Category Archives: ethics

Long story short and without giving away too many details, I and my business partner came up with an idea for a program. It essentially bypasses the monetization feature of another piece of software by injecting packets. It’s a very simple script with 30 lines of code.

The software is used by thousands or millions of people and the developer earns $120,000+ a day. He basically charges a 1% fee for using it. I’m pretty sure he was just an ordinary programmer who released this program and became rich overnight.

We already determined that our script is probably illegal. But we think it’s also unethical for many reasons:

• Deprives the developer of potentially millions of dollars. This depends on the userbase of the script. He worked hard to develop a program which was better than the others and deserves the money, according to capitalism.
• Discourages programmers and white-hat hackers from discovering this exploit by themselves. It’s like finding a cheat code for a game and telling everybody. The game isn’t fun anymore.
• Takes away from the economy instead of contributing to it. We could have used our knowledge and time to create value and grow the economy instead of taking somebody else’s earnings
• Gives the developer extra work to patch the application and re-release it.

We are not a huge software company or security researcher. We are just two kids in a garage who don’t know what we’re doing. The developer has millions of dollars to lose. It’s not the law that scares us, but retaliation:

• What if the developer is enraged we are ripping him off and he’s a violent person?
• What if he traces us and hacks our computers? There might be backdoors in the software.
• Once we’re traced he could hire hitmen or kidnappers to come after us
• We don’t know how much power and influence this developer has over the community

What should we do? Delete this script and wipe the sectors of the files? Use the script ourselves silently? Or are we getting too worried and is it safe to release the script?

EDIT: Thank you all for the wonderful advice. After a day I’ve calmed down a little and thought about my dilemma logically. Yes, we have tested the exploit and it works, increasing our income by 1%, which is $0.70/day. I decided to approach the developer and inform him about the bug. I’ll slowly ease my way in and make it seem like I’m trying to help him. If he’s rich he might be generous. If not, nothing is lost and I don’t have to worry about this anymore.

I’m not a white-hat or black-hat or any-hat hacker who searches for exploits in my free time, or has a passion for it. I’m just a user of the software who came up with this idea one day. I also never thought of adding the discovery to my resumé and taking credit if the dev accepts our bug report.

If we release it as open-source, we have to worry about being traced and hitmen, only for $0.70 more a day. The other users collectively save $120k but we only save $0.70. If we tell the dev, we have something to gain but nothing to lose.

Also, this prevents people in the future from stumbling upon the exploit themselves, not realizing the implications, and releasing it.

Obviously the topic can’t be re-opened because it’s off-topic. I just want to tell everybody who’s read this so far.

Continue reading I developed a very disruptive program with major implications. What next? [on hold]→