15 September 2006 Blog Home : September 2006 : Permalink
"On Monday, a Seattle web developer named Jason Fortuny started his own Craigslist experiment. The goal: 'Posing as a submissive woman looking for an aggressive dom, how many responses can we get in 24 hours?' He took the text and photo from a sexually explicit ad in another area, reposted it to Craigslist Seattle, and waited for the responses to roll in ... '178 responses, with 145 photos of men in various states of undress. Responses include full e-mail addresses (both personal and business addresses), names, and in some cases IM screen names and telephone numbers.' In a staggering move, he then published every single response, unedited and uncensored, with all photos and personal information to Encyclopedia Dramatica."
discussion below]As I understand it all they did was go from http://www.host.com/some/path/pressrelease.htm to http://www.host.com/some/path/ or possibly http://www.host.com/some/ and discover that instead of an index page or permission denied notice it contained a directory listing. And amongst the files listed were this particular bit of audio.
The question in this case is whether cropping a URL - from http://www.host.com/some/path/pressrelease.htm to http://www.host.com/some/path/ is in fact illegal, unethical, etc..... If we follow Weintraub's reasoning, that means if I forget and leave my front door unlocked, you have the legal right to burgarize the joint.
Morally and ethically, whenever an unauthorized person is trolling around the private area of someone else's website, he is hacking -- whether security was adequate or not. It's completely irrelevant, no matter what the law says.
The lack of good security procedures does not release Democrats from the necessity to act in a morally responsible way, any more than the lack of a good lock releases them from moral responsibility for black-bagging Republican campaign offices and Xeroxing donor lists.
This is, IMHO, wrong. The correct metaphor is a place constructed entirely (or primarily) for the general public but where certain parts may be off limits to those unauthorized to visit. This is more like a shop, church, gallery or theatre. A website is designed and intended to be visited by the public, just as shops, churches, galleries and theatres are. Indeed a public website quite frequently is an online shop, church, gallery or theatre. A private house or club, on the other hand, is not intended for public access and neither is a secure website where access requires some sort of authentication and prior approval by the proprietor. We as humans are not compelled to have public shops, churches etc. and neither are we compelled to have public websites, hence if we do have them there is a reasonable assumption that we expect people to visit, and hence, if we find members of the public poking their noses into places where they shouldn't it is our fault for not locking them up and/or not putting up clear signs about "Authorized personnel only" or "no entry except between the hours of 9am and 5pm". Precisely the same applies to websites. If we don't want people to crop a URL and find something private (such as the new version of a page or something we are publishing explicitly for one particular person) we need to make sure that the page that results returns some sort of sensible error message and not a directory listing - which is what appears to have occured in the Schwarzenegger case. Hence, IMHO, wandering around someone's website is, at worst, the equivalent of tresspass and more like the sort of thing tha happens when some visitor wanders into a non-public part of a shop etc. looking for the restroom.I learn the most amazing things online.
Apparently, if someone sends you personal information, it is "illegal" for you to give said information to anyone else. There's an implied non-disclosure agreement that negates free speech. I'm sure the people who send out credit card applications will be shocked to hear that, and will cease their heinous crimes at once.
And if someone stupidly sends out personal information and photos to an unconfirmed requestor, I should feel pity and outrage on their behalf and help them "sue" for the damage done to them by releasing information they should never have released in the first place.
It may indeed be ethically dispicable to publish such emails - after all you are deliberately seeking replies under false pretences - but that doesn't mean that you have no responsibility to retain your own privacy if you think that is important. Hence (for example) those idiots who reply from a work email address, use their real name wen replying to someone posting pseudonymously etc. are guilty of the one real capital crime - stupidity. I'm highly tempted to say that publicising these intimate details has been a public service because, with luck and wide enough coverage, it will make people think about what they are sharing on the Internet.