Hacker News new | past | comments | ask | show | jobs | submit login

Actually, whether or not I broke any laws (in the US) is not clear. I deliberately did not look at anything in their account while I was in it, so privacy was not actually compromised.

The folks I recognized on my way out were people with large profile pictures of their faces. In general, this wasn't the case. I'd have had to do a lot more rifling through accounts to be able to identify someone face-to-face, and would have risked someone having a bad reaction.

So, unlike all the people who have used Firesheep in public to look at peoples' accounts and then not told anyone about it, I notified the users and then told the public about what happened. You're saying that's bad?




"I deliberately did not look at anything in their account while I was in it, so privacy was not actually compromised."

From your blog: "I opened up his Amazon homepage, identified something he had recently looked at"


That was the single exception, and I agree that that was in a murky area.


Ah, wow. This could not be further from the truth. This wasn't a "murky area." Its a big fat red zone.

Let's look at the Florida statute:

815.06 - Offenses against computer users. -

(1)Whoever willfully, knowingly, and without authorization:

(a)Accesses or causes to be accessed any computer, computer system, or computer network;... commits an offense against computer users.

(2)(a)Except as provided in paragraphs (b) and (c), whoever violates subsection (1) commits a felony of the third degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084.

So you committed a felony punishable by up to five years in prison, informed the victims, and documented your crime in explicit detail on your blog. That's a tad more dangerous than using unsecured cookies.


Just because something is unethical, doesn't mean it is also illegal.

The reverse obviously is also true, and arguably applies in this situation. (I'm not arguing that it does, but but the OP is).

Ethics are subject to opinion, one man's gray area is another mans A-Ok, and another's "big fat red zone".


Clearly I meant that it was a murky area morally.

Also I don't live in Florida.

I also never said that I thought I was protected from prosecution, so I don't know why you're so eager to prove that I am.


You've probably admitted to and documented multiple counts of Computer Trespass, knowingly using a computer service without authorization and knowingly gaining access to computer material. It's a Class E felony.

156.10 Computer trespass.

A person is guilty of computer trespass when he knowingly uses or causes to be used a computer or computer service without authorization and:

1. he does so with an intent to commit or attempt to commit or further the commission of any felony; or

2. he thereby knowingly gains access to computer material.

Computer trespass is a class E felony.

http://ypdcrime.com/penal.law/article156.htm#156.10


You say "That was the single exception".

You also wrote '[I] then sent him a "no, seriously" message on Facebook from his account including the fun fact about his music choices.'

Viewing a person's music choices and sending them a message about them is a total violation of privacy. Or do you just attribute that to being another exception?


I think he's saying that using Firesheep at all is bad.

Just because it's easy doesn't mean it's ethical.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: