mwm@eris.berkeley.edu (Mike (I'll think of something yet) Meyer) (07/16/89)
In article <TALE.89Jul15133947@imagine.pawl.rpi.edu> tale@pawl.rpi.edu writes:
< > IX. THOU SHALT NOT SNOOP IN THY NEIGHBOR'S FILES
< >
< > With the growing use of electronic mail and computers
< > connected in office networks, the issue of personal file integri-
< > ty is gaining attention. The policy here is good citizenship.
< > Would you open a letter addressed to someone else? Why should it
< > be any different with a personal computer file?
<
<If you've got something to hide, go ahead and hide it. Save yourself
<from the consequences. I am really opposed to this fellow telling me
<that I am practising immoral computer activity, though.
Well, you are. Or maybe you are. Or maybe you aren't.
This topic comes up at irregular intervals. The answer is "it depends
on the environment you're in." It also depends on what you're doing,
and why. Let's take it to a better physical analogy - especially with
the desktop being used by various vendors these days.
Consider the following series of actions, running from "obviously ok"
to "obviously immoral".
1) Waiting for someone in their office with their permission.
2) Waiting for someone in their office (this & others are sans permission).
3) Looking for a document you have a right to have after entering through
an open door.
4) As #3, but through a closed & locked door.
5) Looking for "anything interesting" on or in their desk after entering
through an open door.
6) As #5, but through a closed and locked door after breaking in.
I claim that #1 is clearly OK, and #6 is clearly immoral - and
illegal, being breaking and entering.
Likewise, #2 is "probably OK", and #5 is "probably immoral".
#'s 3 & 4 are the grey area. Where I work, we all have keys to each
others offices. It's pretty much taken for granted that if I need X,
have a right to it, and know it's in your office, I'll go get it and
notify you of that - even if it means going into your office to get
it. I've been places (fortunately not many) where such behavior was
considered wrong.
People pretty much understand these rules as implicit. They know that
if they lock their doors, anyone who goes in without their permission
(either explicit, or implicit in the office) will be doing something
wrong/immoral. Likewise, most people don't go thourgh locked doors
without good reason.
The key behind this is that everyone has the same understanding of
what a locked office door means. And they all have a good
understanding of doors & locks, because they've been encountering them
since they learned to walk.
And this is where the analogy breaks when you try and move it to
computers. People don't have a good understanding of directories and
permssions and etc. Many people don't know how permissions exist, much
less how to change them. Many don't know they can create directories
to put "private" things in. And so on.
So on any system with naive users, to avoid getting into the clearly
immoral, you don't go looking through someone's files unless you
_know_ they are savvy enough to create directories & lock things they
don't want casual snoops finding. One way to create this situation is
to set the default permissions on new file creations to "owner only".
This isn't desirable, but may be required.
If you're in an environment where you know all the users on the
machine, know they are computer savvy, and going through the papers on
their disk isn't considered immoral, then browsing their directories
is fine. Most people aren't in that kind of environment.
Me, I don't _ever_ browse someones files to see if there's "anything
interesting". I don't ever look at our users files without there
permissions, or unless it's required as part of systems maintenance
(dealing with mail dropped on the floor, etc). I only look through my
coworkers files when I'm looking for something specific that I have a
right to use. In other words, I treat peoples home directories like I
treat their offices.
Final note: I don't expect them to do the same for me. I don't store
_anything_ I consider confidential on a publicly accesible computer. I
advise others to do the likewise.
<mike
--
The Sword of Damocles is hanging over my head Mike Meyer
And I've got a feeling someone's gonna be cuttin' the thread mwm@berkeley.edu
Oh -- woe is me, My life is a misery ucbvax!mwm
And all I can see is I'm on the start of a pretty big downer mwm@ucbjade.BITNETpeter@ficc.uu.net (Peter da Silva) (07/16/89)
Come on, there are all sorts of levels you're missing here... In article <26368@agate.BERKELEY.EDU>, mwm@eris.berkeley.edu (Mike (I'll think of something yet) Meyer) writes: > 1) Waiting for someone in their office with their permission. > 2) Waiting for someone in their office (this & others are sans permission). > 3) Looking for a document you have a right to have after entering through > an open door. > 4) As #3, but through a closed & locked door. ... What about: Scanning their bookshelf while (1) or (2). Pulling an interesting book of their bookshelf while (1) or (2). IMHO, browsing people's files is more like looking at their bookshelves. The question is, what constitutes a user's bookshelves? ~user/bin Certainly. ~user/termcap Certainly. ~user/src Probably. ~user/lib Maybe. ~user/schedules Probably not. ~user/resume Certainly not (does indicate a dim-bulb, though). ~user/mbox No bloody way. -- Peter da Silva, Xenix Support, Ferranti International Controls Corporation. Business: peter@ficc.uu.net, +1 713 274 5180. | Th-th-th-that's all folks... Personal: peter@sugar.hackercorp.com. `-_-' | -- Mel Blanc Quote: Have you hugged your wolf today? 'U` | May 30 1908 - Jul 10 1989
mwm@eris.berkeley.edu (Mike (I'll think of something yet) Meyer) (07/17/89)
In article <5020@ficc.uu.net> peter@ficc.uu.net (Peter da Silva) writes: <In article <26368@agate.BERKELEY.EDU>, mwm@eris.berkeley.edu (Mike (I'll think of something yet) Meyer) writes: <> 1) Waiting for someone in their office with their permission. <> 2) Waiting for someone in their office (this & others are sans permission). <> 3) Looking for a document you have a right to have after entering through <> an open door. <> 4) As #3, but through a closed & locked door. ... < < Scanning their bookshelf while (1) or (2). < Pulling an interesting book of their bookshelf while (1) or (2). < <IMHO, browsing people's files is more like looking at their bookshelves. Oh? How many people do you know keep books they're in the process of writing on their bookshelves? I thought about bookeshelves, but decided a desk was better. Because on a bookshelf one keeps books others have written, and that you could go down to a bookstore (well, maybe a company store if it's company confidential) and buy copies of. What most people keep on their computer are things they are working on. <The question is, what constitutes a user's bookshelves? < < ~user/bin Certainly. < ~user/termcap Certainly. Those two are closer to toolboxes than bookshelves. So, how do you feel about opening someones toolbox and going through that? < ~user/src Probably. Probably _not_. My src directory consists of works in progress. When I'm ready for others to look at it, I'll tell them. This ties back to comments about the "spirit of Unix". Someone claimed that browsing others files was part of this. Someone else claimed that it didn't exist. Both are wrong. There used to be a sense of a "Unix community", that could be called a "Spirit of Unix". AT&T killed it when they started selling binary licenses. The sense was that one shared their work with others, and help them if you could, to everybodies benefit. Early micro hackers had the same feeling (it was nearly dead when IBM got into the micro market; IBM just gave it the final blow), and others have called it the "hacker ethic." It's still alive in some places, but it's not universal. On the other hand, this was a sense of sharing of work. Thinking that browsing others files is sharing is like thinking that income tax is a charitable contribution. < ~user/lib Maybe. This is another toolbox. Why do bin & termcap get certainlys, and this a maybe? < ~user/resume Certainly not (does indicate a dim-bulb, though). And this brings us to the root of the problem. Doing an ls on someone's home directory is like looking at the titles on all the documents on their desk, as well as the labels on some of their file folders. Most people would consider the latter an immoral act. Because knowing that someone has a resume (theirs? Someone elses?) on top of their desk is potentially harmfull. Having it in a directory doesn't change that harm. And it's not much different from knowing that they are reading various .jobs groups. <mike -- But I'll survive, no you won't catch me, Mike Meyer I'll resist the urge that is tempting me, ucbvax!mwm I'll avert my eyes, keep you off my knee, mwm@berkeley.edu But it feels so good when you talk to me. mwm@ucbjade.BITNET
andys@ulysses.homer.nj.att.com (Andy Sherman) (07/22/89)
In article <26375@agate.BERKELEY.EDU>, mwm@eris (Mike (I'll think of something yet) Meyer) writes: >In article <5020@ficc.uu.net> peter@ficc.uu.net (Peter da Silva) writes: >< ~user/resume Certainly not (does indicate a dim-bulb, though). > >And this brings us to the root of the problem. Doing an ls on >someone's home directory is like looking at the titles on all the >documents on their desk, as well as the labels on some of their file >folders. Most people would consider the latter an immoral act. Because >knowing that someone has a resume (theirs? Someone elses?) on top of >their desk is potentially harmfull. Having it in a directory doesn't >change that harm. And it's not much different from knowing that they >are reading various .jobs groups. Actually, resumes are needed for more than finding jobs. I almost always have one on-line (in a 600 directory). Most grant applications require resumes for the primary personnel. I have worked on bids where resumes of project personnel were included. That someone is keeping their resume current is not an a priori sign that a job search is underway. In the same 600 directory I work on the annual write-up I have to do on myself as part of our performance appraisal process. I do it online so that I don't have to write it out longhand. It is safe from the prying eyes of all but my fellow super-users. I think the permissions on the directory are enough to tell them to stay the hell out. I usually make company sensitive (but non-personal) stuff readable by group staff. And no, I don't consider myself a dim-bulb. -- Andy Sherman/AT&T Bell Laboratories/Murray Hill, NJ *NEW ADDRESS* AUDIBLE: (201) 582-5928 *NEW PHONE* READABLE: andys@ulysses.ATT.COM or att!ulysses!andys *NEW EMAIL* The views and opinions are my own. Who else would want them? *OLD DISCLAIMER*