Being asked to hack on an interview?

If it violates the TOU, then yes, essentially.

When you set foot on someone else’s property, you do so with their permission and agree to their rules. Their permission can be conditional on you obeying their rules. If they withdraw their permission (actively or tacitly) then you are trespassing. Period. This used to be understood implicitly (and explicitly). The idea of property rights was a founding principle of this country. They used to teach this in grade school. Maybe they don’t anymore.

Look, you clearly want an excuse for people to do whatever they want with other people’s properties. But please have the intellectual honesty to simply admit that. You cannot take the stance you are taking and also believe in the rule of law and property rights. They are in direct opposition.

If you think a company is breaking the law don’t work for them. But don’t refuse to do the requested task and still expect a job.

Again, it is illegal to fire someone for refusing to break the law. I’ve learned to respect you (and still do) from the interactions we’ve had in this forum, but the fact that you keep stressing the importance of keeping your job over obeying the law is troubling. You have a legal obligation to obey the law. If you know that your company is breaking the law, you have a legal obligation to report it. Period. Think of any movie where some employee looked the other way or blindly followed orders to break the law - they’re always the bad guys.

And @anon52159105 you never answered my question:

If someone was a good lock picker and could sneak into your place and take a nap on your couch when you’re not there, is it OK as long as they don’t intend to do any damage? Is it your fault for not having a better lock?

It’s easy to sing the praises of ignoring people’s property rights when it’s someone else’s property.

When I worked on the cruise ship, I had a certain cabin mate who would extol pseudo philosophical rants about things like this. In his mind, all property is an illusion and it was his duty to ignore property rights. He fancied himself a graffiti artist back home. He was an active hacker that was active in movie and music piracy. To here him speak, he was making the world a better place. (I also later found out that he was stealing from me.)

That was 15 years ago. He now is part owner in a small music publishing company. A friend of a friend (who knows I couldn’t stand this little troll) sent me a copy of a facebook post of this guy complaining about how copyright violations are making it nearly impossible for his business to thrive. Some people have no sense of irony.

It’s easy to think piracy is funny when it’s someone else’s property that’s being pirated.

Please explain to me how you compare Adblock to trespassing? I’m under zero obligation to let your packets pass through my router. You don’t pay for the traffic so you don’t determine which traffic I will and will-not route. For rule of law I believe it’s wrong to commit crimes, for example I would not steal from someone. You have property rights, however just because you grant me access to your property to look at let’s say a fountain, I’m not obligated to also look at your photo gallery, at the same time you are free to ask me to leave if I refuse to view your photo gallery.

And I hope we can continue to respect each other despite our differing opinions on this subject, meaningful debate and discussion is crucial to any place of discussion thriving. So far I think we’ve both refrained from any personal attacks and I’m hopefully it continues to remain that way in this case I do not believe a crime has been committed and side with the employer in this specific circumstance. I agree that you do have an obligation to obey the law and report crimes. I wouldn’t murder someone just because my boss told me to. However constantly stepping back slowing down the company’s progress because you are worried something might be unethical would be concerning to me as an employer and make me hesitate whether to keep you as an employee or not. Big companies like Google and Twitter share your personal information, it’s probably unethical, but if you refuse to do your part in the development and maintenance of those systems you could lose your job - is an ethics debate with your boss really worth it?

I don’t need an excuse. There is nothing that is unlawful about the use of adblockers. Maybe unethical because it hurts small publishers. I’ll cite one of my favorite youtubers Mr. Repizon who published a video and said that is was a bad decision of his to rely on advertising as his primary revenue and is glad to go back to school to become a skilled worker.

That would be breaking into someone’s property which is a crime. We can both agree on that.

Movie/music piracy isn’t hacking it’s just copyright infringement? A crime and morally wrong? Absolutely, the majority of us agree distributing others copyrighted works is wrong, but I can hardly compare distributing files to breaking into a computer system.

The rule of law alone is not enough to stop piracy. You will need to take technical measures and have other streams of income. It sucks for everyone involved, but if your only source of income is sales of digital content that’s a risky business decision with the state of piracy today. Maybe this will change in the next 10 years from now, however you need to operate your business in the present.

I never said I thought piracy was funny.

In the example cited the company needed a simple online quiz to trick people into buying a certain drug. An online quiz like that shouldn’t take too long to develop. If you don’t do it the company will outsource the work extra and that can include to countries where cheap labor is abundant. Refusing a project other ethics doesn’t stop it, we need to address these issues in other ways, including legislation, and agreements with various industries’ stakeholders. Diplomacy will do more than mere protest by a few developers.

Yes, it is in your browser but you are accessing information on their server. I think we are disagreeing about what TOUs are.

That would be breaking into someone’s property which is a crime. We can both agree on that.

I think we agree about physical property, but you seem to have flexible logic when it comes to digital property, either information of servers. I apply the same rules to both: my property, my rules and your property, their rules and their property their rules.

Movie/music piracy isn’t hacking it’s just copyright infringement?

Again, there are many definitions of hacking, as discussed earlier in the thread. Cracking into DRM is certainly hacking. And I think a world wide architecture devoted to ripping and distributing copyrighted material while staying anonymous and avoiding legal responsibilities - I think that intersect with some definitions of hacking. Don’t confuse ubiquity with legality or ethics. Is it hacking? There is some overlap. And it certainly is part of the same worldview.

The rule of law alone is not enough to stop piracy.

You keep conflating the laws and the efficacy and wisdom of countermeasures. This is a common tactic of people trying to blame the victim. When a woman is sexually harassed, a knee jerk response is to say, “she shouldn’t have dressed that way” or “she should drink” or “she shouldn’t go to a frat party at 4am”. It often contains an implicit “she was begging for it.” (Mirroring something you said earlier.)

But these are two completely different issue. If you want to discuss the wisdom or efficacy of various security measure, that is a separate issue. I’m talking about the ethics of hacking, the ethics of the perpetrator. Trying to change the focus from the perpetrator to the victim is a rhetorical trick.

In the discussion of the ethics of hacking (or sexual harassment or property crime), it is completely irrelevant how temping of a target it is or how inept the security is. Similarly it doesn’t matter how bad the lock on your house is or how hot her miniskirt is - the victim is the victim, period. You can talk about the foolishness of the victim, but you seem to keep implying that it alleviates some of the responsibility of the perpetrator. I say this because I keep talking about the ethics the the perpetrator and you keep trying to change the discussion to the responsibilities of the victim.

The rule of law alone is not enough to stop piracy. You will need to take technical measures and have other streams of income.

More of the same. I’m trying to talk about the ethics of the perpetrators, not the responsibilities of the victim.

Refusing a project other ethics doesn’t stop it,…

Wow. That is the same logic used by every person doing something unethical. “Hey, if I don’t do it, someone else will, so who cares.” I won’t insult you with a long list of all the horrible things that have been justified with that same logic.

I agree and it violates the DMCA where you aren’t allowed to bypass protection systems.

Because we have to consider how laws and ethics apply in a digital world. The same set of standards can’t easily apply. I highly recommend reading Judge Cracks Down on LinkedIn’s Shameful Abuse of Computer Break-In Law | Electronic Frontier Foundation where the EFF discusses the issue of using another websites data without permission. It really helps put things into a similar perspective.

Ah but you didn’t include my proposed solution of diplomacy. If we want to stop unethical projects we need to work with various industry stakeholders to stop it. Refusal doesn’t make an impact, diplomacy does.

Understood. We as developers should focus on solutions to stop attackers not debating the ethics of it in the workplace.

Well, we’re talking in circles now and we’ve both said our piece. We agree on some things and disagree on others. Peace.

Thanks for an interesting debate guys! You’re both very articulate and thoughtful, and more importantly respectful. Bravo

f***off employers!!!

Hmmm … this sounds like nothing shy of shady and unethical. Further, there are slippery companies that use interviews as an opportunity to “challenge” the interviewee by having them do some work they do NOT want to pay for.

My two cents, FWIW, is to run very far and very fast away from this group. It may just be a test and nothing more, but if they’re willing to ask you to hack another business’ API, then there’s no telling what they might ask you to do IF you even get the job. I would recommend looking for a more pleasant group of people to work for.

That.s my take on this discussion. I have seen mention of black hat/white hat which can be applied to any business practice. Gray hat is simply black hat that has not yet been discovered or properly defined.

The distinction that I’ve always heard is that gray hat doesn’t have the malicious intent of black hat. There is no intention of doing any damage or take anything to which you don’t have a right. It’s arguable that what I’m defining here (in the OP) would be on the slightly dark side of gray hat since it is accessing something that is only supposed to be accessed though the company’s portal, getting exposed to their ads for the paid service, rendering this a kind of theft of service. But I think it would be a bit much to call it black hat.

You may be right, but how do you know there is no malicious intent? The ethics of such behavior is highly questionable.