Ask HN: What is the thing you've built that you regret the most?

502 points by Octabrain ↗ HN
Given the very interesting comments on the "Ask HN: What is the most impactful thing you've built?", I was wondering about something similar: Things you regret based on ethical implications, bad technical decisions you made convinced you were right but regret/cringe about later, failures on miscalculations on budgets that provoked a bad outcome in the company etc whatever.

Thanks in advance.

538 comments

[ 3.5 ms ] story [ 326 ms ] thread
I have wasted a lot of time building a two sided marketplace for gigs, that was the biggest thing i regret, that i kept trying for much too long of a time
Why sis you regret it?
Sounds like he regrets spending so much time working on something that didn't result in anything useful. That's been most of my career, so I empathize.
The Qatar slave helmet.

My company built the smart helmet used to track Qatar’s army of abused workers. The claim is GPS and accelerometer where used to track if a worker stopped moving or fell due to an accident; the geo fencing was supposedly for tracking if they had enough workers in an area for the job.

The reality is the helmets where/are used as mass surveillance tech to ensure workers are continuously active and never leave their assigned areas for petty things like going to the bathroom or finding shade to prevent heat stroke.

Eh... Was it really that hard to guess what they're gonna do with it? How long ago was that? It's not like their abuse of [foreign] workers is anything new.
7-8 years ago. I was a lot more naive back then and knew very little about any of the Middle East petro states.
That’s quite condescending.
condescending: having or showing an attitude of patronizing superiority.
I don't see anything patronizing or showing superiority in what I wrote. I am saying this as a peer, not as a superior.

It's kinda weird to expect people not to make mistakes such as this if nobody tells them it's wrong. And it's normal for people to tell other people they do bad stuff if they do.

So you’re assuming that you know better than them what they’ve done wrong, that you have to tell them, and how they should make up for it. That’s how your tone is coming across.
> you know better than them what they’ve done wrong

Hardly, since I just agreed with what they said. I suggested what IMHO is a good way to make up for it. Nothing else.

> that you have to tell them

Sure, I have to. I think everyone should say something in cases like this.

>I don't see anything patronizing or showing superiority in what I wrote. I am saying this as a peer, not as a superior.

And you have four different peers who have responded to you suggesting that you are being condescending. Take a step back and ask why - intention and tone are two different things, and if you get the latter wrong then we will misunderstand the former.

>It's kinda weird to expect people not to make mistakes such as this if nobody tells them it's wrong. And it's normal for people to tell other people they do bad stuff if they do.

Just let 'em be. You're not a hero. They admitted what they did, and why they know it's wrong. You're not doing anything other than going, "Yep, you sure did fuck up."

> Take a step back and ask why - intention and tone are two different things, and if you get the latter wrong then we will misunderstand the former.

Good point, OK.

>Now they should try to make it right - donating money to people trying to fix the situation is a good way to do that.

You're assuming that this individual hasn't already done something to atone (which goes against HN's rule to assume best intentions). That, coupled with a tone that comes off as though you know better than this person, basically round out the definition of "condescending".

I am not assuming anything. I made a suggestion, nothing else. They're free to do nothing if they feel like they already did enough. You're assuming I'm assuming <...>, which goes against the HN rule to assume best intentions.
Donating money rarely fixes problems. What it does is create organizations that draw their lifeblood from the continued existence of the problem, and continued donations of money.
If you don’t have something nice to say, don’t say anything at all.
Was I supposed to say "great job" to this? Lol.
'not saying anything at all' wasn't a rhetorical suggestion
Nah, I'm really not the kind of person that says nothing to this.
Pretty sad that you feel the need to rub salt into a wound.
Nah I don't think that's what I did. As another commenter said maybe that's how it came out (sorry), but not the intention.
Still seems unnecessarily condescending, but I've been guilty of that often enough that I am not going to hold that against you.
> IMHO it'd be nice if you donated some of your earnings to a human rights focused NGO operating in the area.

Is there somehow a difference in impact depending on who does this? Maybe if you chipped in, the Qatar slave workers would be even better off. Or is this just about guilt-tripping strangers for their past? :-)

My free funds are currently 100% dedicated to helping Ukraine and will be until Russia falls back to 1991 borders.
Sounds like you’ll never have free funds again.
Someone shares an insightful story that others can learn from and your first thought is to shame them, and then without knowing the first thing about them or what else they've done with their life, you tell them the best way to atone for their sins?

This thread is such a great opportunity for learning and curiosity and yet you choose to see it only as an opportunity for moral grandstanding, possibly scaring away other people with interesting stories to tell. Why are you on this website?

> How long ago was that? It's not like their abuse of [foreign] workers is anything new.

It's also not like it's common knowledge. Myself I only learned about it couple years ago, here on HN, because of some comment threads that segued into discussions about Qatar construction projects.

Point being, without knowing anything about OP, including where are they from, you can't assume they had a chance of knowing this before taking the job, or even learning about it on the job. The world is awash with news stories about everything - often you learn about a huge tragedy only when you chance on a story about it.

I expect it to be very common knowledge, but possibly it's only known in Europe, as we are much closer to the Middle East and the football angle is more relevant.

Here's several articles from 2017, for example.

https://www.theguardian.com/world/qatar?page=19

> Here's several articles from 2017, for example.

That's around the time I learned about it. Notably, this is couple years after the poster worked on their project.

What is the official name of that product?
Just wow... from their FAQ

>How do workers benefit from WakeCap?

>Workers’ location and activity is identified within the boundaries of a project for the greater good of all involved within the project and to ensure every worker is safe especially when it comes to fall from height detection, ambient temperature extremes, and confined space crowd control, and more. We found that workers responded positively to the technology.

>Do you have proof that it works?

>WakeCap connected 15+ job sites with 2000+ workers per project...Predominately mega construction projects in Dubai and Saudi Arabia.

The website looks really slick, but seen in the light of this thread it's disturbingly dystopian. First step towards Cybermen: https://en.wikipedia.org/wiki/Cyberman

"This won't stop you feeling pain, but it will stop you caring about it.".

Wow, 2 posts in and we may have a winner already! That’s really, really bad. I have a friend (well, not anymore) who worked for Palantir for a long time and was very proud of it, and I was gonna ask him if he regrets anything, but this is a whole other level.
oh man, that was rough. Your story reminded a group of people who should report here — The "Green QR code" app that Chinese government deploys in the name of COVID to track and surveillance people. I even saw a tiktok (douyin) video that showcase one of the developer, praising how young they are and how handsome they are. The comment section of the video is a different scene entirely. But the same time, if they didn't develop it, someone else will. So it is hard to put the blame on them specifically.
This comment is now one of the top hits on Google for "Qatar slave helmet". And it's the only hit when I put quotes around the phrase to force an exact match.

If this is real you should get in touch with investigative journalists, e.g. ProPublica.

("Get in touch with investigative journalists" probably applies to a bunch of the people posting in this thread.)

What would that accomplish?
Bringing further scrutiny to similar practices there and elsewhere.
Amp up the sort of disdain that might, for example, prevent international organizations from granting legitimacy to these regimes. Things like FIFA, as a completely random example.
I think it's clear that FIFA gives anti-fucks about slave labor.
Sure, but FIFA cares about money and at least some people care about not giving their money to deeply unethical entities. That’s what it’s meant to accomplish.
You need to ask what it accomplishes to leave it in the dark.
Actually, I want to think more about the theory of change here. It's conceivable that a ProPublica article could actually make the situation worse, e.g. by advertising the existence of the helmet to other abusive employers, or causing abusive employers to rework their labor practices in a way that looks better to the press but is actually worse.

If the company that makes the helmet is based in a country with good government, maybe a reasonable regulation would be to score workers on productivity, but place limitations on the scoring somehow. E.g. the helmet stops showing the worker's location when they've spent too much time in the heat. Or the helmet estimates the fraction of the workday that the worker spent offsite, but all workers who spend 20% or less of their time offsite are given a score of 20%, so the employer can't force the worker to spend more than 80% of their time onsite. I don't think productivity scoring has to be dystopian in principle; generally speaking it seems reasonable to pay people according to how productive they are.

You could also argue for regulating the helmet out of existence, but I assume in that case it would just be built somewhere else with lax regulations. So the trick is to put in regulation that creates a humane experience for workers, but not so much that Qatar is incentivized to contract the development of a new, more draconian helmet in a different locale. I don't think this should be too hard, because creating a humane experience for workers should also help productivity to a degree.

There's also a security dimension here -- you don't want abusive employers to be able to circumvent these limitations. So you could make it so the helmet only runs code which has been signed with the company's private key, or have a lot of the functionality server-side.

Another possibility is to have something like ITAR, where you can't export to certain countries.
Perhaps wrong impact in short term, but gains in long term?
How many people do you think worked on the project? If I were the OP, I'd be more worried about getting the Khashoggi treatment for speaking out.
(comment deleted)
This technology may sound bad but it helpes enable events like the world cup that entertain many around the world
Genuinely can't tell if you're joking or not but it doesn't matter. Either way this is basically a paraphrase of one of the most astute dril tweets of all time:

"drunk driving may kill a lot of people, but it also helps a lot of people get to work on time, so, it;s impossible to say if its bad or not,"

And just think of all the cotton the plantations grew! Surely that justifies it. /s
To add something related someone I know worked for a firm that was tasked with identifying regime critics for a gulf state. It wasn't clear what they were going to do with the list until they started disappearing.
I built a crypto invoice system that was originally targeted towards our freelance dev clients, which was soon overrun with drug sellers, weapons sellers, and when it reached a point where some of the invoice descriptions included words like "8yo.mp4" we realized it was time to put it down. We reported the IPs of the people involved and shut down the servers. Luckily I live in a third world country and not somewhere I could get in trouble for.
It could become very useful honeypot for the police or some government agency tracking crime.

Those people found another way to get paid.

Although I couldn't ever blame you for shutting it down. I'd probably do the same and try to forget about it for many years.

Unfortunately, I was not contacted by any intelligence agency with a promise of money and lack of prosecution, so that was my choice at that time.
I think it was fortunate, in a sense that these agencies’ employees usually couldn’t care less about your own fate or expenses in all this mess. You’re just a little bug in their gears which rotate regardless. Unless you can gain substantial publicity, it’s not worth the risk.
It shouldn't be that way though. That honeypot could've been really useful to them, and the cost of providing peace of mind to him is negligible to their orgs.
Not trying to be snarky here, but did it surprise you that a system built to obfuscate financial transactions would be used for illegal activities?
I don't think most crypto is built to obfuscate. It's built to bypass centrally controlled monetary system. With the exception of some specialty crypto created to obfuscate, it's really not nearly as good at hiding transactions as say, cash.
Technically it might not obvuscate, but practically it does.

Critically (compared to cash) it allows remote transactions. Cash requires presence which limits the customer base geographically, and carries enormous personal risk. (you're already transacting with a criminal, do you want to be alone with him as well?)

The killer app for crypto is illegal activities. (which may in some cases be moral, but nevertheless are illegal.)

As a side note, the volatility in the crypto value, caused mostly my legal speculators being exploited by scammers, hurts the utility of crypto in all contexts, including illegal ones.

(comment deleted)
I thought nobody would be stupid enough to try to slang rocks on "clearnet", and also Bitcoin is not built to obfuscate, that's Monero.
I wouldn’t care too much about the people who try to “slang rocks”, the “8yo.mp4” is infinitely worse in my eyes.
Pretty much. We laughed off the weed stuff but when we saw the .mp4 stuff we realized it got too far.
A ticketing company was experimenting with BLE beacons to trigger things like seat upgrades and coupons when people walked by certain things in a venue… or at least that’s what they said it would be used for.

Instead they covered LA Live and surrounding area with them and then just sold that data to… well I’m not sure who since I left shortly after they did that.

The justification was “but we put it in the TOS and Privacy Policy”.

How did the BLE beacons track people? A phone app?
Yes the ticketing app that people were required to use to get into the events.
>Yes the ticketing app that people were required to use to get into the events.

Well, at least Android 12 has granular Bluetooth permissions.

While the majority of tickets at LA Live are sold by one company currently, there are others, so it's impossible to know which specific company you're talking about.

On a completely unrelated note, there was a big thing surrounding privacy concerns with AXS' app a couple years ago.[0][1]

Clearly those claims were overblown. Surely AXS would never blanket an area with Bluetooth Low Energy (BLE) beacons and invade users' privacy like that. I refuse to believe AXS would make an app virtually mandatory and then violate users' privacy using physical Bluetooth beacons. Say it ain't so.

Oh, almost forgot: fuck AXS.

[0] https://us.forums.blizzard.com/en/wow/t/axs-spyware-claim-de...

[1] https://us.forums.blizzard.com/en/overwatch/t/axs-isnt-spywa...

This was maybe 8 or so years ago so I'm not sure what else this unnamed ticketing company added since... but permissions were pretty lax at that point and had JUST started to tighten up.

Oh I forgot to mention that Apple rejected the iPhone version of the app at first because we didn't make it clear enough that we were tracking their locations like this. Our head of product at the time just called someone up at Apple and it got approved with no changes. It all stunk.

I won't say much more here but this second question caught my eye, because the answer is the same as for your earlier question. Some impactful work I am intensely proud of also became a thing that haunts me (or at least challenged my idea of "doing good").

Think about dual-use. You may never really know quite how your creations pan out. Not quite in the league of Mikhail Kalashnikov, but it piqued my now intense interest in tech ethics.

EDIT: damnit seems like everybody here is in the same boat. So mine was a gesture detection for medical robotics control that was repurposed for look-and-lock air combat (fire and forget a2a missile. An important caveat is I'm not even a "pacifist" and went in eye's wide open with a defence firm. I just wish they'd told me more up front that this was "generic tech" I was developing.

Do you mean the missile would lock on to what the pilot is looking at when it's fired, or it would change target inflight if the pilot looks elsewhere?

I'm intrigued by how missiles work. I bought this [0] book to learn about them but I've forgotten math.

[0] https://www.amazon.co.uk/Tactical-Strategic-Missile-Guidance...

The former. The clue is in the "fire and forget" bit. Not that I know much about it. These things are well compartmentalised - as I found out. :)
Got me curious how often firms will purposefully disguise a military project as an innocent challenge solving their problem they'll repurpose later on.
I once saw a very good talk on this exact subject, by someone who was in an incredibly similar situation as that commenter was. IIRC their bit of tech was a tool to triangulate a fairly specific location of a device connected to a wifi network (this was at least a decade ago).

As I remember it the point was basically: there are a lot of valid applications for this concept, but ultimately only one that a defense contractor is really going to care about. If that's who you're making it for they will use it to kill people eventually, even if that's not the plan right now. But also that probably is the plan right now, don't be naive.

How about have children play a "game" so they help you commit xenocide? [Ender's Game]
That’s quite a distance between the two dual uses.
Back in the early days of mobile games (Zynga et al) I worked at one of those shops helping them build a better Skinner Box.
My first job was for a sketchy knock off autoparts company that was a glorified drop shipper. I built a dozen websites and a database of a few million rows. I was proud of it at the time.

Then I started reading customer support emails, took a few phone calls from disgruntled customers, and it turns out the company was just cycling cash. Would charge 100 orders and float the cash as it trickled out refunds.

I ended up leaving, and the company sold for a couple million a year later. I was left with a bad taste for e-commerce that has only recently went away.

Was that just a very high return rate or an outright scam? If the latter how could they sell for anything?
it was half way an outright scam, but we built a database of parts and their suppliers for an otherwise unprovided for market in the US. That database alone was worth the cost (the new place got rid of the company and just used the database + domain names.)
At a previous employer I helped build an employee monitoring system that was essentially a keylogger and would also take screenshots periodically and on every click. All this data was piped into our cloud and could be used by middle management for granular monitoring and evaluation.

The whole product was positioned for process optimisation but I know for a fact that it was used to monitor and eventually reduce headcount at multiple customers. I still feel gross just thinking about it but the company is supposedly making good money off of it given that they just announced a new version.

Process optimization and reducing headcount are more or less the same thing. It's about reducing the amount of work first. Only if you manage to find more customers to keep work at the same level you can avoid reducing headcount.
Not necessarily. "Optimising" a process doesn't always mean increasing per-operator throughput with the goal of reducing the amount of operators required to keep the lights on.

You can optimise for many other things such as on-time delivery in production processes or duplicate/late/early payments of invoices just to name some straightforward examples. In the former case you're optimising the process with the goal of increasing customer satisfaction and in the latter you're optimising many things such as cash flow and working-capital while balancing early payment discounts and late payment penalties.

I'm too forgetful to log and fill in time sheets reliably, so I started building a tool do it for me automatically and retroactively (so I don't have to press start/stop on some timer, or even remember to run the software ahead of time) based on data gathered from the system, like file timestamps, browsing history, syslogs, etc.

I got deep into gathering all the data and ML analysis, to the point I started brushing with digital forensics. I got spooked and abandoned it when I've realized I can never release such tool without it being abused for surveillance ;(

hey i did a not super deep version of this but it would hit toggl api to create my time sheet for me. i abandoned it after having to use lots of different software constantly, but i considered releasing it and didnt for same reason
No need to use actual surveillance and machine learning to fill out time sheets.

I had a friend Josh who worked at Los Alamos National Labs, who wrote a script that automatically filled out his timesheet with plausible looking working hours and tasks, an emailed it in at the right time every month.

One month his boss was chatting with his assistant about how happy he was with how promptly and efficiently Josh always sent in his time sheets, saying what a good worker he was, and that he just received his timesheet on time that day.

The assistant explained to the boss that Josh was actually away on vacation that week.

So when Josh finally got back from vacation, his boss summoned him into his office for an awkward sit down talk.

And insisted that Josh set him up with the same system to automatically fill out and send in his time sheet, too!

I built a tool for an influencer marketing agency that would log which instagram pages they visited. This info could be used for machine learning and discovering new influencers which was a major problem for the agency.

The first changes I made to the poc was making the ability to identify which employees did what and when so hard that if they asked us to do it, it would either not be possible or cost so much that it wouldn’t be feasible.

Maybe it's time to write a guide for employees on how to detect that this is running.
I wrote the GNC firmware for a loitering munition and it's... complicated. I am both very proud of and saddened by it. I'm also realizing that it could be said to be the most "impactful" thing I've built.
beats fuzing bus for a plain ol gbu
Literally impactful.

If any software needed a memory leak it's this.

Actually, I strongly disagree. Ideally, it would not be in the air in the first place. Failing that, once it's in the air, I personally prefer that it go to the intended target rather than just kind of wherever it ends up.
"Crash" is not something you want an aerial explosive to do.
I decided to build my own kitchen cabinets from scratch. I only had my small townhouse in which to build them. They eventually came out great, but it took 2 years to complete them.

The lesson I learned is to make it easier to abort large projects. Even if it delayed me by 6 months, I should have found a rentable workshop.

Yes, having built a ton of cabinet doors before for a similar project, I realized the allure of the cost savings (the raw materials are so cheap!) blinds you to the massive amounts of labor involved.
(One of) the old woodworking mottos; why buy it when you can build it for 3x the cost and 10x the time?
Hehe, yep. It's taken me about 10 months to make some wall plaques. I had some beautiful black locust heartwood from cutting down trees for a friend. The worst part was not having a band saw or similar to cut them into boards. They were small, so a chainsaw jig didn't really make sense. I ended up splitting them down the grain and building a jig for a router to trim them flat. Probably about 1 of 3-4 tools/jigs/etc that I had to build to get them done. Just working on a nice oil finish now.

Although to be fair, I have no idea what something like that would have cost since I've never seen heartwood this dark before.

I won't cut parts for beehive frames again. What a pain using 2x4s, and slightly dangerous with such small pieces.
It's an easy decision also by being cheaper to buy the precut from places like brushy mountain.
It was actually much cheaper to use 2x4s (back then anyways). You could get about 10 frames out a $3 2x4.

Also, I made frames for a warre hive. Those are extremely expensive if you can find them.

Completely an aside, but consider using hand tools.
Not for making 100+ frames.
I built a tool for helping a trailer park management company track numerous eviction lawsuits. I didn't complete before being reassigned, but I never should've started it.
I built a lighting system for <hotel chain you've heard of> to save energy by turning off hallway lights when not in use. The environmental aspect was great and saved hundreds of thousands in electricity. Someone eventually realized that the mesh network I built to connect all the lights together and report usage statistics could also be used to track employees moving throughout the building and catch them taking unauthorized breaks in the stairwell, so that's its main purpose now.

I'm a lot more paranoid about privacy these days.

Almost all software can be abused or co-opted for surveillance purposes. It's one of the reasons I've grown more disillusioned with computer tech over the years.
I had this realization in stages.

1. Almost all software can be abused or co-opted for surveillance purposes.

2. Some software comes already designed for surveillance purposes up front.

2a. This includes plenty of well-known mass appeal software; importantly, the customer-facing marketing copy and the investor pitch can present a completely different value proposition.

3. Software doesn't become used for surveillance or abuse by accident; there are actual human beings who make a decision to use it in this fashion, or commission it for this purpose.

3a. The "misguided programmers harming people by trying to solve social problems with technology" meme is dumb for many reasons, but it's also distracting (possibly purposefully so) from the fact that it's not software, or people who coded up the software, that are the primary culprits. The coders that were too naive or too self-interested to refuse work or blow the whistle may have some responsibility, but we should start talking about the people who made the decisions to commission or repurpose technology for bad purposes.

The problem is that "bad" is subjective and I'm sure most of the people making these decisions don't agree that they are being "bad"
That's fair, but the 3 and 3a. is not about whether a decision is bad or not, but about attribution. It makes no sense to blame "technology" or engineers in news stories for being used in some way, but completely ignore the people who ordered and bankrolled it to be used in that way.
Why would anybody care what they think?
Thing is, when the company that pays you actively wants to track everyone, there's little you can do as the person that creates tech form them.

If the piece of software you created is unbiased and unopinionated, it can be used for evil purposes. If you make the software deliberatedly against that, you have to (a) take measures without the company knowing (b) have the manpower to do it alone while still reaching development goals (c) those measures can be undone by another developer that cares less that you.

After all, software big enough is collective by nature. It's also unfair to us to think that we're responsible for any misuse as if we were mechanical engineers creating weapons for war

"Thing is, when the company that pays you actively wants to track everyone, there's little you can do as the person that creates tech form them."

You can quit. Literally, there is something you can do. If your boss asks you to write or adapt something to surveil, then you can quit.

There may be consequences to quitting, perhaps disproportionately felt between you and the company, perhaps consequences that you won't enjoy as much as your current job stability and paycheck, but the choice is always there.

> There may be consequences to quitting, perhaps disproportionately felt between you and the company

This is why unions are so important, even in a field like software engineering. If you quit on your own, the company may not care. But using the threat of strikes, workers can demand better conditions for themselves and more ethical directions for their company.

Why are tech workers so resistant to organized action? Their owner employers sure are organizing adversarially in a multitude of ways in the open and behind closed doors
Tech workers disproportionally 1) believe in meritocracy, and 2) believe that the existing arrangement in IT is it, or at least closer to it than it would have been with unions in the picture.

Why that is the case is another interesting question.

Which is to say that even very intelligent people can be very vulnerable to believing in things which are patently false provided that the end result is the ability to continue to live in a state of complete denial, and a world of pure imagination, where no action is required on one's own part and you can just continue to hope that all of this is a temporary aberration that will get better on its own :)
Yep. Even clever engineers can be delusional fuckwits.
There's also a time component.

It's entirely possible that in the post-IBM microcomputer, pre-Google AdWords span, they were correct.

However, it's pretty obvious that current era, power has slid back from labor towards extremely-large corporations.

Obviously. Why else would people on hacker news advocate for all the socialist economic policies that humanity just spent the entire 20th century proving don't work?

Sadly history repeats so we'll probably just have another "cultural revolution" and "great leap forward" in the 21st century.

I disagree. I think most tech workers identify more with their employers and their class than their own status and that of their colleagues. They’re moving up, fast, and they’re satisfied with their prospects more than anything they might get from solidarity.

In Marxist terms, lumpenproletariat is a close approximation, but a weird accident of history.

That's not strange is it? If you're making 100k+/year, you're well into bourgeois territory, and FAANG benefits are practically near-instant-owner-class. Why would you expect anybody getting that kind of money to identify with the lower classes?
"Bourgeois" is not defined by how much you make per year. It's defined by your relationship to the means of production.
Anyone getting paid 100k+ is also getting stock options.
Sure, and many people getting less still own stocks via 401(k) etc. The important question is whether a person can live entirely off their rents, or they have to work for someone else for a living.
> That's not strange is it?

That depends on your baseline, of course. Or to answer your other question:

> Why would you expect anybody getting that kind of money to identify with the lower classes?

I don’t expect it, though I do have deep solidarity myself. Because, to return to the middle of your response:

> If you're making 100k+/year, you're well into bourgeois territory, and FAANG benefits are practically near-instant-owner-class.

I can speak to six figures, and I’m in no way into bourgeois territory. I’m approximately as comfortable as middle class boomers, ie I can make financial decisions to benefit my aging family with some hope I’ll still be comfortable myself. I don’t own anything in the sense meant by “bourgeois” in this context. I may yet, in the sense of a retirement plan. That’s a middle class aspiration. Which, having grown up poor and then broke and then getting by… I recognize very much is still working class.

There certainly is a larger segment of the tech work force than the general population which has reason to believe it can cross the bridge from gentry to ownership… but it’s still a minority of us and it’s mostly scraps. I don’t expect most of my colleagues to be comrades, but I certainly don’t agree with their class analysis which you have expressed so clearly.

> Why are tech workers so resistant to organized action?

If you mean software engineers when saying "tech workers" because unions make it harder to fire people. There's not much that makes a software engineer's job harder than a bad engineer who isn't getting fired and is destroying the quality of the product and the code and creating work for everyone else to fix, all the time.

Unions also result in gaining seniority by time spent in a job instead of competency, and that's also a miserable experience, when someone incompetent is dictating the engineering work. In software engineering you want people who are technically proficient and capable of mentoring to assume leadership positions and positions of increased responsibility, not people who've been there the longest.

Software engineers in my first hand experience have been able to organize around coordinated action to get their employer to improve their conditions and pay without unions necessarily. One simple example of that is to coordinate around pay transparency
> Why are tech workers so resistant to organized action?

I am not actually so much resistant to unions, as I do not see what benefit I’ll get from them. What exactly in my life would have changed for better if I had been a part of a union? Just one thing, can you name?

Probably better default settings when it comes to vacation, your off hours not being invaded by on-call, pay transparency, WfH/remote policies, etc.

If you have ever gone up against HR over anything ever, a union would have benefited you.

Vacation? I have unlimited days off, and my request was never rejected.

On call? They paid me $500 a week to have a cellular phone officially, but at the same time unofficially everyone was strictly forbidden to call it. It was an internal political move by the engineering department (see our commitment to this new product? we even put Mike on call), turned into an additional benefit to best engineers.

> If you have ever gone up against HR over anything ever, a union would have benefited you.

My wife (who is one of the best teachers in California, documented) was fired exactly because of the union rules. The principal wanted to keep her so much, that the district turned his desire into a political tool: oh you want to keep L? she is a good teacher? sign this paper (some financial cover up) and we will give you the money to keep L. The union did not care is she a good teacher, or not. Less seniority? Go away (but we keep your $1000 union fees).

Because most of them think someday they will be the owner employer.

They won't, but its a delusion that favours capital over labour.

Don’t most engineers loathe management positions and just want to focus on tech?
> This is why unions are so important

My favorite counter-example is a collective action of about a thousand medical workers in SF Hospital demanding from Facebook an increase in censorship (and the censorship is impossible without surveillance).

Why do you think a union will support your ethical choices? And if it would not - you’d have to quit the company and the union, loosing not only your salary, but also union fees.

This is an argument against democracy itself. If you don't think democracy would work for you, then I can't convince you a union would either.
The marginal cost of union fees is trivial in comparison to a salary.

A union gives you more choices than "surveil or resign".

And if the union fails you because it says "no, you have to surveil" then you can still resign.

That well has been poisoned in the US. It's tough to find any extant union which isn't a corrupt sellout organization leeching off the workers they're supposed to represent. It's hard to change, because laws around unions are designed to lead to the current situation. Cross-industry/informal/extra-organizational action and coordination using the internet is probably a far more workable idea than traditional unions.
Have you considered that that's what Porky wants you to think about unions?
Yes. I've also worked in a few union shops and experienced it myself. I'm a socialist through and through, but what is called a union in the US is not an organization of and for the workers, it is a co-opted parasitic extension of corporate and government policy. Workers can and should organize, but restricting ourselves to following the controlled opposition is stupid and self-defeating.
You can organize.

Why shouldn't workers in a factory have a say over how their labour is used by those who appropriate it?

Baffled by how obvious solutions appear to have fallen off the radar.

They do have a say. Their labour is being purchased from them, not appropriated. They can say no (individually or together) and ultimately they can walk away.

As you say, collective bargaining is usually going to be more effective than individual.

> As you say, collective bargaining is usually going to be more effective than individual.

It may be more effective in terms of salary and working conditions (though I doubt that in software engineering I would have been able to get better pay through collective).

But in terms of ethics?

Individually, it’s almost impossible to make me support surveillance and censorship. But a big collective is much more vulnerable to manipulation. Comes 9/11 and you’ll get “collective” support for Patriot act, comes 6/1 and you’ll get “collective” support for censorship.

> You can quit. Literally, there is something you can do. If your boss asks you to write or adapt something to surveil, then you can quit.

If you had a union, or even a professional association whose code of ethics had teeth, you could refuse without having to quit. It's incredible to me that in 2022, most programmers are still anti-union.

Even in war, we don't universally take "I was following orders" as a valid excuse. People writing surveillance software are not innocent - not as guilty as those that gave the order, but still guilty.
See also _Surveillance too cheap to meter_ https://cacm.acm.org/magazines/2022/7/262077-surveillance-to...

> To stop the surveillance, [they] would have to get their equipment suppliers to make changes; they would have to change their own back-office systems; they would have to reformulate customer contracts so they would not rely on the data being available in case of disputes; and so on.

> [It] would cost [them] more money to stop the surveillance of their customers than to continue doing it.

> That is quite literally what "surveillance too cheap to meter" means.

It's also why employers prefer to hire young people over more experienced people, because the latter actually understand what's going on and might object.
I think to combat this you need to have laws like in Germany where this is pretty much explicitly illegal. We cannot put the technology back in the bottle
> Almost all software

which is why it's less of a technical problem and more of a social problem

people need to realize that with how the technology is today we can't afford to rely on marked self regulation for a lot of things especially wrt. privacy protection it just fundamentally does not work

(Or in other words, such usage of employee surveillance should be just plain out forbidden by law not just to be used but to be deployed)

In order to do that, people are going to have to go to the ballot boxes and vote. And when they do that, they're going to discover that there are no good options there. Then they're going realise that they have to create those options, and there's no grown-up to do it for them now. Then it dawns on them that they are not even members of any political organisations, nor are they in a union. It's like they've lived their whole lives without ever even having used their rights to freedom of speech, freedom of association, freedom of assembly, freedom to join political organisations, freedom to create political organisations, freedom to stand for office, or even considered using them before in any meaningful way, so it's like a nation of infants contemplating the idea of taking the wheel of a car. It's terrifying.
I have this feeling that with the increasing complexity and sophistication of the technical environment/tools we have in our hands, there is an increasing amount of people simply unable to cope with everyday challenges of modern society.

Of course, there have always been these kind of people, but in the old days they were easily identified groups of disabled and elderly people, who, most importantly, understood also themselves that they need help.

The bleak future I see that increasing amount of normal people with normal intelligence are just going to be financially destroyed, all while they themselves believe that they are fully qualified and justified to decide whether their money is "invested" in the next cryptard scheme, sent to a nigerian prince to get millions, or put in a crappy health insurance covering accidents once in a blue moon, instead of those damn government elite experts taking their money and actually providing health care and pension. And after they are destroyed, they become even more hostile against the "elite experts" who just seem to be laughing at their faces "told you so".

(To be extremely clear here: I believe intelligence is a highly multi-dimensional thing. And yu can be intelligent only in very limited dimensions. so practically all of us - me very much included - are morons in most of the dimensions. So I am not pointing here to any specific group, but all of us are vulnerable in some dimension. I may be able to above average avoiding certain kind of scams, but I am for sure vulnerable - even laughable stupid looking afterwards - for face-to-face friendly scams. Which, luckily to me, are typically not expensive.)

Unfortunately I have no good solution anywhere in sight. The best idea I have so far is to mock online the idiots who think Ayn Rand was a genius. I have to admit, though, that even that is likely to be useless even in the best case, so most of the time I try to just bite my lip.

> such usage of employee surveillance should be just plain out forbidden by law

By law, like by some Patriot act?

In many cases, software is like a tool. I provided a screwdriver: generally it's used for good, but sometimes it's used for assembling a bomb. By providing the screwdriver, I have no influence on how it's used. For me, it's important that most software I write is free software with few restrictions on its use. That way, I ensure that my screwdriver is available for all good purposed, even though I acknowledge that I cannot prevent it from being able to be used for evil. It's a tricky balance, but I trust that the good uses of new tools outweigh the evil. A war on screwdrivers won't prevent missiles targeting civilians.
>"can be abused or co-opted"

I tend to believe it, "will be."

All tech will eventually be used to try to gain an advantage in war and surveillance. I don't think there's a way to prevent it.

It's not just computer tech. Obviously, advances in say molecular biology can cause much more trouble down the line.
What was the requirement?

My apartment building has lights in the hallways that are only on when needed, but they just use a basic infrared sensor.

* Minimize BOM cost. Only 1 in N lights would actually have the full sensor complement, so they needed to communicate.

* Minimize installation cost. They just wanted to plug into a light socket, not run network cabling.

* Push data logs to a central server. They didn't want to send a tech physically to each lightbulb to get data for e.g. energy usage certifications.

plus other obvious requirements.

All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were). Instant employee monitoring.

Are these hallways for staff only?
Not as far as I was ever aware. They were intended for guest areas.
So why is the RSSI thing worth having?
Because by measuring multiple RSSI you can trilaterate and track employees relatively accurately. If an employee lingers somewhere unusual, you can have a manager ask them why.
That isn't what the system was notionally designed to do
Yes. The commenter is upset because a mesh network that he helped build for another purpose also provides a convenient dense network of radios that can be used to track staff, and that this is now the primary use case.

"All of that made it really easy to just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs (since they already tracked that to discover who their physical neighbors were)."

I assumed the rssi thing was there from the start, apparently mistakenly.

If it's any consolation to the original engineer it feels like a non-trivial thing to add

Most nodes in a radio based system will do rssi measurements to any other nodes that they need to communicate with directly, as part of deciding appropriate tx/rx amplification levels / when nodes are unavailable / etc. These functionalities are often easy to access to enable easier debugging, so it's a relatively straightforward change to start using them to scan other things on the same protocol etc.
The original engineer states the RSSI thing from the start because it was an input to the meshing algorithm.

Using it for location of employees was the new part.

By the time they got to "just stick a beacon tag inside employee badges and measure the RSSI from the mesh lightbulbs" it's pretty clear that it's one of the features they had in mind, though. You wouldn't "just" re-issue all your employee badges and spend engineering time on integrating it like this if tracking the employees wasn't the goal.
For some additional context, the original feature genuinely was energy efficiency. <Hotel chain> was trying to get some green certifications for a flagship and went looking for partners to do the actual efficiency stuff. That company found a sub, and so on until I was contracted to do the actual firmware. Everything got done and it was installed in a test hotel in Vegas.

After that initial success, one of the intermediary contractors came up with the surveillance idea (among others) to try and find reasons for <hotel chain> to roll the system out to more facilities.

RSSI is just signal strength. Tracking it allows you to approximately triangulate where people are so you can say "ID #xxxx was closest to the first floor east stairwell at 10:02am". Maybe nothing is done with that data, but it's ultimately a surveillance system and enables all the potential abuses that can entail.
I know what RSSI is, it seems like complete nonsense even pretending this is for energy efficiency if you have to keep track of where the non-staff are anyway - or is the people-tracking just an optional extra?
I think people tracking was just an optional extra/add-on. It sounds like the RSSI signal was there in the first place to set up the mesh based on what other lights had active sensors...
Guess you used wireless communication to avoid cables even though you are "pushing logs and communicate with other lights".
I am starting to think the requirements were crafted to push towards enabling surveillance without outright stating it.

PIRs are cheap and last basically the lifetime of the hotel. I would need to see some actual data to believe this whole project didn't actually cost more than installing a bunch of PIR lamps.

What is so bad about catching people taking unauthorised breaks?
Would you like to live in a society where the laws are the same as they are now, but it’s impossible to break them and not be caught?

(I know I’m jumping right to where the slippery slope ends.)

If we lived in such a society I would imagine we would be a bit more careful as we drafted laws. It would also be a lot more equitable due to the lack of selective enforcement.
Even if getting there from the current state of affairs by rigorously enforcing laws to the letter is possible, it would come with a very heavy price on people while the laws get reformed.
Taking the other side - you’d rather live in the society we have today where policies/laws are selectively enforced based on whether cops/supervisors have a good relationship with you, are biased re your race/gender, etc?
Perfectly executed laws would also have biased outcomes, likely worse than the current system.

There’s a good quote that goes something like “the law treats all men equally: the rich man and the poor man are punished the same for stealing bread to feed their family.”

The law, in its majestic equality, forbids rich and poor alike to sleep under bridges, to beg in the streets, and to steal bread. Anatole France
Yes, it'd foster good social relationships. Oh wait, engineers don't need no one....
That's the difference between living in Munich or São Paulo, or New York and Miami. Different societies have different tolerances for what's on the books and what gets enforced.

Personally, I prefer less on the books and proper enforcement, but many people like a lot on the books and just as many loopholes.

(comment deleted)
The same thing that would be bad about using your phone GPS location sensors to automatically send you speeding tickets every time you wander >1mph over the limit.

Even without intending to, everyone would go from a ticket or two per decade to dozens of tickets on every commute.

"But the law is still the same!?!"

Of course it is, but changing from poorly scalable human-required surveillance to always-on, fully-scaled electronic surveillance, changes it from completely reasonable to massively oppressive.

If everyone's productivity is fine, and people take unauthorized breaks, no one will notice, all is cool. If one or two people are noticeably unproductive, the manager will likely investigate and fix the unauthorized breaks, which is also fine.

But with constant electronic surveillance, it's no longer about meaningful productivity differences, it is about oppression.

It's still up to the manager to choose what to do about it.

A reasonable manager would accept the occasional smoke break, but do something about hour long naps.

Centralized automated system like this often is not something someones (direct) manager uses, but that gets pushed down from higher up the chain. Larger disconnect, less human consideration taken, with an extra helping of "well the system says..."
In line with what a sibling comment says, it stops being about the person themselves, and what their actual performance is, but about adherence to arbitrary rules. The computer says you took X number of unauthorized breaks this past year, so no raise/promotion for you. Employee has still been getting their assigned job done, and has been doing it perfectly well, and has stellar feedback from customers? So what! It's the rules that matter more.

Often a manager will not have any say over these things. "The metrics speak for themselves!"

Regardless, I don't think we should design systems with the assumption that the people in charge of them will be compassionate and reasonable. There are a lot of petty, corrupt (in the moral sense, not financial) people out there in positions of power over others.

One argument in favor of this is that it would pretty much force governments to set reasonable speed limits, rather than optimizing them to ensure that the police have an excuse to pull over almost anyone at any time.
No, it would allow them to adjust the limit to whatever brings in the most revenue without crashing the economy or engendering open revolt.

It would always be entirely unworkable at anything resembling the current fine structure, with fines in the $100s for a single infraction. These are based on the assumption that people are rarely caught.

I could see a surveillance-based system working, something on the lines of a congestion toll. Maybe $0.02/mi/mph over the limit, so going 10mph over the limit for 20 miles would be a $4.00 charge. We'd also have to eliminate the bogus insurance surcharges which falsely equate speeding with unsafe driving (barring neighborhoods & construction zones, they can signify either an unsafe driver or a highly skilled driver).

"engendering open revolt"

In France, messing with the people's ability to drive affordably led directly to the Yellow Vest riots.

for starters the idea of “unauthorized” in terms of taking a couple minutes to yourself is questionable.

i have never worked in an office environment where people didn’t routinely unwind for a couple minutes. the way we’re treated in an office setting vs those outside an office is in a lot of ways disturbing. a couple years ago my friends dad lost his job of 25 years because he was caught sneaking around a corner, out of eyesight of his foreman, to eat a candy bar. he had been warned about these “unauthorized” snack breaks in the past.

this idea is entirely foreign to any of us who sit at a computer coding or doing whatever desk job that sometimes we don’t stop to think of how ludicrous some workers are treated—my entire post college career, if i wanted to eat a candy bar, i just ate it.

were a decision to come down in just about any office full of engineers which said “unless authorized, you cannot drink or eat anything. if any unauthorized stoppage of typing occurs, there will be consequences.” people would be justifiably outraged.

but they’d be “catching” “unauthorized” non-typers.

the idea that someone somewhere decided to put trackers on human beings is wild.

> the idea that someone somewhere decided to put trackers on human beings is wild.

did you forget about cellphones?

I suspect OP didn’t.

That everyone has accepted that owning a phone means you can be tracked with accuracy most the time, both digitally and physically, is pretty wild.

> What is so bad about catching people taking unauthorised breaks?

Your profile indicates that you've commented on HN on a weekday.

Don't worry - this behavior has already been reported to the authorities.

Not the OP, but a lot depends on the context.

If both pilots left the cockpit mid-flight in order to chill with the stewardesses, I would be fine with them being barred from working as pilots ever again.

I couldn't care less if a receptionist catches a quick smoking break during a slow hour.

In a discussion that started with "hotel staff in the stairwell", which of your two examples do you think is more representative?
Unfortunately, the latter one, I agree.
It's more about the negatives of pervasive electronic surveillance. The marginal benefit to the business of catching employees taking a break (which, honestly... they're probably all overworked and should have more breaks anyway) does not outweigh the downsides of our inexorable slide toward being monitored as we do everything.
>which, honestly... they're probably all overworked and should have more breaks anyway

And your best solution to this is building automated lighting systems that omit functionality? That's your grand plan?

Reminds me of people that complain about seats being removed from buses to make more room for passengers because homeless people sleep on them.

When you're trying to solve things via tertiary order effects you should consider if that's the real issue at hand .

(comment deleted)
Systems like that are commercially available now, even as far as pitching "we don't know what to do with all the data but by golly we're collecting it for you."

For location tracking they specifically called out things like equipment carts, but it was implied that it could track other bluetooth devices.

I did this almost a decade ago. I'd be very surprised if it wasn't commercially available now. Heck, the system I wrote might even be one of them for all I know.
Need to know <=> Need to log
How could they tell who exactly triggered the system? Also, they didn't already have security cameras?
> used to track employees moving throughout the building and catch them taking unauthorized breaks

There's probably more illegally unpaid overtime than there's unauthorized (boss doesn't like) breaks. The data can likely prove that, too.

anything you write that can be used to pry into someone's life will be used to pry into someone's life. without fail.

that's the rule I've always followed.

Wow. Well at least it was 100% good faith your side. Can’t really help it that some tools can be dual used
> I built a lighting system for <hotel chain you've heard of>

I am sick and tired of how often extremely pertinent information has to be neutered in this way. And I am utterly disgusted at how the legal system is used to protect scummy corporations like this unnamed hotel chain.

I wish we had strong laws that prevented employers from even thinking about threatening employees for talking about their work. Or collective bargaining to make sure employers don't have the leverage to impose such one-sided contracts.

forensics software that pulled down everything possible from all social media sites at once and put into a forensic container. it would also make a fake disk image for older software. it was originally for lawful collections after u/p was obtained via warrants or willfully etc, but changed hands and was used aggressively like a cloud version of kicking the door in to grab pcs. i refused to scrape where possible and use apis and this was right before the cambridge analytica stuff blew up so a lot of the FB stuff ate dirt at least.

it was technically well made tho, everything integrated into a single executable file that had an web interface:/

Early in my career I had a job at a small startup with about 3 other full time devs, including the founder. All of us were more or less clueless.

Project management consisted of the founder telling us what to implement. One day he told me to build something that would help us track the (many) exceptions in the app.

I went on to build a terrible alternative to SaaS bug trackers, which already existed at that time, but no one knew about/had the skills to find out.

Not anything too big, but... I wrote a program to merge Jupyter notebooks properly. The backend was mostly done, and I had a start on the GUI.

Then I found out about nbdime, which did nearly everything I wanted. I ended up just making a simple Python script to make using nbdime more convenient, and soon I'm planning to make a vs code extension to make it 1-click.

Not really answering the question: I interviewed at a company that measured Internet traffic and would do so by installing proxy servers in popular software downloads. This was 15+ years ago now. I suppose this was the early versions of spyware. I got an offer but never took it because I disliked the concept and multiple layers of deception to the end user. no regrets here, but i always wondered how people could work on such products.
I used to work for a company whose product was a specialized proxy server aimed at telco companies. The thesis was that telco companies (at the time, this was quite some time ago) were heavy users of telnet and ssh to administer network devices, and needed some tooling to help manage them all. So our device would proxy telnet and ssh connections, and do things like looking at the hostname and the login prompt and automatically submit the correct credentials, and then further do things like blocking certain commands from being run, providing pre-configured scripts for certain tasks, yadda yadda yadda.

Now that's all fine and good as such. I had no qualms about working on that stuff. But then somebody introduced the idea of capturing frequent screen-grabs (essentially video, albeit at a fairly low frame rate) of the user's desktop as they used the system. We worked out a way to do some weird windows network driver shenanigans to make sure the recording started when an outgoing connection was made to certain destinations, and then streamed the video to a server where it was stored.

The nominal purpose for this was advertised as "training" with a side-dish of "compliance enforcement", and probably in some highly regulated industries people will (and do?) accept this sort of thing. But it never sat well with me, and I felt a bit queasy about working on that aspect of the product.

coded email targeting for people with financial problems / poor credit and offered them sketchy credit repair deals or cash advance loans with rates that were essentially usury
A system for tracking email marketing recipients. That is, bounce rates, open rates, recurrence and deduplication of email addresses.

It dawned on me 10-20 hours into the gig that these customers were professional spammers, and that I was helping them avoid being blacklisted.

I scrapped everything I’d made and eventually paid back my fee.

I'm biased as someone who used to work in email marketing, but I'd say there are some important differences between respectable email marketing and spam:

* Respectable email marketing = you have a pre-existing relationship (e.g. account on their website); spam = they found your address somewhere

* Respectable email marketing = there's an unsubscribe link that works; spam = no unsubscribe link or it doesn't work

(Could very well be that the people you're working with were actually spammers)

Spam is any unsolicited and unwanted email. A pre-existing relationship does not automatically mean that I want your emails.
It also doesn't mean that I consented to receiving marketing emails when I overlooked a checkbox at the bottom of your order/checkout page when I purchased something. Ethical companies will make this an opt-in choice, not opt-out.
Agreed; this is gross. If I've signed up for an account on someone's site, all I'm implicitly consenting to are transactional emails related to the service (or product, if there is one). Things like shipping notifications and billing reminders and such.

And if you at least have a checkbox for consent for marketing emails during signup, it should be unchecked by default. I'm so tired of this crap.

> Could very well be that the people you're working with were actually spammers

Let’s see...

1. They purchased lists of emails that they could send to.

2. They made landing pages that lied about the advertised product (e.g. an iPhone version that doesn’t exist yet).

3. There were unsubscribe links, but guess what clicking it did? Increase the open rate.

4. When they hired people and trained them to set up new VPS’es, they asked that they use their own credit cards and reimbursed them through salary.

5. They discussed purchasing fake credit cards.

6. They bribed employees at large email distribution services online tens of thousands of dollars to avoid getting flagged.

I took some time to pay them back because I was broke, and as a result, they put my phone number in their spam lists. I mean, content marketing lists.

Could very well be that the people I was working with were actually spammers.

Too many things related to cryptocurrency.
A WooCommerce shop I built in a couple of days ended up making millions of dollars for the catholic church... I learned to research who I'm working for
oh tell us more details on that story :-)
Well, the really tragic thing was that I started working in nonprofit web design specifically because I wanted to work for ethical, value-driven clients. And this was true much of the time.

But the agency I was working for was so busy, and we were cranking out code at such a rate, that after a while I stopped thinking about exactly who the clients were. We did a lot of work for religious and political organisations, gambling industry lobbying groups etc. "Charities" in the loosest sense.

Before long it became clear that I'd used my talents to help organisations whose values were directly against mine (I'm a strong supporter of LGBT rights for example, on which the Catholic church has a poor record.)

The main things I learned as a junior dev were:

* Non-profit clients aren't necessarily more ethical than business clients, it's naive to assume this is the case

* Be careful when taking on a high volume of client projects. It's hard to track exactly what their values are, and you might accidentally end up enriching an organisation which hates your guts

* Track your personal values carefully and regularly check if you're living up to them at work

An xml parser.
Did you use regex?
Nah, that’s for HTML
And... I also used another xml parsing library, because we "needed" our own. (context: first programming job at a startup in college)
I did a pull-stylee XML parser once.

In VB.

VB ..... 3

It didn't care (much) about well-formed documents.

You could mix it with snippets of RTF. We did. I used it to parse report templates out of hybrid RTF/XML files.

Not really morally evil though.

Interesting that most posts here have to do with monitoring or surveillance of others. Privacy is important...
I doubt the one who put the 737-max into a dive, the one who but the A400 into reverse, the one causing the Toyota runaways, and similar cases are going to post.
You may be right. But there's a bit of a difference in your examples. Your examples are more like bugs in development versus consciously knowing you're building tech that is designed to invade other's privacy.
I built an integration from our CRM to a sales team messaging platform. For users that exist in the CRM, it worked great. The problem was the side uses of the messaging platform for users that were not active in the CRM or never in the CRM. It’s a nightmare to keep dealing with all the exceptions related to non-active CRM users.

I usually don’t let myself get caught in such a scenario, this one slid by and I regret it.

I'm not sure I understand- if I am not in a CRM then a sales person cannot call/mail me? Or is this some kind of facebook-like thing where you can infer I exist if you also have my colleagues details ?
I don’t think I built any regrettable things.

Except for that one time I built something pretty good and he didn’t want to pay me for it. Big regret. Shouldn’t have finished that job.