Yeah, I’m deeply deeply deeply in the middle of this nonsense. Consider where I work & my title. SIGH!!!
Some context: Some university researchers experimented on humans (Linux kernel developers) without the consent of those being experimented on. The researchers didn’t even go through an IRB, which is required for experiments on humans, before they did their experiments. They did go through an IRB *AFTER* they had performed the experiments (!), and their IRB after-the-fact approved these experiments on humans without their consent (!!). As GregKH noted, "Our community does not appreciate being experimented on”.
Don’t get me wrong, I’m pro-research, & in principle more research on countering malicious submissions is a good thing. But there are rules about this. You aren’t allowed to attack systems without the permission of the system owners, and you aren’t allowed to do research on humans without consent from those humans. Heck, at my last job I had to go through IRBs for surveys & interviews where everyone knew it was for an experiment or research (and thus expressly consented). By contrast, in this U of MN case, consent was neither requested nor granted. Saying “it’s hard to get consent” or “they might not grant consent” is no excuse, go do something else.
There are ongoing efforts to address this, preferably in a positive way. I’m hopeful.
--- David A. Wheeler