I made a social network in middle school. Nobody used it, but that taught me how to write terrible PHP applications.
With that same knowledge I made another social network ~2/3 years later for an online community, and it worked better. Eventually I shut it down. In 2012 I revived it and very quickly learned the value of not mixing your business and presentation logic (refactoring the codebase to be maintainable was an absolute chore), and of preventing XSS and XSRF (someone set their avatar to the URL "/logout").
A lot of people make a lot of money from writing terrible PHP applications that solve a particular business need. Sometimes it's shocking to me to be honest!
Tell me, what's that space like? Know it's a thing, (intranet sites or some such?), but that's about it. Very curious about it, heard people make a lot in there.
I've heard of guys earning north of $150 per hour and the demand is quite high. It's pretty big in the corporate world, back in 2011 78% of Fortune 500 companies were using it. It's an Intranet/Document management platform and it collaborates with MS Office.
A lot of people make a lot of money from writing terrible applications that [some people claim] solve a particular business need. I used to be shocked, now I'm just sad ;-)
> If you were a high school senior and your schoolmates were handing you transcripts of all their juicy gossip on a silver, digital platter, what would you do?
If I was actually handed that info on a silver platter, willingly, then who knows.
But that's not your situation. In your situation, I'd be violating the trust of my entire school. That's neither a good idea ethically nor socially.
I think you are slightly misrepresenting the author. His sarcastic comment about "bulletproof moral guidelines" seems to indicate that he isn't proud of this particular moral transgression. And while I don't think he was right to read the messages, you have to consider that the people using the service literally had no idea who they were sending messages to. I think that makes it a bit different from reading messages that were intended for one person that the speaker knew well. Not that that excuses the behavior, but I do think it explains some of the rationale. Also, who didn't make stupid immoral decisions in high school?
You say you're not trying to make excuses, but you literally are making excuses for him. As is he for himself. No matter how curious, it's just not acceptable to run a service to snoop on people. It's a serious ethical transgression, particularly considering you know the people.
Now, if he'd implemented a mechanism to give users keys they could send him should they consent to him reading the log for moderation purposes, he would have been able to do the moderation job and not violate people's privacy. Or made structured data fields that users could consent to make public and also be used for data analysis purposes (like interests, societies, year, etc). But no. He just read their messages. He didn't even have a commercial incentive to analyse data, he just did it out of sheer voyeurism.
This is pretty accurate. tl;dr: What I did wasn't great but it could have been a lot worse (see all the things I made it a point of not doing), and that gives you something to think about when it comes to data and privacy.
Wow, that's a pretty unimpressive response. It's bad enough you did it, but I seriously doubt you realize how wrong what you have done really is when you discount that wrong doing so easily.
To make it clear: You advertised an anonymous service to a community you're a direct member of and didn't disclose your involvement in it. You not only willingly broke a moral code that you knew about, but you actually misrepresented the service in your advertisement and broke any trust you had with everyone who participated. That's a pretty serious wrong doing that warrants a little more self reflection and much more empathy towards the people you screwed over.
I believe we might be running into cross-cultural issues WRT the linked articles sarcastic description of "transcripts of all their juicy gossip"
When I'm sitting in a bathroom stall I don't ponder the moral and ethical dilemmas of reading or not reading what someone scribbled on the wall. He was not running a cryptographically secure anonymous remailer service here. He was running a virtual bathroom wall to scribble gossip upon.
I wonder if this wouldn't also be illegal? I know the US has terrible regulation of privacy for private entities - but AFAIK plain text email is covered by the assumption of privacy, so listening in/reading it would be considered wire-tapping. I'm also not sure how much of that (if any) someone below 18 is able to legally sign away?
At any rate, an interesting article. It might have been interesting to set up something similar, just bundling an XMPP client and OTR, and having an XMPP-server per school/"cicrle" for pairing (could probably even require school logins for registering on sign-up -- just make sure to throw that information away (beyond possibly keeping age/gender tag).
With the caveat that secure, anonymous communication and "web browser" doesn't really mix -- it could probably be set up as web page/service too (Not sure if eg: Matrix has a web/js-client that does/tries to do client side OTR or equivalent?).
We had IRC, with chat-rooms per town -- as not everyone had Internet in the 90s in Norway. But that did afford some people pseudonymity.
The most valuable truths are the ones most people don't believe. They're like undervalued stocks. If you start with them, you'll have the whole field to yourself. So when you find an idea you know is good but most people disagree with, you should not merely ignore their objections, but push aggressively in that direction.
One could avoid privacy issues by not collecting any information outside of email and chats, I would imagine. You don't HAVE to collect lots of user information.
As for porn, why does a social network have to allow embedded images? If it's mainly a chat service, there's no risk. I suppose someone could use your network as transport for links to outside content, but that's pretty unlikely and it's a stretch to say the network is responsible at all. You could also disallow hyperlinking.
Of course, both of those fixes make the system pretty damn hard to monetize, which I think is the biggest issue.
Although you seem to condemn college students, it seems as though your concerns are all solved by moving the target audience to colleges, because college students are "adult" enough that we don't care about these issues for them for the most part (with respect to laws).
> Facebook, Instagram, Snapshat etc all struggle with this across their networks.
Pretty sure they all started by being built on similar user bases, and it's a tremendously appealing audience to start an app with.
Great read! Really well written too. Kudos to you for being so open about everything - I can't imagine many high schoolers would have written with as much candour as you did in the "You ≠ your app" section.
He also points out (just a few words from the bit you quote) that virtually everyone registered with an email address that included their name, so he knew who everyone was.
Surprisingly high percentage, but I guess in such a relatively large group the negative effect of someone from that group having access to everything isn't as large as it would be in a smaller one. I don't think that would have working in my highschool, at least not without encryption and source code available...
With that same knowledge I made another social network ~2/3 years later for an online community, and it worked better. Eventually I shut it down. In 2012 I revived it and very quickly learned the value of not mixing your business and presentation logic (refactoring the codebase to be maintainable was an absolute chore), and of preventing XSS and XSRF (someone set their avatar to the URL "/logout").