Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should You Break TOS Because Work Asks You?

Posted by CmdrTaco on from the just-don't-crawl-this-domain-please dept.

An anonymous reader writes "My boss recently assigned me a project that was all his idea, with two basic flaws that would require me to break multiple web sites' Terms of Service (TOS). Part requires scraping most of the site, parsing the data and presenting it as our own without human intervention. While we're safe on copyright issues, clearly scraping like this is normally not allowed. At times it might also put a load on those sites. The other is, for lack of better words, a 'load balancing' part that requires using multiple free accounts instead of purchasing space and CPU time for less than $2,000 USD per month. The boss sees it as 'distributed' computing when in reality it's 'parasitic.' My question is: am I wrong about the ethics? If I do need to walk, how best can I handle it without damaging my reputation and future employment opportunities?"

56 of 680 comments (clear)

  1. You're Right, Of Course by eldavojohn · · Score: 5, Insightful

    My question is am I wrong about the ethics?

    You don't even have to ask that question, this isn't even one of those interesting cases or gray areas. What you're planning to do is wrong--even though you could probably escape any legal ramifications. It sounds pretty clear that this site creates profit from these overly priced accounts for information that you obviously value at some amount. Getting it for free (regardless of the TOS) could put you at some risk for litigation. Using the term "load balancing" or even "distributed computing" is hilariously misplaced here.

    If I do need to walk how best can I handle it without damaging my reputation and future employment opportunities?

    Look, I understand what's it like to be looking for a job when the economy is bad. If there are forces keeping you pinned to this employer, I don't know of them. What I would retort with is "How can you keep working this job without damaging your reputation and future employment?" I mean are you going to put in your resume that you coded a technically innovative but bandwidth stealing parasitic botnet to duplicate content from a website that asks for a monthly payment to normally access it at that volume?

    I would suggest you propose the $2k/month route and if your boss balks at it, start interviewing with other companies. If you have to leave and you're worried about being blacklisted as a 'whistleblower' (and your boss just might be that kind of guy) then tell him it's for monetary reasons that you're leaving and wish him the best of luck in his future scams.

    --
    My work here is dung.
    1. Re:You're Right, Of Course by Lumpy · · Score: 4, Interesting

      I say do it. but EMAIL your boss with your concerns and then continue.

      when the shit hits the fan you have documentation to throw him under the bus hard and watch the wheels crush him.

      Honestly It's all about CYA in the business world. If your boss tells you to do something unethical or wrong, document it every way you can and hold onto that so you can hand him over.

      Why do you have any loyalty to them? they have none for you.

      --
      Do not look at laser with remaining good eye.
    2. Re:You're Right, Of Course by SatanicPuppy · · Score: 4, Interesting

      All that will happen is that the site in question will blacklist your scraping application. I work for a media organization, and we deal with this stuff all the time. It's far more cost efficient for us to simply whack the application than to try and track down the jokers. It's actually pretty trivial to nail an automated scraper: they're obvious on the logs.

      So the few times I've had someone ask me to do this sort of scraping, my response is usually that sure, fine, it works, but it's very easy to spot on the logs, and the information is very likely to become unavailable at unpredictable intervals.

      In the long run, it's usually pretty futile to scrape in the first place. When you're stealing content just to drive traffic, you tend to have a crappy site. The only time I ever did a professional scraping app that was "justified" and "legal", the victim was another business unit within the same corporation, and we had every right to the data that they "couldn't" compile for us.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    3. Re:You're Right, Of Course by jimicus · · Score: 4, Insightful

      How is splitting and allowing the work to be done by someone else to do any more ethically sound than doing it yourself?

      At the risk of invoking Godwin's Law so early on, how is taking this approach any different from saying to yourself "I'm just following orders"?

    4. Re:You're Right, Of Course by Hognoxious · · Score: 4, Interesting

      Would it be possible to detect the scraper in real-time and redirect it to some fake/spoof data? It needn't be goatse. But it could be!

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    5. Re:You're Right, Of Course by Andy+Dodd · · Score: 4, Interesting

      Maybe not in real time, but once someone detected a scraper at a given IP, they could easily change their site to feed that IP fake data instead of blocking it.

      If I were in the scrapee's position, I'd probably do that because it's the best way to attack the scraper. From order of least effort on the scrapee's part to most:
      1) Blocking it makes it obvious to the scraper that they've been found out, and they'll work around it, then you'll need to block them again, on and on the cat-and-mouse game goes.
      2) Feeding them mostly good data but with lots of inaccurate information scattered about is nearly impossible for them to detect until it has irreparably damaged their reputation and/or caused them to make bad decisions based on the data.
      3) Suing them is a pain in the butt, even more effort than 2)

      --
      retrorocket.o not found, launch anyway?
    6. Re:You're Right, Of Course by SatanicPuppy · · Score: 5, Insightful

      Should be. It depends on what kind of data they're downloading, and whether they're just crawling link by link and hoovering up everything, or whether they're looking for something specific.

      Either way, spiders and scrapers usually have programmed scan intervals which have no relation to an actual human's browsing...or they just hit the page as hard as they can, but that is so easy to block that almost no one does it that way. Even if they add a little randomness, it's only efficient to run a scraper if it's hitting every few seconds at max, and even the most ADD user won't keep that up.

      Ironically, the easiest way to nail 'em is to put up a subset of "no robots" pages; if the robots crawl those pages, blacklist 'em. Every legitimate spider will respect those files.

      Otherwise, if you're running a site with a ton of data, and something is crawling it sequentially, you can absolutely redirect their queries to whatever you want. I'd be wary of doing something cute (if you can call goatse "cute") for fear that you'll have an occasional false positive and redirect a user from a high bandwidth location to that site.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    7. Re:You're Right, Of Course by GrpA · · Score: 5, Interesting

      I've also had similar requests in the past, and in both cases I did the work. I considered the request, decided they were ethical (even if somewhat unusual) and so did it. That's something you're going to have to figure out for yourself - whether you're going to do it or not.

      I've been on the other side of the fence also...

      If you're relying on data for commercial use, putting yourself in a position where you need that data is a risky thing...

      I had a scraper once come after me. I caught them - as the previous poster pointed out, it's easy... I didn't block them. I captured and redirected their requests so I could control what they got and, well, sent them some information that made them look really, really stupid. They were angry, but there wasn't much they could do.

      They were just enthusiasts - they had no business risk in their application suddenly failing.

      Let your boss know the risk he is facing and then ask him if he really wants to risk being caught and shut down unexpectedly, or worse, finding someone has poisened his data.

      It's just not good for business.

      GrpA

      --
      Enjoy science fiction? "Turing Evolved" - AI, Mecha, Androids and rail-gun battles. What more could you want?
    8. Re:You're Right, Of Course by garcia · · Score: 3, Informative

      So the few times I've had someone ask me to do this sort of scraping, my response is usually that sure, fine, it works, but it's very easy to spot on the logs, and the information is very likely to become unavailable at unpredictable intervals.

      Depends on how you do it. I tend to use tor and a random wait time between gets to bring down the data over a few hours (up to a few days) and in one instance, because the URLs were easily guessed, I randomized the list to make it seem as if the hits were going to pages all over the place. I was never banned for any scraping activity that I have done.

      In the long run, it's usually pretty futile to scrape in the first place. When you're stealing content just to drive traffic, you tend to have a crappy site. The only time I ever did a professional scraping app that was "justified" and "legal", the victim was another business unit within the same corporation, and we had every right to the data that they "couldn't" compile for us.

      It's not futile. Scraping provides a plethora of information in a useful format from places that aren't willing (or unable) to provide data in the necessary format. I used scraped data of course schedule information from MnSCU to develop a weekly report that showed data about how many courses were filled at other area institutions. It was to our competitive advantage to have this information and while it was publicly available, the system wouldn't provide it to us in the DW. I used that data for a variety of different reports than I originally intended and it would not have been possible otherwise.

      While I wish that the data had been provided in a better format for my use, it wasn't and that's what made scraping necessary. Plus *I* was the one who got to determine what information I was allowed to glean from the data rather than whatever the system decided was appropriate for our needs.

    9. Re:You're Right, Of Course by Phreakiture · · Score: 3, Interesting

      Tread wicked carefully!

      Chip Salzenberg got his ass burned back in 2005 by grumbling about his employer's ethics regarding screen scraping. I heard him speak at YAPC::NA in Toronto that year, and from what he was saying, they were able to take his every legitimate action (e.g. logging in remotely to work from home) and twist it in court into something less than legit (e.g. unauthorized access). It's their word against his, and they hold the access logs. Your best bet, if you want to make a stand about the morals, is get the hell away from there first.

      --
      www.wavefront-av.com
    10. Re:You're Right, Of Course by alta · · Score: 4, Funny

      I'm for giving them entirely bogus data that would cause them to loose customers. Not sure exactly what kind of site's we're talking about, but if a customer goes looking for chicken soup recipes and ends up getting porn... I think your boss will realize that they're on to you and won't suggest stealing from them any longer.

      --
      Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
    11. Re:You're Right, Of Course by cerberusss · · Score: 5, Informative

      I'd advise against discussing it with HR. I've encountered the following situation: I talked to a HR manager about something that obviously should've remained confidential. However that same HR manager was part of the management team and thus had two hats on. She proceeded to inform the management team, to my astonishment.

      I've come to the conclusion that HR is just a staff department and owes allegiance to, you guessed it, the management team. Not you.

      --
      8 of 13 people found this answer helpful. Did you?
    12. Re:You're Right, Of Course by mea37 · · Score: 3, Insightful

      And if you ever wondered, when <insert crisis here> broke, how things could go so horribly wrong... it's because of people who think like this guy.

      "Don't worry if it's the wrong thing to do; just document that it wasn't your idea!" And apparently never mind the idea of personal responsibility.

      When there are no negative consequences for doing the right thing, ethics is mostly a curiosity. Ethics exist to guide you when the right path isn't easy. And yes, you are personally responsible for your own ethical behavior, regardless of whether someone with a bigger paycheck -- or even someone who signs your paycheck -- says otherwise.

      Does it mean you have to walk? That depends on your boss. If you do, the best way to preserve your reputation is to avoid mud-slinging. Your current employer might want to try to harm your reputation, but it's extremely unlikely he'll get far (certainly not without exposing himself to legal liability). So just don't shoot yourself in the foot by ranting about the situation in interviews, etc.

    13. Re:You're Right, Of Course by MindKata · · Score: 4, Interesting

      "It's just not good for business."

      I find this discussion yet annother interesting insight into the (lack of) ethics of some company bosses. I've often found to my surprise, the ethics of sales people, marketing people and bosses are at times very different from that of programmers and other workers in a company. Some time ago Slashdot discussed "Ethics in IT" and its interesting how it fits with this discussion. Here's the link, it gets interesting how much it fits this discussion, once you get to the part that discusses how some bosses lack of empathy towards others...
      http://slashdot.org/comments.pl?sid=448546&cid=22377570

      Some bosses have contempt for other people, so considering doing this kind unethical business behaviour, is well within their usual thinking.

      --
      There are 10 kinds of people in the world... those who understand binary and those who don't.
    14. Re:You're Right, Of Course by level4 · · Score: 5, Insightful

      Definitely possible!

      Any company with a website that contains "regularly updated data that might be interesting for competitors" has probably already got some kind of anti-scraping system in place. This guy's boss thinks he's being clever and original - of course he's not, any company with a site of any value and popularity has already seen this a million times.

      What they return basically depends on the mentality of those who work there. The "by the book" professional types will just blackhole the IP or return a "too many visits from this IP" page.

      Companies with a more BOFH type guy in charge might very well start "playing" with the data. Instead of the "too many visits" page you might find yourself getting a page with some of the data changed around randomly. Believe me, there are *many* people around who think it is just the height of comedy to fuck with people who are basically stealing their stuff anyway.

      They will turn it into a game - and, when the erroneous data turns up on the thieving web site (if that's what this guy's company is running), a few screenshots of that site with the modified data suddenly becomes pretty good evidence in a court, if they're of the "legal remedy" persuasion.

      Scraping data is a last resort, not the first thing you try. Forget the ethics - the fact he's working for a company willing to be that insanely cheap and stupid in the first place should be a signal to run far, far away in itself.

      --
      Let my new 7-digit UID be a lesson to all - write down your passwords.
    15. Re:You're Right, Of Course by theaveng · · Score: 4, Interesting

      >>>The other is, for lack of better words, a "load balancing" part that requires using multiple free accounts instead of purchasing space and CPU time for less than $2,000 USD per month. The boss sees it as "distributed" computing when in reality it's "parasitic".
      >>>

      Can someone explain what this means? Multiple free accounts of what? Gmail? I'm confused.

      Since scraping is detectable, I would follow this course of action:
      - tell the boss you think "we'll get caught"
      - if boss appears to want to fire you, then go ahead and do the action, but ask for him to put it in writing
      - note on the order you think it's a bad idea; keep original for yourself and hand copy to boss
      - write the program
      -
      - (optional)
      - from your home computer (using an anonymous account), tell the website what your program does, and explain you would have been fired if you had not complied with your bosses' wishes, but feel it's unethical to scrap data.
      - watch as Boss looks like fool when website with stolen bandwidth decides to bar his company's access
      - if fired, hire lawyer and sue the company for unjustified dismissal
      $ profit

      --
      FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
    16. Re:You're Right, Of Course by Chapter80 · · Score: 5, Funny
      The proper way to document this in email is something like this:

      Boss-
      I'm able to do the data scraping and should have it up and running by the end of the day.
      - Your faithful employee

      In case you are wondering about the technical details, here they are:

      The scraping is implemented with a perl script which is activated using cron.

      We scrape the site twenty times per minute, which is a violation of their terms of service. By doing this, of course, we risk that they may shut us off at any time, or even provide us with fake data.

      The typical PHB will read the first two lines on his blackberry, and you're golden. Worst case he or she will scroll down - but the managerial brain is set to shut down at the word "perl". The word "cron" is a failsafe - in case the PHB also has ADD.

      Later when s/he comes back and says "why didn't you warn me", you can point to the text "beneath the fold" of your email.

    17. Re:You're Right, Of Course by SatanicPuppy · · Score: 5, Interesting

      The example that would leap to my mind is a number of services that allow you to "map" an ip address to a geographic location...I use one of those for my job search homepage, and it only allows ~200 queries a day for the "free" account...It would be plenty useful to have as a free service (targeted advertising), and if you set up enough "free" accounts, you could use it that way.

      Since I'm doing all my job searching away from where I'm currently living, I use mine to make sure that my job searching page always looks "under construction" for people who live where I live. My boss actually checks it occasionally, I guess to make sure I'm not trying to leave.

      --
      ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    18. Re:You're Right, Of Course by nabsltd · · Score: 3, Informative

      Unless it's something about you, personally, then an HR employee has no requirement to keep it "confidential".

      In other words, if you are talking about your health insurance, your personal information, etc., that's not general "company business" and shouldn't be spread around. But, if you bring them some information about someone doing something that could be detrimental to the business, they really do have an ethical requirement to pass that along. A good HR team would know not to bring your name into it if you are "snitching" until it was absolutely necessary, but sometimes that happens sooner than you would like.

      What you were thinking of is a company ombudsman. These people are somewhat like your "lawyer" within the company, and are there for the employees. What they would do is explain to you your options (go to management yourself, let them do it and respect your anonymity as far as possible, never divulge your name even if that means the complaint can't proceed, etc.), and then help you implement them.

    19. Re:You're Right, Of Course by AndersOSU · · Score: 4, Insightful

      You're absolutely right. The problem is being right, like being ethical, doesn't put food on the table.

      The reason crises happen is three fold, first people with power see a competitive advantage in acting unethically, second people in charge or monitoring unethical/illegal behavior aren't up to the task, and third people tasked to do the work don't raise bloody hell when asked to do anything unethical.

      In order to solve the problem you only need to fix one of those. The problem is, the first two options involve convincing people to act against their personal interests. People contain a remarkable survival mechanism, the ability to justify and rationalize difficult actions. Going after people who stand to gain by acting unethically is the business equivalent of abstinence only education.

    20. Re:You're Right, Of Course by interiot · · Score: 3, Insightful

      I really agree with this. If someone is already going to the effort of writing a lot of scraping code, it's already worth it to them to buy one of those $10-15/month shell accounts online that have SSH access. SSH gives them the ability to forward local TCP requests to that remote IP, their scraping app just has to have the ability to use a SOCKS proxy. This means scrapers have a proxy IP that 1) doesn't show up on any of the open-proxy DNSBLs, and 2) is fast and reliable enough for them to get real work done. And if you block them, they just pay another $10-15 to get another reliable IP.

    21. Re:You're Right, Of Course by TheLink · · Score: 4, Interesting

      And could prove to be very amusing for a future slashdot submission if they encounter a BOFH.

      There are just so many things that could be done.

      They're planning on taking data from some site and pumping it to others and they have _ZERO_ assurance that it's going to be good data and continue to be good data.

      When you do stupid stuff like this, if you're not careful very bad things could happen (SQL injection, maybe even malware slipped in) and they could just go "nope not us", and while you could try to sue them it's pretty darn hard to prove since you requested the "bomb", and it only appears once and never appears again.

      If you're lucky it's just going to be goatse/tubgirl.

      If you're not, it could be a lot worse. Just imagine the BOFH thinking "What should I do today to them and their users" and rubbing his hands with glee.

      Just slightly tampered data will be bad enough.

      --
    22. Re:You're Right, Of Course by level4 · · Score: 4, Funny

      Did I say I didn't approve?

      I am definitely in the "bastards who find actual physical pleasure in fucking with my enemies" camp ; )

      --
      Let my new 7-digit UID be a lesson to all - write down your passwords.
    23. Re:You're Right, Of Course by Clover_Kicker · · Score: 4, Insightful

      Yeah, subtly wrong data is a million times worse then goatse, the scraper might not notice for weeks or months...

    24. Re:You're Right, Of Course by Misch · · Score: 4, Informative

      It's happened. ESPN connived a way to get to another sites private database and reported the data as its own. The website injected some fake data which ESPN picked up and reported and were caught.

      --

      --You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
  2. If you want legal advice... by Anonymous Coward · · Score: 5, Insightful

    ...ask a lawyer.

    1. Re:If you want legal advice... by dintech · · Score: 5, Funny

      No, no, no. If you want legal advice, ask Slashdot! Given enough time, you'll get an answer that is exactly what you hoped for and you can ignore or mod down the ones you don't like. It couldn't be simpler and it's a whole lot cheaper!

  3. Just ask yourself this: by Anonymous Coward · · Score: 5, Funny

    Did the contractors on the Death Star deserve to die?

    1. Re:Just ask yourself this: by Intron · · Score: 4, Funny

      "Did the contractors on the Death Star deserve to die?"

      Depends on whether it was the ones that did the weapons array or the ones that did the low-flush toilets. Oh wait, Halliburton did both.

      --
      Intron: the portion of DNA which expresses nothing useful.
    2. Re:Just ask yourself this: by Rennt · · Score: 5, Funny
      Haven't you seen "Clerks"

      Dante: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.
      Blue-Collar Man: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.
      Randal: Like when?
      Blue-Collar Man: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.
      Dante: Whose house was it?
      Blue-Collar Man: Dominick Bambino's.
      Randal: "Babyface" Bambino? The gangster?
      Blue-Collar Man: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.
      Dante: Based on personal politics.
      Blue-Collar Man: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.
      Randal: No way!
      Blue-Collar Man: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.

      Kevin Smith knows his stuff.

  4. Hilarity ensues when... by Anonymous Coward · · Score: 5, Informative

    ...you build a system that closely relies on this nonstandard (and unsupported) method of getting information, they change it and it breaks.

    Either by accident, or because they spot a load of particular access patterns from your address, figure out what's going on and intentionally break it.

    1. Re:Hilarity ensues when... by Paeva · · Score: 3, Insightful

      I would think this would be a good way to address the issue with your boss. He wants to save some money to get, as he thinks, the same thing for free. But in fact, there are potential downsides to playing that game. He may be disregarding potential legal issues, but he should be less willing to disregard practical issues. If this other company discovers what you're doing, they could make it a little harder to access, or they could ban your company's entire subnet and send a letter indicating that if you'd like to get access again, then you'll have to start paying them for the service you've been stealing.

      The key is that, in the meantime, your boss' plan will seem like a dramatic failure that should have been foreseen.

  5. Short answer... "no". by argent · · Score: 4, Insightful

    If your boss asks you to do something illegal, don't. If he doesn't agree, you should probably be looking for a new job, already. If he's willing to play these kinds of games with another company, what makes you think he won't do the same to you?

  6. Uh... by Anonymous Coward · · Score: 5, Insightful

    No. By your own admission you think its wrong. Next?

  7. Sigh by MyLongNickName · · Score: 5, Insightful

    Okay, this one is simple. You know what is right and what is wrong. The reality is that 99% of the folks will do what the boss asks without even raising a fuss. The reality is that you will be damaging your career if you don't go ahead.

    Now, the other reality is that shit flows downhill. That is, if this project gets questioned, the boss will claim ignorance, and put the blame on you. Your job is to cover your ass.

    Email is a good documentation tool. "Clarify" the request, asking if this is what he intends for you to do. Remove the emotion. Put in only facts. Put in a piece about your not being sure, but this may be a violation of terms of service. Ask if he wants you to proceed. Forward your sent email to a personal account.

    By the book. This one is so simple that it should be in the FAQ.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    1. Re:Sigh by sydb · · Score: 4, Interesting

      It's only any good if the other party co-operates. The boss can easily phone you or walk up to you and say "Yes I want you to do it." and you have no record, and for many people this is their default mode of operation because that way no-one can pin anything on them. Unless they're singing their own praises, when everyone gets cc'd in.

      I used to find it infuriating but fury gets you nowhere in the workplace.

      --
      Yours Sincerely, Michael.
    2. Re:Sigh by realisticradical · · Score: 3, Insightful
      Really? Were you working for the mafia?

      That kind of policy makes me think of companies like Enron, Arthur Anderson, or the cigarette companies. Any company that would fire people for trying to protect themselves from company sponsored illegal or unethical activity must be engaging in lots and lots of it. The best part it it sounds like the policy is simply a CYA policy to protect those at the top.

      The part I don't understand though is how did they differentiate between CYA emails and actual questions about projects? If, "Sorry boss, I was a bit confused at the meeting we concluded that I should go about the project by [illegal activity]" gets you fired how did they ever get anything done?

    3. Re:Sigh by MyLongNickName · · Score: 5, Insightful

      You bring up a good point which leads to lesson #2: Written trumps verbal. If shit hits the fan, you halve your email. if your boss then says that he verbally told you not to proceed, you only have to say that you have no recollection of any such conversation. He is on the defensive as he has nothing to back it up. If he was "appalled" at the thought of breaking the TOS, then he would have written back and clarified.

      Now, if you want to double cover your ass, give him status reports via email. Ask questions. You are covered.

      Now to answer some other questions about whether to quit or not. You have to make that decision on your own. For screen scraping, I wouldn't quit over something so mundane. Sorry. Especially if you are a grunt. You voice your concerns, and go on. The reality is that 4 times out of 5 if you voice your concerns like this in a written manner, that the boss will back down. I have faced it twice in a grunt position with two different managers, and both times I got thanked for bringing it to their attention. It is all in how you deliver it. If it comes across as "I am ethical and you are a piece of shit", then your career is hurt. If it comes across sa "I am trying to look out for your well being and that of the company", it can be a positive. Wording is everything.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    4. Re:Sigh by MyLongNickName · · Score: 4, Interesting

      On a similar note, email is great for lifting others up. A few years ago, I got promoted to a mid-level grunt, and worked a lot more with other business units. In big organizations, units don't play nice with other units. On the few occasions, someone went out of their way to provide good service and actually be helpful, their boss got an email letting them know. Maybe two or three emails a year, but those folks are the ones who are going to get the bigger raise and have chances at promotions.

      Unfortunately, 95% of all emails about people are complaints. Do your job well, and the best you can hope for is to be ignored. I have personally tried to reverse that now that I am a low-level manager. I can't change the world, but I can influence my dusty corner of it.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  8. Spammer logic. by argent · · Score: 5, Insightful

    If you can access it, it was designed to be accessed.

    So you're totally behind email spam, you don't think spam should be considered unethical, let alone made illegal?

    1. Re:Spammer logic. by BadAnalogyGuy · · Score: 3, Insightful

      Should I be against spam for any other reason than I am annoyed by them?

      I don't think spam should be any more illegal than billboards, flyers, or direct mailings.

    2. Re:Spammer logic. by d3ac0n · · Score: 5, Insightful

      I don't think spam should be any more illegal than billboards, flyers, or direct mailings.

      The flaw in this argument is that your three counter-examples (Billboards, Flyers and Direct mailings) are paid for entirely by the SENDER. IE: Billboards are paid for up-front before they are mounted, Flyers and direct mailings have printing costs paid up-front and delivery costs (either the local govt. mail service or paid people to manually give it to you) paid up-front as well.

      Spam, on the other hand, is largely delivered on the backs of OTHER payers. Both through the incredibly high bandwidth costs (HOW much of the total Internet traffic is Spam now?) and through ancillary costs such as costs for software and hardware to filter Spam out, and human costs in terms of work-hours wasted manually going through spam. Not to mention the costs to people and networks infected with Spam botnets.

      This is what makes Spamming SO profitable, and why it won't go away. Because the costs for Spam are decentralized to millions of people otherwise not directly involved, even a return as little as .01% will turn a HUGE profit. This just doesn't work in the regular advertising world. It's also why it's Illegal is several countries now. It is essentially stealing service from millions of other people and generating millions of dollars of expense for hundreds of companies around the globe, for what are largely scamming and phishing operations.

      Get it?

      Good.

      --
      Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
  9. Check with Compliance Officer/Department by Ohmaar · · Score: 5, Informative

    I work in health care, so maybe it's different in your industry, but every hospital I've worked for has had a compliance officer with an anonymous 800-number for compliance questions. This is DEFINITELY the kind of stuff they want to know about.

  10. Do what geeks do best by GreyyGuy · · Score: 4, Insightful

    Fix it. He wants to do something on the cheap and look good. But the way he wants to do it is going to fail spectacularly. And when it fails, so will you. If this puts any amount of load on the services it is using, it will get picked up by the service provider. Maybe not today, but it will. And then the accounts will get turned off and possibly your IP addresses blacklisted, and then it all goes away. So give him a better solution. If he is balking at the $2k/month find a cheaper service. There is almost always one. Compare the cheaper solution to the time spent fixing it when the free service cuts you off. Provide examples of free service cutting people off.

    And unless you are looking for some very specific information, I would expect someone to provide an RSS feed with something similar that is supposed to be used for this sort of thing.

  11. Why are you asking *US*? by elrous0 · · Score: 5, Insightful

    Only YOU can decide how far you're willing to go for your job. You're essentially asking us what your own ethical limits are.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  12. Business sense by ThePyro · · Score: 4, Insightful

    Even if your boss doesn't care about the ethics of this scheme, he probably does care about ramifications to the business. What happens when you get caught? All your development work will have been wasted because they'll shut you down at the very least. There's potential for a lawsuit, which is an expensive proposition even if you win. Damage to your company's reputation may make it harder to do business. And as another poster already mentioned, this isn't exactly a gem of a project to put on your resume.

  13. Re:Anything on the web is available for access by BadAnalogyGuy · · Score: 5, Funny

    Babies really shouldn't be given candy in the first place.

  14. A character check? by juuri · · Score: 4, Insightful

    Having been put in a position once before that an employer asked me to do something I found to be frankly quite lacking in a moral nature here's what I ultimately decided to do.

    After considering the work for a while, both why I didn't feel like performing the work personally and why the company desired this functionality I finally decided to do the work, but inform my boss and his boss that I was uncomfortable creating this before hand and giving them clear notice of the whys.

    Firstly I did the work because it was simply my job and I had signed onto the job. It's something a *lot* of people might not have given a second thought to creating, obviously as they both had no problems with the work since they asked me to continue even after raising my concerns. Secondly because it wasn't really "that bad" and having steady income of cash dolladolla bills allows me to have nice things like somewhere to live and food I wanted to see if it was something I was over-reacting to.

    After completion? Yep, I still felt like shit. So I gave them my notice and told them in the my resignation letter why I was leaving and referred them to the early notification of my objections. So, for me, it was a good learning experience about myself and having done it in this manner I have no problem explaining it to future employers as my reason for leaving this particular job.

    --
    --- I do not moderate.
  15. Who cares? by 1u3hr · · Score: 4, Insightful
    would require me to break multiple web sites' Terms of Service (TOS).

    A website's "terms of service" are not the Ten Commandments. They're not laws, or even moral rules. They're just what one company wants you to do. You don't work for them, why do you care? If they notice and complain, it's your boss's problem, legally; and morally, I wouldn't lose any sleep.

    Only thing to do is cover your ass and get your boss to put his instructions in a memo so he can't blame you should problems arise.

    Really "scraping a website" is not a moral question on the scale of collaborating with Nazis. It's a business. Other businesses are your rivals, not your friends. They'd fuck you over in a minute.

  16. Hey, anonymous! This is your boss. by jollyreaper · · Score: 5, Funny

    I told you to scrape Slashdot, not read it. Now get back to work!

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  17. one approach by buddyglass · · Score: 5, Insightful
    1. Tell your boss it's a bad idea to break these websites' terms of service. He'll probably override you and tell you to do the project anyway.
    2. Code up the project just like he asks. Demonstrate that it works.
    3. Shortly afterwards, email the sites in question from a non-work friend's account and let them know (with specific information) the accounts and IP addresses that are violating their terms of service. Hopefully the accounts will be disabled, and/or your employer's IP range will be blocked.
    4. Throw up your hands and tell your boss, "Well, I guess they figured out what we were doing!"
  18. If you even need to ask.... by jimicus · · Score: 3, Insightful

    If you even need to ask, you've already demonstrated a trace of ethics.

    Now, sometimes having such ethics will mean you have to make difficult choices. And nobody else can make those choices for you.

    While ethics won't pay the mortgage, "Reason for leaving the previous job: I was asked to do something illegal and, when I queried this, was given the ultimatum to do it or get out. I got out." is probably a heck of a lot better than "The company had to sack me after it transpired I'd done something illegal" (emails to CYA notwithstanding).

    Because, make no mistake, the fact that your company has done this will get out.

  19. Hahaha hahahaha hahaha! by EWAdams · · Score: 4, Insightful

    "Compliance officer" in an IT business... you crack me up. You should take your show on the road.

    Hospitals have compliance officers because a) they're regulated, inspected, etc. and b) people can die and they can be sued to Kingdom Come.

    The IT business is about as regulated as Somalia.

    --
    I piss off bigots.
  20. Re:Why have an ethics dilemma at all? by ledow · · Score: 3, Informative

    This is a shortsighted view of the problem here.

    "You're getting paid to do a job, and you're not going to be personally liable should anything go wrong anyway."

    Incorrect. His boss isn't breaking the Terms of Service, he is. When the website in question terminates their access, guess who's gonna get the flak? The person who *implemented* the system, not the one who designed/thought of it, especially if they are non-technical and rely on lower-order technical beings to do things for them.

    Take, for example, a situation that I regularly come across:

    Boss: "It's okay, we'll just copy all these Microsoft CD's and save a fortune on licensing."
    Boss's Boss: "Okay. You know best."
    Boss (to underling): "Copy these CD's"
    Underling in theory: "Okay". Underling in practice: "We *can't* do that."

    When things go wrong, the underling in theory is going to get the blame here, because it's his area of expertise and he *wrote* the system that does it. I get people suggest to me all the time that we could just install another license of Office that we don't own, or we can just copy CD's that have blatant copyright notices on them, or breach a Data Protection Act directive by doing X, or a million and one other things that I *know* we can't do. The people in charge of me barely understand the terms, let alone whether what they are doing is illegal. I have to sit and explain to my boss and my boss's boss why we can't do them. Trust me, if something got noticed, Underling in Theory would get sacked/sued every time.

    "Are you really going to walk out of your job over violating the terms of service of a few web sites?"

    Why not? I get asked to do all sorts of crap and I point it out and say no. If I *chose* to do it instead, then it's a different matter. But when I *refuse* to do something on legal or ethical grounds (we're not just talking ethics here - it also sounds like they have a "subscription" of some kind to the data that they are scraping, or that it's a competitors website) then if you *make* me, I will walk (been there, done that - I've turned down a good career move and more money in order to sleep at night - not that I was being asked to break the law, not that I was being asked to sell my children, but that I was being asked to do things that I didn't agree with [wasting money within a school on useless IT cruft and consultants while the kids didn't have books or paper]). I'll also report you to the BSA or whatever organisation I need to if you really press me, or the local press like I did in the above case (they didn't do anything with it, but I breathed a sigh of relief once I'd sent off the information to them - my part was done and I'd done good by myself - if the press decide to sit on something, that's on *their* conscience, not mine). You don't do illegal stuff if you're honest and your mortgage depends on a wage.

    "It's not your job to worry about the ethics of the situation, that's probably not even your boss's job -- it's somewhere in your corporate legal department, the Board, or an Ethics or HR department perhaps."

    Wrong. Because they won't even *know* what the problem is until it comes up in court and they have it explained to them in excruciating detail. However, someone who decides to do something that's part of their job, within their area of expertise and breaks a law (or even does something a bit stupid) that *they* should know about will get fired/sued by their own company once the shit hits the fan. So your boss *and* you might get sacked - you're still no better off and your employment reference is now a million times worse.

    "just do what you're being paid to do and ask fewer questions."

    It's sad that people think this is a good way to live. He's *being paid* to do his job. Which does not entail questioning his ethics or breaking Terms of Service (even if legally unenforceable) or anything else. His *job* is to stand up and say "Whoa, hold on, we can't do that". If he doesn't do that, he's not doing his job an

  21. Re:Redirecting content by Mr.+Droopy+Drawers · · Score: 5, Funny

    Reminds me of a time when an Ebay'er was pointing to images on my website for an automotive auction. Didn't ask us or give us credit for the images. So, his example of "recently restored examples" became a photo of a '63 Imperial being loaded into a crusher.

    How's that for Crushing the Competition?!

    --

    To Copy from One is Plagiarism; To Copy from Many is Research.

  22. Re:Redirecting content by Free+the+Cowards · · Score: 5, Funny

    Somebody once pointed at a picture of a frosted birthday cake on my web site from a forum. So I grabbed my image editor and built a special edition of the cake just for him, where the frosting read "Don't link to my images!"

    I also have a specially crafted JPEG which is under 1000 bytes but which produces a 20,000x20,000 pixel image filled with black. It will totally screw up the layout of any page linking to it if they haven't entered an explicit size for the tag.

    --
    If you mod me Overrated, you are admitting that you have no penis.