Hacker News new | past | comments | ask | show | jobs | submit login
[flagged] EFF is at a public hacking conference, publicly shaming individuals (twitter.com)
28 points by DyslexicAtheist 14 days ago | hide | past | web | favorite | 23 comments

Late last year, the EFF sent out a mailer to its donors, myself among them, grossly misconstruing H.R.1695 - Register of Copyrights Selection and Accountability Act of 2017. Worse, the mailer contained obvious lies and FUD, among other things saying that it would undermine the authority of the Library of Congress.

I sent a kindly worded mailer back to the EFF stating my long-standing support and how I was concerned about their chosen tactic and abuse of the facts. I made it clear that my donation and public support was at stake. They blew me off and I haven't given them money since.

Every time they send me something asking for money, I send a kindly worded email back summarizing the situation, which they also do not respond to, but still ask me for money.

Anyway, I guess what I'm trying to say here is that I'm not surprised.

The Register of Copyrights is currently appointed by the Librarian of Congress. Should H.R.1695 become law, the Register of Copyrights would no longer be appointed by the Librarian of Congress, who is the head of Library of Congress.

This does undermine the current authority of the Library of Congress.

EDIT: Adding reference to H.R.1695 which passed the House, but stalled in Senate.


The Register of Copyrights becomes a presidential appointee. A president also has the authority to remove the librarian of congress (and this has happened before), so no, not really. This bill has overwhelming bipartisan support.


The house judiciary clarified this point saying how it removes presidential authority to replace the librarian of congress at whim.

So a quick skim of that thread isn't giving me the really important detail here: Was it stated that he developed the piece of software that ended up being problematic (even if he did later realize that it was a bad idea), or was he called a terrible person for developing the software? "Shaming" implies a value judgment that might well be there, but I'd like to know that that's exactly what's happening before I draw any conclusions.

For this case I think it is important to understand the environment and context surrounding the software, and what makes it different from other security tools such as metasploit. The author had a presence on several forums where he posted updates and I guess provided people with support. These forums catered mainly to the "bad guys", and the author was posting updates and providing support on the same forum where banking trojans, and stolen information was sold. While writing malware might be protected by free in France, the author was probably walking on a thin line with his choice of communication channels.

Metasploit targets security researchers over channels where there is no overtly illegal activity, and would likely refuse to support people if it is obvious that it is being used for something illegal.

I've seen this talk, the person in question wrote stalkerware and acknowledged it would be used for abusing women. The title is misleading, the EFF isn't "publicly shaming individuals", they're talking about one case where someone wrote highly unethical software.

He wrote a R.A.T. There are lots of R.A.T.s out there and this is nothing out of the ordinary. It's a common research project. People decided to take issue with the fact that it has a webcam capture feature, like any other modern RAT, and blew it way out of proportion.

His software isn't targeting stalking women. You can use Facebook to abuse women too if you want.

I remember that the EFF used to defend programmers freedom against the government's arguments that hacking tools / exploits could be misused and should be regulated. What happened? This seems like a total reversal of position.

edit: according to this thread, the EFF is indeed full of shit. Sad. https://twitter.com/pwnsdx/status/1192459212611342336

EFF threw grugq and every exploit developer under the bus way back in 2011 or 2012 when they literally made up a quote attributed to grugq where they claimed he said "the only reason I don't sell exploits to the Middle East is that they don't pay enough".

He had to clarify his position stating which governments he sold exploits to and why (basically only Five Eyes).

TBH, the infosec industry is full of (vipers) people posturing, trying to protect their secret knowledge and exert control over who has what capabilities (just like traditional government spies do). The author's mistake was open sourcing his RAT and putting it on GitHub.

> and acknowledged it would be used for abusing women

There is a tweet a few down in the linked thread of the author asking where he said that with no response.

Actually there is a response.

  Yes Sr's. In "Hack me if you can" "Hackeame si puedes"
  Documentary @DarkCoderSc says that he think Darkcomet can
  used for script kiddies (hackers) for spy friends and
  GIRLFRIENDS for fun and not for cyberwarfare or spy.

* formatting the quote correctly

What did he say in that documentary?

He asked "where did you saw / heard me saying “I knew DarkComet would be used for spying on girlfriends and that’s fine”?"

Does he say "an that's fine" (or equivalent) in the documentary? Or just aknowledge that it's possible?

The person who made the tweet claiming the author said that (and is also on stage) that he is asking for clarification on is the EFF's Director of Cybersecurity herself too.

Here you go: https://twitter.com/evacide/status/1192489533071384579?s=20

I haven't watched the linked video but that's the answer to the question.

> [...] they're talking about one case where someone wrote highly unethical software.

It is worse. Oxygen, a chemical substance, is used by highly immoral human beings, such as Kim Jong-un, to breathe, and continue living and causing havoc on the oppressed North Koreans. These immoral human beings are also eating and drinking. Cars are used to kill people as well. iFixit toolsets could also be used for this purpose. CPUs and other hardware are being used to exploit Chinese citizens via GFW and cameras. Meanwhile, evil girlfriends can abuse RATs to spy on their boyfriends as well.

Instead of these ridiculous narratives we need to look at

1) The main purpose of a tool.

2) The relative abuse of the tool, or collateral damage, and the impact of such abuse and damage.

Which is why the above examples, and OpenSSH Server as well, are each bad examples.

It is a lot more difficult, to be nuanced. I'd like to learn more about the exact software, and where it was advertised back in the days (2012 apparently). Was it legitimately used?

could, not would. Knifes can be used to stab people, cars to run them over, large glass bottle can bludgeon. Are they also "highly unethical" objects?

Actually I have been using as a drop in replacement of RDP back in the days and it was pretty decent, bad people will misuse all kind of tools but especially the ones that facilitate their crimes (see also Tor)

That’s crap. I have a set of knives in my kitchen that can be used to abuse women.

Oh wait, they can be used to abuse anyone.

Oh wait, everyone has a set of knives.

So, I'm getting a sense that we're in the throes of an interesting revival of some long overdue reaction against software.

I'm torn in many ways; I don't believe constraining what people can build in their own time or for personal use is just, or grounds for moral censure as long as the process of doing so causes no substantial harm.

What I have issue with is applications of a tool with intent to harm. I can get behind some censure if the guy is providing support for users one can reasonably suspect of employing the tool to cause harm, like the Syria use case.

I don't buy that his production of a R.A.T. fundamentally makes him a horrible person just because he made it. Then again, I'm also in a way excusing the people who made industrial scale production of poison gas possible; but, as of late, I'm learning more and more that truly standing up for one's ideals, and everyone else's freedoms/Liberty often makes for rather uncomfortable bed mates.

So I guess in the end, I'm willing to accept that no matter what is made, there are people who will find ways to use something to cause harm; demonizing the maker as if that will "unmake" what you disagree with only serves to chain the development of humankind in very real ways. Sometimes, we have to face horrible things to develop the cultural mores to cope with a world in which a thing is possible.

So in conclusion, I suppose I'm throwing up my hands and saying it'll be what it's going to be, and there but for the Grace of God go I.

What is the context?

I'm still going to donate every month. I wish everyone would.

They do important work, and they're human.

ha ha I got downvoted. whatever guys. I guess charitable giving is dumb and I should stop.

"because charitable giving is dumb" is one of many possible reasons you were downvoted, but not the most likely.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact