You did download it directly from the developer’s site? Or purchase it?
There is the possibility that you downloaded a hacked version. Although it seems unlikely the gmail account would be similar to the developer’s name… a less lame scammer would send to a mail server that wouldn’t provide access using same password or be traceable back to him.
If you purchased it and/or didn’t accept a use at your own risk license it’s hard to imagine a crime or civil liability doesn’t exist.
@Joe:
If I had been one of those people in the in-box, I’d have wanted Dustin to do exactly what he did. Stopping the leak should be first priority, then catching the guy. The chances of the latter, and successfully prosecuting him/her, are unfortunately slim anyway.
One point about trusting “free” software: there’s a big difference between this sort of program and open source projects, where you (and everyone) can see the actual source code. This couldn’t have happened if someone knowledgeable had been able to even glance at the source.
Dave wrote “You haven’t the foggiest fricking idea what he was /actually/ doing with any of that information”
It doesn’t matter what he was doing with it. Just collecting it without informing users that he was collecting it is either a breach of privacy laws and/or fraud.
Of course, if you don’t think so, I have this new remote login application I’d like you to try. It doesn’t email the IP, username, and password/SSH certificate used to me or anything!
I was going to respond telling John Terry how he could have avoided this situation, but I decided to apply the Code of Ethics and not do so. Hopefully I made the world a better place today.
Shameless proselytising…
This is one reason that users should be entitled to examine the source code, or otherwise reverse engineer/analyse the workings of a piece of software, without fear of legal backlash.
There is an ethical imperative here that overrides any economic rebuttal.
@Oogie Pringle
That’s the problem with this world, people like you. You are all about self preservation and the preservation of those close to you. The fact is that if we considered those around us who we don’t know as equal in worth to ourselves we would think twice be-fore working on weapons and devices that we know will kill others. Just because you justify it by saying that there are evil people in the world, does not absolve you from fact that you are a contributing factor to that persons death. More innocent people die today as a result of the direct work that we do. This is no longer the days of open war when enemies met in a field and attacked each other and you knew that pretty much anybody who was there had decided to give their life for that cause. Now we have more innocent people dying than combatants. So you have to ask yourself when you write that code for the guidance chip that goes in the missile, but for the fact that I and my colleagues chose to write this code would xxxxx be dead? I know you sleep well at night because you think you are protecting your family and that is the truly tragic part about this. I know some will make the argument that anything can be a weapon, you don’t know how it is going to be used, well can you honestly say that?
@Aaron - I would think linking to the original application i exactly the right thing to do, as CH is likely to show up as the first hit in Google for the software (as of right now it’s number 4.)
@Joshua others, the screenshot only shows that the most recent 1777 emails were unread - who knows how many thousands of people have tried the software. Plus, if they are being automatically forwarded they won’t show up as read. I’m not sure that what Dustin did was right, but if he had to do it, he could have at least checked out the filters and saved the contact list first.
Interestingly the download and buy links on his site seem to be inactive. Also, I hope this doesn’t hurt the reputation of a garchiver, the GNOME archiving utility with the almost identical name.
I wouldn’t worry too much about notifying the people about their username/password compromise. As you can clearly see, the emails have never been read. Only Google could read them without marking them as read, and that’s kind of irrelevant, now isn’t it?
A.L. Flanagan wrote:
“If I had been one of those people in the in-box, I’d have wanted Dustin to do exactly what he did. Stopping the leak should be first priority, then catching the guy. The chances of the latter, and successfully prosecuting him/her, are unfortunately slim anyway.”
Yes, but did Dustin do what’s in Dustin’s best interests? People have been prosecuted for simply reporting security issues in corporate websites, where the intent was benign, not malicious. It’s gotten to the point that the best policy is to keep your mouth shut.
As Joe pointed out, Dustin has committed the following potential crimes (I am not a lawyer or police officer):
Of course, most will not argue Dustin did the wrong thing morally. But who knows, a judge might see it differently.
Here’s a story where a university student could’ve been expelled for accessing unsecured data on a campus network:
http://chronicle.com/news/article/3146/university-allows-student-journalist-who-discovered-data-security-flaw-to-remain
It’s gotten to the point that I am hesitate to run anything I dont write myself or download from a trusted source such as Microsoft or other major vendor.
The days of using stuff from TuCows are CNet have been over for quite sometime for me - and then I read something like this and it confirms what were my worst fears.
Stewie and the rest of you anti-defense morons need to take your liberal, kumbaya attitudes and shove them up your a$$e$. In a perfect world we could all rest easy knowing that no one would ever create weapons because they would all abide by some unwritten code of ethics. But the world is not perfect and someone somewhere is going to do the coding. And because of that, we need someone to do the coding on defense systems as well. That’s why it’s called “defense” and not “offense”.
War sucks. And yes, innocent people get hurt. But innocent people get hurt by more than just war. If you stopped programming on everything that could possibly hurt an innocent person then you wouldn’t be programming at all.
“If I had been one of those people in the in-box, I’d have wanted Dustin to do exactly what he did.”
Thereby destroying the evidence, and stopping any chance you had of successfully…
a) suing for damages, or
b) proving that the criminal acts done in your name with your gmail account weren’t actually perpetrated by you.
Much better would have been to change the password on the account (locking the real John Terry out), then report it to Google.
But hindsight is always 20-20, especially when you can be a vigilante hero.
@Joshua
There is a “mark as unread” button in GMail.
Isn’t it really about ethics, period, and not just “programming ethics”?
However, it seems a little silly to focus on this incident – every time we post, the internet remembers; every time we log on, we allow (without the legal action others have mentioned) large corporations to write information to our hard drives without permission, and to “phone home”, without our permission.
Damn.
The “intellectual ‘property’” clauses 5 and 6 are why I flatly refuse to join the ACM. I have no difficulty giving credit for authorship - that is to say, I agree with attribution rights and think plagiarism is fraud.
However, as a computer scientist, I stand firmly opposed to copyright and patent monopolies.
5 and 6 are irreconcilable with the others.
copyrights and patents actively destroy human well-being.
Enforcement of copyrights and patents harm others.
Those who enforce copyrights and patents rather than waiving them
are untrustworthy.
copyrights and patents discriminate against those who believe in free markets.
copyrights and patents are not proper property rights. In fact, they destroy physical property rights (even though you own something, you are not permitted to shape its physical form to convey certain information).
I have no difficulty giving credit to authors for authorship. The “proper credit” for “intellectual ‘property’” is a massive “SCREW YOU” to whoever came up with the term.
Enforcement of patent and copyright in the technological limit (which the relevant infonazis are pursuing with digital restrictions management) requires gross violation of everyone’ privacy to make sure people aren’t (gasp) copying or using bits of information.
It’s impossible to truly honour confidentiality while “respecting” copyrights and patents.
Yeah, it’s bad, but come on, use your common sense - there is no such thing as free software. Someone gets something out of it, it might not be money it might be data. Never use shareware - here is the answer.
Yes, there is such a thing as free software - free (as in free speech) open source software. The problem is not free (as in free beer) vs commercial, but closed source vs open source. And yes, there are actually programmers that give their work away without trying to steal anything from you.
Can we now even trust the browsers?
MateMedia is a legitimate company and we are absolutely horrified that this has occurred.
We have removed from our websites all links to the software, and will be requesting any download sites that are hosting the software to remove it immediately.
We are in the process of notifying our customers, and we’re investigating this matter with our software development team.