Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Booby trapped software. Very clever, except for when it blows up in your face.

At least they only posted to twitter instead of [1] something a lot worse (think file deletion, etc).

Generally a bad idea, if you're of the leet warez d00d type, to give any illicitly acquired app your credentials to anything important, at least until you've verified that it's safe.

The armchair lawyer in me wonders if someone could get a libel/defamation suit going because of this. The average user wouldn't probably have much to go on, but the head of a company perhaps.. yikes.

[1]: http://www.geocities.ws/johnboy_tutorials/bt.html

    why yes that *is* a geocities address!


> The armchair lawyer in me wonders if someone could get a libel/defamation suit going because of this.

As a professional certified internet laywer I'd also add impersonation.


Eh .. off topic, but why did you write lawyer with Y and W switched around? You emphasised it, so I assume it was on purpose?


A silly variation on the IANAL disclaimer.


That seems a difficult route given that the user had to explicitly give twitter posting access permission to the app in question...


He had to give the app access to his Twitter account. That doesn't mean he explicitly gave it permission to post to his Twitter account on his behalf.


No, that's exactly what that particular permission is (from a technical standpoint). What's at issue here is that the tweet the software generated wasn't exactly an authorized use of the account.


What's at issue here is that the tweet the software generated wasn't exactly an authorized use of the account.

Which means that, regardless of the technical point that "access to the Twitter account" gives the app the ability to post, the user did not give the app permission to post.


Something we see discussed on occasion is a call for app developers to explain in detail why they request certain permissions. If this developer were required to explain (and the user required to acknowledge) the requested permission, it may have prevented the whole episode.


No it wouldn't have. The app required permission, or he couldn't use the thing he paid $50 for. The is a (stunning) app store review failure. A dictionary app that requires permission to post to your twitter should be rejected, period.


Yeah, if they're going to put honest developers through bullshit and make them delay releases to change their apps according to the arbitrary whims of the reviewers, you'd think they could at least catch something like this.


Not that surprising a failure to me. You'd only see the behavior on a phone that tripped their check for piracy. As long as the Apple reviewer didn't use such a phone, no obnoxious behavior.

I am sure that Apple has a standard checklist, and am not surprised that this is not on it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: