Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Dunno how the hell one would not expect this to be be highly illegal. The guy literally wrote a software tool that covertly sends images from an unsuspecting device's camera to his personal servers, and installed+activated it on target machines belonging to the US's 3rd largest company by market cap in 2010 (now 1st largest). I get that in the pre-Snowden world, it felt like you were building a cutesy proof-of-concept to showcase to the world the possibilities of invasive mass surveillance, but that doesn't change the duck test that you actually built the mechanism and deployed it.


Agree. it's not art. he made literal spyware


Sure, and I don’t support this guy.

I do find it funny though that the same government that does this exact thing at scale works so hard to go after people who do this.

It’s not that they think it’s wrong, it’s that they don’t want competition.


The point of government is to have a monopoly on various kinds of power and control.

It’s the core concept of the thing, with the first premise being a monopoly on violence.

It’s not hypocritical for a government to say it’s not wrong when they do violence and it is wrong when others do it.

A government may commit moral or immoral violence, or express moral or immoral values in its actions.

But it’s not hypocrisy to not want competition. It’s the point of the thing.


>The point of government is to have a monopoly on various kinds of power and control.

That one idea, of many.


The stores where this was done are chock full of purpose-built cameras performing more in-depth and persistent surveillance. The main difference is the proceeds from that surveillance system are generally kept hidden, so they don't provoke a base response.

This is yet another occurrence of the draconian CFAA being used to persecute individuals, often with severe life-destroying penalties, for what should be considered, at most, misdemeanor trespass - a modern day witch hunt. And since the CFAA hinges on this nebulous concept of "authorization", it's straightforwardly nullified by a contract of adhesion, so it does nothing to protect individuals from transgressions by companies.


since he had legal access to the computer, I don't think what he did is legally want different than running OBS on your own computer.


He did not have legal "access" to the computer; this isnt how the law, or even basic common sense, works.

Apple made store computers available for demo, installing spyware on them clearly violates the level and kind of authorisation apple was providing. THe law makes these distinctions.

But likewise, so does anyone with half a brain. You cannot come into my house an d install a keylogger on my PC, even if I make it available to you to play around with for other reasons.


Apple made store computers available for demo and he didn't bypass any protection to run the software, and there isn't any agreement you have to sign to use one of the demo computers that lists what you are and aren't allowed to do with them. I agree this is on the edge, but looking through the CFAA, it isn't obvious to me which if any section applies here.


This is like claiming "You downloaded and ran my executable from the internet, so the fact it starting keylogging you is ok! I had totally legitimate access provided by you!!"

Apple makes the computers available for the purposes of demonstration. No rational person would ever think this includes installing spyware on them, so you are exceeding the level of authorization Apple gave you. I strongly believe a court would see it the same way.


> law prohibits accessing a computer without authorization, or in excess of authorization

Excess is a very broad condition, and deliberately so. The law doesnt say what counts as auth one way or another, that's up to the courts to interpret.

It seems beyond doubt that any reasonable court would find this guy did not have auth to install anything, let alone spyware.


The thing with authorization is... well... you can have authorization to go to a public park. But carving up a park bench is very much not authorized. You can be "able" to do something when the public has access to it. However the ethics of altering property that belongs to somebody else tends to lean from anywhere from "okay if you have permission" to "heavily illegal".

Anybody can install spyware on a public computer, anybody can install spyware when given permission by the property owner. Installing spyware on a public computer (that you do not own) without permission of the owner is very much illegal.


Do I have authorization to sketch highly-accurate versions of people's faces in that public park?


Public park yes, but in an Apple store is a different question entirely. https://en.wikipedia.org/wiki/Freedom_of_panorama#Laws_aroun...


> Apple made store computers available for demo and he didn't bypass any protection to run the software, and there isn't any agreement you have to sign to use one of the demo computers that lists what you are and aren't allowed to do with them.

Unauthorised entry is unauthorised regardless of whether you have to open a door or break a lock. Not having to circumvent protection measures does not make something legal.


odd how merely the existence of a mechanism to try and attempt to prevent access falls under DRM, the the non-existence of such a mechanism apparently doesn't imply permission.


I always wonder how skeezebags justify their actions, and there it is. They're deluded




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: