From nginx to pandowload, how can programmers avoid prison oriented programming

beyondma 2020-11-13 07:44:19
nginx pandowload programmers avoid prison


 

According to Yangzhou network police patrol law enforcement official news , Baidu network disk cracking version Pandownload Developers have been caught , At the same time, Baidu network disk official in the early morning of this matter made a response . Baidu official said it has been actively cooperating with the police , Severely crack down on the criminal acts of infringing the data privacy of Baidu online disk users . meanwhile , Baidu network disk will continue to improve the user experience through technology .

And as far as I can see Pandownload The author to achieve non member rights to break through the official Baidu disk settings , The function of high-speed download, frankly speaking, this function is actually good , Because from Github Look at the implementation of similar functions APP Some more , But there is another important message from the official announcement that “ establish QQ Group , Collect from group members 1 to 10 Group entrance fee of different yuan , Provide more stable “Pandownload” Internal test version . As of the crime , The criminal suspect gains illegally 30 More than RMB .

Recently, there have been a lot of legal incidents about programmers . For example, at the end of last year Nignx The father of Igor Sysoev My former employer Rambler The group is right Nginx A lawsuit for copyright infringement was brought , claim Igor Sysoe All development achievements during the term of office belong to Rambler Owned by the group , So it also causes Igor Sysoev Taken by the police .

And about two weeks ago Many netizens claim that their microblog information is suspected of data leakage , Some netizens have even sent out a screenshot of suspected microblog personal data package sales . In response to this, Weibo said , Data leaks are true , At present, Weibo has strengthened its security strategy in time , Microblog has always provided a service to query the nickname of microblog friends according to the phone number of the address book , Users can use the service after authorization . However, micro-blog does not provide information such as user gender and ID number , either “ Check the phone number according to the user's nickname ” Service for . So this data leak doesn't involve ID card 、 password , It has no impact on microblog service .

The above events are actually caused by programmers when they are making their own software , In short, it's made up of APP The murder that started . of APP In particular, there are too many right and wrong reptiles , According to my observation 2019 Almost all of the big data, that is, crawler companies, were checked in , Including Xinyan technology and Scorpio technology CEO Checked 、 Gongxinbao was sealed 、 Juxinli also announced that it would suspend its crawler service 、 Tongdun technology, the leader of domestic big data risk control platform, has also been exposed to disband the crawler department , One of the most interesting events , Or the one from The programmer of Qiao Da Technology , Because I wrote a crawler program , Illegal download resume information from a recruitment website and be prosecuted , Triggered the whole network about programmers facing “ prison ” The big discussion of programming .

From the author's point of view , Disputes about crawlers and information leakage protection need to be viewed from the perspective of data holders and data crawlers .

    The programmer The way to avoid prison oriented programming

According to the latest traffic analysis , Internet 40% The traffic on the left and right is robot, which is similar to Pandownload It's started by a reptile , From the angle of data crawling , We have to focus on the legal boundaries of crawler technology ,“ Technical innocence ” The number of is often unable to protect the majority of programmers . And the legal issues about reptiles , The author specially consulted colleagues from the legal department of the unit , According to our 《 The criminal law 》、《 Network security law 》 The provisions of the , The following are some of the crimes that reptiles may be involved in :

1. First of all, invade the affairs of the state 、 National defense construction 、 Computer information system in the field of advanced science and technology , Whether the plot is serious or not , Constitute the crime of illegal intrusion into computer information system .

2. Violation of relevant state regulations , Selling or providing citizens' personal information to others , constitute Crime of infringing personal information of citizens . That is to say, it is a crime to profit from selling personal information or to intrude into a system containing state secrets , But neither of them is unintentional , But the following rules need special attention .

3. Violation of state regulations , Delete the function of computer information system 、 modify 、 increase 、 interfere , Causes the computer information system to be unable to operate normally , With serious consequences , accomplish a crime . That is, if you use a crawler to grab too much , Cause the website that be seized cannot run normally , And cause serious consequences will also constitute a crime . The programmers of Qiaoda technology mentioned above are also due to the large amount of crawler traffic , Causing the target network to be nearly paralyzed , And arrested for violating this article .

In other words, the three principles to avoid prison oriented programming are

  1. Don't touch state affairs 、 The system of national defense construction
  2. Don't touch personal information , Not to sell personal information , And this time Pandownload Because the author of the breakthrough user's privacy rights , Enable paying members to download other people's files , It's also the point where he broke the law .
  3. Don't make money by cracking software , Because of our country's 《 Network security law 》 For cases involving non-state units , The main basis of judgment is whether it is profitable , That is to say Github Open source can , But there may be trouble with charging .
  4. Reasonable setting of crawling flow , avoid DDOS Aggressive reptiles

In addition, in order to avoid other civil disputes , Try to abide by Robots agreement .Robots The protocol is stored in the root directory of the website ASCII Encoded text file , It usually tells the web search engine's rover, or crawler , What content in this site should not be accessed by crawlers , What can be obtained by reptiles . Strictly in accordance with Robots agreement Crawling website related information generally does not appear too big a problem .

Because the general norms of the industry will also be considered in judicial practice , Therefore, it is generally observed that Robots The information obtained by the agreement will not be considered as trade secrets or personal privacy data . In other words, even if the information obtained by complying with the agreement is classified, its responsibility for leakage will not be borne by the crawling party .

    What to do in the event of an actual information leak

In all the information leakage, the most troublesome is the password or ID card information leakage , In this regard, the author has the following suggestions :

  1. Check your credit history : If there is any abnormality in the credit record , Especially when you have an unexplained loan , So the probability is that there is a serious information leakage situation . At this time, if you can't contact the loan platform , You can report it as soon as possible , In order to protect their legitimate rights and interests .
  2. Release the binding relationship between the three platforms : Generally speaking, the bank's protection for the customer's bank card is greater than that of the three-party payment company , So in case of information leakage , You can first release the binding relationship with the three-party payment platform and turn off the automatic deduction service , Change the bank card if necessary .

    The programmer's response

 

And summarize the programmer's response , The following points need to be noted :

1) Don't use your working hours to create your own products

2) Don't use the company's money 、 Equipment and unpublished information

3) Whether or not to leave the job 、 After a year's transfer, I will start to create

4) Don't use the company's computer to program , Especially don't use the company's WIFI Check your project in Github Of ISSUE Or submit PR. These inadvertent actions may give the company an excuse to dispute .

5) Don't sell information , And don't make money through information

 

版权声明
本文为[beyondma]所创,转载请带上原文链接,感谢

  1. [front end -- JavaScript] knowledge point (IV) -- memory leakage in the project (I)
  2. This mechanism in JS
  3. Vue 3.0 source code learning 1 --- rendering process of components
  4. Learning the realization of canvas and simple drawing
  5. gin里获取http请求过来的参数
  6. vue3的新特性
  7. Get the parameters from HTTP request in gin
  8. New features of vue3
  9. vue-cli 引入腾讯地图(最新 api,rocketmq原理面试
  10. Vue 学习笔记(3,免费Java高级工程师学习资源
  11. Vue 学习笔记(2,Java编程视频教程
  12. Vue cli introduces Tencent maps (the latest API, rocketmq)
  13. Vue learning notes (3, free Java senior engineer learning resources)
  14. Vue learning notes (2, Java programming video tutorial)
  15. 【Vue】—props属性
  16. 【Vue】—创建组件
  17. [Vue] - props attribute
  18. [Vue] - create component
  19. 浅谈vue响应式原理及发布订阅模式和观察者模式
  20. On Vue responsive principle, publish subscribe mode and observer mode
  21. 浅谈vue响应式原理及发布订阅模式和观察者模式
  22. On Vue responsive principle, publish subscribe mode and observer mode
  23. Xiaobai can understand it. It only takes 4 steps to solve the problem of Vue keep alive cache component
  24. Publish, subscribe and observer of design patterns
  25. Summary of common content added in ES6 + (II)
  26. No.8 Vue element admin learning (III) vuex learning and login method analysis
  27. Write a mini webpack project construction tool
  28. Shopping cart (front-end static page preparation)
  29. Introduction to the fluent platform
  30. Webpack5 cache
  31. The difference between drop-down box select option and datalist
  32. CSS review (III)
  33. Node.js学习笔记【七】
  34. Node.js learning notes [VII]
  35. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  36. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  37. 【JQuery框架,Java编程教程视频下载
  38. [jQuery framework, Java programming tutorial video download
  39. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  40. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  41. 【Vue,阿里P8大佬亲自教你
  42. 【Vue基础知识总结 5,字节跳动算法工程师面试经验
  43. [Vue, Ali P8 teaches you personally
  44. [Vue basic knowledge summary 5. Interview experience of byte beating Algorithm Engineer
  45. 【问题记录】- 谷歌浏览器 Html生成PDF
  46. [problem record] - PDF generated by Google browser HTML
  47. 【问题记录】- 谷歌浏览器 Html生成PDF
  48. [problem record] - PDF generated by Google browser HTML
  49. 【JavaScript】查漏补缺 —数组中reduce()方法
  50. [JavaScript] leak checking and defect filling - reduce() method in array
  51. 【重识 HTML (3),350道Java面试真题分享
  52. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  53. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  54. [re recognize HTML (3) and share 350 real Java interview questions
  55. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  56. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  57. 【重识 HTML ,nginx面试题阿里
  58. 【重识 HTML (4),ELK原来这么简单
  59. [re recognize HTML, nginx interview questions]
  60. [re recognize HTML (4). Elk is so simple