Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Ethical considerations of responding to posts made by someone obviously up to no good

by kikuchiyo (Friar)
on May 26, 2020 at 17:27 UTC ( #11117293=monkdiscuss: print w/replies, xml ) Need Help??

This question was prompted by the following node: json no reload

Its author has repeatedly made low quality posts with an obvious lack of ability or intent to learn anything, expecting us to give him ready-to-use solutions to help him in his nefarious endavors. To put it bluntly, the poster is likely a scammer or script kiddie, except he keeps tripping up in his own shoelaces and he is too retarded to notice even that.

What is the right thing to do with posts like this, given that replying to them is at best a waste of time, but at worst might lead to other, innocent people being hurt?

  1. ignore completely
  2. delete and ban
  3. try to educate the poster
  4. give a malicious answer that hurts the scammer if he is dumb enough to blindly run code from the internet
  5. report to the authorities

Ignoring or deleting seems like avoiding responsibility, like saying "it's not my problem".

Educating doesn't seem to work - now, nor in general.

As for giving a fake answer, I've once read a chatlog where an angry and overconfident kid wanted to hack his neighbor's wi-fi, and someone convinced him to run yes I want to enable wireless hacking > /dev/sda as root on his (or as it turned out, his father's) computer - which is both evil and hilarious. In any case, this is a dangerous option.

Reporting makes me feel like a snitch - but at the same time, if there is evidence for a crime, I (we) have a moral or even legal obligation to report it.

  • Comment on Ethical considerations of responding to posts made by someone obviously up to no good
  • Download Code

Replies are listed 'Best First'.
Re: Ethical considerations of responding to posts made by someone obviously up to no good
by choroba (Archbishop) on May 26, 2020 at 17:51 UTC
    White hat hackers recruit from black hat ones, at least sometimes.

    Answering a question here is not answering just the OP. Anyone having similar questions, or just browsing the forum, might be interested in the answers.

    If the post itself doesn't contain any malicious code, #3 is definitely the correct way to go. By "educate", though, I don't mean giving them what they want; you can include all your ethical concerns into the reply, which might not interest the OP, but can help other script kiddies to consider changing their paths, and maybe change their hat from black to grey at least. You can always answer correctly but in a way that the answer can't be used without real understanding, i.e. show the solution to a slightly different situation that can still help some else who finds the page, but not the phishing scammer who just requires copy-n-paste ready source code.

    Sometimes, repeating the same answer again and again (even to different people) leads to exhaustion. If that's your case, use #1.

    I'd reserve #2 for posts directly containing or linking to malicious code.

    map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
Re: Ethical considerations of responding to posts made by someone obviously up to no good
by haj (Deacon) on May 26, 2020 at 19:34 UTC

    I suggest a reaction which isn't on your list yet:

    6. Answer with a quote to afoken's verdict.

    Educating the poster hasn't been fruitful so far, but educating the community about the nature of this particular monk seems to be appropriate.

      This was pretty much the approach merlyn took aeons ago for the miscreant in the incident(s) I mentioned above: "freak" and recent threads

      Edit: a word.

      The cake is a lie.
      The cake is a lie.
      The cake is a lie.

Re: Ethical considerations of responding to posts made by someone obviously up to no good
by Fletch (Chancellor) on May 26, 2020 at 18:59 UTC

    After attempting option 3 there's always falling back on mockery (then again sometimes they're too dense to recognize that; see Re: Hide real IP). But WRT this instance it certainly looks like there's a box of hammers which is missing its village idiot. Which reminds me to go add an id to my bozo-bit CSS . . .

    Edit: *cough*

    a[href$="1101378"]:after { content: " \01f921"; }

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

Re: Ethical considerations of responding to posts made by someone obviously up to no good
by marto (Archbishop) on May 27, 2020 at 10:14 UTC

    "What is the right thing to do with posts like this, given that replying to them is at best a waste of time"

    We have a small number of consistent abusers, both posting asking for help while wasting our time, and handing out frankly awful/dangerous advice (in terms of careers or otherwise) while pontificating about their frankly imaginary or delusional expertise. These posts should not be ignored, rather challenged/rebutted as appropriate. To do this rationally takes time, effort and restraint.

    In response to some of your other points.

    1. That's up to you, however consider the future uninitiated reader. Sane responses/rebuttals work better.
    2. People can post anonymously. Fortunately the initiated can usually quickly spot our distinctive trolls/abusers based purely on their content/ramblings/various other issues.
    3. Since repeat offenders are unable or unwilling for whatever reason (see above), consider any educational response is more often than not in these cases going to fall on deaf ears, however, future readers will benefit from educational responses.
    4. Under no circumstances should this occur.

    Part of the problem is taking the time to see the bigger picture. With some of the worst repeat offenders the effort required is fairly minimal, however as noted in other responses, and their subsequent links some detective work, joining of the dots, is required.

Re: Ethical considerations of responding to posts made by someone obviously up to no good
by stevieb (Canon) on May 26, 2020 at 21:45 UTC
    1) ignore completely 2) delete and ban 3) try to educate the poster 4) give a malicious answer that hurts the scammer if he is dumb enough to blindly run code from the internet 5) report to the authorities
    1. If you're not an experienced Monk or you just get pissed off to the point you feel like throwing something
    2. If you're a site admin, and the person has been consistently abusive to other members or a major distraction to the site as a whole
    3. If they are relatively new to this site and/or the Internet in general, and haven't been educated on netiquette yet. If the problem is repeated consistently, see 1 or 2
    4. I don't condone this, and I'm sure the people who own this site don't either. What happens if they work at the hospital your Mom is in critical care at and the security is lax to the point that malicious code can disable live-saving equipment?
    5. If it affects life, liberty or freedom of you or a loved one, go for it
Re: Ethical considerations of responding to posts made by someone obviously up to no good
by bliako (Prior) on May 28, 2020 at 09:51 UTC

    I don't know about nefarious purposes and who's the arbiter here anyway?

    In one of the links provided by Fletch I see this opinion: Re: HTTP_REFERER "control" posted by Abigail-II, albeit it refers to popups advertising and not to phishing. But there are valid concerns.

    Is it legal that an OS after an update asked and got permission to change the privacy settings by using the term "better experience" on an octagenarian user (that's what I assume because when I handed them the computer I made sure I ticked that box off and now it's turned back on)? And the OS now has, again, control of the microphone? Is it legal that a search engine/social media site ranks content they serve you depending on some algorithm - essentially burying news and opinions? Is it legal that I can not be root (different OS, same grabalicious attitude) because they invented a new super-root role reserved only for their staff on my computer? Is it legal that on the 3rd and "most innocent" of the OS there is a geo-location service which if you remove you must remove 3/4 of the OS with it? As all was made to depend on it? (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924516).etc. etc. etc. x10E+12.

    Sometimes the difference between black hat and white hat is the difference between profiting for oneself against others or profiting for their country against other countries. Is that moral? Must Snowden be extradited and rot in chaingang? Is Manning's judge so obsessively prosecuting her morally justifiable, when at the same time president pardoning a flock of billionaires?

    On the other hand, getting the pass from choroba's subtle humour, reporting un-educatable cases like them, may lead to their recruitment as white hatters and then it's "god-help the taxpayer". It will be like Mr Bean and Insp. Clouzeau in the same body.

    Ignore I believe.

    bw, bliako

      who's the arbiter here anyway?

      Everyone; even our anonymous brethren.

      Is it legal that ...

      Legality is a matter of jurisdiction, statute and case law. Ethical rectitude OTOH is in the eye of the beholder.

        I totally agree with your 1st point.

Re: Ethical considerations of responding to posts made by someone obviously up to no good
by perlfan (Priest) on May 28, 2020 at 07:16 UTC
    The answer is #1. Also known as, don't feed the trolls. Anything else is giving too much energy to it. If any overt action is taken without perfect information (or near perfect), then you or I (e.g.) could someday be in the cross hairs for far less clear reasons.

    Note, I replied to the person noting they "revealed" credentials on a free database site; but I suspected then and do now that this was just a ploy to gets someone from here to try to test the credentials. So the other side to #1 is, don't take the bait.

      I agree with your advice and also with:

      you or I (e.g.) could someday be in the cross hairs for far less clear reasons

      lynch mobs etc.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://11117293]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (6)
As of 2020-08-09 21:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which rocket would you take to Mars?










    Results (55 votes). Check out past polls.

    Notices?