tags:

views:

1179

answers:

16

In general, not just in relation to stackoverflow, sometimes I'm asked a programming question for which the answer will probably be used for good purposes, but there is a chance that it could not be.

Two recent examples which reminded me of some real world questions I've been asked are:

  1. Send email to many users, and
  2. keep a formless application from closing for a keyboard hook

Though I don't believe the intent of the authors of those questions is in any way nefarious, occasionally someone does ask such a question for purposes of aiding a spamming effort, or creating a keylogger. Even though the questioner and answerers had good intent, a 3rd party could pervert those answers to create a piece of malware or a spam utility.

Should we always trust the questioner to use the answer for good? Should we feel obligated to ask the purpose of a question, and how the answer will be used? And how can we prevent answers from being overheard (when asked verbally) or being referenced (when posted publicly online) and then used for unsavory purposes?

+20  A: 

I don't draw any lines. People must be responsible for their actions.

Otávio Décio
Including you, right? Which means you should draw some lines...
TM
this doesn't help - you can't claim innocence for merely giving the assassin his gun
annakata
@TM: I consider myself responsible; and I don't think I need lines drawn to discern good from evil. Good judgment is pretty much all needed.
Otávio Décio
So you are saying if I offer someone a gun as a gift, and it happens to be used in a crime, I am somehow responsible? Disclaimer: I never *touched* a gun.
Otávio Décio
if you offer a gun to someone who seems a little unbalanced yeah you take some blame - as TM said responsibility for actions includes yourself
annakata
Try to define unbalanced... and then you end up sending everybody to the nut house.
Otávio Décio
:/ this isn't one flew over the cuckoo's nest, the absolutism of your statement is just a bit flippant
annakata
Those two sentences are contradictory.
Dour High Arch
This discussion seems to be veering away from "programming-related"
Adam Bellaire
that started with the original question itself...
hop
+5  A: 

If I think the question is about something like what you're talking about (e.g. a spammer or a key logger), then I simply don't answer the question unless the asker also puts why they're asking and it's not because they want to spam or log keys (and it sounds reasonable).

Robert C. Barth
A: 

I've wondered about it myself, but unless it is clear that one intends to use it for bad purposes (and even otherwise), I don't think we should avoid a reply.

It is not as if one could not find the answers easily online elsewhere or figure them out themselves or from a more experienced developers, or reverse engineer existing systems.

If it was a nuke-difficulty question, maybe then I'd draw the line.

Uri
+1  A: 

There's also the "Why would you want to do that?" question, or even "I could probably help you better if I knew what you were trying to do".

If you don't like the response, don't answer the question. If you feel comfortable talking with the questioner, you can get into why.

David Thornley
+3  A: 

You pose a very interesting question. It sort of resembles something that my chemistry teacher inadvertently posed the other day -- she's teaching us about the way chemicals react (particularly alkali metals and water, which can be an explosive reaction). By teaching us the skills we could use to make bombs (well, you know what I mean) and hurt people, she's crossing an ethical line. However, the few of us that become chemists could use this knowledge.

At some point, it's my belief that you just have to use a little bit of trust. And by trust I mean two things: trust in the fact that if they want to perform a malicious action, you not helping them will only slow them down a bit -- they'll figure out a way eventually, and trust in the fact that most people here are innocently looking for some help. =]

Salty
I think there's a big gap between teaching how chemicals interact and showing you how to wire them up with a detonator and timer. Knowing how the reactions occur won't help you with the latter.
tvanfosson
Exactly. So if someone asks you something vaguely malicious, answer their question. If, on the other hand, like asking for instructions on wiring a detonator, they are explicitly asking how to do something 'bad', send them on their way.
Salty
+15  A: 

The answer is use your judgement.

Sometime you need to do what feels right and not try and define an algorithm that defines "right".

RichH
+4  A: 

This is a problem I have run into in that I want to learn "how to 'hack'" not because I want to break into peoples computers, but because I want to learn to prevent it. In order to prevent it I need to know how. This leads to the problem I don't know what to ask, where to ask, or how to ask because I am afraid someone might mis-interpret my intentions and put me on some list somewhere.

So this goes along of maybe it would be a good idea to have a place for specific things and have a way to clarify intentions.

Edit: sorry if what I have said is incoherent it makes sense to me but my ADD sometimes grabs me and things don't come out right.

percent20
Also, a lot of programmers want to know how to hack in part because they are curious as to what goes into it.
Rob
@Rob: Including me! That 30-second YouTube video on using Metasploit didn't teach me a thing. However, the video from the Microsoft TechNet conference was very enlightening (although I have forgotten the guy's name).
Lucas Jones
+4  A: 

Personally, I just avoid the questions that seem to be asking for things that I think are shady. That includes questions that sound like "please write down an answer for my homework problem." If the person seems to be seeking to learn enough to answer the problem on their own, I'm happy to oblige, though. Similarly, I think you can often tell what the motivation behind the question is by the question itself. If there's not enough info for you to feel comfortable answering either ask for clarification or move on.

tvanfosson
A: 

I think any sort of knowledge could be misused and perverted. it really does fall to individual responsibility. Should I not give directions random people that ask for directions to city hall or a hospital for fear of them being a national security threat?

willz
A: 

Good question and definitely food for thought.

I am reminded of one of the first books I read on computer viruses. The authors included the source code of an actual virus. They mentioned that they did not provide WORKING source code (that would be irresponsible) but they wanted to provide enough source code to show how a virus might work.

Possibly the same approach may be taken for assisting another developer with a sensitive technique. If the technique in question could be used for nefarious purposes then a little obfuscation may be wise.

Give them enough code so they can see how it may be done but it may be wise to leave some of the details for the motivated developer and state the reason why you did this.

As Ocdecio stated people are "responsible for their actions". You can't stop someone from doing something stupid (or legitimate) and if someone wants to do something they will find a way... but you need to be responsible as well.

Andy Webb
Actually, there was an older book on viruses that had working source code in it, but all of the viruses disclosed had long since been rendered obsolete by modern anti-virus software. The book had a very interesting discussion as to why the code was disclosed.
Rob
+13  A: 

I suggest you ask what their intentions are, then give advice based on their response.

I think it's perfectly fine to withhold advice if there's any doubt.

Jeff Atwood
+1  A: 

Personally, I just don't answer their questions or vote them down if it's a clearcut enough case. Do I want to have any part in their (mis)deeds? No. But is it good for us as a community to start questioning people based on what they might be doing? I say no.

Jason Baker
A: 

Well, I can see legitimate uses to both of the questions - the bulk emailer could be used for opt-in email lists, and the keyboard hook could be used for system monitor software, although there are better ways to do it - so I would answer those questions if I had a good answer for them.

As a whole I would generally trust most of the people on a site like this unless the question really made me raise an eyebrow. Likewise, if I saw someone with several hundred points of reputation I would give them the benefit of the doubt; however, someone lacking reputation I might pass on answering the question.

Rob
A: 

To quote a fantasy book that I read many years ago:

Learning is never wrong.. ..Or right. It's just a thing to learn, a thing I can teach you. That's all.

SCdF
+1  A: 

I think we programmers ought to be objective about this. Almost anything in programming knowledge (say a simple file delete command) can be used for destructive purposes, but that doesn't mean we shouldn't share knowledge.

I agree that if we are aware of the answer, and you're not sure that the intent is indeed harmful, then it's proper to answer it.

On the other hand it's improper to answer questions like : How can I infiltrate into my enemy's computer and wipe out his hard disk?

Hmm... I guess you gotta trust your instincts about the person who's asking the question.

Cyril Gupta
A: 

It is always good to help by pointing them to correct direction. That is not to say you code for them.

fastcodejava