[short12]

Norton has outright been a malware company for a long time

I'd love to see the feds arrest a few people there and destroy the company.

Just remember. Don't ever hire someone with recent Norton experience I their resume. I'd sooner fill that gap in with the explanation that I was selling fentanyl laced products on the dark web

[anormalpapier]

> Don't ever hire someone with recent Norton experience I their resume.

This is pretty ridiculous. I worked there and and there is much more going on internally than writing malware-like software. By the time I left they still had pretty decent engineers just trying to find a job in a better company, like me.

These sort of decisions don't come from Software Engineers and management there is known to be pretty shitty.

Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours (still a bad idea though IMO)

https://community.norton.com/en/blogs/product-service-announ...

[VWWHFSfQ]

> it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours

It says you're joined to a mining pool. Is this a Norton 360-only mining pool? If so, I'm guessing they have their own hardware participating in the pool as well. And if that's the case, you're helping them mine for blocks just as much as you're helping yourself. But they don't say that anywhere so who knows.

edit: and it also appears that they're taking 15% of whatever you mine.

So they've apparently:

* Set up a Norton-only pool

* Joined all their customers computers to it

* Collect 360 subscription fees to participate

* Collect 15% of everything their customers mine

* Participate in the pool themselves, further benefiting from their customers mining activity

And what happens to the unclaimed/unused wallets that they're holding for their oblivious customers in "the cloud"? If I cared enough about this to read the fine print I bet I'll find that they're reserving the right to empty those after a certain period of inactivity.

[duskwuff]

> And what happens to the unclaimed/unused wallets that they're holding for their oblivious customers in "the cloud"?

For that matter: what happens when Norton gets hacked and loses the cryptocurrency they've been holding for their users?

[random314]

And who pays the customers electricity bill? They are simply stealing your electricity.

[yosito]

Not just your electricity, but also your processor time, which you likely intended to use for something else.

[TingPing]

The ethereum would pay for it, if the user knew how to actually cash out.

[random314]

Depending on your power billing rates, mining ethereum might not be profitable at all for the user.

[perennate]

> oblivious customers

Users must explicitly agree to a Norton Crypto License and Services Agreement and activate mining before the software starts mining Ethereum. It is unlikely there would be any oblivious customers.

See https://support.norton.com/sp/en/us/home/current/solutions/v...

[cogman10]

Bundling software like this is a malware move. I don't care if they give you the option to not install it, it's no better than the installers that add malware toolbars to your browser if you don't catch the 8th level of dropdowns you need to navigate to not install it.

When I install a pdf reader, I expect a pdf reader and nothing else. When I install anti virus software, that's the only thing I want.

[Kinrany]

How explicit is their agreement compared to the usual dark pattern of "guess which one of these five checkboxes is optional"?

[Nathanael_M]

This is key. I'm going to install Norton 360 on my other PC tonight and see what the process is. My concern is that they're counting on all of the senior citizens (I'm assuming that's their near exclusive user base at this point) who have been using Norton for years will accidentally install this thinking they're simply updating the program. The installation process will be very telling.

[Barrin92]

>and there is much more going on internally than writing malware-like software

that sentence doesn't exactly inspire confidence lol. So you're saying people are aware of the fact that they're partially writing malware like software and that's.. accepted? That's like an accounting firm saying "don't judge us like that, there's much more going on here than the money laundering"

[Ansil849]

> These sort of decisions don't come from Software Engineers and management there is known to be pretty shitty.

No, but the decision to work and continue working there does.

[jodrellblank]

So you're saying you would trust this hypothetical ex-Norton engineer resume more, because they made the decision not to continue working there?

[Ansil849]

I'm saying no such thing. What I am saying is that I find this 'we're just code monkeys, we don't enact policy' retort I see so frequently here incredibly annoying, because it acts like programmers are not human beings with agency in a market with typically extreme mobility.

[jodrellblank]

If they're trying to leave and can't leave because nobody will hire them because they work(ed) somewhere bad (that's the original comment in this thread; never trusting a Norton employee's resume) and you're also criticising them for "choosing" to continue working there, what chance does that give them? That isn't having agency in a market.

If "the decision to work and continue working there" is a bad one, that makes the decision to leave a better decision, yes? And the person who makes such a decision, a better person. And if you want to hire people who have agency and act with integrity, someone who left Norton is a slightly higher signal than someone who never heard of Norton, isn't it?

[Stevvo]

parent comment is once again saying no such thing. The root comment of this thread are not the words of that comment.

[kjaftaedi]

>Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself.

No, but it is still malicious in the sense that it:

(1) does not inform the user or ask for consent

(2) seemingly does not offer an option to disable it

While I want to apply Occam's razor here, you'd have to assume all of the people that worked on this were negligent or unqualified... when sadly the more likely scenario is that these decisions were most likely intentional.

[perennate]

> (1) does not inform the user or ask for consent

> (2) seemingly does not offer an option to disable it

Where do you see this? As far as I can tell, it is off by default, and the user must explicitly enable it (consent) to use the miner.

See e.g. https://support.norton.com/sp/en/us/home/current/solutions/v... which mentions a License and Services Agreement that must be accepted before the miner can be used at all, and clearly says the mining status can be toggled between Active and Paused.

[kjaftaedi]

I got the information from the thread linked in the headline.

(scroll to their follow up posts)

I don't have Norton, so I am unable to test this myself.

[jjulius]

>Just remember. Don't ever hire someone with recent Norton experience I their resume.

I completely understand this sentiment and why you're approaching it this way, but I have to ask - what if the person with recent Norton experience is trying to get away, or got away, from them because they share your views about Norton? Would you just throw away the resume without a second thought, or would you at least be open to hearing about their thoughts working there?

[_2d30]

People who say these things are primarily looking for reasons to moralize and gatekeep. It's not about actually achieving a just outcome.

[Stevvo]

No, it's about taking responsibility for your own actions and code.

[jjulius]

So, basically...

Norton Employee: "I strongly disagree with how Norton operates and the kind of software we are installing. I feel shame. Here's why I would be a strong candidate for your company."

You: "I'd rather not even hear about it. Get rekt."

...?

[chickenpotpie]

> Just remember. Don't ever hire someone with recent Norton experience I their resume

Toxic hiring mentality. Unless someone is very high up, it’s just a job to them and they’re just trying to feed their families.

[voakbasda]

Yup, they were just following orders. Definitely not responsible for their own decisions and actions

/s

[tombert]

I understand where you're going with this, and while I don't really "disagree", I think it's a bit of a stretch to go from Nuremberg justifications of murder to "installing some stuff that makes your computer slow because someone asked you to". Should "just following orders" fully absolve you of guilt, even on a small scale? No, definitely not, but I feel like the language you used is loaded.

Most engineers on HN aren't solely developing for non-profits and charities, we're writing software for for-profit entities, and most of the really big for-profit entities are pretty evil (e.g. Google, Facebook, Apple, Microsoft, etc). It's not unreasonable to condemn people for working for these companies, but I think it's important to put into perspective the scale and intent of most of the people working there.

[w1nk]

It doesn't just make your computer slow, which is bad enough, it's actively stealing your electricity and converting it into their money. How can that possibly be justified?

[tombert]

It’s not justified, I don’t claim it is. It should be condemned, I just feel like the term “just following orders” has a bit of a loaded Nuremberg connotation to it.

I guess I’m accusing the parent comment of hyperbole more than being “wrong”.

[jrockway]

"Just following orders" is a loaded expression. You're implying that they're committing genocide, when really all they're doing is helping some company make a product you don't think is particularly good. It's definitely not worth such harsh words.

[RansomStark]

I've never understood this argument. It is clear that nobody is implying a genocide is underway, they are simply alluding to an extreme example of ignoring or justifying negative actions, to show that each of us has agency and should be held to account for their actions.

I always think it's an interesting juxtaposition because although the actions (in this case working for an AV company) are always so far removed from the extreme example, so too are the repercussions.

The "just following orders" soldier, had he refused to carry out his orders, or attempted to flee, would have been shot in the back for desertion. The penalty for following orders, or not following orders, is the same: death (at least in the canonical example).

Whereas with the situation being discussed here, it results in what? Maybe holding out for another job.

In the extreme we expect people to pay the ultimate price to prevent atrocities, which should serve to remind us that, in the everyday, we should engage our moral compass, endure a small hardship, and through that hardship, prevent a small amount injury from being inflicted on the world.

[jodrellblank]

From the first picture here[1] it says "Turn your PC's idle time into cash: show me how"

That appears to be opt-in. It's quite plausibly something people interested in crypto might actively want, namely a company they already do business with offering to make all the decisions about coins and wallets and stuff for a small fee. If a YC startup offered this, or it was added to the Dropbox client as an opt-in "let Dropbox make you some cash", people would love it. If Windows 11 or Edge included it, people would hate it. As an opt-in thing it's not a bad idea; not quit-your-job bad and certainly not "just following orders" Nazi trolling bad. It's Norton and AntiVirus's reputation which taint it.

"It is clear that nobody is implying a genocide is underway" - it at least implies that something strongly and obviously bad is underway that anyone with integrity should avoid. And that's not obviously the case either.

[1] https://community.norton.com/en/blogs/product-service-announ...

[voakbasda]

No, it absolutely does not imply committing genocide. It implies that following orders of a superior does not absolve you of guilt when committing any crime.

Even if this was not currently criminal, this behavior appears inexcusable. The software engineers building this software lacked the ethical stamina to stand up and say "no" to their masters. They deserve an equal share of the condemnation and consequences for their participation.

[avalys]

What if they worked at Norton but not specifically on this one feature you have an issue with?

[tadzik_]

If I worked at Norton and this happened I'd be handing in my resignation on the same day because I wouldn't want to be associated with these practices and for anyone, including future employers, to assume that I was involved in them.

Or rather, I would if this wasn't mostly FUD and blown out of proportion. According to other comments it's entirely opt-in.

[HPsquared]

Everyone, even the janitor?

[jabej]

That was nothing but the result of the winning side wanting someone to pay for what the losers did to them. It never made sense.

[wallacoloo]

the job market (especially if you’re an engineer considering Norton) is so flush right now, you could choose a hundred other positions with similar workload and benefits. when you choose to work for a shitty company under such circumstances, it shows that you don’t care in the least for the other people with whom you coinhabit the planet. that’s antisocial behavior, and human society relies upon a certain amount of soft punishment for antisocial behaviors. yes: you should be thanking hiring managers who turn down candidates who have no regrets about past work at toxic companies, because those hiring managers are preserving our society at the margins.

[chickenpotpie]

The job market is still complicated and not that easy. I know quite a few people that ethically disagree with their job and have been trying to leave for over a year and the phone is just not ringing. So now they should just be banned from working anywhere else? What are the supposed to do? Quit and starve?

[wallacoloo]

> you should be thanking hiring managers who turn down candidates who have no regrets about past work at toxic companies

"no regrets" is an important part of this. though it's not quite the precise word i'd like, since your friends could well not regret their choice to stay given the circumstances you outline. what i want is for our culture to fight against antisocial behavior: to encourage the everyday person to give sufficient weight to social impact when making decisions.

"sufficient" is subjective, so as a starting point replace that with "non-zero" and i think we come out ahead: the toxicly selfish (or socially ignorant) are encouraged to behave at least mildly pro-socially, and the friends you mention who tried to leave evidentially gave non-zero weight to their social impacts -- even if they failed -- and would pass such a test.

the world is gray and i don't want a purity test. but that's not a license to ignore our social responsibilities.

[999900000999]

So a kid who got recruited out of college is somehow a bad person ?

No one is forcing you to install this stuff, I think Match is a horrible company which takes advantage of people, facilitates scams, on top of outright fraud .

I still recognize skill, if you told me you improved load times on Match.com by 60% I’d be very interested in hiring you. I wouldn’t personally work for any dating app or adult entertainment platform. But I have nothing against those who do.

[int_19h]

Being recruited out of college (or not) doesn't really change anything in this equation. If ypu do something, find out that it's bad, and continue doing it anyway, then yes, you're being a bad person.

[999900000999]

Can you seriously say that everything every company you've ever worked for aligns with your personal morality ?

Odds are no, I agree this is a disgusting tactic, but every company does bad things. If you work at say Starbucks, and some of the beans are being produced unethically, you're not a bad person for making lattes.

[int_19h]

No, of course not. Personal responsibility is, well, personal. But even so, I fail to see how being freshly recruited out of college makes any difference.

[danjac]

There was some comment in Twitter along the lines of "I wouldn't hire anyone who had Coinbase in their resume". You could switch "Coinbase" for Meta, Palantir, Norton, or any other morally questionable company.

The fact is though that the easiest way for these companies to go bust is for them to lose all their competent employees. If someone working at Norton can't get a job anywhere else, no matter how good their qualifications, because they're on your blacklist, they're going to stick with Norton. That keeps Norton alive.

It's much better to accept that people are fallible, they make mistakes, and sometimes you join a company in good faith only for management to pivot, or the company to get acquired and questionable judgements to be made. It's important that developers and other employees at these companies are given an off-ramp when they decide the paycheck is no longer worth it.

[notyourwork]

Anecdotal, a few years back I had the opportunity to interview an engineer. Their background was in web advertising. Regardless of what I feel about ads on the internet, the candidates technical background with respect to how they handle iframes inside of iframes many levels deep and how they inject code into the page was actually quite a fascinating conversation on the technical merit of it all.

[wizzwizz4]

I don't know – there are acceptable (if rare) reasons to work on Norton, but I can't think of any reason that selling fentanyl-laced products would be okay.

[drdeca]

If this maxim was universalized, I don't think it would produce the outcomes you desire? At least, not in the short term.

This would make it so the people there would be essentially forced to stay there?

It would, of course, also provide an incentive against beginning to work there, but, I still think other rules would better further your goals.