Hacker News new | ask | show | jobs
by anormalpapier 1624 days ago
> Don't ever hire someone with recent Norton experience I their resume.

This is pretty ridiculous. I worked there and and there is much more going on internally than writing malware-like software. By the time I left they still had pretty decent engineers just trying to find a job in a better company, like me.

These sort of decisions don't come from Software Engineers and management there is known to be pretty shitty.

Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours (still a bad idea though IMO)

https://community.norton.com/en/blogs/product-service-announ...
4 comments
VWWHFSfQ 1624 days ago
> it's not like they maliciously inserted this thing to mine crypto for Norton itself. Whatever your computer mines is yours

It says you're joined to a mining pool. Is this a Norton 360-only mining pool? If so, I'm guessing they have their own hardware participating in the pool as well. And if that's the case, you're helping them mine for blocks just as much as you're helping yourself. But they don't say that anywhere so who knows.

edit: and it also appears that they're taking 15% of whatever you mine.

So they've apparently:

* Set up a Norton-only pool

* Joined all their customers computers to it

* Collect 360 subscription fees to participate

* Collect 15% of everything their customers mine

* Participate in the pool themselves, further benefiting from their customers mining activity

And what happens to the unclaimed/unused wallets that they're holding for their oblivious customers in "the cloud"? If I cared enough about this to read the fine print I bet I'll find that they're reserving the right to empty those after a certain period of inactivity.

link
duskwuff 1624 days ago
> And what happens to the unclaimed/unused wallets that they're holding for their oblivious customers in "the cloud"?

For that matter: what happens when Norton gets hacked and loses the cryptocurrency they've been holding for their users?

link
random314 1624 days ago
And who pays the customers electricity bill? They are simply stealing your electricity.
link
yosito 1624 days ago
Not just your electricity, but also your processor time, which you likely intended to use for something else.
link
TingPing 1624 days ago
The ethereum would pay for it, if the user knew how to actually cash out.
link
random314 1624 days ago
Depending on your power billing rates, mining ethereum might not be profitable at all for the user.
link
perennate 1624 days ago
> oblivious customers

Users must explicitly agree to a Norton Crypto License and Services Agreement and activate mining before the software starts mining Ethereum. It is unlikely there would be any oblivious customers.

See https://support.norton.com/sp/en/us/home/current/solutions/v...

link
cogman10 1624 days ago
Bundling software like this is a malware move. I don't care if they give you the option to not install it, it's no better than the installers that add malware toolbars to your browser if you don't catch the 8th level of dropdowns you need to navigate to not install it.

When I install a pdf reader, I expect a pdf reader and nothing else. When I install anti virus software, that's the only thing I want.

link
Kinrany 1624 days ago
How explicit is their agreement compared to the usual dark pattern of "guess which one of these five checkboxes is optional"?
link
Nathanael_M 1623 days ago
This is key. I'm going to install Norton 360 on my other PC tonight and see what the process is. My concern is that they're counting on all of the senior citizens (I'm assuming that's their near exclusive user base at this point) who have been using Norton for years will accidentally install this thinking they're simply updating the program. The installation process will be very telling.
link
Barrin92 1624 days ago
>and there is much more going on internally than writing malware-like software

that sentence doesn't exactly inspire confidence lol. So you're saying people are aware of the fact that they're partially writing malware like software and that's.. accepted? That's like an accounting firm saying "don't judge us like that, there's much more going on here than the money laundering"

link
Ansil849 1624 days ago
> These sort of decisions don't come from Software Engineers and management there is known to be pretty shitty.

No, but the decision to work and continue working there does.

link
jodrellblank 1624 days ago
So you're saying you would trust this hypothetical ex-Norton engineer resume more, because they made the decision not to continue working there?
link
Ansil849 1624 days ago
I'm saying no such thing. What I am saying is that I find this 'we're just code monkeys, we don't enact policy' retort I see so frequently here incredibly annoying, because it acts like programmers are not human beings with agency in a market with typically extreme mobility.
link
jodrellblank 1624 days ago
If they're trying to leave and can't leave because nobody will hire them because they work(ed) somewhere bad (that's the original comment in this thread; never trusting a Norton employee's resume) and you're also criticising them for "choosing" to continue working there, what chance does that give them? That isn't having agency in a market.

If "the decision to work and continue working there" is a bad one, that makes the decision to leave a better decision, yes? And the person who makes such a decision, a better person. And if you want to hire people who have agency and act with integrity, someone who left Norton is a slightly higher signal than someone who never heard of Norton, isn't it?

link
Stevvo 1624 days ago
parent comment is once again saying no such thing. The root comment of this thread are not the words of that comment.
link
jodrellblank 1624 days ago
You can't just keep repeating "saying no such thing" when you (they) are saying such a thing.

They joined in to a root comment reminding people to reject Norton employee resumes, by saying that Norton people who don't get other jobs are morally bad people and programmers are free agents who could get other jobs (by implication they would do so if they were morally good people). Under this worldview, leaving shows moral goodness so hiring them should be encouraged more than hiring a random person. Saying "nuh uh" isn't enough to wriggle out of it.

link
kjaftaedi 1624 days ago
>Also, it's not like they maliciously inserted this thing to mine crypto for Norton itself.

No, but it is still malicious in the sense that it:

(1) does not inform the user or ask for consent

(2) seemingly does not offer an option to disable it

While I want to apply Occam's razor here, you'd have to assume all of the people that worked on this were negligent or unqualified... when sadly the more likely scenario is that these decisions were most likely intentional.

link
perennate 1624 days ago
> (1) does not inform the user or ask for consent

> (2) seemingly does not offer an option to disable it

Where do you see this? As far as I can tell, it is off by default, and the user must explicitly enable it (consent) to use the miner.

See e.g. https://support.norton.com/sp/en/us/home/current/solutions/v... which mentions a License and Services Agreement that must be accepted before the miner can be used at all, and clearly says the mining status can be toggled between Active and Paused.

link
kjaftaedi 1624 days ago
I got the information from the thread linked in the headline.

(scroll to their follow up posts)

I don't have Norton, so I am unable to test this myself.

link