I think you’re misreading this. OP has an email account. Someone else signed up for some website that doesn’t verify that you own the address before allowing you to log in and use the service. If the site did verify it, the user wouldn’t have been able to log in because OP would have been getting the verification emails, and not the user.
Later, after OP told the user and they failed to change their address, OP logged into the site and changed their password, putting an end to the spam they were receiving from the user’s actions.
I don’t have an ethical qualm with this. He didn’t want to sign up for the service. Someone else signed his email address up for it. Legally, I can’t imagine that being prosecutable.
Right. Techies are always quick to suggest I do something naughty or funny with this "great power" I've unwittingly gained, but in reality it's just a liability. If I ignore it and they do something nasty and implicate me, it's a pain. If I touch it with a 10 ft pole, now I'm even more actively involved.
Just include "not me!" In the verification email, dam it
On the other hand, in Hong Kong it would be straight to jail. Someone was sent a link by the airlines, he changed a couple of characters and it ended up showing another person’s data. The guy voluntarily reported the vulnerability and all he got was a criminal charge and found guilty
“…and so I made him the owner of my account, and he used that to remove himself from it!”
“We’ll be right over.”
You forgot the part where he reset their email he didn't own and change their passwords so they couldn't get back into it
I think you’re misreading this. OP has an email account. Someone else signed up for some website that doesn’t verify that you own the address before allowing you to log in and use the service. If the site did verify it, the user wouldn’t have been able to log in because OP would have been getting the verification emails, and not the user.
Later, after OP told the user and they failed to change their address, OP logged into the site and changed their password, putting an end to the spam they were receiving from the user’s actions.
I don’t have an ethical qualm with this. He didn’t want to sign up for the service. Someone else signed his email address up for it. Legally, I can’t imagine that being prosecutable.
6 replies →
Right. Techies are always quick to suggest I do something naughty or funny with this "great power" I've unwittingly gained, but in reality it's just a liability. If I ignore it and they do something nasty and implicate me, it's a pain. If I touch it with a 10 ft pole, now I'm even more actively involved.
Just include "not me!" In the verification email, dam it
You give someone ownership of something and they used that ownership...
It's like leaving your bike in the street, with no lock. Still theft, but you'd be up for a part of the responsibility.
No, it's like giving someone a set of keys to your car, and they take it for a drive.
1 reply →
It's more like leaving your bike in someone else's garage.
I'm curious if this would really be considered unlawful access, since only pure idiocy and no hacking/scamming/etc were involved.
It would be in Canada, but our "misuse of computer" charge is overly broad and never been well tested.
On the other hand, in Hong Kong it would be straight to jail. Someone was sent a link by the airlines, he changed a couple of characters and it ended up showing another person’s data. The guy voluntarily reported the vulnerability and all he got was a criminal charge and found guilty
No harm done no one is gonna prosecute this
In what jurisdiction? He's in Russia