Hacker News new | past | comments | ask | show | jobs | submit login
People Staring at Computers (kylemcdonald.net)
743 points by BayAreaEscapee 77 days ago | hide | past | favorite | 337 comments

> In the end, if Apple hadn't so vehemently condemned the piece, it would have been resigned to live as just another quick F.A.T. Lab project, and part of my ongoing curiosity exploring computer-mediated interaction. But because they had the project taken offline, and my computer confiscated, Apple managed to give it more attention than I could have ever attracted. The reporters using headlines with "artist" in scare quotes got the media artists mad. The censorship and search warrant got the freedom of speech people mad. The feeling of privacy invasion, or just the awareness of surveillance, took care of everyone else. Apple created an amazing discussion I never could have planned.

Sounds about right

This phrasing of „vehemently condemned“ is a bit odd.

It seems apple only asked the pictures be taken down. Even in the author’s own admission, they could have given him much more trouble. It seems reasonable for Apple not to give their blessing to this sort of project, both to „protect“ their customers and discourage the installation of what looks like malware on a bunch of their computers.

I guess Apple also reported the artist to the secret service, but given that he installed what appeared to be Malware on a bunch of computers, it’s not an entirely unreasonable response.

The artist probably knew that if he’d been straightforward with Apple about the project he wanted to do and asked for permission for it, rather than vaguely asking whether he can take some pictures/video, he wouldn’t have gotten permission.

In the end it seems like it mostly worked out. The artist got to do the project, and only got a little trouble for operating what many would consider a legal grey zone, and he got a buch of discussion and exposure from it.

>It seems apple only asked the pictures be taken down.

Sending law enforcement to confiscate their belongings seems pretty in line with "vehemently condemned". Personally I don't think his art project was entirely ethically in the clear so to speak, but this seems like nitpicky semantics considering they sent him a legal nastygram that referenced a criminal investigation that they themselves initiated.

>"Those violations of the CFAA give rise to a civil cause of action by Apple, and the display of the images and video is causing ongoing harm to Apple. There is also a criminal investigation related to those violations of the CFAA. Furthermore, the images and video may violate the privacy/publicity rights of the individuals pictured therein, including but not limited to Apple employees."

This reminds me of a random, but chilling, scene in "Minority Report". The protagonist confronts a man he thinks is responsible for killing his child.

The man decides to reassure the protagonist by explaining how kind he was to the child, and made sure the child didn't suffer when he killed him. He's presenting it as though this is a legitimate defense for such an obvious violation. The part that sticks with me is the man's seeming sincerity in believing he's making a case for himself, "yeah I did this horrible thing, but I did it in the nicest way possible so it's really kinda big of me if you think about it"

This post fills me with the same chills. The author's utter lack of culpability for such a viscerally gross violation and strange attempts to spin it as though he's kind of a good person for doing it in a slightly less terrible way than he could have otherwise done it...

To be clear, he didn't go out and do a security research project with ethical standards in place. He made it clear how laughable he considers the concept of 'consent' (an ethical way to do this might've been to take people's pictures, then ask them if they were OK with sharing it right after. He doesn't consider such a process at all)

Instead, he thought of an amoral and illegal way for him to use people without their consent, for his own pleasure, curiosity, and amusement and decided to call it 'art'. There are more horrible ways he could have done the above, sure. But that argument to me sounds as hollow as the "but he didn't suffer" argument from the movie.

Him expressing his own sense of magnanimousness and ironic sense of victimhood at the end of it... it really is a scary glimpse into the mind of such people.

It's sad because it's very easy to misconstrue this as a "security researcher gets feds sent on him by apple" story, and I think lots of people are basically trying to frame it that way, but it's not that at all. To me, it's clearly "jackass doesn't understand consent, apple calls the feds, still a jackass, still doesn't understand".

[Note: yes I know the character in the movie is revealed as a bluff shortly after, the scene sticks with me because of the character's apparent sincerity at the moment]

[Additional Note: yes I know many of these companies also don't respect consent. Them not respecting it is not an excuse for everyone to behave the same way.]

> such a viscerally gross violation

How did you reach this conclusion? Because your entire response hinges on this being true.

I highly doubt it is a "violation" in the first place, and certainly not a "gross violation", the courts decided that it was not, as you call it "an amoral and illegal way for him to use people without their consent" (well, maybe amoral, as courts have nothing to say about that).

I'll assume you're asking this genuinely.

For the 'legal' part... you're generally not allowed to install whatever arbitrary software you want on other people's machines without some sort of consent, even in an Apple store. I'm not sure how much more elaboration this needs.

For the 'moral' part... he's taking a small intimate chunk of a person's life without their knowledge or consent and putting it in a picture frame because he finds it interesting and enjoyable. The reason he gives for this is "art". There's not even slight consideration of the people involved other than he considers that intimate chunk of their life and likeness to be his personal medium for "art", the same way clay or watercolors might be to a less terrifying person. Again, there are far worse ways he could create 'art' via nonconsensual intimacy, but my point is that it's fundamentally amoral to use people in that way in the first place.

What's interesting about this is that in this community we read about security researchers that do illegal (but generally not unethical) things, and about large companies that do unethical (but arguably not illegal) things. This guy does the worst of both and somehow people seem to be on his side.

Regarding the "legal" part, having looked into this quite deeply, I believe I was legally in the clear. Both in terms of of publishing the photographs and in terms of installing the app. Keep in mind this was 2011. To install the app today would require circumventing access control policies, but not at the time. If you do have additional elaboration on why you think it was illegal, I would be happy to learn more! Thanks.

It didn’t get to court, so this is not necessarily legal. Also GP is talking from an ethical perspective, and while I hadn’t thought too much about it on my first read, I do agree that the experiment is highly unethical.

It is, he never asks people for there consent. Even apple does that (although in a never read privacy policy) but they do

There are cameras on every street corner. At ATMs. In every store. On public transportation. I never consented to any of this. Art projects that confront people with the reality that they're being recorded and watched are vital to remind people that privacy still matters, and that we should struggle to regain some of the privacy expectations we've lost.

Those cameras don't publish their recordings to the Internet, so your analogy is flawed. You can argue that such cameras are also violations of privacy, of course, but there's a big difference between recording and broadcasting — no matter if the intent of the broadcasting is good.

Yes, there's a big difference. In one case it's an art stunt to draw people's attention to a social question, and in the other case maybe security employees are leering at customers through cameras for their own perverse enjoyment, but who knows because there is zero transparency or accountability.

Art projects still have ethics to them. He could’ve put a singular art installation somewhere for people to use and have their photo taken while they browse a specific art installation.

Violating people’s privacy in order to remind them their privacy is important sounds like the sort of “I’m harming you for your own good” that abusers use.

OP here. Just to clarify, this piece was not primarily designed for the Apple Store audience. I felt that it was important to exhibit the photos in the store, but I knew that the majority of the folks who heard about it would see it online. In the exhibition at the store, people first saw a photo of themselves, with no knowledge that they were posted to the internet. Online, people saw photos of folks in the store. If you have spent time in a big city like NYC, you might recognize the feelings of anonymity and privacy-in-public that I was drawing on. There are certainly "I'm harming you for your own good" style art installations I've made. For example, I had a piece called "Wifi Whisperer" around 2016 that sniffed all the open wifi traffic in a cafe, and a little speaker in the corner would describe what it sniffed. https://soundcloud.com/kyle-mcdonald/whisper I still think there is a place for non-consensual art to surprise and inform, especially in the physical context of an art exhibition or festival. But I also feel this work tends towards provoking fear and anger over any more helpful reactions. And there's the constant danger that in the process of crossing a boundary of consent, or in breaking a social contract that you might do real, even irreversible harm. So instead with projects like https://facework.app/ I find ways to critique face classification, but in a way that everything happens in-browser. Sometimes it's possible to have the feeling of boundary crossing without the dangers.

Everybody who enters an Apple store is already being recorded by hidden video cameras without their consent. Loss prevention. Unless you think being photographed in addition to being unknowingly video recorded is a grave privacy violation, I don't get your point.

Those security cameras aren’t hidden and always have a sign somewhere in the store noting their presence. The difference is security cameras announce their presence by being visible and obvious. Installing spyware on an Apple Store laptop to capture people’s images and upload them for your own amusement is not obvious, was never announced and most people would find gross and abusive. At the very least the security cameras come with liability if abused and cause harm to the customer.

> Those security cameras aren’t hidden and always have a sign somewhere in the store noting their presence.

My understanding is that this is not a legal requirement and is rather something stores do solely to scare away potential burglars.

Apple don’t post video montages of their security footage online and ask people to look at the faces of the shoppers and see if they can read some meaning into the lack of emotion on their faces.

When you enter an Apple store you are trusting Apple implicitly with your safety and security during your visit. That they might take security video as part of that is a reasonable component of that trust relationship. Being forced to participate as a model in an art exhibit by a random third party with no relationship to Apple violates that trust. It’s no wonder Apple would have a concern.

It’s not remotely comparable to security surveillance, and the artist doesn’t even seem particularly to be trying to draw that comparison, so I’m not sure why people are seeing this as about ‘always being on camera’.

Because that's the point. The art is about telling people that they are being recorded. Just that apple won't brodcast there faces doesn't mean no one will see them. Or they are not being recorded

That wasn’t how I read the article. The artist seems fascinated by the way people look emotionless when interacting with computers, not with drawing attention to surveillance mechanisms. He wanted to create a moment of connection between the people in the store and commented mainly on how people ignored one another and kept looking at the computer. I really don’t know where people get the idea the artist’s intent was particularly focused on corporate surveillance.

Of course, death of the artist and all that - if people read it as a piece about surveillance capitalism then that’s what the art is about regardless of what the artist thinks it’s about.

> Unless you think being photographed in addition

Author also emphasises that visitors are making photographs of the shop, and other visitors in that shop. Without consent.

I'm trying to understand where the line lies. As I don't see it, but gauging by the heated reactions in the threads here, many apparently see a clear and obvious line.

The difference is you know those cameras are there and that they’re recording. It’s their single purpose for public safety. You don’t expect the laptop at Apple to be uploading your image to some sick weirdos “art project”.

Parent didn't mean violation of the law, they meant personal violation.

This ^. I am fine with the art. as long as either he asks permision saying that's tge same thing apple is dooing or if not blurring the faces of people when he goes to exbit them later.

OP here. Thanks for taking the time to share the (scary) connection you made while reading. While this story has been picked up by security folks, I am definitely not a security researcher :) This project did help me to think more explicitly about security, founding a NYC-based group called "artsec" where security researchers and media artists worked together. One of the members was Samy Kamkar, who you may know for the infamous "Samy is my hero" MySpace worm. His case, also investigated by the USSS, actually went to court and ended with a 3-year ban from touching a computer. This is just to say that the relationship between "art" and "research" (and even "pranks") is not always clear. I understood (and still believe) what I did was legal. It is also undeniably art. I set out to make it as art, and it has been exhibited and written about as art. You can call it bad art, you can say it's similar to a prank, but unfortunately it's still art. Whether it was ethical or not is a much more complicated question, and something that we each have to decide for ourselves. I appreciate hearing your side. Thanks.

As a privacy enthusiast, I am very mildly (because I was not directly affected) annoyed that you undertook this project. I see your post discussing it as tacitly attempting to move the overton window in a direction you want it to go.

> Whether it was ethical or not is a much more complicated question, and something that we each have to decide for ourselves.

(from the article:)

> What was probably 10 minutes felt like 30.

I don't know if it "felt like 30" because the task felt boring or because you were concerned about being caught, but if it's the latter then I think you know that it was at _least_ on the far side of "ethical".

> I understood (and still believe) what I did was legal.

(from the article:)

> After the one-minute-exhibition ended, we made a staggered exit from the store

Also doesn't seem like you really thought it was totally legal if you left the store that way.

Most people in this thread are addressing the legality/morality of installing an app on all those computers in the Apple Stores, but what about the unauthorized use of all those people's likenesses? I'm not familiar with New York state law, but in a lot of states, you can't use photos of people commercially without their consent.

You make a living from art projects. Maybe you didn't make any money from this art project, so you didn't directly profit from the use of these photos, but I would think a reasonable person would see your online portfolio as an advertisement or promotion of your services.

In the original article you talk about how it should have been alright to take the photos:

> I tried to think of a busy public space full of computers, and the Apple Store seemed so obvious.

Apple Stores are quite clearly not "public space", they are private spaces that they allow most members of the public access to. If the photos were taken with a telephoto lens through the glass walls, they'd be totally in the clear (though IANAL). Still creepy, but legally in the clear.

> Apple Stores are quite clearly not "public space", they are private spaces that they allow most members of the public access to.

The definition of "public" vs "private" in the context of property is fairly distinct from the one used in the context of privacy law. Obviously an Apple store is a privately-owned property, but in terms of privacy law it's very overtly public - you are allowed to take photos there, and people inside an Apple store would not (or at least, should not) believe that they are "in private".

In short, private property (like retail stores) "generally open to the public" allows photography by default, and you're good to go unless there's a "No photos" sign put up by the proprieter.

> If the photos were taken with a telephoto lens through the glass walls, they'd be totally in the clear (though IANAL).

For the sake of discussion on this point, let's pretend that the Apple store is unambiguously private in all senses, like your residence would be.

I believe that in the relevant jurisdiction taking photos of it would be legal under the conditions that:

(a) the photo was taken from somewhere public

(b) the owners/occupants of the building made no attempt to prevent it

(c) the photo is not of a "sensitive" location (bedroom, bathroom, changing room, etcetera)

(d) the photo does not contain genitalia (this is illegal to do without consent, even in completely public scenarios)

(e) the photo was taken with ordinary photographic equipment (so no zooming in from 10km away)

So obviously the first four are no problem at all, but a telephoto lens specifically might get you in trouble on point (e). Not too relevant to the Apple store, but it's an interesting point of discussion.

Thanks for spending time thinking through some of this :)

I think it "felt like 30" because I was nervous. Not because I thought it was illegal or unethical, but because I was breaking social norms. I see this as different from acting "unethically", and closer to what Erving Goffman would call a "breaching experiment".

I definitely did not want to raise any flags in the store itself, hence the staggered exit and furtive behavior. Again, not because I thought it was illegal or unethical, but because there was a certain way I wanted to see everything play out. If I got kicked out before I had a chance to exhibit the work, it would have made for a distractingly complicated story. I think this point is difficult for some folks who can only see this as a prank or security research, and don't understand how artists think and work and craft stories.

Regarding the question of what constitutes "public space" and legality of of using peoples likenesses for profit, there are some other great responses in this thread which explain the details (like the one here by sellyme). It's interesting for me to hear how most folks on HN assume that photography in the US operates more like the EU.

I want to respond to you here because I think you've captured my point quite well in two ways, though maybe unintentionally. I really hope this gives you some personal insight somehow.

(Part I)

> I understood (and still believe) what I did was legal.

As you mentioned before, this work produced anger and fear, but you believe it was legal. I take that to mean that people in general understand what you did was wrong (morally) but the snapshot of the legal code at the time hadn't caught up with this intuition yet (as far as you know).

From a practical standpoint, I get why this is important to you. I don't have much to add on the legal side because I'm not a lawyer and I think it's focusing on a detail that glosses over the big picture of your actions. I feel like you're fixating on it for that exact purpose, though.

"I thought of violating rights in a way legislators hadn't even dreamed up yet! Violated tons of people's rights along the way, but the important thing is that I found a spot where those legislators forgot to dot the i's and cross the t's. That's what we should focus on". I wholeheartedly disagree. I think the focus is, and should remain, the people involved.

Whether you found a loophole or not is, in my mind, such a distant inconsequential second to the primary focus of your actions and their effects. You doing them in a possibly legally creative way is focusing on the wrong thing.

(Part II) > It is also undeniably art.

I assume this is based on me using "art" in quotes in another response, and you misunderstanding why I used the quotes.

So, imagine someone was punching people and the reason they gave was "boredom". I would use quotes there too, not because I doubt whether or not they were experiencing boredom, but because the word is being used as though it were a sufficient explanation of their actions. While it might be part of the explanation, it glosses over the most salient part of their action: the punching people bit. They also had a desire to punch people, and that desire is not encapsulated in the standard definition of "boredom", but they're using it as though it were in a way to gloss over it, even though it's the most important part of the whole thing. I think it's a sneaky trick to deny personal culpability so I'm putting the word in quotes.

Similarly, your use of "art" feels the same. Whether the end result had any artistic merit is beyond the scope of my comments. I'm saying that "art" as a motivation glosses over the most salient part of your actions: your desire to take something private irrespective of others desires to give that. The standard definition of 'art' doesn't adequately encapsulate that desire: I wouldn't say the most salient aspect of artists is that they behave in this manner. I think it's similarly a sneaky way to try and deny personal culpability by masking the most salient feature behind a more accepted term. But, to be crystal clear, what you did was take moments of people's lives they might not have wanted you to have and turned it into a spectacle for yourself... whether this resulted in art or salad is such a wildly distant second consideration it's practically immaterial (as far as me and others with similar reactions are concerned), let alone whether or not the resulting art or salad is legitimate... it's why your words echo the character in the movie saying "I was gentle".

For what it's worth though, I think it's nice to see you do sort of care on some level how your actions impact others, gives me a little bit of hope.

You're comparing a guy who took pictures of people in an Apple store to a child murderer? I have difficulty with this analogy.

I agree with that assessment.

To my mind, the act of capturing faces in and off itself isn't even the reason why he was investigated. Consent from members of the public is an entirely separate discussion.

This boils entirely down to him not having formal consent from Apple. He simply walked into the store and quite literally installed a small application on each Macbook without Apple's consent.

> I remember being a bit nervous on the first visit.

> Not because I thought I was doing anything wrong, or because I was worried about getting "caught". It was more like stage fright. It was a performance, and there was no telling what would happen next. I had made preparations, and I was excited to see the results.

> I walked into the store and pulled out my sketchbook. I made a map of the store, including all the tables, and counted how many computers were at each table. Each store has something like 50 machines. More than half were in use. I went to the first open computer and typed in a short URL to download the app. I looked around to double check that there were no terms of service I was missing. If there were, and if it said anything about "installing applications", I would have had to go back home and write an HTML5 or Flash version.

> The app was maybe two megabytes, and took 15 seconds to download. Sometimes I would open another tab and load Flickr or Open Processing so I had an excuse if someone asked why I was comparing every single computer. In the process, I learned there are in fact some minor differences between Java on the different machines.

> What was probably 10 minutes felt like 30. I looked at my sketchbook to make sure all the open computers were checked off, and decided that was enough. Hundreds of photos had already started pouring in. Before leaving, I sat on a bench for a few minutes to watch people. Thinking about their posture, their gestures, their expressions. Months later a friend would tell me, "those faces are synonymous with the faces we have when we are alone". We all really looked the same. I checked the upload page from my iPod to confirm that everything was running, and left the store.

Moreover, at some point, one of those devices was being serviced by a technician. His application took pictures at that time.


All of that in and of itself would have been enough to be considered "crossing red lines and boundaries". It's staggering how he believed that taking pictures of persons was the bigger legal liability he was exposing himself to.

If anything, if he'd understood the importance of obtaining consent for using a publicly available terminal, the better option would have been taking his project to a public institution - public library, university, town hall,... - and have the application installed having up front legal consent and support from the collaborating institution.

> He simply walked into the store and quite literally installed a small application on each Macbook without Apple's consent.

People install free software on computers in Apple Stores all the time though, don't they? It's part of testing out the computers, and expected by Apple. As mentioned in the story, Apple resets the computers each night.

My guess would be this is part of why they decided they didn't have a legal case against him. But it's just a guess.

The interesting aspect of it is that the only reason you and me discuss it is because of Apple's (natural) reaction to a camera backdoor install in their public computers.

We're not exactly caring about the artistic value of it, but the author might get positive returns on this project (fame, money, inspiration) only because it's a little bit wrong (maybe a little bit legal still).

If the core artistic value was of concern, which is to show people what they look like while talking on a computer, which the author confessed was fine with consent since he himself noticed it while he knew he was filming himself, then we d probably brush it of "yeah right sure, like when we read" and basta.

It's like the surrounding story is of more interest than the art piece and I think that's where the author should dig next time: he should find something that both strike by its artistic value while being made in interesting circumstances, to reach optimal value for us and him and lasting fame !

I think it says a lot also about the state of art these days where the work tends to be secondary to the circumstances because it's easier to generate quick loudness while hard to generate a long lasting hum like the ancients could with technique. But it's an impressive attempt nonetheless ! I think he's on to something with using software techniques.

> People install free software on computers in Apple Stores all the time though, don't they? It's part of testing out the computers

But he wasn't testing out the computers, which was what they were intended for and he knew that. That's why it was abusive of him.

I bet, especially back in 2011 (only 29% of US population with smart phone), people often went and used their computers for free for short personal tasks too, say checking email.

Is that obviously abusive (and specifically criminal?) too? Maybe not?

So it depends on what you are installing software for. I thin it's not just a question of "simply walking into the store and quite literally installing a small application" being obviously illegal and/or abusive. That's all I'm saying, it's not so clearcut that simply becuase he installed software means it's "abusive" (let alone criminal).

Hi, if you have any reference on why I needed consent to install an app in the Apple Store, I would love to hear! Because the case never went to court I didn't get a chance to hear a prosecutor spell it out. And my attorney at the time was unsure how they could possibly make that case, so I didn't get it from him either. But a lot of people here in the comments seem to believe that the case is clear. I'm not sure whether it's hubris, or if my attorney just didn't have the imagination of HN ;) Thanks!

So, this is the first time I read about your case. I couldn't help but think of Aaron Swartz.


Basically, he downloaded open access journals from an academic repository. But he did it by physically connecting a laptop to the MIT university network and hiding the device in a servicing space without authorization.

Downloading open access papers isn't an issue in and of itself. In fact, it's pointed out that Swartz wasn't prosecuted for theft or copyright violations. The charges mainly were founded on alleged fraud and breaking and entering.


The law applies in Aaron's case was the CFAA. The same law under which you faced scrutiny.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act https://www.law.cornell.edu/uscode/text/18/1030

Just like you, Aaron Swartz got into the sights of the Secret Service at the time. The difference between you and him is that Swartz was actually arrested, arraigned and finally indicted by a federal grand jury.

(The CFAA stipulates that the Secret Service has the authority to investigate you under 18 U.S.C. § 1030(d)(1) see: https://www.law.cornell.edu/uscode/text/18/1030)

> the case is clear

On the contrary.

The big criticism on the CFAA is that its application has spilled over into tort law and contract law. It's a law which defines computer and wire fraud in incredibly broad terms and phrases. This leads to criminal convictions within a civil law context. The CFAA creates a up a massive potential for being made liable for daily, unassuming actions - e.g. sharing a password - transforming a misdemeanor into a felony really fast depending on the context / circumstances.

As a result, the CFAA is an example of a law where the bar / standards for prosecution are determined / tested / evaluated on a per-case basis through the judicial process.

It's also why it's so hard to get clear cut answers from the EFF or your lawyers. Sure, there's precedent, but it remains unclear how things would have panned out in your specific case since it never went to court.

In Aaron's case, it was later pointed out that MIT didn't even actively seek federal prosecution:


> why I needed consent

That's the thing. Strictly speaking: it's a choice, not an obligation. Laws and moral values or principles aren't preemptive. They don't stop you from doing something anyway. Their purpose is to create a formal framework of consequences that tie into your behavior.

Liability then is the probability you're going to be held accountable in a court of law.

(In the same vain: copyright doesn't stop you from actually copying protected works. It only has carries weight if it actually gets enforced. That is, the rights holders decides to seek damages, and/or the state seeks to prosecute you. And even then, you really only face hard consequences - fines, damages, jail time - if a court rules in the plaintiff's favor.)

The CFAA specifically explicitly mentions the condition "without authorization" a grand total of 10 times when it defines violations under 18 U.S.C. § 1030(a).

All in all, when you entered the store, went to a machine and installed that program, paying attention that you didn't have to agree to any terms of service, you very much entered that grey, murky, muddled area of broad interpretation of the CFAA, contract and tort law.

Not having that explicit consent or authorization creates a liability: if you were spotted or caught, you'd potentially face consequences per the legal framework and its interpretation in a court of law.

... and that's exactly what happened to you.

Probably someone at the Apple store caught onto what you were doing, made an internal report which found its way to Apple's legal team. Corporate legal compliance provides a playbook and one of those steps involves notifying law enforcement and, ultimately, the Secret Service.

Unlike Aaron Swartz, you were lucky in that the authorities felt that there wasn't enough grounds to make a case against you and press formal charges before federal court. From their perspective, that's a cost / benefit trade off: it's just not worth spending time and resources pursuing legal action if the outcome is already tenuous from the outset.

> a lot of people here in the comments seem to believe

There's a difference between legal truth and moral truth.

From the point of view of the legal framework, all you did was expose yourself to several legal liabilities. The legal framework itself doesn't hold any opinions whether that's smart or dumb. You were lucky that there were no serious consequences beyond a visit by the Secret Service.

The public, however, look at your actions through a moral lens. They see someone who willingly exposed themselves to such liability, and members of the public can/will hold and voice personal opinions about what happened.

While you never went to court, there's a consensus that your behavior did cross a moral line. Put more succinctly: "Who in their right mind would do a guerilla style installation of a desktop application on Macbooks in the Apple store and assume there's no potential for serious legal consequences?"

That's value attribution akin to "Why would you decide to run a red light in downtown Manhattan, in front of dozens of witnesses, law enforcement camera's,... and run the risk of getting caught?"

People on here feel like you made a bad judgement call regardless of who you are, or the project in and off itself. And that's even perfectly compatible with how they feel about the CFAA, Apple, the U.S. Secret Service and so on.

Wow, incredible response! I appreciate you taking the time to respond :)

I am very familiar with Aaron's case. I think your analysis is correct: some people believe I made a bad judgement call, and the CFAA is broad enough that this created a liability, even though we cannot know whether it was legal. I think my frustration with most armchair-analysis (not including you, CaptArmchair) is that folks confuse their moral certainty (I "made a bad judgement call") with legal certainty ("this is the kind of thing the CFAA protects us from"). But the law is a lot more complicated.

For me the concern is exactly (d)(1). When the CFAA is overly broad, and the ability to investigate is granted to all "offenses", where does that leave us? Can Apple cry "CFAA!" at anything they don't like? In practice, there are some checks and balances: in this case, Judge Lois Bloom decided to sign the warrant; Judge Judith Philips refused to prosecute. Is this enough? To me, seeing the ways the CFAA has been abused in other cases, it's not so clear.

> When the CFAA is overly broad, and the ability to investigate is granted to all "offenses", where does that leave us?

Good question. The "offenses" are defined in the (a), and here you see the scope of the problem. It's a terse summation that describes what amounts to an offense under the CFAA in very general terms, and therein lies the problem.

(a)(5) for instance is a catch-all:

"Whoever knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;"

Both "damage" as well as "protected" can be broadly interpreted. This leaves definitively asserting the interpretation of those terms in the hands of courts. And that's problematic.

> Can Apple cry "CFAA!" at anything they don't like?

Strictly speaking: Yes. Of course, Apple can only start civil cases under tort law and contract law. Equivalent to anyone, they can notify / inform law enforcement. It's the prerogative of the latter to decide on steps necessary.

Also strictly speaking, prosecution doesn't happen at the behest of an individual plaintiff (e.g. Apple) but at the behest of the state (hence why cases are named United States versus ...).

> In practice, there are some checks and balances: in this case, Judge Lois Bloom decided to sign the warrant; Judge Judith Philips refused to prosecute. Is this enough?

That's the question at heart. The legal branch of government, Congress, has voted and backed the CFAA into law. In doing so, it leaves the interpretations of the CFAA to the judicial branch of government.

How problematic an overly broad law applied to an extremely complex, and rapidly changing technological and societal context can be, is demonstrated by cases like yours and Aaron's.

Having law enforcement knocking on your door, or being outright arrested raise questions about the proportionality with which the state responds to a suspicion, and how that then ripples through and harms individual citizens.

However, the judicial system also allows room for re-interpretation and clarification of laws. Just last month, a case under the CFAA was ruled by SCOTUS curbing the scope of the CFAA: Van Buren vs. United States

> In a six-three decision, the US Supreme Court yesterday ruled in Van Buren v. United States that Federal prosecutors may not go after authorized individuals who access databases for unauthorized purposes under the 1986 Computer Fraud and Abuse Act (CFAA), Politico reports. The incident in question in Van Buren v. United States concerned an ex-officer caught searching a license plate database in return for a bribe.

> Though explaining the decision as a product of the law’s language, not its effects, Justice Barrett wrote in the majority ruling, “The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity" including “using a pseudonym on Facebook.” Justice Thomas in a dissenting opinion observed, “Much of the Federal Code criminalizes common activity," and “discomfort” with that fact “does not give us authority to alter statutes.”

> Technology and advocacy groups like the National Whistleblower Center had raised concerns that the standing interpretation of the law jeopardized free speech and security research in addition to criminalizing trivial terms of service violations. Organizations like the Federal Law Enforcement Officers Association, on the other hand, worry that narrowing the scope of the CFAA will limit prosecutors’ ability to tackle “insider threats.” A CNN Supreme Court analyst said the ruling will require Governments and companies “to be far more specific in their policies governing access to databases.”


It just goes to show that the discussion about the language of the CFAA is also at loggerheads at the highest judicial court. However, here SCOTUS clearly signals to lower courts that the scope and interpretation of the CFAA actually does have limits.

Both sides do have a valid argument though. On the one hand, in it's current form, the vagueness of the CFAA causes issues when it comes to "freedom of press" rights e.g. investigative journalism, however the CFAA also protects your business as it gives law enforcement the authority to go after ransomware groups.

To my mind, for all its vagueness, the CFAA is a prime example of democracy in action as the innate vagueness is discussed in the public debate (media), as well as in courts (SCOTUS, courts, precedents,...) as well as in Congress. In that regard, I don't think there will ever be a gold standard everyone can and will agree on. It will be more of a continued debate that might yield subsequent rulings and amending bills in the future, as technology and society changes throughout the next decade(s). It's up to us to have that debate.

Just want to say thanks again for the great comment. I was following Van Buren, and it was a certainly vindication. I agree with you there is a push and pull. Here's hoping that debate & discussion that needs to happen plays out in a way that puts the people first, instead of expanding protections to the government and big corps.

Did you read the commentary?

>I'm not sure I would make this piece today, anyway. I'm increasingly critical of artwork that attempts to engage with the theme of surveillance by replicating systems of surveillance. How fruitful can a conversation be about consent and privacy, when an artist does not seek their subject's consent?

Taking selfies in an apple store reminds you of child murder? You consider these things the same, or even similar?

Hrm, yeah, based on that I'm not going to consider your opinion very important.

By the fade-out of your comment, it seems your accurate assessment of this individual's bloviation is insufficiently self-important for the HN crowd. This is why I never post here. Worse comments than Slashdot.

>>> "What is your day job, Kyle?"

"This is my day job. I'm a media artist, I just write a lot of code. I spend most of my time making open source tools with other people."

"But how do you make money?"

"I get commissions, grants, and live off artist fees from exhibiting work. I fly to conferences and festivals and do workshops and presentations. Sometimes I'll do residencies." <<<

This agent and I are both having a ‘Deuce Bigalow’ moment over this. But seriously, is this just bohemian speak for some other source of financial support, or is it actually realistic to make a big city living this way?

My brother lives in a well known capital city, and does it like this. He does a bit of everything: illustration, graphics for games, teaching, work for hire, etc.

As I understand it, it doesn't pay amazingly well, but he manages. Pretty sure it's a more stressful way of making a living than just working a normal job.

Living in a "big city" doesn't mean you're rich. There's cheaper parts of the city, studio apartments, flatmates, and saving up what you can.

My cousin does something like this as well. I do not, I'm a full-time engineer, family breadwinner, and a homeowner. We talked about our respective budgets a few months ago...they could not be more different. He doesn't have any of the major line items on my monthly budget, which requires on the order of $2,500/mo at a bare minimum, which is easily met by working for 40 hours a week and drawing a dependable paycheck. He does odd jobs, usually various forms of graphic design with Photoshop or Illustrator - making up new menus for a restaurant, logos or website headers and design elements for a small business, T-shirt design for a church retreat or sports league, photoshopping a portrait for someone's anniversary, anything where you'd want someone 'artsy' but don't know who to call. A job might be between $50 and $500, the jobs and contacts come and go. Sometimes he's busy day after day, sometimes he'll go weeks without a job.

Weeks without a job, I say! How do you survive? Well, he sublets from a couple friends, but isn't on the lease himself; he usually keeps a month ahead of rent but sometimes can't find the money and will 'get behind', they're generally accommodating; moreso than a bank. He has no mortgage, no car, no car insurance, no car payments, doesn't need a line item for gas and car maintenance because he doesn't drive or commute, doesn't have expensive hobbies, has no cell phone bills (uses a prepaid phone that he tops up and uses as needed/as budgets allow), internet is part of his sublet room, has no TV, no garbage/recycling bills, no lawn care or other services, no home insurance...Critically, he has no health insurance - which sucks come tax season and would really suck if he wasn't a 25 year old in fine health who thinks he's invincible. Relatedly to being an invincible 25-year-old, he has no IRA or 401k.

Groceries cost about $200/month, his sublet of one room costs about the same, he doesn't have any other dependents, and if you don't want them there's not really anything else that someone needs to buy. To hire any professional for much of anything costs about $500, in a big city that's basically the minimum price of a day or two of skilled labor. If he can get one job that will pay him that much in any given month, his minimum budget needs are met.

Someday, he says, he'll want to move out and settle down and start on a career progression, but he's tried the 40 hour wage slave model and loathed it, and his lifestyle in the big city is fun for now. If by "big city living" you mean all the budget items you'd expect of a homeowner in a small town, but scaled up to downtown living by means of a 6-figure salary, no, this lifestyle won't pay those bills.

Hi, I think I can answer (I am Kyle). tl;dr: It barely worked for many years, but I have since been able to find more & larger grants for my art, and get better paying consulting work on the side. Full story—first, income. Some examples from my books around 2011: $10k for a 3-month residency in Japan, $4k for 2 weeks of 14 hour days implementing computer vision and generative graphics as part of a team developing an interactive installation, $3k for 3 weeks of generative sound design work, $500 traveling overseas to give an hour-long talk, $500 traveling overseas to lead a full-day 3d scanning workshop for artists, $50 for an art+tech blog post. Regarding expenses: At the time I was living in a one-floor, 4bd apartment with three other people, $1815 divided 4 ways, about $450. I spent a similar amount each month on food, transportation, and utilities combined. I did not have healthcare. My artwork was digital so it did not require regular material costs, and I had no studio space. Total was closer to $20-25k/year due to additional costs and because I had $170k of college loans and no financial support. All together, I was barely in the black: I had between 8-12 jobs totaling $20-40k each year, from 2010-2014. My bank account hovered between $1-4k until 2015 when I started pitching larger projects that saw more income and also allowed me to start paying others. Hope that answers your questions, happy to share more.

No, this is actually a perfectly viable way to make a living. It depends on what kind of work he's doing. I've hired some professional creative technologists for shows before and they can earn decent rates. This was for a corporate clients doing retail events, but the work they did was still artistic in nature. They can also get hired by musicians, venues, museums, galleries. I know more people who do it as a side thing, but if you're talented and you hustle, it can be a full-time job.

Sounded like he had at least two roomates so while he may have been covering his expenses that doesn't really imply "making a big city living" at least in the way most people would interpret that.


You forgot to add the sarcasm /s. Or did you?

The most curious thing about this project is how people seem to have a visceral reaction to having photos of them made without their permission; but having their activity tracked online hardly evokes the same reaction.

It's weird. What harm is a random picture of my face in public going to do? But still some people worry so much about that.

Whereas only very few people show the same reaction to the fact that Google stores a copy of every word you typed into their search field ever. Or that Apple stores a copy of every message I have sent to a loved one with my phone on their servers.

We accept that our most private thoughts are being captured, analyzed, sold; but the outrage is about someone taking an anonymous photo of us in a public setting.

It's magical thinking.

People don't understand how technology works. More than that - because it's not really about computers. Most people don't understand how reality works. What is information. How reasoning works. What can you infer from observations.

They feel (and sometimes, in some places, really think) that a picture is like a piece of their soul. But it isn't. It's just a hash of their phenotype, useful mostly to check if it matches to a person (or another picture of them). It's mostly irrelevant.

The soul - that leaks out in all the rest of your digital footprint. The sites you visit, the articles you read, the things you look at when scrolling. The ads you click, the ads you ignore, the products you buy, the products you only check out but don't add to your cart. The messages you send. The posts you comment on. Where you comment on them from, and on what device. How long did you own it, how many other devices do you own, how do your habits differ between those devices. Who you "befriend" or follow on-line, who follows you. Etc.

All these things add up to who you are. Taken together, they give a comprehensive look at both your personality and your life circumstances. Photos? Photos just show the shell that you won in the genetic lottery.

And you get this stuff from?

I'd say people understand very well the implications of a photo. If all there was to a photo is showing "the shell that you won in the genetic lottery" there would hardly be a point in photography.

I disagree with your assessment. It's part acceptance, part different priorities, and part ignorance.

Some people understand what is being gathered and simply accept that as a worthwhile exchange for free stuff. Maybe even a beneficial one (ads are more relevant).

Some people just care about different things than you do. Maybe they're very self-conscious about their image and not particularly concerned about their shopping habits being known.

And some just aren't aware of the potential for abuse that exists with modern data collection. They think we're still at the early stage, where a company is just trying to figure out which brand of beer to stock, and unaware of modern elaborate profile building and the amount of creepy targeting and manipulation they make possible.

Why do we find some visual stimuli pleasing, and others repulsive?

I think that’s partly our experience, and partly our generic heritage — an ‘attractive’ face is one where the effect of the emotional affect correlated with reproductive success.

And I think pop-culture locked room mystery crime shows like Sherlock and Jonathan Creek would be written very differently if the puzzle solving character was supposed to represent the norm rather than the exception.

> Photos just show the shell that you won in the genetic lottery.

All sounds very profound. But a photo shows so much more : it shows how fit you are, if you look healthy and happy. It also shows how you treat yourself and how you feel about yourself.

I am very aware of this as I changed quite a bit over the last years and these effects can't be understated.

Fair enough. Photos also leak much more data points than most people realize. For example, the higher the quality and resolution, the more diseases a skilled doctor would be able to diagnose from it - even ones you don't know you have.

My point is, all those little bits of data that are being collected all the time, by almost every website and program you use, leak all of this and much more. It doesn't "feel" like you're revealing anything important, and yet a full visibility into a week of your browsing history will tell me an order of magnitude more about you than a random photo ever could. A year's worth of your digital footprint will tell me more than your whole photo album. Etc.

(And the worst thing is, when you make and share your photos digitally, companies get both.)

Let's be careful and not blame people for all of it because the Facebooks of the world go a very long way to make sure actually understanding what's going on with your data is extremely difficult.

Not my intent. My position is that:

- Most people have little clue about how reality works;

- Companies thriving on people's data do their best to perpetuate that state of things;

- I don't blame people from being ignorant about practical implications of complex topics at the intersection of mathematics and philosophy; I blame companies for exploiting that lack of understanding.

> I blame companies for exploiting that lack of understanding.

I blame governments for not protecting the weak.

Businesses always exploit their up front investments in knowledge (and equipment) to get money from customers. The problem is when they're allowed to conceal and actively mislead the public about that knowledge in order to maintain their monopoly on that knowledge. Even worse, since there's absolutely no competitive advantage in defecting, it becomes a natural cartel.

A functional government would carefully classify and explain all the elements of the problem, then determine how to regulate it through democratic processes.

The problem starts with the fact there's never been a clear right to privacy in the US. Instead it's just a phrase and a weird set of principles stitched together from ancient court decisions about celebrities. The US benefits from its freedom of speech baseline being enshrined in the constitution rather than being a patchwork (like in the UK for example.) The right to privacy should be that clear as well.

I think it's more human social dynamics. A human taking your photo is an active action, probably a dominance one on top of that, and a lot of human social instincts kick in.

A faceless computer, doing it in the background environment outside of your perception unless you really dig in under the hood triggers none of that. It's the same reason why most humans are not anxious about the footprints they leave in the sand on the beach, because it feels about the same.

A lot of the rich and powerful understand this dynamic well, and use environmental stonewalling to say no to people vs. a direct human interaction.

Nobody on the street recognizes who the string "TeMPOraL" is. Show them a picture and now they all recognize.

Spot on! That's exactly what I was thinking. Very well put.

> "People don't understand how technology works."

Today on BBC Radio there was a discussion about racism on the big technology platforms (after the England/Italy match last night), and how their human moderators were overwhelmed. Someone whose name I missed said "I don't think it should be too hard for a computer to look at the monkey emoji and decide if it's being used in an inappropriate context". It was like hearing the "research team and five years" XKCD in real life.

> "Photos just show the shell that you won in the genetic lottery."

Tell that to the teacher who lost her job for posting a vacation photo including her holding alcohol, in 2009: https://www.good.is/articles/facebook-and-privacy-fired-for-...

Perhaps one of the most HN replies I've ever seen. Only on HN would a photo of you be something that contains barely any information but revealing how many devices you own and how long you've had them is leaking your very soul.

I'll tell you that a photo of my son flailing out of a blanket is a deeply personal memory of a hilarious and touching moment.

That he has an electronic device is so incredibly irrelevant it's hard to put into words.

> Photos? Photos just show the shell that you won in the genetic lottery.

No, they show a moment.

If you were right, people would care about all photos being shared or none. But that's not what happens - people care about some far more than others.

That last sentence is poetic (the rest is well-articulated too).

A picture is a very dangerous thing in the wrong hands.

A normal picture of a person could still expose something important about them to the wrong party. Eg, "I visit the unsavory part of town", "I'm not really washing my hair", "I'm slacking off", etc. Those are mostly "real-world" concerns.

There's the paranoia angle: some stranger wants your picture specifically. What could they have in mind?

If you look at least somewhat remarkable, you might end up being part of some meme, or being photoshopped into something. You might be the next Magikarp Guy, if somebody snaps a picture at exactly the wrong moment.

With Google the concerns are quite different. While Google pries a lot, so far it's mostly invisible. Google fortunately isn't run by edgy teens looking for the maximum lulz, but by boring accountants looking for profit. So though there's still plenty things to be concerned about, the concern isn't as visceral.

> Google fortunately isn't run by edgy teens looking for the maximum lulz, but by boring accountants looking for profit

Google is the most targeted company by hackers for sure. Google sit on exabytes of personal data, and it's like hoarding tonnes of dangerous radioactive waste, which if it got in the wrong hands, could be very dangerous. That's why their security is unparalleled. They have a lot of dirt on people.

Heh, Google's concern is far more visceral. Most people get an android phone and leave the defaults on, meaning that not only is all their textual data, like search and location kept by Google, forever. Things like their photos are uploaded from their phone to their account.

By "visceral" I mean an innate, feelings-based approach.

Big companies' data collection is on the whole quite subtle, and they like it that way. Google will suck up tons of data, digest it, and use it to throw ads at you. But it doesn't really occur to anybody that Google might be interested in looking for people picking their nose in front of their phone's camera, and making a compilation of that to present as "art". If anything of the sort happened, Google would make sure to make an example of whatever rogue employee did that. They like their data collection to be obscure and harmless looking. That's not to say that it is harmless, but finding problems with what Google is doing takes at least a bit of intellectual thought.

Meanwhile, an artist secretly recording people is almost certain to have some sort of quirky agenda that's going to immediately turn a large amount of people off, even if it's ultimately silly and non-consequential.

> I'm not really washing my hair

Can you explain this one?

I just meant to reference the stereotypical (to me at least) way to blow off somebody by claiming to be busy doing something at the time.

In general, I mean that having your picture taken at the wrong time can reveal things people would rather not be revealed, even if to the photographer it looks completely ordinary and harmless.

Some people here will reference the 24/7 CCTV surveillance, but that's kept private and not published as some sort of art project. So though one could compile a video of my coming and going around the town by looking at surveillance tapes, in practice that doesn't really happen. Now random photographers and artists however are very likely to put their work somewhere public.

A picture is permanent. It seems like my pic is always taken on days I wish I never woke up, or I am Shrek?

There is a glimer of hope data about us online might be found, and deleted, one day.

I can't stand my picture being taken, especially by strangers. I have given up to DMV, but not Costco.

My know it all father retired, and was bored. He decided to buy a camera, and take pictures of the homeless on Market Street. He was big in reveling in other people's missery. (I loved the man, but didn't respect anything about the man.)

He didn't understand why the guys were flipping him off, or running away.

I told him to stop his "art" project, or take pics of birds.

He kept it up, until this huge guy dragged him into a alley, and threw his Canon against the wall.

My dad found a new hobby.

Good story and a great attitude towards your father, i must admit i don't really understand the need to revel in other people's misery, even though sometimes it's difficult not to.

I also don't understand why he did not listen to the advice, but i guess some people can only learn from making a mistake.

Spontaneous portraits, especially street photography has a very revealing side to it, and being able show people this side is exciting and somewhat of a calling for some of us.

That's being said, street photography is hard. Especially when you add empathy. All the shots I'm taking are extremely calculated. Trying not to focus on one person squarely, not upsetting someone during the process is extremely energy consuming.

If anyone tells me they don't want their face to be shot, I show them the photo. If they hesitate even for a microsecond, that image is gone for good. I'm not a voyeur and have no intention to violate anyone's boundaries even from 100 feet away.

Knowing nobody is unhappy because of my hobby lets me sleep better at night.

If you actually show people everything that Apple, Google, Facebook keep about them including those examples you'll get a very, very different reaction. One is seen the other is not and is denied. Nobody ever agreed to it. There was never informed consent. Show someone their private stuff and they'll freak out very, very hard indeed.

And the best experiment to prove it, is this one. Nobody seems to care about all the cameras,sensors, tracking. Some even encourage it in the name of "Safety". But show them the camera and they freak out.

"Surveillance Camera Man": https://youtu.be/mP5ZVPwP7bg

Edit: It seems the link above has now been made private but that was not the case for many years. I will keep the comment as above for the sake of historical accuracy. More details here:


Google Glass is another example of this. Everyone freaked out about it being a camera always at the ready. It was a more obvious camera, and that freaked people out - never mind that, if someone wanted to take a picture surreptitiously, the phone in their pocket was a much better choice.

(There were, of course, other factors that a reasonable person could be concerned about with Glass - "glassholes", for one, and providing more data to Google for another)

> The most curious thing about this project is how people seem to have a visceral reaction to having photos of them made without their permission;

The complaints primarily came from Apple. This artist effectively hijacked their private camera system and then published the resulting images with a personal emphasis on certain individuals.

People would have a similar negative reaction if he had hacked into their store security cameras, focused on video of a few people, and then published those stolen images as art. We all know we’re recorded by security cameras when we go into private stores, but we also know that the images won’t cropped down to our faces and posted publicly online as art.

Likewise, it would be a different situation if the artist had broken into a company’s private ad targeting database, singled out a few individuals, and posted their tracking information publicly in a way that personally identified them. It really is different when a company uses aggregate data to target ads than if that same data would be published publicly for anyone to see and judge. The latter is a massive privacy violation in front of other individuals. The former is only ever seen by computer algorithms serving us ads without human intervention.

> This artist effectively hijacked their private camera system

Private camera system? You mean the webcams that are open to the public in Apple stores?

> The former is only ever seen by computer algorithms serving us ads without human intervention.


They're very different situations, and equating the two is like equating piracy to theft; just because they have an overlap doesn't mean they're the same thing.

You don't see the same visceral reaction to CCTV, which is much more akin to the mass surveillance performed by Google et Al, but if someone walked up to you in a coffee shop and stuck a USB key into your laptop and said "it's just an anonymous keylogger, don't worry about it" you would likely get the visceral reaction you're talking about.

One reason is that people generally expect large companies to have a level of scrutiny and process associated with collecting that data, and reasonably trust that it won't be used "improperly." That trust does not extend to "some random guy" hijacking those companies' systems.

The other reason is more visceral, in the fact that those photos of themselves and others were displayed semi-publicly. A lot of the tracking that goes on is invisible if you don't think too hard about it (out of sight, out of mind). If they saw a dump of a bunch of people's private messages or search history (even anonymized) posted online for anyone to see, they would likely be similarly spooked.

Publicly displayed images vs. Only Google can see data

I think that's cognitively different concept. And I guess this distinction is also the hidden rationale of rejecting nationalized corporations to have similar power as Google, I.e., when they are nationalized, they suddenly conceptually exposed their information "public". Although in reality, a nationalized Google probably would never reach the same level of perversity as Google...

People in cities are captured on CCTV hundreds of times per day but nobody seems to mind. I remember some fifteen years ago sitting in pub with a group of people and being the only one who cared that there was a CCTV camera right above our table (it was one of those creepy omni-directional domes).

Surveillance Camera Man showed that people have often violent reactions to being overtly filmed by individuals in public. These videos appear to be gone from Youtube now, but if you hadn't seen it he would often just film people do mundane stuff in public like drinking coffee. People always questioned what he was doing, he would tell them "I'm just making a video" and they wouldn't be pleased.

If you told someone you were going to install a keylogger on their machine they would almost certainly be against you doing that. But people voluntarily use "cloud" services like Google Docs etc. which are literally keylogging devices.

I think there is a strong tendency for people to submit to what they consider to be authority. Some random guy on the street isn't authority. But the government is. Apple, Google, Microsoft etc. are. Unfortunately it leads people to spend energy on things that don't matter, like the random guy on the street, and not the things that do matter, like systematic global surveillance.

CCTV is impersonal, and rarely watched.

Impersonal collection and personal collection evokes very different concerns in people. Impersonal bulk collection is easier to dismiss as "they're not looking for me", whereas the latter raises all kinds of questions about motivation.

> People in cities are captured on CCTV hundreds of times per day but nobody seems to mind.

That argument is a bit vague. How does minding work in this case? People who are opposed to CCTV will try to avoid it. But will that avoidance be visible to the rest of the public? Hardly so. Besides, many cameras tend to be placed at places where cameras blend in and you need to make an effort to actually spot them.

The context is a very different one. CCTV is everywhere, but you know Apple is really only interested in security, and maybe keeping track of their own employees. They're not going to randomly make some sort of art project from their footage without lots of discussions with lawyers. I'm pretty sure they'd also make sure to get written consent from everyone involved.

We can also expect a company like Apple would be very risk averse in this regard, and keep far away from anything too weird.

Some random guy doing their own project going by just whatever seems reasonable to them and installing surveillance software on somebody else's computers isn't really the same sort of thing.

Tell someone there are a billion stars in the universe and they'll believe you. Tell them there is wet paint on a bench and they'll have to touch it to be sure.

The stars can be seen too. Except if you mean "only" a billion stars.

> Or that Apple stores a copy of every message I have sent to a loved one with my phone on their servers.

AFAIK 'Messages in iCloud' is enabled when iCloud backup is enabled and can be switched off easily if one only wants to have messages locally on the device.

I wonder if part of it has to do with the expectation (and common practice) that the photo will be shared, whereas the other data is often not shared or at least not shared publicly?

I don't know. For me, the photo makes it a discrete moment that I can identify, more tangible, compared to my ISP silently recording every website I visit.

I think there are probably many reasons why. I actually think Apple's new commercial for privacy gets at this well, where it has people literally following someone around and snooping on them, asking questions, and I think that visceral surveillance may few much more intrusive than the hidden forms.

> Or that Apple stores a copy of every message I have sent to a loved one with my phone on their servers.

Unencrypted, for them to see?

The encryption/decryption keys for your iMessages are stored with Apple, and are accessible to them. If you have iCloud Backup enabled, Apple–and thus law enforcement–can in fact decrypt them.

A while back, Apple was aiming to transition to store iMessage backups using a more secure method; ie. the same method that some other content such as Health data is stored, which uses encryption keys derived using local info such as your macOS or iOS password. The FBI requested Apple not to make this change, and Apple complied.

Apple runs a great PR game when they talk about privacy, but the reality is nowhere near the same. Some things are fully encrypted so that Apple cannot decrypt, while other things are not safe to store with them. iMessage falls into the latter bucket.

Source: https://support.apple.com/en-us/HT202303

Note that (based on that article), you can disable iCloud Backup and leave Messages in the Cloud enabled, which results in your messages being backed up but the key to decrypting them not being backed up. IIRC, this also results in the key your device uses to decrypt your messages being regenerated so Apple can't go into your backups and pull it out.

I disable iCloud Backup because there isn't much that is useful in there that isn't under one of the other checkboxes (Photos is separate, Health is separate, Messages is separate), so my messages should be safe?

Yes, you've got it right.

There is a huge difference between handing over your messages to a law enforcement agency and using your messages to build detailed advertising profiles of you and then selling you to anyone who will pay.

I am not saying that to necessarily advocate for the former, but rather to point out that the latter is the focus of Apple's "PR game"

I hope it's not completely unencrypted, but they definitely have access to iCloud backups and will provide your data to law enforcement.

OP here. Not going to disagree about folks underestimating where the real danger is. But the fear of photography is not unfounded. There are many examples of people suffering from being captured in public settings. Sometimes it is because of their behavior (every "Karen" video), sometimes it is an abuser getting a lead on their ex's location from a tagged Facebook pic. For this project I tried to make sure that I didn't "feature" anyone, so attention was diluted across thousands of photos. When I eventually exhibited the work, I worked with a watercolor artist to create paintings from the photos to further disconnect the work from the customer's identity.

On that note, if I went in to say a restaurant and put audio recording devices underneath all the tables and streamed all the conversations to a hard drive, that would also be perfectly legal since it's no different than eavesdropping from the next table.

I think it is also about the expectations in one's mind of what is acceptable. For typical people signing up with Google/Facebook, firstly, the information being scraped is overwhelmingly large/indirect/hidden for them to realize the magnitude/gravity of it. Second, they "mentally" accepted/resigned to that "system" when they signed up.

However, in case of someone taking photo of a face without permission, a) and b) above no longer hold true - it is their face - totally tangible, something a lot more personal and something people hold much more dear than the last search query and they never "agreed" to it (neither explicitly nor in their head).

On YT, there are these public photographers, mostly doing cop watch and or audits of public buildings. They exist in a space where the First Amendment and SCOTUS ruling public photography is a protected activity.

One evening, I binged on some of these out of the usual board, morbid interest and came to the conclusion it's all about having a target.

Being bagged and tagged by a faceless blob, corporate machine, neural network, whatever, is one thing. Kind of goes in to some archive, we know it's there, but we also can't really assign anything other than nebulous intent to the whole affair.

In short, there is not much to respond to. And by that, I mean in the human way, face to face, or mind to mind.

On the other hand, there is some guy holding a camera! Or she is RIGHT THERE with her camera! Now, there is a person, the whole activity gets personified, and intent seems to flow like magic, as do the questions!

People have major boundary issues too. Many confuse standing in a public space while filming private property with actually somehow violating that property. Others do not want to be filmed, and some get it and just move away. Others have control issues and end up the star of the show, despite very clearly not wanting that outcome.

So that is one theory. When a big entity does it, somehow we've got a level of trust or acceptance buffering responses. At the least, we don't have a clear target to engage about it, or assign intent to it.

When a specific person does this thing, we do have that target, and it all being more human brings out more humanity.

Edit: There is also potential guilt, or fear associated with having a specific target.

When a specific person is making a record of our activities on the job, or in a public space, there exists a potential for judgement of some kind. Both by the photographer, and or their audience, somehow. We recognize that person could amplify that which would otherwise go ignored in the noise.

Now, that person could do exactly nothing too, and our actions in response have a lot to do with whatever outcome ends up out there for public viewing. "You are gonna be famous on YT" packs a punch. People worry!

They know they could be the next "Dog Shit Girl" or they worry about something they do, have done, want to do, and whether amplification of that changes risk / reward for it, whatever it is, be it merely inadvisable due to some social norm or other being in play or flat out illegal somehow.

> What harm is a random picture of my face in public going to do?

Perhaps none, but you never can tell for sure. Not everybody subscribe to this "radical openness" notion, so it's safe to assume people are not feeling comfortable being photographed. By the same logic, what harm is a random picture of you on the nude beach? Probably none, if you are not an alien you are very unlikely to have anything special that nobody seen before. Doesn't mean you have a license to show up there with a camera

Thanks for explicitly pointing out the odd photo-specific reaction. I’ve seen it a few times, but I didn’t make a conscious connection that it might be something low-level visceral.

There are a few things that come to my mind, reading your thoughts and observations.

Everyone can do the same activity as I do, go the same places. Buy the same things. But nobody can have the same face as me. In this way, things do not seem comparable. Privacy is at risk on another level.

Also, I feel it is in tendency easier to understand the risks and potential abuse of your picture being online as compared to the risks and abuse when google knows what you type into their search field.

>We accept that our most private thoughts are being captured, analyzed, sold; but the outrage is about someone taking an anonymous photo of us in a public setting


I feel "my" photo makes it real, personal. I see it, I visualize and comprehend it as me. A curtain of sorts is raised on me. My data is all bits and bytes. Unless some ugly* stuff I said can be picked up and mirrored at me, I do not think there is enough emotional punch as a photo.

Edit: it does not have to be ugly, just something to draw immediate emotional reaction.

It's not just your data though. They probably have your photos, and they share those with people like the NSA, who show your nude photos around the office.

That's way worse IMO, but doesn't seem to illicit the same response as this guy's art.

Doesn't Google delete your search history after 18 months (unless you ask it not to)? https://www.wired.com/story/google-auto-delete-data/

This makes me wonder if it'd be more effective to get people interested in privacy issues if they saw photos of themselves alongside their location, browsing history, etc.

Maybe I had a bad hair day... People will not appreciate how beautiful I look in "reality"

"I was still under the false belief that all varieties of law enforcement are designed to protect the public from harm. It was a sign of my privilege, and of my naive faith in the system."

> Systems are designed first, to benefit their creators, and subsequently their controllers, and then everyone else. Unless you designed the system, you should assume it's not designed to benefit you by default.

The author was caught installing a remote administration tool on someone else’s computers and using that RAT to take surreptitious photos of the computers’ users which he then posted online for personal gain.

Seems to me that the legal system was working as designed here, protecting the public from this individual’s actions.

It’s strange that he’s getting a free pass in the HN comments for hijacking computers, stealing candid photos, then publishing those online. It seems the author is the only person in this story who didn’t get violated. He’s not the hero.

> Seems to me that the legal system was working as designed here, protecting the public from this individual’s actions.

The legal system was deployed to protect Apple, not the public. That the public benefited was just a coincidence.

OP here. This person gets it.

except - his software didn't have any remote administrative capabilities. - all photographers take pictures in public and then post them for profit, there is nothing new about that whatsoever. - There were no disclaimers on the computers in Apple's store that would prevent him from installing such software. Matter of fact, they are available for people to use and test in any way they see fit.

He's getting a free pass because he broke 0 laws. Zero.

Yeah, maybe folks have a problem with that, but the artist certainly only highlighted already creepy-ish things that we accept all the time (companies tracking us, and the lack of an expectation of privacy in public places).

If what you’re saying is true (which I highly doubt, given that he was tampering with computer equipment that didn’t belong to him), then the laws need to change so that we can prosecute people like this. I absolutely do not want to live in a society where people can install malware on computers in public spaces to spy on me. I don’t care if it’s for advertising or some self-serving “art” project.

Apple consented to his usage of the computers within the store...they actually put them there for the purpose of being used.

I'm sorry that photography offends you. Wait till you see what those new fanged house door bells are doing!

Hi, OP here. Just wanted to add one point of technical clarification: it wasn't a RAT, it was a C++ app that used the QuickTime SDK to connect to the camera, OpenCV to run face detection, and curl to regularly send the results to a hacked-together PHP script that uploaded them to Tumblr. It sat in the dock while it was running, with a silver Apple logo as the icon.

> with a silver Apple logo as the icon

This is somewhat concerning, to be honest, since it seems like you're impersonating Apple/system software.

Try using that excuse next time sometime finds a bug in your code

I wouldn't, because that would be a basic misunderstanding the quote.

I don't understand it either. What's that quote supposed to mean? Systems can and do have unintended consequences, surely.

It's really recommended that anybody not getting it to read the article. You won't get a good TLDR.

But yeah, systems can not have unintended consequences because systems do not have intentions. It's people who have intentions, and those are not additive properties. (And, well, you can't simply add additive properties into system ones either.)

No, it still applies. What types of bug fixes and features get prioritized? Are certain features gated? Are there use cases considered too niche to support?

Nothing exists in a vacuum. The "system" isn't just the code — it's also the organization that writes and supports the software.

What properties must a system have for the quote to be applicable then?

Did you read the article? It’s about large scale systems like bureaucracies, rather then some piece of code.

My question still stands. How many people must be involved in the system design for you to consider it 'large scale'?

I find myself wondering how old this man was when he did this. It kinda feels like the sort of antics someone gets up to before their brain has fully developed the capacity of understanding things like "consequences". Although it got him in the NY Times and that's pretty good from the perspective of "all publicity is good publicity" I guess. He's wikinotable but neither the wikipedia page nor his website has a date of birth.

The earliest work listed on his site is some Processing sketches from 2004; this piece was from 2011, seven years later.

IIRC he was a couple years out of school at the time, probably ~23-24

Sounds about right.

> "I'm not really a computer security person, so I don't understand how that law applies here. Did Apple just call you up and say 'we want you to check this guy out'?"

> "Something like that."

> "Can anyone do that? Can I call you up?"

> The agent who had been taking notes chimed in: "I suppose so, if you just open up the Yellow Pages we're right there, on the inside cover."

Raise your hand if you've had trouble getting the police to even come out to do a report on property theft or vandalism, let alone take it seriously. But, if you're Apple, you can just call up and hire the Secret Service to go after some rando artist messing around in their stores. Another minor illustration of who the government really works for.

For what it is worth, the incredibly irresponsible and unethical Artist's actions seemed a lot closer to high class cybercrime..which the secret service actually handled at the time. The only reason he wasn't charged is because the secret service didn't see him as a national threat. If the FBI had been the one running the operation he would have been Aaron Swartzed.

OP here. The only reason I wasn't charged is because AUSA Judith Philips refused to prosecute me. Also, Aaron Swartz was investigated by both the FBI and the USSS.

I don't disagree that it's a sad state of affairs, but there's really no connection between the Secret Service and local police departments. Even neighboring local police departments are entirely separate entities.

I bet if you had a legitimate case that the secret service were interested in, calling that line may actually get it looked at. Whereas calling a local PD about a problem that should be relevant to them doesn't always get it looked at.

They installed spyware on someone else's computers. Of course that's illegal, regardless of whether or not the AG decided to go after them.

Are people serious here? There's nothing ethical or legal going on with the blog post here. The fact that they got off is just luck. There's no whistleblowing or any other protection granted, and there shouldn't be. Period.

And the worst part in my opinion is the author has no intention of not doing something like this again. They think they're in the right. Probably because they got off the first time.

Wow. I found a video of this exhibition on YouTube, and it looks like what this guy installed is less pure spyware and more a remote administration tool (RAT).

After he took the photos he wanted, he remotely uploaded them to every computer and forced them to be shown on-screen while people were browsing around the demo.

Freaky stuff. How is installing RATs on other peoples’ computers even remotely ethical?

For real. People here are treating them with whistleblower gloves. There's nothing of that sort going on here. Just unethical, horrible stuff.

All kinds of unethical horrible stuff doesn't get a Secret Service raid.

The whole point of the unethical horrible stuff was to get people to think about what they were doing, think about what was happening with tech and surveillance, think at all.

An artist got their home raided, Cambridge Analytica - which was manipulation on an industrial scale - barely got a slapped wrist. Ad tech uses mass surveillance to build personal profiles and hardly anyone notices - because the surveillance and behaviour mod happen under the surface.

Who is more unethical? Which response was proportionate?

> An artist got their home raided, Cambridge Analytica - which was manipulation on an industrial scale - barely got a slapped wrist.

Please tell me your post is satire.


I'm not saying Cambridge Analytica was sufficiently prosecuted, but using the home raid of the author as a comparison screams satire.

Were charges pressed? No. Was there a court case? No. Was there a guilty verdict? No.

What was the justification for the raid?

Perhaps you need to revise your understanding of Fourth Amendment protection from fishing expeditions before dismissing a home raid which found no grounds for prosecution as "satire."

> What was the justification for the raid?

They had a warrant to seize assets used for developing the spyware installed on Apple's property. If the feds don't have jurisdiction to investigate potential infringement of other' rights, what do they do about peeping toms? How do they know the extent of this spyware they've deployed?

To even get that warrant, they need a decent argument in front of a judge. None of this is infringing on any rights

> home raid which found no grounds for prosecution

They knocked, presented the warrant, and the agents were cordial and honest. The purpose of these sorts of warrants are for investigative purposes, which is in the warrant. You don't need to promise a prosecution to serve one

He made it super-small (and it's not in the FOIA doc, that I could find) but, here's the warrant he was served by the agents at the door: https://kylemcdonald.net/psac/large/warrant.png

They gave him all the reasons they were there, they let him know what would expand the scope of the warrant (drugs or weapons) and discussed, in-detail, what they were there for


I'm a big proponent for sanctity of the home.

So, this made me think ; where does the current home end, and the current office?

If the future, we may see more and more home raids, where an employer's malfeasance results in employee "workspaces" being raided for info.

All computers taken, mobile phones, various office artifacts, with homes involved due to work-from-home.

I suspect this may have already happened many times over the years, with CEOs, employees of small startups working from home.

Has this battle already been lost? Not sure for Canada and our Charter of Rights and Freedoms, but what of the US?

Does work from home, mean raids are easily justified?

Hi, OP here. Just some technical clarification. There were two apps. The first one took a photo once a minute and uploaded it to a PHP script on my server. Apple probably identified this one because it sent a ping to my server even when it didn't send a photo. The second app was essentially a screensaver that regularly checked a URL to see whether it should go fullscreen or not, and then it quit after one minute. These were both custom-built apps, less than 100 loc each and missing all of the functionalities of spyware and RATs. I would expect that real RATs have been installed on Apple Store machines in the past, and perhaps Apple suspected this was another. If I had been sniffing and posting keystrokes, the situation may have turned out completely different. But this project was focused on face analysis.

It doesn't seem fair to say that he has no intention of not doing it again.

"I'm not sure I would make this piece today, anyway. I'm increasingly critical of artwork that attempts to engage with the theme of surveillance by replicating systems of surveillance. How fruitful can a conversation be about consent and privacy, when an artist does not seek their subject's consent?"

I also don't think it's as bad as you're making it sound. I feel it's akin to gray-hat security research. Maybe he crossed the line into "you shouldn't do that" but ultimately had a harmless intent and didn't cause any real damage. Not exactly whistleblower status but more like a comedian being granted the liberty to push some boundaries and spark potentially valuable conversations.

> more like a comedian being granted the liberty to push some boundaries

No. Not at all. Freedom of speech is extremely strong in the US, and for good reason. Freedom to install software onto other people's computers is not.

It's extremely troubling that people are defending this person.

It's far more troubling that too few people are questioning the mass surveillance he was critiquing and dramatising.

It's classic shoot-the-messenger.

Meanwhile Facebook was - and probably still is - tracking people's online behaviour even when they're not logged into Facebook, based on legalese buried in T&Cs which most users don't even know exist, never mind have read, never mind understood, never mind given explicit informed consent to.

> It's classic shoot-the-messenger.

No it's not!

I don't go around shooting people to advocate gun control laws.

I don't go around stealing people's belongings in cars to advocate that people shouldn't leave valuables in cars.

This is vigilante behavior that should never be condoned.

But you are defending a home raid on someone who was not brought to trial, but was making a politcal and moral point about corporate tools and corporate behaviours.

When you think criticism - oblique, but clearly still harmless - is more of a problem than the behaviours, you are very much trying to shoot the messenger.

I think, as soon as he became the actor as well, he ceased being "the messager" in the terms of solely passing on a message.

Put another way, "shoot the messenger" is a phrase used when an unbiased person, merely delivering a message of bias/harm from another, is attacked for the message.

You are not a messenger, when you perform the act/deed/thing yourself.

That is what I don't understand why he can't be a messenger and an actor at the same time.

Everything doesn't have to be black and white you know

Then it isn’t shooting the messenger because they’re also an actor? Being a messenger doesn’t grant someone immunity from being critiqued for doing unethical things.

No, it don't. But being an actor doesn't mean an individual can't be an messanger doing something in good faith.

"Dooing good, through bad methods"

>But you are defending a home raid on someone who was not brought to trial

He should have been brought to trial

One man's terrorist is another man's freedom fighter. Every noteworthy push for societal change through history that ever involved breaking a law could be labeled vigilante behavior by some party. I just don't find that argument convincing. Our laws aren't there to protect themselves, they exist to create the society we want to live in. In what ways did the artist's actions harm our society? In what ways did it change how we view our society? Do we like what we see?

This isn't big brother with all the power systematically spying on citizens, this is a nobody with no power showing us a picture of ourselves. Both cases are happening, both happen against the will of the people, and yet which one do we allow to continue?

I'll also point out that the discussion we're having is exactly the outcome the artist intended.

I had sort of a similar reaction to this but then I thought that the artist here seems to have done this only to show people they are being surveyed or that hidden surveillance is easy.

> Probably because they got off the first time.

Imagine all the companies and governments doing exactly what this artist did, without any remorse or intention to show it back to the public. And they do not get caught, forget getting off "first time". What emotions should we express for them?

This artist put a face to the story, a photo that did the job of a thousand words. I think it is easy to see his ways are unjust but I do not think there is an easy way to motivate more people to ask tough questions about our own data.

What companies and governments are taking secret images of you while shopping at stores? This guy is a tin foil hat wearing conspiracy nut who then goes on to do the exact kind of evil he accuses others of.

Off the top of my head, I'd say every single one. Including the corner grocery stores and the lobby of the building that I live in. I used to work right at street corner that was a top tier Instagram destination so I'm probably plastered all over thousands of random people's social media all over the world.

What is CCTV? What is Google Photos?

> I had sort of a similar reaction to this but then I thought that the artist here seems to have done this only to show people they are being surveyed or that hidden surveillance is easy.

If you want to make an art piece exposing how much violence happens in our society, you don't do that by acting violently yourself. If you do that, you're not an artist exposing a societal wrong, you're the perpetrator, and should be persecuted for it.

Seriously, how would you feel about your picture, secretly taken without your consent in a setting you had reasonable expectation to be private, ending up in this art installation?

I think you do not understand. The artist wanted the show what is already happening, just something we are simply not protesting about in masses. Like the level of such hidden information grabbing is massive, but what do we citizens care? The photo had an effect, which bits and bytes are not having.

Yes the artist did something totally illegal and should be prosecuted. Who is going to prosecute the governments? I like your strong emotions and fail to understand why you do not see this is exactly what the artist hopes will happen - more emotional take on the current situation.

If you want to stress that [a certain crime] is already happening, I do not think it's an acceptable form of expression to commit [a certain crime] yourself, on unwitting victims.

This. This guy deserved everything that came to him and his ethics are so downright screwed that Apple and the Gov probably actually assumed that no artist would do this kind of thing.

That was my first thought. Inside an Apple store is not a public place. A sidewalk is a public place - you can take photos there and post them with no consequences. Inside a private business might as well be inside someone's private residence as far as the law is concerned.

Just because a business is open to the public does not mean it is a public space. People confuse the two.

>>>Apple store is not a public place. A sidewalk is a public place ...Inside a private business might as well be inside someone's private residence

In correct, an Apple Store would be a Public Accommodation, there are all kinds of laws governing Public Accommodation that do not apply to a Private Residence.

I was referring to the privacy side of things, since that's the context of this story. Also would apply to trespassing - hence you can be removed from a private business if the owner/manager wants you gone.

OP here. syshum has it correct. If you take a photo with your lens on one side of the Apple Store's massive glass wall, it is legally the same from a privacy perspective as taking a photo on the other side (unless Apple explicitly forbids it).

From a privacy standpoint individuals have no more right to privacy in an Apple store then they do on the Street.

Apply can forbid photography on the premises, and remove anyone that fails to follow this rule but that is about property rights not privacy.

> And the worst part in my opinion is the author has no intention of not doing something like this again.

I think the author's intentions are what earn him some sympathy from people around here. He wasn't stealing bank info or passwords. He wasn't tracking their location or scanning their email. He was essentially doing street photography albeit with cameras owned by Apple.

The author may be naive but he's not malicious and that matters to me when I try to come up with some kind of judgement.

Taking pictures of people and posting them without their permission while they're at a private business is malicious in my opinion. And also illegal. There's a reason he had to hide it. Ethically it's no different to me than connecting to someone's webcam at home and uploading the photos.

On YouTube there are dozens of videos taken inside shopping malls. For example:


Does that feel malicious to you as well?

Gray area. The vast majority of those shots were at a distance and not intimate with the person at all, and someone with a giant shoulder-mounted camera at least lets people know they're being filmed.

I still don't see any intent to harm. Maybe we are thinking about different things when we talk about malice?

Despite this artists claims, he was basically taking a bunch of people close up pictures without their consent for their personal gain.

Steer photography at least has more plausible deniability

What law did he break? These computers are sitting around unlocked in public with the express intent of letting randos test them out. I'm sure Apple didn't intend for anyone to start installing software, but they could add endpoint security to the machines and they don't. As he said, there's no expectation of privacy in public. There's security cameras running nonstop. And glass windows to the street. Installing spyware in and of itself is not a crime. Lots of businesses do it as a matter of course. If you feel like he made you uncomfortable and has you thinking about something you haven't thought of before, then "art" was achieved.

"someone" else's computer ... It's Apple, not a personal computer. Are corporations people?

ATMs belong to banks, not individuals. Is that enough of a justification to install malware on them?

No. What is the point of this analogy?

Everyone's phone is full of spyware installed by someone else (Apple or Google). This isn't any different.

Reminds me of one of my favorite pieces of art of the 21th century: surveillance camera man: https://www.bitchute.com/video/OkQQggPH6a9B/

I found myself laughing at this but also feeling uncomfortable. The way he calmly evades people's questions and just continues on is impressive.

This is the kind of asshole abusing the protections and courtesies of civil society and ruining it for everyone. In most places I’ve lived, he’d have been physically assaulted in short order.

You don't see the parallels to security cameras?

Only the barest, most superficial.

This is really good. I could only stomach the first half because of the awkwardness, but that's exactly the point:

> "Excuse me, you don't take a video without asking."


This is such an elegant, insightful, funny and thrilling piece!

Some soft Tom Green stuff right here

The article lead me to https://vimeo.com/23651106 (timelapse of himself staring at the computer over 3 days) which lead me to https://www.youtube.com/watch?v=h0bM0iV0Ht8 (People Staring at Computers)

This is such an interesting case. People can come to many reasonable opinions about it, but I'm glad that it ended without a fuss.

Was going to say the same thing! I can understand the wide range of reactions and I’m not 100% sure how it makes me feel, but I think that’s perhaps the nature of art like this.

Definitely an interesting project and I did like the montage of all the faces aligned in the video. Not so sure about the privacy invasion of it.

Kind of a crazy story, but I don’t actually think it was unreasonable for Apple to get the secret service involved - they didn’t know the details of the project and it might have looked like someone had hacked their internal network, for example. And I’m sure even without that, you could argue this was legally sketchy.

I'd be interested to see a piece of paper's view of someone writing. Eg a letter.

Just to see what, if any, difference there would be. Mostly to get some indication of how zoned out we get when we use screens versus a book made of paper.

On a side note: how many people here use webcam covers to block that camera? I do.

But how many people block their phone's selfie camera as well? Shouldn't we be more careful about that?

While interesting, this project does not seem ethically sound. Not to mention illegal. I think the author got lucky having the case dropped.

Yeah, this story is definitely burying the lede.

The author installed software on computers in Apple Stores, without Apple's permission. That software took photos of visitors to the apple store, and transmitted it to the author.

Definitely shady activity, and when the information about how the author got the photos - is entirely unsurprising that they were raided.

the FOIA documents paint a different picture than the blog.

> The author installed software on computers in Apple Stores, without Apple's permission

They had at least some level of permission:

> I saw people taking pictures inside all the time, so I just had to double check with an employee.


> We got situated in the store, double checked with an employee that it was ok to shoot video, and I triggered the slideshow

> I saw people taking pictures inside all the time, so I just had to double check with an employee.

This "permission" he gets is _extremely_ vague. For all we know he could have asked "hey can I take pictures in the store" and a part-time associate said yes because that's the general policy.

Hence the "at least some level". Although the fact that he was on-site for the demonstration and was allowed to walk out without even a "hey, what the hell?" would seem to indicate that the employees had at least some understanding of what was going on.

The details are vague, maybe on part of it happening so long ago. From just the text it sounds like they didn't get explicit permission from the store manager, and it didn't exactly sound like they made it known that they were the ones doing it. It all depends on who and how he gave that 'can i shoot video' question and if they knew the extent. It's also not like floor staff are constantly watching those machines - if people could just hit escape to get out of the slideshow, they might have just thought they accidentally opened the camera/photos app and wouldn't have immediately alerted an employee to the weirdness.

I think it's clear that it was done with a sense of "it's legal so i'm going to do it" even if that wasn't verified nor approved by anyone.

he definitely wasn't honest about the extent of what he did - that isn't 'some level of permission' it's lying to an apple employee.

Is there a statement from one of the involved employees that wasn't covered in the blog or is this pure speculation?

Extrapolation from the way the article skirts making this explicit?

read the FOIA documents - it is pretty clear he misled the employee

this was about videoing the live reactions of people within the store at the time of the slideshow 'exhibition', not about installing the software/taking the webcam pictures

That's the second quote, the first quote was about the software installation.

Also, an employee is not one who can give permission for that, at most he/she can explain what is allowed/not allowed.

Like, just because a (potentially misinformed) McDonald’s employee told you, that you can eat your own food at the place doesn’t mean it is actually the rule of the place. And on top of that, in this situation it was even illegal.

No charges were ever filled here.

Ethics != legality

The grandparent comment explicitly mentioned legality.

That's a different distinction.

reading through the FOIA document, LEO was very clear about which laws were broken.

A charge being filed is a formal process in the legal system that has specific implications.

In this instance, while a search warrant was executed, no charges were filed.

I'm not claiming charges were filed. I'm claiming (and the docs claim) laws were broken.

Definitely worth reading in its entirety, especially the section on the internet comments about the project.

in Kashmir at least, there is a big thing about "Six months later, I still get nervous when I hear an unexpected knock."

this late night knocking has been connected with bad omen because for the past 30 odd years, many homes have gotten bad news of their loved ones being killed or they having disappeared.

that said, if you have to go to a neighbour house, or a friends house, you never just go and knock. people might faint or have a heart attack. instead you call first or just wait till morning.

OP here. Thank you for sharing this. I'm lucky in that this is the only bad knock I've had. And after a few years this effect slowly disappeared for me.

Thanks for reading. If you have the time, https://www.hrw.org/report/2006/09/11/everyone-lives-fear/pa...

Found this just now. There is a line

"Suspicion and fear continue to permeate the Kashmir valley. A knock on the door late at night sends spasms of anxiety through households, afraid that a family member will be asked by the security forces or militants to step outside for "a minute" and then never return."

They have put it better than me but the idea is the same. People hear dread the knock and that is somehow a part of our identity and culture now

“I continue to work with faces” is incredible in the context of installing spyware on Apple Store computers that secretly photographs customers.

To be clear, the computers already were taking pictures. This was to draw attention to that fact. Perhaps the computers for public use should not take photos?

No, McDonald wrote a timelapse program that took pictures, detected faces, and uploaded them to his server.

> I started working on a modified version of the timelapse application. Instead of saving to disk, it sent images to my server. And it only saved photos containing a face.

> This was to draw attention to that fact.

Nowhere in the post do I have an indication this is trying to say "wake up Apple customers! Their imacs are taking pictures of you while you're in the store!". It's not as if people aren't already recorded 24/7 by security cameras in retail stores.

And nowhere in Picasso's painting did he harangue his audience about how he was trying to reduce representational imagery down to its core and elemental features.

Art works best by allowing people to discover their narrative through the piece.

>To be clear, the computers already were taking pictures

How so?

Where is proof of the computers "already taking pictures"?

The response on HN is explained by the introductory text in the article. This project was done *before Snowdon* way back in 2011.

We all here, and the world generally, were different back then.

shows how deep I was into the idea of having a unified online persona

I will never understand this outlook. Why would I use the same name on more than one website? Why would I ever do anything online under my real name? I suppose it would be a benefit if you were trying to get famous and make a living off being an influencer but otherwise it's incomprehensible to me.

This is fascinating. I'm sorry for what he had to go through. Sometimes we just don't think things through before executing the idea :). Would be cool to see another attempt in various locations around the world like internet cafes or some-such places. With the blessing of the location owners of course.

yeah no. installing spyware and taking pictures of people without their consent is shady af.

also the logic of “oh the apple store has glass windows” therefore i can do this illegal shit is mind boggling

It's just not the "glass windows":

> And I saw people taking pictures inside all the time, so I just had to double check with an employee.

McDonald recieved permission to take photos, he just didn't disclose how he would take the photo or what he would use them for. If there is anything unethical here, it is how the pictures were taken and why (and lack of disclosure thereof), not the taking of photos itself.

nah. it's the difference between your phone being intercepted when the police have a warrant and mass surveillance.

In no world, no matter how poorly trained this hypothetical apple employee that allegedly gave them permission is, they would have not agreed to this.

It wasn't illegal, hence why no charges were ever filed.

Do you think all crimes are prosecuted?

There are plenty of things where the cops say "its illegal, but not worth our time". Going 5-over in a 70mph zone is a good example.

> There are plenty of things where the cops say "its illegal, but not worth our time"

Yes, and not many of these involve sending the secret service for a visit anyway.

There's plentt of things that cops (including Secret Service) do an initial review of and find that it is probably criminal but not a priority to do the legwork to even get a prosecutor involved, or that they do minimal legwork, and get a prosecutor involved who decides that its criminal but not a prosecutorial priority.

The secret service don't prosecute people. The prosecutors reviewed the evidence from their investigation, decided it was not a sure thing, and/or considered intent etc. and declined to prosecute as is their perogative.

It likely was illegal, just not something the USSS or Apple wanted to spend the legal fees fighting - they wanted to make sure this person wasn't part of some hacker or terrorist group trying to gather data or scare off people from going in the Apple store.

No. It wasn't the Secret Service's business. That's why he wasn't charged. If it were the FBI he could have been charged for unlawful use and a litany of other things.

IANAL but this sounds pretty illegal to me. It's illegal even if you do this to one computer. Doing it to all computers in the store without asking?

The author seems to have asked:

> I saw people taking pictures inside all the time, so I just had to double check with an employee

Installing spyware on store computers isn't something you "just double check" about. To me that implies that he did not make it clear to the employee what he intended to do. In addition to which, I doubt some random store worker would have the authority to allow this.

If I took your computer and installed spyware without your consent, that would be legal?

Absolutely incorrect. Where do you get this idea from?

> without your consent

The author mentions getting consent from Apple employees on multiple occasions. If you asked me if you could install spyware on my computer and I said "yes", then of course it would be legal.

Bull. Shit.

"We got situated in the store, double checked with an employee that it was ok to shoot video"

There was no consent to install software onto their computers. They just tried to find some consent loophole.

> There was no consent to install software onto their computers.

Higher up in the article when the author first introduces the software, they say this line:

> I just had to double check with an employee.

Very vague, yes. It's entirely plausible that the author deliberately hid details in that discussion, or just unintentionally communicated it poorly. But in the absence of any evidence towards that, I don't think it's unreasonable to assume that the author is telling the truth.

> Very vague, yes. It's entirely plausible that the author deliberately hid details in that discussion, or just unintentionally communicated it poorly. But in the absence of any evidence towards that, I don't think it's unreasonable to assume that the author is telling the truth.

The author wrote a 9,401 word blog post and you think it's possible they were vague with that one aspect of the story for anything other than concealing the truth? Yeah, hard no.

That, and without explicit information about this situation, it is not reasonable to think asking an apple store employee "can I install software on your computers" would get a yes.

> The author wrote a 9,401 word blog post and you think it's possible they were vague with that one aspect of the story for anything other than concealing the truth?

Yes. For starters, it's referencing a conversation that occurred a decade prior. Maybe your memory is better than mine, but I definitely can't remember anything except the absolute vaguest of details from conversations I had in 2011.

> That, and [...] it is not reasonable to think asking an apple store employee "can I install software on your computers" would get a yes.

I have personal experience from that era in getting distributed computing clients set up on dozens or hundreds of computers in various institutes (schools, universities, gaming cafes, etc), and it was usually a fairly frictionless process. Times have definitely changed, and I suspect it would be way harder to do that now (and outright impossible at an Apple store), but that concept isn't at all unbelievable to me.

> Yes. For starters, it's referencing a conversation that occurred a decade prior. Maybe your memory is better than mine, but I definitely can't remember anything except the absolute vaguest of details from conversations I had in 2011.

"Hey remember that time I bugged the Apple store?"

"Haha yeah man, did you ever get permission to do that?"

"No idea! But I did get permission to film people's reactions!"

Yeah ok...

This isn't something you forget. You've had law enforcement down your neck for part of it. With a Grand Jury involved. This isn't some random conversation at a party in 2011. This is you committing a crime and having the US government follow up on that crime shortly after, with probably many conversations with lawyers, etc.

I'm rather amazed that it's possible to install software on public computers in the Apple Store. And since it apparently is (or was), that this sort of thing was not happening daily.

The ease with which he was able to install the spyware on an entire store worth of computers is significantly more troubling to me than the fact that he did. I'm sure a shocking number of people input login credentials on those computers. More malicious code could do far more harm than just take a picture of your face.

To be clear, everybody who had the opportunity back in the day "installed software" on computers in public stores:

  10 PRINT "Hello"
  20 GOTO 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact