bumped out by further offers.
I told my wife we'd been outbid, after a stressful day, following on from months of stress and frustration.
Next day, our realtor reaches out to the selling realtor who reported that the bank told her no one else had actually bid on the house.
The dollar auction is usually run as an experiment in game theory classes and works a little differently from the penny auction sites. In the latter, all of your bids at any point are a sunk cost.
I saw an ad for something like that a while ago, but realized that you couldn't sell an ipad for $0.56 if you weren't getting the full retail plus a margin from somewhere. Thankfully I never got into it.
I wonder what the percent of that unethical charity's income was spent on its stated mission? Many charities are just fronts for marketing companies with super high salaries and almost none of the money goes to what the donors would expect.
Ditto, in my case the site was like this, wasn't itself a non-profit organization, but said proceeds from it would go to the specified NPOs... but that never actually happened as far as I know.
I suspect you're not going to get many personal stories here because it would be self-incriminating. But I have a couple from some people I know in tech.
1. I know the guy who, pre-Snowden, actually designed many of the pieces of network gear needed for the dragnet. His perspective was basically: Yes it's wrong, but what do I know? I just design electronic circuits.
2. Same guy also mentioned how at another company he worked at they used DNS tricks to exfiltrate data out of their enterprise clients. Nothing crazy, mostly just analytics to aid in things like product design. They got caught though. First Intel went out, then a couple hours later 4 other big tech companies (including Apple and Microsoft). Then a huge swath of devices stopped reporting. They got acquired shortly afterwards for a large, but sub-billion dollar amount.
3. I know a couple people that crack into devices and sell the 0days to the highest bidder. I consider this practice for anything cyber-physical (self-driving cars, etc) to be so unreasonably unethical that it should be against international law. It's one thing to sell these things to an allied government, it's quite another to have them on the open market.
>It's one thing to sell these things to an allied government, it's quite another to have them on the open market.
Honest question...why?
The result/intent seems the same whether done by a state or nonstate actor. In fact a state actor seems more likely to use it because of a greater feeling of moral justification.
> 1. I know the guy who, pre-Snowden, actually designed many of the pieces of network gear needed for the dragnet. His perspective was basically: Yes it's wrong, but what do I know? I just design electronic circuits.
In case anyone wonders, this is why so many engineering schools are increasing their focus on teaching ethics.
EDIT: I don't expect to receive an answer to this (and that's fine), but I'll give more color to my guess. Meraki had a side venture in internet connectivity-enabled location analytics which was more profitable than its actual router sales. This is one of the reasons why its acquisition price was so high. It has since contributed to a location analytics service within Cisco.
I am not sure I understand the distinction you make between a government and the higher bidder? How can you be reasonably sure that your findings will not be used wrongfully by X gov official?
You can't, but if the NSA or CIA wanted to kill a bunch of people they could. Whereas ISIS and company can't. Not knowing who is buying your 0day is dangerous to public safety.
> Yes it's wrong, but what do I know? I just design electronic circuits.
This outlook, along with "well if I don't do it someone else will anyway", is why tech workers are quickly becoming the new bankers in the view of the public.
> This outlook, along with "well if I don't do it someone else will anyway", is why tech workers are quickly becoming the new bankers in the view of the public.
Which really annoys me, because while moral indifference of some tech workers is wrong, there are still the business guys actually giving the immoral orders. Those are conveniently forgotten in the new narrative.
At what level of technical skill/background does a business guy become a tech guy?
People are people and this "oh the business guys are the bad ones, not poor little programmer making $200k/yr implementing business guy's idea" mindset is odd.
It's not about the skills/background, but decisionmaking capacity. The blame for executing an order is separate from the blame for issuing one. If a tech worker is both the decisionmaker and the implementer then they get to be blamed for both, of course.
Was fed up with Quake Live not providing any matchmaking, so I tried to make my own. Of course they didn't have any API, so I needed to scrape their website to get the match results. I sent a lot of requests.
So when they blogged about their web site becoming occasionally very slow, I sheepishly emailed them, and asked if this might be due to my scripts. I assumed that of course they'd have some sort of IP based limiter in place in case I got to greedy. Well, they didn't. They requested that I send them my scripts, which I happily did. They also banned my account, which I thought was quite petty.
They might have unbanned me a couple weeks after that, but I quickly lost interest in Quake Live.
There was an ongoing prank in my high school (late 70's) to insert John Holmes' name whenever/wherever possible. For example, one trick was to ask someone in the front office to add to the end-of-day announcements "{popular girl}, John Holmes won't be able to give you a ride today". Eventually the front office caught on, and it got riskier and more difficult to do.
I was asked to write an Applesoft BASIC program to help the front office collate and remove duplicates from attendance lists taken first and second period. At some point,
I added some obfuscated code that would add John's name in when the total number of names was over some threshold.
Worked for a company that was contracted by DOW to make an app promoting some extremely toxic agrochemicals, such as Forefront. They talked about this being so poisonious that if animals eat grass sprayed with it, then crops grown with their manure will be unsuitable for human consumption. Was also asked to fake ("round up") the calculations of how much money you'd save if by those chemicals.
Read up a bit about DOW and the Bopal disaster and started to feel horrible about my work.
Tried to gently bring concerns up with the management, and was laid off immediately.
I feel really bad about doing that work, but trying to make up for it by not eating animal products anymore.
Good idea. I don't really know anything that isn't already out there, but still happy to talk to any journalists/NGOs/regulators about it.
I have been going on about this to a journalist friend of mine who's works at a public broadcaster, but it didn't really go anywhere. Well, at least I'm airing this on HN now.
It's made me wary of wild-camping on grassy areas around farms, knowing what some farmers might be spraying there.
And what if they can tell from the information leaked who leaked it? This person's life will be destroyed by armies of lawyers. Just so some journalist can report on something that'll be out of the news in a few weeks and change precisely nothing.
That is always a risk when someone does something in the public interest. But doing stuff for the betterment of others at risk of your own lifestyle is a noble endeavour that many have undertaken despite these reasons.
My point is that others are not bettered by this action, because the action of leaking to a journalist no longer improves anything. Just as it hasn't the last few times this happened. It is arguably a good idea to sacrifice something for everyone's benefit, but it is always a bad idea to sacrifice if nobody benefits.
Animal husbandry has a large negative impact on the environment. After this DOW Grassland app I felt I needed to take a look at the environmental destruction I'm contributing to.
Except the alternative - ie, relying on annuals for food production - destroys top soil and relies on fossil-based fertilizers. It's the epitome of nonsusteinability and environment destruction.
Perennials combined with animals can be made into a much more self-sustainable cycle.
Be careful with numbers, they can be useful but fail to show the full picture at the same time.
Back when I was eating meat, I was probably still aware that it was harmful, but in a kind of cynical denial about it.
I've heard that one about "the annual crops" before, and it's simply not true that it's "the" alternative. It's claimed in this one study that's echoed in loads of articles[0][1][2][3] that assumes that vegans don't eat perennials, which is kind of ignoring the existence of apples, apricots, asparagus, artichoke, avocados, broccoli, currants, basil, blue- and blackberry, chives, fennel, garlic, ginger, grapes, kale, kiwis, leek, mint, onions, oregano, pears, persimmons, pineapples, plums, pomegranates, potato, rasp- and strawberries, radish, rhubarb, rosemary, sage, thyme, tomatoes for a start.
This view about animal husbandry being harmless for the environment has been disproven[4][5][6], and is on the line with global warming denialism.
It's not a question of being harmless but sustainable. Everything you do will harm or imbalance the environment somehow, the question is how much the environment can recover or if it can at all.
There are a ton of lines I could go to discuss your points, from "meat is not equal to beef" to "could one live healthily only on the things you listed?" (hint: no).
I see tons of articles with statements of journalists but no real evidence, if you want to discuss with references I suggest going to better sources. Actually, I suggest checking your references as well - this was written on [4]:
"[a major report into the environmental impact of meat eating claimed] eating some meat was good for the planet because some habitats benefited from grazing."
So yeah, even your references "disproving" what I'm saying are actually are actually agreeing with me to a certain extent.
Last, but not least, it's not about who eats what but about sustainable systems - either the system works as a cycle or it will eventually run off. You need to look at the bigger picture.
I've done a lot of work involving scraping, data analysis and reversing private API access from mobile applications. A lot of this work is legally defensible (if you do it correctly) and not particularly unethical. After doing a bunch of this type of work I started to accrue subject matter expertise in the area that led other companies to come to me with more questionable projects in mind. I turned down many of these, but two projects stand out to me as unethical or borderline. In fact, this was the reason I eventually stopped working with these companies.
The first project was for a large, (now) well-known fintech company. They needed to develop login integrations with consumer banks to acquire customer account information for verification purposes. But many such banks didn't particularly want to grant them any special API access. More importantly, these banks typically forbid scraping and made it explicitly difficult by implementing JavaScript-based computational measures required on the client in order to successfully login. I helped this company develop methodologies for bypassing the anti-scraping measures on several banking websites. However, I stopped working on this because 1) I felt uncomfortable with the cavalier way they were ignoring banks' refusals, then using the reversed integrations and onboarded customers as a bargaining chip for more formal partnerships, and 2) performing huge amounts of analytics on customer data acquired as part of the account verification process.
The second project was for a tech startup working on insurance and credit analytics. This company is one of several that popped up in recent years to use machine learning and social data in order to develop a more "complete" credit score (in their eyes). They had an impressive team of machine learning researchers but their data acquisition team was comparatively mediocre. So I worked with them to improve their acquisition methodologies for a variety of social media websites. I stopped working with them for three reasons: 1) fundamentally, I lost faith that their product was actually generating a meaningful signal over traditional means, 2) I was worried that the data they were collecting might introduce spurious correlations or illegal biases, and 3) if any team was going to do this correctly, I didn't think this particular team was the qualified one to do it.
I'm guessing the first company is Plaid. I'm in the ACH payments space so we're a potential customer of Plaid and I vaguely remember a presentation or something where they (Dwolla + Plaid) promise merchants the ability to grab 12 months worth of transaction history from a user's bank account. Could be wrong about that. I do know for sure I made a mental note to myself to never use Plaid as a consumer.
I would have no issues working on this. Doesn't seem very unethical. (For people who know the space, it's pretty obvious that you're talking about Plaid :))
Well I subscribe to moral relativism, so I don't have an issue with you not finding it to be unethical. But personally, it bothered me that so much user data would be mined from their financial statements.
I know B2C companies like Mint do this as well, and I don't have an issue with user data being used for market research. But it seemed underhanded since most customers aren't aware of it. If you use Mint you can read their T&C and understand your data is mined. But Plaid is not sold to users, it's sold to companies. So end users of a completely different company which simply uses Plaid for account verification would be implicitly volunteering their data.
The other thing that bothered me is that companies which have valid reasons for not wanting to develop API integrations for Plaid would be strong armed into doing so once Plaid had acquired a critical mass of their users using the methods I helped them develop.
Thank you for sharing. This is why I never sign up for any fintech services. The amount of data I hand over is never worth the "benefits" they provide.
Most of those sorts of companies (both B2C and B2B) ultimately end up selling the user transaction data (or some derivative analytics thereof) to hedge funds. It's used (for example) to forecast the revenue of B2C companies in advance of equity earnings announcements.
NB: I don't have an issue with user data being mined for things like market research if it's a situation where the product is free and users can be easily made aware of it. But I find it dishonest if the company mining that data is doing so without direct user consent, or in a "backdoored" manner using their status as a downstream client's "affiliate" for T&C purposes.
> A lot of this work is legally defensible (if you do it correctly)
Could you expand on the correctness aspect? I'm currently working in this space for what I believe to be good reasons (to improve the accessibility of a particular service for visually impaired users). But I'm eager not to abuse my position and knowledge.
To be clear, I'm talking about scraping. I think the sibling commenter is talking about developing competing products via reverse engineering ("clean room implementation"). I am also not a lawyer, so I can only tell you the guidance I received from one for the projects I worked on.
Technically speaking you can scrape data in a legally defensible way if you do not need to accept any terms of service explicitly prohibiting scraping in the course of grabbing the data. The distinction is that browsewrap T&C have plausible deniability, but clickwrap T&C do not. And if you receive a cease and desist order, you abide by it with a mea culpa. This also means you don't scrape so loudly as to be noticed, which has the happy side effect of probably not disrupting the target's service.
But again: The grey areas of ethics are a separate question from legality. Please engage a lawyer for your specific work.
Depends on the jurisdiction. For instance Europe allows reverse engineering for inter compatibility. Terms of services carry little value here (none for this clause that's already covered by a specific law).
However, it would be interesting in the case of bank services. Accessing the account from the customer probably let you initiate a variety of actions like money transfers or loans, it's sensible to argue for limited and controlled inter interoperability.
Also, customers are not allowed to share their credentials and he is in breach of his contract. The account should be considered compromised and be locked.
Depends on jurisdiction OP operates in, but clean room reverse engineering is one technique, i.e. OP reverse engineers a piece of software, documents how it works at a high level, and hands off the documentation to legal counsel who reviews it for IP infringement etc. The doc is then handed off to a completely different team/engineer who implements the API contract documented by OP.
What's wrong with allowing customers to fetch their own data from their bank? I hold the opposite point of view, that banks withholding information from their customers is unethical.
Sounds like you would be a valuable member of any company, especially a startup. I’d love to hear your thoughts on more ethical ideas for analyzing difficult to obtain data. Feel free to ping me directly.
> hear your thoughts on more ethical ideas for analyzing difficult to obtain data.
See, this data is not difficult to obtain if you're operating in an ethical manner.
You can't do ethical analysis of data obtained in an unethical fashion. Fruit of the poisoned tree and all that. I guess it worked for radiologists after nazi germany however...
I don't necessarily agree that the first project was unethical, the banks were saying no because they wanted to develop a product of their own to compete with the company that hired you, not because they had any moral standing to prevent the customer from running analytics on their own data. The company you did the work for is immensely helpful to the consumer, and banks refusing to let consumers interact with their own data is, IMO, more of the moral violation than forcibly scraping that data out.
Even worse, the banks preventing users from straightforwardly accessing their own data is exactly what is pushing users right into the arms of these "fintech" surveillance companies.
The technology (OFX direct connect) and software (Quicken, now Moneydance) for users to privately track their finances has been around for quite some time. But the protocol appears to be getting deprecated in favor of this "web download" rigmarole as banks attempt to decommodify.
I had thought about futzing with Plaid for my own monitoring purposes, figuring since they were B2B they wouldn't be directly surveilling (leaving that up to customers instead). Apparently I was wrong. Surveillance capitalism, indeed!
Throwing in a guess for the second company, was it Zest Finance?
I know this isn't the point of the thread, but I couldn't help myself. I will ask for forgiveness (as I am sure we have all done in both technical and ethical matters)
After Jared Kushner originally bought the New York Observer, I was hired to lead the tech team, which I did for a year and a half in house then for three more as a vendor. He asked me, out of band, to blackhole articles critical of his commercial real estate colleagues and I complied.
I appreciate the sentiment, but I've been open about this on Twitter and to a team that wrote a profile of him in the wake of the election. That a newspaper publisher would participate in an administration that labels the press the enemy of the people is a total betrayal of the journalists and other media professionals who worked hard for him for years.
Not questioning your story a bit, I'm sure it's true. But shouldn't we all be a little concerned that CNN is posting a story as fact without verification or even talking to the person making the claims? The article even implies heavily that they've talked to you.
The number of people who led that team for a year and a half as an employee and three years after as a vendor is probably sufficient to identify them regardless of the account used.
The way you handled this does not speak well of your character. You should have: 1. Preserved the articles in a safe place. 2. Resigned. 3. Given the articles to another publication and state what happened. What I see here is that you were concerned first about your own finances. That is what makes you look bad. Ethics first, finances second.
Giving the articles to another publication would constitute unethical behavior as well though, considering he didn’t own the content and could not claim any authorship over it, though perhaps alerting authors or editorial staff could have spurred that result. And obviously a question about the most unethical thing a person in this field has done isn’t going to be something that speaks well of their character. I don’t think it speaks well of a person’s character to judge someone for the single most unethical thing they’ve done in their career.
I made software 15 years ago to automatically buy concert and sports tickets from Ticketmaster and other websites. At the moment tickets went on sale we used hundreds of computers to buy up the good tickets.
I mean, without scraping, it basically comes down to whether or not you care enough about the event to be online refreshing the page at exactly 10 AM or whatever. with scraping it becomes about whether you have more money. some artists prefer the audience be more of the former and less of the latter
I once got pulled into an arbitration hearing to explain how certain code functions operated. While not necessarily unethical it was a moral moment because I knew the inquiry came with the loaded intent to twist whatever explanation I gave into the worst possible extreme.
Sure enough that's exactly what happened and a really hard working and honest developer lost their job so an executive could save face.
Left that company a month later but I still feel horrible
Without giving away more details than you feel comfortable with, could you share more about what the developer was fired for and how it made that executive safe face?
It was a feature set that was supposed to provide additional reporting views and expose data to customers when queried. Turns out one exec had some very embarrassing transactions that emerged from this and he wanted that info suppressed and the person who leaked it fired.
The feature worked as designed, and this exec was the one who pushed for it to go to market despite all warnings that a review of the depth of exposed data was needed first. Nothing was ever leaked, as I mentioned it worked exactly as we were instructed to build by the product managers and our engineering lead.
The outcome is the outcome scoped for.
Fwiw many engineers left after that moment. We were already at odds with leadership and when they showed their colors in that incident it resulted in nearly the entire engineering department bailing.
This never made it publicly, it was an internal product demo to the whole company leading up to launch. To my knowledge no customers or media outlet caught wind of the transactions or the internal coup that resulted.
Are we talking personal transactions on behalf of the exec that happened to be in scope because they were also a user of the software/in the data set?
Or are we talking about business transactions by this exec that were professionally embarrassing?
I built my computer graphics final project in Haskell so that the TA wouldn't be able to run it and grade it. Then for our presentation, I babbled on and on about the math and went over time so we wouldn't have to give a really crappy demo.
int main(int args, char ** argv)
{
static int foo[640*1024];
return 0;
}
This compiled into a valid MS-DOS .exe, but spit out "Out of memory" and exited when attempted to run. Was quite handy for getting an extra day to work on lab assignments back at school.
These were basically home assignments that we would demo at a lab for a grade. The lab machines had several "resident" programs running on them (some legit, like basic AV, and some installed by lab admins for their own questionable purposes), so the amount of available RAM varied wildly, sometime dipping as low as 300KB. The TAs knew that, but didn't care enough to do anything about it.
So when an assignment that you did on your own machine failed with "oom" at the lab, it was plausible that it was due to all the junk taking up too much space on the lab boxes. The assignments themselves were math-heavy physics modelling tasks, so you they did actually need a lot of memory.
All that said, I think only once someone used this "trick" to get an extension and it was because his truly needed few more hours to hammer its sim into converging.
If it didn't cleanly compile and run on linux, it was a autofail. I found a discrepancy in MPICH2 the hard way: it would correctly implement my leader election on my mac, and on my little raspberry pi, but not on a Solaris linux!
Once, I implemented an interpreter/compiler for a toy-language in Opal (a functional language developed and maintained by my prof). A compiler for Opal was only available for Linux. I had zero experience with Linux and no intention to gain any. So I wrote my code without compliling/testing. Suprisingly, I got a good grade with a remark that the grade would have been even better without syntax errors :D
First, I'd have been able to run it (or grade it even without running it). And yes. I've seen a lot of crappy Haskell code. I've written a good amount of that myself when I was learning Haskell back then.
Second, assuming I didn't know Haskell, I'd have stopped your babbling in the presentation at some point and asked you to run it.
Third, any student that does unusual things is either very good or very cheeky, so those students deserve special attention. So 10 minutes at your and my convenience to run the demo in my office would always have been an option.
(But then, teaching at my university probably was quite different from teaching at your university).
During the Ashley Madison incident, a partner and I put up what was either the first or one of the first online tools for checking to see if a particular email address or phone number had been exposed.
I'm still not sure whether or not that was net good/bad. I'm sure that the tool has caused some real familial stress. We could fall back on the "well if not us someone else would have" but that's a cop-out.
Our site was checkashleymadison.com. Later on we got rid of the domain. We had a ton of interest from advertisers, but we thought it best not to try and make money off of the exposition of others. Overall we took in something like 1.2mm uniques over 24 hours. It was a pretty crazy day, and my first time speaking with the media. Looking back, I'm glad that I didn't say anything too dumb.
Originally we intended to stay anonymous, but I forgot to tell a The Hill reporter of that wish and my name was published. After that I spoke on the record to whatever journalists were still interested.
At a previous employer we used the data referenced in the question. We bought the "anonymised" telecom data from one of the big providers in the USA. We would then analyse that data to figure out where the phone spent 6-8 hours during the night to determine where the phone owner lived. Then we'd pull the USA consensus data(free!) so the system would know what demographic the user probably belongs to. We got a
surprising amount of data from the consensus, we had things like ethnicity, income, age.
Then we'd loaded all this in google maps and let users of the app figure out what demographics frequent particular locations on the map. For example a use-case of this would be a coffee company figuring out where to open a new coffee shop.
In my opinion the sale of phone location data is already unethical on it’s own.
The location data was pretty accurate too in suburban areas. And the provider in question was not very good at anonymising it either. On multiple occasions we could track individuals over a longer period of time. Which would shut down the entire project until it was fixed.
So the company did the right thing whenever the data was compromised. Probably because they were publicly traded and had a good name. I doubt scrappy startups would do the same.
Market research is not unethical unless you think capitalism is unethical at its roots. And if you do I'm curious why you're spending time on a venture capital forum.
And catercorner means diagonal to, not sure what word you're trying to use here.
(I didn't go through with this, but considered) While I was a student I worked for a small shop that sold online services. I was something between an intern and a junior developer/security guy.
The boss (non technical) privately asked me one day to do some research about automating some data entry processes, basically reading from excel files, some databases, formatting and putting it all in another database.
I found out later that if that script is made it would lay off a number of people doing data-entry. I didn't go through with it for many reasons.
It's the only thing close to a justifiable reason, honestly. But even then, if you're paid for a full-time job as a developer, and asked to develop a piece of software, you can't very well say "I'm paid enough to develop all the other stuff you want, but not this one thing" with a straight face. You could certainly use your development of it as a good reason for a raise, though!
While there are some truly bad things in the top-level comments, it seems a non-trivial percentage of the responses here are some form of "my employer attempted to make money, sometimes even a profit, in legal ways."
Agreed, it's pretty much what we (programmers) do. A cleverer boss will use his people to make more profit, instead of fire a bunch to reduce costs, but cest la vie.
Sometimes, sometimes not. Not all automation puts people out of work. I work for a company whose service facilitates a marketplace and allows a real life industry to grow.
Without our service nobody was doing the job of connecting the people who find each other on our platform. The industry was simply smaller and people could find others to work with only through their personal networks. There are no jobs being lost to our automation, only jobs being created.
I remember my first on site project at a paper mill in the north of England. I couldn't figure out why the people involved were so hostile. It was only later when I was talking to the salesman about it that I found out they were all going to loose their jobs once I'd finished.
I once used curl to continuously upvote a family member's art submission to some national contest. The contest site did no validation so continuously sending POSTs with was almost too easy to game it. They won and got a free trip across the country (among other things).
In my first job out of college i worked at a big consulting company on a project at a company that used interwoven teamsite cms.
Teamsite was a cms written in Perl, JavaScript, and Java with lots of xml sprinkled in. It was a horrible system.
I blogged about it on my personal blog. All the posts were about how to solve issues I had using it. This was before stack overflow.
After I had about 10 such posts I wrote a post titled "interwoven teamsite sucks" and linked all the other posts there.
I started noticing traffic to that post from specific ips accross the country.
A week later I was pulled into a meeting with the top see directors and told to remove my blog.
Interwoven was an Accenture client.
I had already given notice at this point, so maybe that is why they didn't fire me. They could still tell interwoven "this asswipe is no longer with us".
Worked quite a while for an "Internet Cafe" SAAS company. If you're confused by the quotes, these internet cafe companies basically sell internet time to users and with each minute purchased, you also get an entry into a sweepstakes where the prize is a jackpot. The sweepstakes entries would be redeemed electronically by way of slot machines, video poker, etc. They're basically legalized gambling. I suppose that in and of itself isn't unethical, but we didn't exactly operate by by the book.
In order for this to be legal, the sweepstakes games have to have a defined number of entries as well as a defined number of winners and losers. None of our games did, it was just too prohibitive. We did provide to our customers, by law, our average payouts and our games did adhere to those through averages over time. But there were many occasions where the games didn't pay out jackpots regularly or paid them out too frequently, hurting stores that were using our software. Our recourse was to provide them more "entries" to distribute to sell to their players, which of course cost us nothing.
Business was good for quite a while, but stricter laws and states cracking down really killed profits. I just feel like any type of gambling in unethical, it seems to really pray on people's dopamine addictions. And these internet cafes, in particularly, are largely occupied by retires who, I'd wager, can't really afford to be throwing their money way.
Years later, my Aunt and Uncle became addicted to gambling on those casino boats and have now lost the house my Grandmother left to them when she passed. I don't necessarily believe in karma, but that certainly made me rethink it.
Didn't do it, but I was asked to "pre-package" the results of a piece of test equipment. Basically, we didn't have a clue what we were doing, and we were in way over our heads on the project. The customer was coming in to do the final approval and we were nowhere near complete. The boss told me to make sure the test results matched the specification "no matter what".
Circumvented browser features to force autoplay on videos with high volume on our websites. While not a morally bankrupt thing to do especially compared to some of the other examples, we all felt dirty doing it.
From an accessibility point of view this can be more than an annoyance. If your video means I can't hear my screen reader, and I'm the sort of user not to plan for this inevitable sort of event, my computer is unusable until it finishes or until I recover sufficiently from being disoriented to remember the hotkeys to get out of there. So please never do this again. Thx.
Sites like that is why I have the Chrome plugin "Quick JavaScript Switcher" that instantly disables JavaScript and reloads the page. As soon as noise starts blasting when it's uncalled for, I just hit the panic button next to the address field!
Aside from the accessibility issues pointed out by another comment, this was mostly an annoyance upon our users that the higher-ups decided converted well. FWIW we did try to argue against it but profits dictate behavior in a large corporation. :-/
Either way, it doesn't exist any more and if you were ever bothered by it (I apologize), there are no over-arching effects that you have to worry about.
I believe the key word is 'something measurable'. People remember their obtrusive ads more so they think mission accomplished even though they now try to avoid them as 'the guys with the obnoxious advertisements'. It might be ultimately detrimental to the company but their bosses think it is a good thing and they get rewarded for it.
Metricitisis is a major management disease of our times and neither corporate, nor government nor nonprofits are safe from missing the point completely in the quest for meeting irrelevant metrics so they can say they are a good manager.
I worked once for a small company that had a social media marketing side (separate from what I did for them, but we sat in the same open space). From what I've observed, the social media marketing business mostly boiled down to our people writing reports which shown nicely growing metrics to customers who then happily paid. The metrics might or might not have been correlated with any real-world increase in profits, and really neither side understood any of that. But it looked believable, so customers paid.
I suspect a lot of that is happening in adtech these days - people with no understanding of statistics bullshitting each other with pretty charts.
From my perspective, at least you could stop going to the website if they did stuff like this, and TBH anyone's free to do whatever they want on their website. A lot of these other stories are doing things without informing customers, or using customer data illegally, and stuff like that.
It's sure not great if you want people to come back to your site, but it's not morally bankrupt.
Insultingly diminutive language aside, you're just wrong. Assuming you're referring to the ADA, "there's [been] laws now" since the 90s. The line you quoted is clearly referencing personal websites, which are not bound by ADA.
I think we're talking about different comments. I'm certainly not talking about a blog. Instead, I was referring to the parent's application. The parent wrote:
Circumvented browser features to force autoplay on videos with high volume on our websites. While not a morally bankrupt thing to do especially compared to some of the other examples, we all felt dirty doing it.
There's no information about the size of the company there. I replied to a comment that said there are no relevant laws and suggested that that person check out the ADA. The ADA might be relevant.
As a gentle satire of a much-hated London-based design company we were working with during a project for a major brand, I added something called 'disco mode' to the customer's site if you crafted the correct query string. It progressively added more and more random jQuery effects to the page on a timer, while the customer's logo jumped to a beat.
Yeah there are plenty of companies that don't do code reviews still to this day. I worked for an ad agency for a bit and we were still using SVN (afaik they are still using SVN for many projects today). Everyone would just push code straight to trunk with no review process.
I created a cool little easer egg where if you clicked in the bottom left corner of the browser window and dragged in a circle, the site would flip upside down. A coworker and I also photoshopped some of the client's imagery that was used on the site and hosted it on another domain. If you typed a variation of the Konami code while on the site, the images would be replaced with our meme-ified versions of their imagery. Even if we had a code review process, none of my coworkers would have even noticed that little bit of extra code in the mess of jQuery spaghetti that was their codebase.
Probably pre checking one of those cookie policy checkboxes or what not. Wasn't too happy about that, especially when the software used removed the feature before for exactly the reason you may expect.
I also previously used a mod to read personal messages on a forum once, though that's one of those things which is heavily, heavily debated about on community management sites, with about half the audience saying its an unethical breach of privacy and the other half saying either that it's their site and property deal with it or that it's a good way to stop poaching and abusers.
But that one wasn't exactly coded by myself, so eh, it's an edge case for this question.
So probably a tie between those two, depending on what you count by 'as a programmer'. Fortunately, everything else I've been asked to do in my career has been pretty normal/ethical.
There was this Australian company that had this fly-by-night looking empty office near South Park, San Francisco... I'm serious, and not exaggerating, when I say it was a few bare metal folding chairs/tables bare walls, and way too much open space for the 1/2 dozen people working there...
In any case, the startup I worked for previous was split up and sold/aqui-hired out to two different companies, and myself and the technology I'd created, and the million+ email addresses we'd collected went to this one.
I went along with it because they were one of the few companies I knew of with access to the twitter fire hose feed, which interested me, and they had dept. of defense contacts - which ( in my mind ) legitimized their presence in the U.S.A. at the time.
Out of the many shady-feeling project, the one that made my skin crawl the most was an automated fuzzy matching system I was ordered to create, that tried its best to match users on Twitter to users on Facebook, using nothing beyond the normal publicly available meta data ( name, age, icon, the regular profile stuff ) and the followers/people followed on the twitter side, and friends and likes on the Facebook side.
It was surprisingly easy to match people, and felt more than a little wrong to me when I really thought about it... but the tech/challenge was just too fun to work on to routinely give it more than a perfunctory thought.
I was subcontracted as development resource to a short terms loan company. They had me implement a piece of software that lets people enter their online banking details (yes their name and password, that thing that the bank says if you reveal to anybody you have no protections on your account), store them in a database, and then use those credentials to scrape their bank records so that their loans could be approved without the user having to send their bank statements in.
I wasn't comfortable working for a company that preys on the fiscally challenged, so I found another job and quit the contracting company I worked for.
I've been on the receiving end of this once and the company refused to not use the automated system. The automated system didn't believe my savings account was a savings account since my bank had it under 'passport savings' or some such nonesense. Even through emailing they basically said if the system doesn't do it then there's nothing they can do about it. I think it's a big invasion of privacy for a system that doesn't even work well.
One of my employees was contracting out his entire job. His performance was great and then fell off a cliff. Turns out he stopped paying the contractor and the contractor stopped doing his work for him. When he had to do it himself it was horrible.
I don't fault the guy for the arbitrage, just for not fulfilling the contract. It would be about equally unethical if he were doing the great work himself and got bored and wandered away.
I think it is pretty unethical to give someone access to company data without the companies permission, and especially to allow that person to actually work on company products.
First part of the sentence, sure. Last part is debatable, so many things are outsourced or contracted, any product is largely contributed to by non employees.
I strongly disagree. Even if we ignore confidentiality and security issues, there is a fundamental difference between contractors and employees. Employees are generally paid less than contractors and are provided stability inn return the company gets a stable employee.
Contractors are expected to be shorter term and change tasking if new opportunities arise, even for a short time.
If both parties enter into a deal then it's fine, if one is misrepresenting themselves it's not.
With companies it's more transparent and the contractors are bound to confidentiality and other codes of conduct. If something goes wrong the issue can be traced and addressed.
When an employee does it without informing the employer or signing an agreement that holds the contractor to the same standards as the employee the chain of trust, transparency and accountability is broken.
Well, it's entrepreneurial, but he's almost certainly also violating all kinds of employment stipulations and policies he's formally agreed to (security, privacy, etc.)
I did some contract work for an online “payday loan” company for a bit. It didn’t take me long to realize I was ashamed of working with such a terrible industry, but my professionalism kept me there until I finished the job. Definitely a low point.
Payday loans are bad but they are not that unethical. The alternative option for people reliant on payday loans are actual loan sharks, which will turn out a lot worse for the debtor. So don’t be so hard on yourself.
I think it would be difficult, but possible to run an ethical payday loan company that focuses on building people up and out of long term debt.
Having spent most of my spare time for the past 8 months on a FinTech idea (which I now question the cost of launching) I spent the day yesterday looking into PayDay loans as one of the URL's I got for said biz is pretty damn catchy for a PDL endeavor. Case in point--GoDaddy has all kinds of loan ads on the parked page.
I agree with you though, that's a sleazy way to make money, IMO.
Its an entirely standard thing, but I feel it is unhappy knowing that my paycheque depends upon thousands of mobile game players watching advertising, and feel that it is ethically dubious that my job is to try to cram more ads down their throats.
It’s great. Just as long as you reward me for watching an ad as opposed to making them a forced part of the experience.
E.g. watching an ad to double my score/gems, sure. Making me watch an ad after every level before I can continue, hell no, that’s an instant uninstall.
As a hypothetical since I'm working on a game that may use this, how would you feel about the following? For a multiplayer .io-style game, you get a score per level, and a cumulative score. The top few players by cumulative score are shown to everyone and celebrated, etc. If you ever get zero points in a level though, you'll lose your cumulative score - unless you watch a video ad.
Is that acceptable, or does it feel like blackmail?
(FWIW I'm discussing this with a lot of other gamedevs too, but since you brought it up I figure you might have a "different community" opinion worth my knowing!)
Disclaimer: I don't mind advertisements in general and I think they get a lot of undeserved hate, especially on HN, which I think is a bit funny since a lot of the folks here work at companies that wouldn't exist without lots of advertising.
I think it's a unique and interesting idea! I might only allow it once or twice because I think eventually the folks at the top of the cumulative score list will have just been the ones to watch the most ads, as opposed to the ones who are the best at your game. Or maybe something like you can watch an ad to keep your score but then you have to play that level again, and if you get a zero again you lose your cumulative score no matter what? Not sure how much that would change your mechanics.
It does not feel like blackmail to me especially if it's a limited-use type of thing.
I helped build Grindr, which of course I don't think was unethical. But I've been surprised by some people's reaction to it. It generally comes up in some conversation where someone asks "what have you worked on that I might have heard of?" Occasionally they follow up with (paraphrasing) "how do you sleep at night?"
Grindr the service isn't unethical but I recall a thing about them having a lot of third party tracking. Which given the nature of the service seems to me way worse than tracking elsewhere on the internet.
I don't know anything about the current architecture or third party trackers. It's been over five years since I did any work with Grindr.
I will say that when I worked on Grindr, Joel (CEO, founder) was adamant that we would not track location history. We only stored the most recent location we received from a user.
You're not a current or former Google employee, are you? There's the legend of the engineer who was a Grindr user and helped them to scale their code (it ran on App Engine, at least at the time).
I may have created and taught others how to create phishing pages and in high school and then used those generic pages in spear-phishing campaigns. Also I may have come up with some really good growth-hacks to gather credentials which resulted in a some inappropriate messages sent by a kid to another that he denied while he was suspended. No idea who actually sent them because maybe the phishing group was too large.
I may have infected my classmates with RATs in school with another partner and uncovered a large number of class romances.
I may have been an asshole as a kid. I'm just glad I grew up.
In high school, I got a summer job at this local accounting firm. I don't even remember what I was hired for —probably paperwork— but pretty soon I was doing some programming for them. The owner was rich, but cheap, so he asked me to write a simple invoicing tool for their smallest clients. That way, he avoided a costly upgrade for his existing software, at a fraction of the price. I knew I was being underpaid big time, so I would make a mental note of the bugs I'd find, but avoid fixing some of the minor ones. I did not plant deliberate ones. Invariably, when school started, they would call me to go in once or twice a year to fix something. I'd chat with the guys most of the afternoon, change the code over a few minutes, then collect my "tip". I didn't feel too guilty because the owner was paying me a pittance, but acted like he was showering me with millions and treating me very well. I was young, but not naive. I could and would have done a lot more if only he hadn't been so condescending. Plus, some of his business and clients sounded a bit sketchy, although I had no proof.
In another occasion, I cracked the copy protection on one of their applications. They had a full license, but the protection relied on a magic 5¼ floppy disk and their new machine only had a 3½ drive.
I promised myself I'd never work on accounting software again. Later, I ignored the owner's questions about what kind of internet businesses to invest in. He was dangling some of his money in front of me, but I didn't fall for it. Which was a good call, because a few years afterwards, he got in trouble for aiding his sketchy clients I mentioned above.
When a deadline had passed sent blank tapes to clients and then claimed the postal services had wiped them when scanning with xrays, asking the clients to send back the tapes so we bought a few more days
Even in the internet era. In high school I often just renamed some random file to a .doc extension and sent that in. No teacher ever had any idea. I'd just play dumb that I had a bad computer.
I worked for a business that sold videos burned to very cheap blank DVDs, for a pretty high price. We tested them onsite, and had about a 20% failure rate (they cheaped out on the equipment, too) and the passing discs wouldn't work for about a third of customers anyway. I think those discs delaminate after a few years.
Worked on an automated system to skim tips from crowdsourced 'contractors' without them realizing it was being done. Don't worry, legal says it wasn't technically against the law and the fine print of the contracts said we could do it.
I live in a dictatorial country with 90%+ of the tech, industrial, and service sector owned directly by the president's family. So I kinda feel like whatever work I take on in this country is evil in one way or another.
I haven't had to hack independent media agencies and opposition parties yet and I plan to keep it that way.
Used some of the more advanced features in git to delete commit history and cover up bunch of illegal activity shortly before an acquisition.
I used to feel really bad about this, but apparently there are whole teams dedicated to this sort of "cleanup" in M&A nowadays. Now I just feel bad about everything!
Without going into specifics, can you outline the kind of illegal activities that might appear in a git commit history? I'm guessing copyright infringements mostly?
Basically lots of tracking of users and reselling that data in extremely detailed ways. Whatever the marketing team demands or you're fired, that kind of environment.
I was once assigned a task that had been estimated at 8 hours of development time, but only required the modification of a single line of code.
I finished it in 5 minutes. My boss asked what happened, I told him, and he told me to revert the code, work on other tasks, and redo it at the end of the day so he could bill for 8 hours (in addition to billing for the other tasks I worked on).
I did it and didn’t say anything. This was just a few weeks into my career.
I’m surprised this kind of thing doesn’t happen more often, to be honest. The people handling the business and writing the checks never seem to know anything about software. You could probably get away with telling them just about anything.
I’ve only ever seen it happen once, though. Software industry has been pretty honest in my experience (at least as far as billing goes...)
Guess I haven't had enough coffee -- I'm struggling to remember the joke in which the punchline is the professional telling the client something like "You're not paying me to do [one simple/small thing], but for the years of experience it takes to know that [it's that one simple thing]".
The problem with trying to charge for programming work is that so much non-trivial work can be summed up as a few keystrokes, or an addition of a single line, or even producing less code (by deletion/refactoring). That said, I don't understand why your boss thought this subterfuge was necessary. If the client is non-technical enough to approve 8 hours of billing for something that takes 5 minutes to fix, how is that client competent enough to look through the git history to know that it was only 5 minutes of work?
My art history textbook has a similar story about James McNeill Whisler, who when challenged on charging 200 guineas for a painting, responded, "I ask it for the knowledge of a lifetime."
I think this is extremely common in payed-by-the-hour scenarios, when the person doing the tasks aren't on-site.
I also think most people are aware that's the case, and are fine with it since they've got an estimate that they've approved. The estimate was good enough to justify the business value so they expect to pay the full hours.
Letting people know you need more time is probably a bigger issue.
That’s how consulting usually works. You scope out stories and commit to the number of stories in a sprint. Even if you wanted to add more to the sprint you’d just mess up the allocated time of QA and add more stuff for the dev ops team. That’s why more than one person (and people who know the system) should be giving estimates.
Otherwise, if it takes half the time use the other half to test, or train yourself to be better at your job. IMO
For a salaried position, this wouldn't even be unethical. When I finish my work, I take off and have fun. Even for hourly contracting, it's dubious whether this is unethical. The only mistake is telling people it took five minutes. Ideally you'd spend the day having fun and check this in at the end. Not getting paid for actual work done is so common in contracting, however, that I certainly wouldn't feel bad about using up the whole time estimate for a five minute task.
I wrote telemarketing software. Not sure if I'll go into the same circle of hell as telemarketers, or something worse. But it is an incentive to live as long as possible before going to my reward.
Ha, I write telemarketing support systems for a living and feel your pain. It might not be sexy work but sure helps to grease the wheels of commerce and put food on the table.
Telemarketing does not help grease the wheels of commerce. It helps grease the wheels of scamming.
Commerce is when people buy stuff they do need and that provides value to them. Telemarketing is conning people by pushing them to buy shit they never needed and that won’t provide any value to them. It is not commerce, it is scamming.
I’m not criticizing you for doing the necessary things to put food on the table, but please don’t justify it by saying it helps commerce.
You wouldn’t need “outbound sales” if you had a product that people wanted. They would be calling you with their wallets open if it was the case.
You only need outbound sales/scammers if you have a product that you think that people need even though they’ve been living without just fine for ages.
> Some of it is scams, plenty isn't.
Please give me some examples of how some are scams but plenty are not. From personal experiences it's always been the opposite for me. I feel like telemarketing is only used where the product/deal is so bad/unneeded that it wouldn't sell through normal, respectful channels, requiring the use of a telemarketer to put pressure onto the innocent victim to push them towards a purchase.
People aren't omniscient. People at best look for known unknowns, but not unknown unknowns. Particularly when it comes to tech, that covers a very broad area of things that they don't know are possible.
The idea that if you need to tell people about it for them to know about it and potentially buy it, then the offer is a scam, is baffling to me.
As for inbound leads, their existence doesn't stop outbound sales being productive. they're not mutually exclusive at all. In fact they're complimentary. Outbound sales results in customers, having customers creates awareness of product in the market, people that hear about it through those customers become inbound leads.
Regarding people living fine without the new product. You're just arguing against progress there. Which as a definite luddite and potential anarcho-primitivist, I am all for. But "scam" isn't a synonym for just "bad", and any definition that includes just creating needs would have to include most of modern commerce. Definitely including any and all software developers.
People are not yet omniscient, I agree. But lately there's this wonderful new tool called the Internet which allows people to become omniscient as far as product discovery is concerned.
If you have a product that solves problem X, make a website, blog posts, send samples to journalists for reviews, etc about how your product solves problem X, and let search engines & organic growth do the rest.
> You're just arguing against progress there
I'm not arguing against progress. I'm arguing against the (potential) progress of your wallet, which is not at all correlated with progress of humanity as a whole. Again, if a product was truly progress then organic growth would be more than enough. As far as your wallet is concerned, you can make it progress through other, less annoying means, and actually create value in the process.
I'm definitely getting the impression that you're just asserting that outbound sales is "bad" in some general sense rather than specifically that its use means the business is a scam.
Microsoft has one of the highest quality sales teams there is. Many of which are outbound focused. Do you consider Microsoft products to be scams?
Most (all?) silicon Valley b2b startups utilise outbound sales heavily. /r/sales is full of people either in or looking to get in to saas. It's basically only behind medical devices in preferred products to sell as a salesperson right now. Do you believe the majority of b2b software companies are scams?
If so, what is a scam to you?
Sorry for the clarification request, and I will assume good faith if you get back with a reasonable answer, but I just can't see how the lines of argument you're putting forward pertain to your original assertion.
Well every “outbound sales” interaction I had was bad, so that’s my reasoning for not liking them.
If I need something, I will search for it, read your website/marketing material and decide for myself. It is an automatic turn off if you call me first because you’d be taking my time, possibly interrupting me, and putting pressure on me to buy now that I otherwise wouldn’t have if I was evaluating the products myself.
> Microsoft has one of the highest quality sales teams there is. Many of which are outbound focused. Do you consider Microsoft products to be scams?
Define “high quality”. Is it high quality by conversion rate or is it by customer satisfaction, churn rate, etc? Because I too can build a “high quality” sales team by holding my future customers at gunpoint and achieving a 100% conversion rate.
While I don’t consider all Microsoft products to be scams, I definitely know a few that wouldn’t exist if it wasn’t for clueless people being conned into buying it by salespeople or consultants.
> Most (all?) silicon Valley b2b startups utilise outbound sales heavily
And I guess this is why Oracle, IBM and similar shitty companies are still in business, because they rely on clueless people falling for their sales tactics instead of actually making great products.
> If so, what is a scam to you?
A scam is something I would fall for that I wouldn’t normally fall for if it wasn’t for pressure/ideas from an uninvited salesman/scam artist. So like if I evaluate your product and decide it’s not for me, and then fall for it because of a salesman playing with my emotions (technically that wouldn’t work on me, but a lot of life insurance telemarketers will for example use the “think of your family” aspect to get a sale) or similar, then I would consider it a scam. A legal scam, but a scam nonetheless.
I've got no great love for telemarketing or the advertising industry, but as a point of fact it's not true that if you make something people want they will seek you out to find it. If you make something that people want but do not make any effort to put it in front of them or argue for its merits, it will likely end up ignored and forgotten.
"They're just fine without it" is a pretty good counterargument, not just against marketing, but against speaking your mind, applying for a job, asserting yourself in any way, and the pursuit of science, knowledge, or advancement of any kind. If the status quo is good, it is only because someone improved it from what it was before. It can be improved again.
> it's not true that if you make something people want they will seek you out to find it
If you solve my problems I will find it, and I'm pretty sure I'm not the only one. You can't imagine the number of times I've searched Google or asked friends about solutions to problem X.
> do not make any effort to put it in front of them or argue for its merits
If your product solves problem X, make a website or blog posts explaining that and let Google do the rest. Post it to Product Hunt or Hacker News. Reach out to journalists/bloggers and offer them a sample for review. Even buy some ads - sure, ads are cancer and will be blocked on my side, but I still prefer them compared to telemarketing.
> it will likely end up ignored and forgotten
If your product is so revolutionary that you feel it's OK to interrupt people by calling them and trying to sell it to them, then this is not something you should worry about. Such a revolutionary product will become mainstream in a matter of days. ;)
If your product isn't that revolutionary, then maybe you should instead work on making it revolutionary instead of paying monkeys to spam people. And finally, if that still doesn't work, then remember that nobody is entitled to any business and that interrupting everyone else just so you can have it your way is still not right.
> is a pretty good counterargument, not just against marketing, but against speaking your mind, applying for a job, asserting yourself in any way, and the pursuit of science, knowledge, or advancement of any kind
Seems like this is a pretty good counter-argument to a bullshit marketing model as well. Why improve my marketing model if the status-quo is good (as long as it's not me getting spammed)?
Speaking your mind, applying for jobs and asserting yourself is something you can do by yourself without bothering anyone. This kind of bullshit marketing does bother everyone - I haven't met a single person yet who was happy to receive telemarketing calls - I think this says a lot about what you're preaching. ;)
How is it an innocent victim? Every company that I’ve worked for that sold B2B software had salespeople that had “regions” they sold into to get contracts. How are they anything but glorified telemarketers? I doubt any of our customers were “scammed” into buying services that cost tens of thousands a year.
While I’ve never bought anything from a telemarketer, it doesn’t mean that thier product is not legit.
If the customer comes first to you and gives you their contact then it’s no longer telemarketing IMO - at the very least not the usual definition of telemarketing which is “asshole spamming your phone to sell their snake oil”. But if you just call out of the blue, I don’t care whether what you sell is legit, it’s just not okay to waste my time - frankly the fact that your company uses these practices damages my opinion of your product already. I don’t do that to your company - don’t do it to mine.
Now I’m not sure how prevalent scams are in the B2B industry (although I would expect there are still a lot of salespeople preying on clueless people that would fall for marketing BS instead of actually evaluating the product), but in B2C, every telemarketing call I’ve received was a really bad deal at best (that a quick Google search would beat), and an outright scam at worst.
You should be more worried about the state of the economy if companies that can afford to buy services that cost six to seven figures annually that have to be approved by C-level people are so easily scammed.
Every B2B company that does large contracts that I’m aware of has sales people.
I present security research in big conferences. This means that I find a serious security threat that affects many systems, and then I do not say anything to anyone for 6 months so that, when I do, I can get more publicity.
Don't you typically inform the system's owner as soon as you discover the vuln? You still get "credit" in that case, don't you? Somehow I suspect you're not really a security researcher...
In a lot of non-tech business, they would probably not award credit. Some would even sue you for even implying that their "perfect" brand could be vulnerable.
It's not really theirs to give, is it? If a researcher has a credible narrative of what she found, when she found it, some logs and other records, and any history of research at all, most people would believe her even if the owners of the researched system said "nuh uh we're perfect don't believe anyone who says otherwise!" Especially since such a system would be less likely to be fixed at the time of the presentation, so anyone interested could verify the vulns for themselves.
Of course the courts are open for business no matter what the circumstances, so a researcher might not take credit so as to not be sued.
Also WRT ageism and changing ethics over time, "we don't have automated testing infrastructure" was BAU in the 80s/90s yet today would be an ethical WTF moment.
Something that probably still happens today is the old "address ... economic .. issues related to work projects" Pointing out this thing is never going to run a net profit just means I'll get downsized first; everyone who's numerate could run the numbers if they wanted to and they're all theoretically responsible adults at the meeting table, so ... If you mean address the fundamental economic issue, as in make sure my resume is updated while avoiding a meaningless fight with execs, sure...
Oh and edited to add, WRT taking responsibility, a couple of times I've optimized and improved processes to the point its a one line shell script wrapping a grep or echo and that's kinda queasy taking responsibility for "writing" that. Replace half the job responsibilities (and presumably employee slots) of a department with a one line sql query in a cronjob, that kind of thing.
When I was in college I finished a couple of programming projects late. My professor said if we could prove that it was done on time he wouldn’t penalize us so I found a program that would let me alter windows time stamps.
I’m sure he knew and accepted it anyway because he was a great teacher that seemed to enjoy letting us creatively solve problems more than sticking to specific curriculum. Was my favorite class in school.
The teacher's face was priceless as she discovered my work was on the school server since "3 days ago". (she was looking for it specifically every single day)
It was a small 30 person company with an overbearing founder.
We ran a chat program called Pandion to allow non-IT staff to quickly ask each other work questions.
The boss had already asked us in IT to set up journaling in Outlook so he was getting a copy of every email sent and received by his staff.
Next he turned his attention to Pandion and I was tasked with setting up a regular report containing all chat messages that were logged on the server.
I knew everyone in the company personally and didn't care to read their private messages...but the boss wanted to get a copy right away before it was announced to staff.
So I send a copy to him, containing the last few days of messages that had been sent.
Of course a couple of staff were dating. Apparently Glen* and Amy* used Pandion for personal messages to each other.
I'm sitting with the boss explaining how the staff don't know their messages are being reported on and we can start publishing the report after the next team meeting, but the boss wanted none of that...
So we start going through it together. One of the first messages is from Glen telling Amy that she's as tight as the seal on his lunchbox. The boss had a good sense of humor and we both pissed ourselves laughing, but it still goes against my values.
They were ads to upsell them on a higher level of subscription. The argument was that they were "promotions" from US, not advertisements, which were from a "third party."
Of course, this is nonsense. An in-house ad is still an ad. When someone pays for an "ad-free" experience, we know they don't expect that they will still receive a full-screen modal popup, even if it is a house ad.
I was asked to generate fake data from renewable energy sources. Solar panels, wind turbines, heat pumps, all in EU project. Company needed to prove that estimations (about energy production provided in application) were correct in order not to return money.
I was pulling data from weather api and "scaling it to power", and making monthly reports of energy balance (electricity, heat which was bought, produced, lost)
Fun part was when guys from committee saw those reports, they told: "Finally somebody made right reports. Let us make a copy and show it to others as example" :)
Back in the day I wrote some "AOHell style" apps for AOL and Yahoo chat.
Also trolled my non-programming friends who had computers by installing a personally developed backdoor that allowed me to open and close their cd-rom tray remotely. That was really fun.
In high school, almost all the IT work was done by the students who were trusted by the computer class teacher. That trust was often used to facilitate light-hearted mischief.
A colleague of mine developed and infected every student-accessible computer with a remote-access tool listening over a TCP socket. We'd mostly use it to open and close CD trays.
Another colleague was unsatisfied by how the TCP approach made the CD trays go off one-by-one if you tried the batch mode, so he wrote another remote-access tool, this time masquerading as a Windows service, and listening over UDP. Then he'd use UDP broadcast to simultaneously open and close CD trays everywhere in school.
Fun times.
Oh, and one of the first things they did to me when I was getting to know them was installing and hiding simple PHP script in my WWW folder on my account on school server. The script would basically evaluate its input param in backticks. That is, a minimal remote shell accessible in my public folder. AFAIR it took me couple of months to track down why some weird things were happening to my account from time to time.
Ad retargeting analytics would be one. The ability to track even anonymous users in an attempt to “nudge” users towards purchase behavior felt especially wrong. I didn’t work at Facebook but this was definitely a selling point for their hiring team. The tough part about this is that most of the internet is funded by this single business model. Collect data and behavior about users and non users.
I don't think that particular feature made it onto the record, but Garret's confession rings true because AT&T did have a lot of capacity problems for a few years after the iPhone launch, especially in New York and San Francisco. I can find a lot of articles from 2009 mentioning dropped calls.
In high school (2010-ish), I was on the student council so I had insider access of sorts to a lot of the inner workings of the school administration. One day, during a short meeting with them, the principal told us on the council that the IT department was installing wifi for personal device use. Since we had difficulties with getting school bonds passed by voters at the time, the wifi was supposed to enable us students to bring our laptops from home and use them in the classroom (since most classrooms only had 3-4 computers, with older schools only having 1-2 computers per classroom for staff use only). Naturally, we were all on board since it would enable us to finish our schoolwork without fighting over computer space.
Fast forward two months and I notice that the wifi seemingly hasn't been installed yet. I ask the principal and was told that it was supposed to be installed and working perfectly. So I did some digging on one of the school computers. This is where I found out how the school district's IT department submitted updates.
The IT department ran an old Novell Netware server for account login, Faronics Deep Freeze on the end user machines to protect against student abuse, and a Windows network share for unattended updates. Since the Windows Netware client cannot assign local Windows permissions (or it wasn't configured properly in my case), everything inside Windows was ran with admin privileges (you were logged into Netware but ran under a local admin user account in Windows). Since Deep Freeze reverted changes to the file system on reboot, the assumption was that the students could completely wreck the install all they wanted with a simple reboot being all that was needed to effectively reset the machines to the default configuration.
This strategy worked well, but there is a huge flaw. Because you had local admin rights, you had full access to whatever resources you wanted under Windows XP Professional (the OS of choice back then). This includes the ability to install software or games (we had some epic district-wide Halo CE LAN parties), see network information (MAC address, IP octet configuration, etc), and everything else you could do to a local computer. The only caveat is that whatever changes you made would be erased on reboot. I guess the assumption with this is that the average inner city high school student wouldn't have the technical expertise to know how to read this information, let alone access it. But, with me being gifted with tech skills at an early age, I could do some damage.
Back to the wifi story. I noticed in my digging that my Novell account credentials would let me into their update share. I was able to mount the share as a network drive and look through it. I saw everything from MS Office VLKs, the Faronics uninstaller, network diagrams, etc. I did have some ethics back then, so I didn't touch anything related to a license key. But I did find the wifi deployment timetable document.
It turns out that the IT department had already deployed the wifi to my school and was fully functional...for them only. They had made it as a hidden network only accessible to them for "maintenance purposes". (Keep in mind that most of the school and administration was under the impression that it was going to be for student use.) The timetable document also listed the wifi password for the hidden network. With that information and the MAC/IP pattern I swiped from one of the school machines, I was able to log onto the "maintenance" wifi with my own personal laptop. This made me the talk of the student body ironically, with even one of the assistant principals asking me for help because the IT department had stopped communicating with the administration regarding the rollout.
Anyways, I used my newfound wifi powers to do my work and prep for college. Never used any of the serials or anything, just wanted to stop fighting over computer use. Ended up keeping the timetable document on a thumb drive until graduation before sticking it in my desk for a few more years. When I moved to Seattle for work, I ended up tossing the drive into the ship canal under the Fremont Bridge. (If someone finds it, I'll buy them a beer.)
Anyways, that's my unethical story.
TL;DR: Hacked into a network share to get wifi access in high school because the IT department embezzled funds.
I used to work for a company that used a provision in the tax code - I can't remember if it was a California state or US tax break - for training their employees. They used to count meetings as training sessions and would make attendees sign attendance sheets to present that as "proof of training".
It's not really unethical but in that vein: I made a program on the TI83 that you could punch numbers into in order to get results on an electronics exam (this was in high school).
I made it for fun, not really to cheat or anything, but once other students found out about it they asked for copies of it. Within a day or two the whole class had a copy of this program.
I didn't understand operator precedence, nor did I bother to test the program. Everyone used it in the exam and the whole class flunked due to BODMAS shenanigans.
My first project was an 'X-Ray': for a fee user could upload a photo of person and see them naked. The website just applied a picture of naked body to the uploaded face. We collected all of the resulting pictures and displayed them in a slideshow on a TV in the office for laughs.
The big project was 'download anything'. We had an affiliate program where partners were driving traffic to us and received 70% of profit. All the traffic was coming with ?search=keyword URL parameter and our landing page looked like a file sharing website with search results for 'keyword'. It was 2012, downloading shit from file shares was a big thing these days. Depending on the USER_AGENT, the visitor downloaded keyword.exe or keywork.apk. On Windows, it was an 'installer' that asked user to send an SMS to premium number in order to 'activate the download'. On Android, it was an app that just sent the premium SMS by itself — easy money!
We had a lot of fun and profit doing that, and I left that job not because of guilt, but because I burned out. Only after I left I was able to look at it from a different perspective.
Our crappy ActiveX object was made for the windows xp era. When it started to glitch, my boss told me to 'just disable UAC' on our customers pcs (instead of fixing the issues). Did not do it and instead told him what to fix and fix some things myself...
Another one is installing basically trackware on the website, from an external party, that recorded certain input fields so it could mail you later when you didnt buy the product...
I lied to the C-levels at a previous company about how hard it would be to monitor and log the instant messaging traffic of everyone at the office. Everyone was using AIM and there was no encryption, so it would have been trivially easy (I verified this, which was scary).
I then lied and told the CFO and CEO that it would be prohibitively hard to do and they dropped it. :P
Very short backstory: I was very severely punished for breaking security on our pcs at school (utilizing interactive startup on windows 95 to not start the "fortress" process.)
For a final project presented which was ostensibly a limited auto-translation application, I made an application which just popped up an alert, "program unable to run due to security"
Upvoted you because me and a friend did exactly the same thing. The IT guy was really pissed about it, but we didn’t think it was such a big deal. Nothing came of it in the end but I think we were banned from the computer lab. Pretty backwards priorities on behalf of the teacher in retrospect.
Our school spent loads of money security their network with some Novel boot thingo. I bashed in some DOS interrupt keystrokes and was able to bypass it completely.
The whole class was playing networked DOOM about 10 minutes later.
I thought I was going to get suspended or expelled, but instead the teacher in charge of IT came to me and said "I know you did it, if you show me how you did it you wont get in trouble."
The look of disappointment on his face when he saw how easy it was... I'll never forget it. I wonder how much the school paid for that 'security' :)
> I was very severely punished for breaking security on our pcs at school
I wonder how common this is. I've seen it happen at my school - when you have a VNC server on every machine with a 3-character password (three guesses what that is...), the local admin password on every machine is school, and the domain admin password is a single dictionary word, bad things are going to happen.
While working at a services / consulting company, I've been privy to cases where we put our own interests over the client's, essentially getting them to pay us to screw them over.
I wrote a ton of IRC war bots and scripts back when I was a teenager including something called the "Sumo nick collider" and the textbox.irc script. The latter was a general client enhancement script but had tons of extensions for "war."
For you spring chickens "war" was exploiting the IRC protocol to take over channels, kill users, etc. The protocol was pretty vanilla back then and was vulnerable to a lot of those things. This was back in the 1990s.
This included inventing "DCC RAW" based "clonebot" code in the old Unix ircII client. I figured out you could just open a socket with the client so you could write a simple client script to create huge numbers of sock puppets. I'm not 100% sure but I think I was the first one to do this.
I learned a lot from that stuff but these days I wouldn't wreck a public volunteer chat network.
On the IRC bot note, I have a petty-unethical story of how I made an IRC bot that would pick up movie titles, search for them on IMDB and respond with a randomly chosen spoiler marked trivia bullet.
My most benign bot simply played back the subtitles of Robocop in realtime on a loop.
The one example I am willing to share is in high school economics class there was a stock market simulation. The person with the highest portfolio balance at the end of the year received a substantial amount of extra credit.
First of all, this was 1999, and the market (tech-stocks) were in peak ridiculous bubble mode. The hack was that the software used to simulate trades and track portfolios used delayed quotes. So, I simply used real-time quotes looked for gains in a short period and bought held for a bit, then sold. Essentially I had a time machine. I think at the end of year my account had over $500 million in it. The teacher knew I was "cheating" but still gave me the extra credit along with another student who didn't "cheat". An extra perk is the cutest girls in that class constantly asked me how I had so much in my portfolio.
I worked at a company that was acquired by Ticketmaster, and I have a change to talk to one of the executives in casual way. They are not as bad as the may seem, but the business model is definitely intriguing.
They go to a venue that hosts, say U2 for a concert. Say a U2 wants to sell a certain ticket for $100. Ticketmaster says: Look, If I get exclusive rights to sell your tickets, you will get not 95%, nor 100%, but you get 105% of the price of ticket, because I can charge whatever fees I want.
So when you complain about Ticketmaster's high fees, hate then just slightly less, and hate U2 a bit more because they are ripping you off by pretending that Ticketmaster is the only bad guy.
When I finished my studies I was sold as a trainer for Microsoft training
When I was assigned a course, I had about 2 days to a week to discover the technology and prepare the course. Often I didn't even know the name of the technology I was supposed to be an expert on.
When you looked at the official conditions of the training, you had to have 10 years of experience just to have the right to follow it, I was supposed to have passed diplomas to have the right to line up. I finally realized that my company had to produce fake degrees with a fake resume or I must have been 10 years older developpers.
It is obvious afterwards that employees, or even managers of training centers were in the scheme, there is indeed in my country a law that obliges companies to spend money in training every year.
The company was doing this scheme on a large scale, we were 40
The worst part was that most of my colleagues were younger trainees than me, only three or four of us were officially employed and had real diplomas, so we were sent to the most difficult cases.
The advice we received was to be aggressive with the students to prevent them from asking too many questions, to be impeccably dressed and to be "handsome".
It was not easy to teach to 15 years older
So that my classes were not too pathetic and to make a minimum illusion I often prepared my courses the day before until 5 o'clock in the morning.
The trainees who gave the training deemed easier were recruited on the line, preferably if they were foreign, they were sent to give a test training and if it went badly they were sent back on the spot without remuneration.
I don't know how or why, but I did about nine months of this before I left.
Not necessarily unethical but certainly annoying, reply all has an episode about the creation of the popup[https://www.gimletmedia.com/reply-all/3-i-didnt-mean-to-brea...]
From the show notes: “Twenty years ago, Ethan Zuckerman did something terrible on the internet. And he's still living with the consequences. “
Ran an illegal live streaming site for a few months. Had a lot of fun with it and used the experience to transition to a legitimate job in that space, but I probably cost some people some money, and for no other reason than "I could".
I also worked at a startup briefly that was run by a convicted con man. The business was legit but it was immediately clear he was using the same confidence techniques on everyone - clients, employees, etc. Not a good scene.
Implemented APIs for clients that were based on scraping data from other competitor sites that did not give permission, it's some kind of service hi-jacking. Similarly, implemented some clone sites that just rip off other people's work #zuckerberging Some bug bounties ask pentesters not to hit their production servers hard with automated tools... I've ignored this to find some bugs in production servers on occasion.
Scraping becomes unethical when it turns into a DOS, doesn't it? In some cases it wouldn't be an issue, but some scraping definitely makes the service less responsive.
Yep, this is the only thing which I agree with. When I scrape I always try to use as little resources as possible and make sure it’s appropriate for the size of the site I’m scraping (I wouldn’t care about sending 1k requests/second to Facebook, but wouldn’t send more than a dozen few per second to a little e-commerce store).
I used to help out at a bed company selling matresses in their WooCommerce store.
The owner was obsessed with „metadata“ and SEO.
He regularely told me I should copy and paste the meta title and descriptions into a Word document (ugh) so he could edit on them. When he was done I was supposed to put them back in, manually of course.
Now, normally I‘d tell a client that such a task could be easily automated. However he was a very shitty boss and I was getting paid hourly.
So I simply built a crawler that analyzed every site and pulled its metadata, put it in an Excel table (I convinced him it was easier for me to copy/paste) and sent it to him via email.
He then gave me the updated table, for which I simply wrote a script to execute some SQL queries to put them in.
This turned what what’s effectively 2 hours of work each time into 20-30 because of the number of pages.
One time I remember I forgot to update the metadata one of the pages. When he complained and I realized, I quickly ran the script and told him he‘d have to „refresh his cache“ or something.
He never noticed any of this.
Once I've developed a tool that replaced a couple of employees for a (client) company.
In another occasion, I was assigned to a project that I didn't find motivating at all, so my plan was to "slack off" and work on my own stuff as much as possible. The only question was how much did I have to work to make the management believe I was giving it my 100%. There was another member in the team, who was a great guy but an average dev, and I realized that I could easily make 2x more progress than him in the eyes of the managers and still have almost half of the day "free", so that is exactly what I did. Later I got a bonus for my "hard work".
But the one I regret the most is installing keyloggers on several computers in high school (msn era) and obtained passwords for most of my classmates. At least I was careful enough and didn't tell anyone at the time.
A few years back at my last job, I was approached by a senior guy on a product team asking me to game some tests so we could get our Windows certification.
I just kind of brushed him off at the time. I'm still sorry I didn't collect evidence and then report him. He was a real dirt bag.
When I was in highschool there was an online competition every week.
So one week there was this very hard problem. I didn't knew how to solve this but I figured out that there is one answer per 10 tests.
I bruteforced easy tests and send program with different answers std::cout<<30<<endl; ... So I send like 500 different programs. Then I just combined correct result with size of test ;p.
I use while true to figure size for every test ;p
I passed every test. Week later my solution was removed and I got very nice e-mail about what I did and how wrong It was to exploit platform.
I still managed to be in top 10 at then end of competition but It was mistake huge mistake
Ps. Competition was with very good prizes but still I am ashamed of myself for that.
Not unethical at all. They were paying X amount of money to get Y work done. You were providing that just fine (I’d say you were providing them even better value because you eliminated human error).
It’s not your fault if they would rather hire a human to do some automatable task.
I let a brash, know-it-all, developer shoot himself in the foot instead of pointing out that the things he was doing would lead to a catastrophic data loss.
I was pretty young so it's not something I would do today.
Not going to incriminate myself with any of my own stories, but a friend did work for a phishing take down company that was paid per site they removed. Of course the people who sign off on these things are never that technical, so the company was paid a non-trivial amount (say $1,000) for taking down each subdomain.
Think, contact.bankna.me, support.bankna.me, aus.bankna.me, customer-support.bankna.me, login.bankna.me etc etc.
They would often take down the subdomain and leave the parent name intact so they could keep cutting off the individual heads of hydra, if you will.
Sounds about right. I've only met a handful of devs in crypto. They were all in college or recently graduated individuals. I don't know if they were getting paid in cash or tokens, but it was hinted at that they were being paid, at least in part, under the table.
Most of the crypto workers I've met in the last six months have been mostly freshly minted MBAs or marketing people with tons of money to burn.
While working with a client as a contractor in US, I was told by him, that my Manager had promised to get PhD/MS with 5 to 10 years experience. I had 4 years experience after my after Bachelors from another country. The client appreciated my work and kept my contract as long as possible. In the three years that I worked, I saw 10 people come and go. It hurts me every time I think about it.
What hurts most is that it is still in a common practice in that company and industry.
I built campaign sites for the automotive industry. Always felt wrong. Was asked to pitch for a client in the petroleum industry and declined. That felt great.
I wrote (copy pasted / edited) a cheat for an online game that was in beta, when I was around 13. I released it (with no anti cheat protection), probably got a few thousand cheaters banned...
I then sold the cheat source code to a forum of cheaters, who integrated it into their own offering and paid me a small royalty. The source code was pretty much copy pasted from a guide with minimal changes to work on the correct memory addresses.
I worked on dating websites.
The codebase was awful but more importantly, 99.9% of female profiles were fake, poor guys were trying to get a date when in fact they were chatting with some other guy in Africa...
It was really depressing doing a job that wasn't adding any value to the world and being part of a parasite economy.
I had to this for financial reasons but left as soon as I could.
I had to migrate a site for a well know fitness personality many years ago and their database contained plaintext passwords and! Credit card information. Didn’t bother to really fight it at the time. More reason to never give your credit information out if you don’t have to.
Also helped build a site that tricked google into ranking us higher.
Took liberties with our interpretation of a third party TOS so that we could utilize a product. I surfaced this to leadership when I realized we were not in compliance, but we kept the outcome of what we needed from it, although we did cease to use the tool. I chose less career friction over fighting further.
I worked for a company, which had insiders at Google steal various data to improve their SEO. I don't know the details, but I think it may have involved some cute girls. I built systems to work with the stolen data to improve their SEO. They are one of the most popular websites on the internet.
Moral questions come up surprisingly often in product development. Especially for smaller companies looking to grow fast or things like how aggressive to get with opt-ins and other 'dark patterns'.
Online lending, for example, is a pretty tricky area. You have to subscribe to a pretty hardcore version of a capitalist moral philosophy to justify the %xxx percent interest those places charge. Especially as the 'ideal' customer isn't the one who pays you back, it's the desperate population who continually re-up their ridiculously expensive loans.
I still hear from a lot of the younger programmers there that feel like they're still working on revolutionary social tech. Aside from everything that has happened in recent years regarding Facebook, these people always cite the fact that Facebook has connected a lot of the world together in the social graph and that somehow outweighs all the negative consequences.
I was a graduate student living off a stipend and working for the university teaching math and CS courses. It wasn't enough money, especially with my wife's medical bills, so I got desperate and...taught for ITT Tech.
If you've never had the displeasure of being a student or teacher at ITT Tech, I'd describe it as a cross between community college and vocational school but where everyone is pretending it's a 4-year college. It felt like a place where dreams go to die, and no where did I see that more in the way they set me up to teach classes.
Now, first I should say I have a lot of sympathy for my students there. They were generally folks who honestly wanted to make better lives for themselves and got duped by ITT Tech into thinking it was a place where they could do that. Those students are now stuck with a lot of crappy debt they can't easily get out of and also didn't learn much, because as I learned from teaching there, the goal was not really to teach anyone anything.
I taught two classes: software engineering principles and Linux system administration. I had not special qualifications to teach either of those classes, but they needed someone to teach them, I had an MS in CS, and I had some idea of what to do. The SE class consisted of two students and we'd meet for 4 hours every Saturday for 3 months. We'd sit together and read the textbook, then do some problem sets out of the textbook ("how would you design this system or organize this work?"). Nothing truly objectionable, just the same shit the passes for "education" in most school. I think I gave both of the students As at the end of the semester.
The Linux system administration class was another story. I had three students, although one showed up maybe 3 times all semester, and they had all in theory already taken a class teaching them Linux/Unix basics, but as became immediately apparent none of them had actually used Linux before, just read about it in a book. So began our awful semester of them pretending to learn and me increasingly transitioning from teaching to pretending to teach.
They started out needing to install Linux on their laptops. This was around 2010, so not quite as easy as today but already very easy (the worst case scenario was you failed to get hardware acceleration for graphics or something like that, not non-functional input devices). Yet somehow every week for the first month we had to reinstall Linux. I don't know what was happening in the week between classes, but somehow Linux disappeared from their computers and we had to go through it all over again. This obviously put us way behind.
Once we got Linux running on their computers we started to try to do some basic system admin stuff (there was a syllabus telling me what stuff they should be able to do by the end). I don't think we ever really made it past creating users and installing packages (is installing packages even still sys admin work?). They constantly got stuck on basic things, forgetting how to `ls` and `cd`. By the end of the semester I think they still couldn't reliably `sudo` on the first try.
I knew this was bad and had been talking to my supervisor about it, but he kept telling me it was fine just do my best and work with them where they were. When the end of the semester came I didn't know what to do about grades because they had tried but were just unprepared for the class. At university I would have failed them, but ITT Tech insisted I give them Cs. I was pretty unhappy about that whole situation but what could we do.
When they offered me classes for the next semester I declined. I didn't want to be part of a system that was all about pretending to teach people things while also charging them a bunch of money. But for one terrible semester I was complicit to a system of exploiting desperate folks (some of my students had been in prison and were trying to get their lives back together and giving up a lot to pay for classes to be there).
While I haven't done anything nefarious other than putting a few tracking/analytics frameworks into our product, I have heard a few stories from my colleagues...
E.g. at a contractor company, a client wanted to lease 5 developers for a project. We didn't have enough free developers, so they assigned a single guy to the project, who was making commits from 5 different accounts. The client was paying for 5 devs of course.
There was also a client who was building slot machines, and we wrote the software for it. We ran experiments to figure out the best way to rip off gambling addicts.
The first company I worked for took EU innovation grants and when the deadline came, they simply copied their existing product, replaced the logo and showcased it as something they used the grant for.
Personally I don’t think scamming people who intend to buy stolen electronics is particularly unethical anyways. It’s sort of like...profitable vigilante justice.
Unless the electronics were branded as stolen I wouldn’t immediately assume malicious intent from the buyers.
People might have all kinds of reasons buying those electronics anonymously - maybe there are no other channels to get them from (oppressive government restricting features like VoIP in iPhones, etc) in which case the “dark” web is the most logical place to go to get a clean device.
They weren’t branded as such but the store(s) only existing on the deep web plus the incredibly low pricing made it obvious that these couldn’t have been obtained legitimately, if they were really selling anything at all and not just scamming people out of BTC. I highly doubt anyone capable of finding and using these sites could actually be dumb enough to believe it was anything other than stolen electronics (or a scam).
The stolen or the oppressing government are not good arguments. It doesn't allow either party to buy or sell.
We had the case of an ex student who opened a company selling electronics and mechanical parts. Some shipments were stopped at the border by the local equivalent of the NSA and the company received a visit shortly afterwards. Turns out that some stuff can be used to manufacture military equipment.
That day, we learned that they take it pretty seriously and the onus is on you to prove that it's legit and going to a legitimate party.
I don't really get how this relates to my point? All I was saying is that buying on the "dark web" is not always synonymous with bad intentions. I did not say it legally (I assume that's what you meant) allowed parties to trade, although I will say that it does physically allow parties to trade, as "dark" markets have been thriving for years now.
I meant to illustrate that dealing in physical goods is well defined and regulated, any trouble will have no regards for intentions or what is physically possible.
Would it then be 'ethical', to sell heroine on the dark web, and not deliver it? So you're essentially helping a drug addict get 'off' the drug? I'm surprised government agencies don't do something like that... Why try and 'catch' people, when they could flood the market with bogus/fake ads and just take people's money making the entire market not worth 2 cents?
After an agent had been terminated, their punishment points would decay over time until such a time they reached zero (or another configurable threshold depending on how desperate the company was for warm bodies), at which time they would be sent an e-mail to their personal e-mail (which was collected during the application process), inviting them to “re-apply”. Being an early telephony company we also would send them a robo-call with the “good news”. This process was known as a “life-cycle” and it was common in certain labor markets for employees to have many such lifecycles. Another way employees could stave off automated termination was to work for unpaid overtime, which offered to reduce their point values per unit of overtime worked. Everything was tracked to second granularity thanks to deep integration with phone switches and the adoption of the open source Asterisk CTI.
This orwellian automation terrorized the poor employees who worked there for years, long after I left, before it was finally shut down by court order. I had designed it as a plug-in architecture and when it was shut down there were many additional features, orders, and punishment_types.