Viral defamation [entries|reading|network|archive]
simont

[ userinfo | dreamwidth userinfo ]
[ archive | journal archive ]

Mon 2010-10-04 13:47
Viral defamation

In the past 24 hours I've received four emails from random people asking me if I wrote a computer virus.

The emails have been relatively nonspecific (they've tended to assume I already know what they're talking about), but from what I can gather, lots of people's Windows boxes are suddenly putting up error boxes referring to an executable file with a variable name (all the reports I've had have called the file by some different jumble of random letters), which lists ‘Simon Tatham’ as its author, and apparently this file is infected with the ‘GoldG’ virus. I suppose all the people who have emailed me must have googled the listed author's name and found my website and email address. So I'll probably have to put up a notice on my front page saying it's nothing to do with me, if only because I anticipate the email load getting worse rather than better…

Supposing my correspondents' analysis is accurate, I wonder if the virus writer would be liable for some sort of defamation of my character? Or, I suppose, of the character of someone else with the same name – after all, there's nothing unambiguous to indicate that they mean me. Indeed, for all I know, the real virus writer might turn out to be a guy who genuinely does share my name. That would be even more annoying.

(Not that I expect it'll be realistically possible to catch them, and defamation would doubtless be nowhere near the top of the list of stuff to haul them into court for if anyone did, but just out of curiosity.)

LinkReply
[identity profile] eponymousarchon.livejournal.comMon 2010-10-04 13:48
Worse scenario: Part of the malware's code is derived from PuTTY?
Link Reply to this | Thread
[personal profile] simontMon 2010-10-04 14:36
I suppose it's perfectly possible that malware has used my code in the past. (Which would throw no blame on me – there's no end of infrastructure code in stuff I've written which would be just as useful for nefarious purposes as constructive ones, because the same sort of organisational stuff will always need taking care of no matter what top-level task you're trying to do.)

To put my name in the Windows executable metadata, though, is more sinister; the only way I can think of for that to get there by accident is if they cloned-and-hacked some part of my build scripts, and really, if they're going to copy anyone's build system I doubt they'd pick mine – it's all Unixy and idiosyncratic and weird. So I'm more inclined to think that has to have been done deliberately.
Link Reply to this | Parent | Thread
[identity profile] eponymousarchon.livejournal.comMon 2010-10-04 14:50
This is the part of the conversation where I express a failing of empathy with malware writers and a bewilderment at why someone would *do* that.

Have you made enemies in bad circles? :)
Link Reply to this | Parent | Thread
[personal profile] simontMon 2010-10-04 14:52
Not to my knowledge, but then, they wouldn't necessarily tell me if I had!
Link Reply to this | Parent | Thread
[identity profile] eponymousarchon.livejournal.comMon 2010-10-04 15:16
How dare you be a constructive part of the open source community!

*koff* Well, quite.
Link Reply to this | Parent | Thread
[identity profile] tigerfort.livejournal.comTue 2010-10-05 08:51
I'm tempted to suspect that this might, in fact, be the cause, unfortunately. (If there is an intentional cause, rather than, say, a program scumming Windows registry entries for software authors.)
Link Reply to this | Parent | Thread
[identity profile] eponymousarchon.livejournal.comTue 2010-10-05 10:46
I'm having flashbacks to schoolyard bullies here. Unfortunately, I have the feeling that there's quite a lot in common there.
Link Reply to this | Parent
[identity profile] eponymousarchon.livejournal.comMon 2010-10-04 13:50
More sanely, my first response was to assume a false-positive on the PuTTY executable on the part of something like McAfee or Norton until you mentioned random filenames. Hm.
Link Reply to this
[identity profile] samholloway.livejournal.comMon 2010-10-04 16:56
My feeling (IANAL but I like to pretend) is that it would be defamation, but not provably of you yourself; rather (as you suppose) a generic $simon_tatham. It would certainly be an interesting case!
Link Reply to this | Thread
(Anonymous)Mon 2010-10-04 17:17
There's no such thing as 'generic defamation'. Only a specific individual can bring a case of defamation. Just as you can't libel the dead (because they can't bring a case) you can't libel 'a generic Simon Tatham'.

More to the point, defamation is making a statement that would damage a person's reputation. There is no need to be talking about the actual person. If I were to write a novel about an evil vicar, and it were to turn out that (entirely unknown to me) there was an actual cleric by that name, said vicar could sue me for defamation and might very well win, if they could prove that my novel had caused people to think less of them (and it would be a fair cop; I should have done the research before publishing something that could damage someone's reputation.

Though you're completely and utterly wrong in every particular about everything else, it is true that it would be an interesting case, but not for any of the reason you state: it would be an interesting case because it would, I expect, turn on whether a 'statement' had been made by releasing this programme with Simon's name attached.

S.
Link Reply to this | Parent | Thread
[identity profile] samholloway.livejournal.comMon 2010-10-04 17:23
Sorry, I never meant to imply there was such a thing as 'generic defamation' - that's what I was trying to convey, that the case has to be brought by a specific person.

(Agree that the rest is completely wrong!) :-)
Link Reply to this | Parent
[identity profile] sunflowerinrain.livejournal.comMon 2010-10-04 18:36
*furious splutter*
Link Reply to this
navigation
[ go | Previous Entry | Next Entry ]
[ add | to Memories ]