This is a guest post from Rachel Kroll, lightly edited. Enjoy.
Dear new developer,
I worked for a web hosting company that had a dubious history of keeping spammers around far too long. Then while I was there, they had the so-called “adware” vendor. They got mad if you called it “spyware”. I honestly thought it was random trash that people were installing on their own machines and so that’s what they wanted. I only found out recently that it apparently was distributed by way of Internet Exploder drive-by ActiveX/whatever shenanigans. So, if you ran that cursed browser and landed on a page with their stuff in it, you got owned.
Now, that customer didn’t last forever. They got whacked by AUP after a bit, but they were still there for a good… six months or so? And we definitely got bonuses in our paychecks when they upgraded their configs because we had managed to solve a bunch of their scaling problems. Yes, we made them more efficient, and they got bigger as a result, and those of us on the support teams directly benefited in a paycheck or two.
Then I worked for a place that was doing web search and had gotten into the business of providing free web-based e-mail that was pretty good. They had also started doing a few other things. They had a few simple well delineated ads on their result pages (and maybe a few other places), and that was it. Lots of people were like “you should go work there”, so I tried it, and somehow I got in.
During my tenure there, they went and ate a company that I had a real beef with as a spam-fighting sysadmin for a bunch of users before the web hosting job. I’m convinced it’s actually karma: eight years before, I had dinner with some people, including someone I had never met before. When I found out where he worked, I asked him something like “what’s it like working for an evil company like Doubleclick”. Yeah, I actually said that. facepalm
When the legalities of the merger were finished in 2008, I too worked for that evil company by extension. By absorbing it instead of killing it, we became them (see also: Collabra). The name was different, but the internal damage was done. This lead to all kinds of other crazy shit that came down the line, all in the name of fellating the advertisers, like Emerald Sea, aka Google Plus. That whole thing.
They were trying to do all kinds of crazy stuff, like you’d be browsing around and it’d say “hey, this looks like your Twitter page, so would you like to link it to your profile?” – and it’s like holy crap, the company has crossed the line, then dug it up and set the pit on fire. Just because you CAN make a dossier on someone with your damn crawling infra doesn’t mean you DO IT. That’s where they were going. Full on creeper land, with the immense power of their infrastructure.
Then I decided to go somewhere else that (as far as I could tell) existed because people willingly put their data there. They uploaded pics and posted about going places and doing things. All of the data was sent to the site. The site didn’t go out and scrape it off the web. I was okay with this. I didn’t use the site myself, but I figured that made me the weirdo, not the (then) billion-something people who did. Clearly, they find it useful, so what do I care?
Of course, while I toiled in the infra mines at this company, all kinds of truly evil shit was going on, including the installation of a fascist regime in my country, the apparent genocide in at least one other country, and so on. It’s like, someone even asked me about supporting the not-quite-UTF-8 language stuff they used in that country. Now I wonder exactly what all was enabled by virtue of being able to support that encoding! (Seriously, you know who you are. Is that what happened? Did that work let the bad people break loose out there?)
Then there’s the joint which tried to look like they were all about smarter use of cars, but which probably added to overall congestion. They didn’t want the key people who actually do the real work to be employees and went to the mat with heavy lobbying to make it happen during an election cycle. They also pulled out of a good-sized urban area in a very large state when the city put up requirements for background checks.
This is just the obvious stuff. I haven’t even mentioned any of the “how they treat their employees” incidents from these places. Every company has at least a couple of these that I’ve actually witnessed, and far more that I heard about from trustworthy sources.
Sometimes I think about the fact that I’ve made some bad things more reliable so they can go about doing evil more efficiently, quickly, or just at all. It sucks.
I said this in 2013: “If your resources or reputation could be used to harm people, you owe it to them to jealously guard it lest it fall into the wrong hands.” I still think this has happened too many times.
However, I no longer think that people are capable of guarding it to keep the vampires out. The only way to keep something with great power from being exploited might be to keep it from existing in the first place.
This was first posted here.
Rachel Kroll is a veteran sysadmin. She writes stuff.