> This wasn’t meant to be a malicious hack, but rather a simple social experiment to see how much traction/investor interest I could get.
What matters isn't what it was meant as. What matters is that in doing this you showed your poor judgement.
https://www.dropbox.com/s/go9lfnxwt9fnax2/My%20Investment%20...
* The victim's phone number
* Your real phone number
* The fake one you want to appear to be coming from
Then you click Submit and it puts you through. That's it. Any idiot could do it.
The tech and telecommunications industries are WAY overdue to do at least one of the following:
1. Stop considering Caller ID a secure authentication method
2. Make Caller ID a secure authentication method
Sadly, it's as bad as the banking industry. Still today, they base a lot of their security on IP addresses. Sad really.
If you do not have a criminal defense attorney, you now need one. If you're banking on Jason's good will, the decision to prosecute you is not in his hands.
Great sport? This isn't a practical joke gone wrong.
Doing this is the one thing, pulling back 15 minutes after someone criticises you is the other.
A combination of above would be to stalk down Tim Ferriss' number, organize $150 in car rental credit or whatever, and then text him to let him know that the car is ready for him. Or, even still, rent a car for him and send it to his building, and let him know its waiting for him.
That is an example of breaking the system. Blatantly hacking someone else's phone doesn't do anything for your sales; it doesn't do anything to showcase your product (unless your product is a phone hacking/security device); and there is nothing personal to it at all.
That's just my view on it anyway.
I'm curious to see how this plays out in terms of YC's response, because as a prominent player and popularly accepted thought leader in the start up "industry", their response will set the tone and draw the line in what is seen as acceptable for " getting things done ".
The EFI fine [1] demonstrated that it often pays to be illegal. The banks demonstrate this on a regular basis with their paltry funds and settlements. Will startups/small-tech follow suit? (Well, maybe only towards lay people rather than investors with power and money. Today's lesson: don't mess with people who actually have power!)
[1] http://www.engadget.com/2014/10/23/efi-underpaying-workers/
Oh, wait, he hadn't already raised millions and wasn't yet part of the untouchables? hum, I feel for him.
Who needs a justice system or the police, anyway?
(And why is it Sam Altman's place to apologise to Jason Calacanis? What is he apologising for - did YC suggest, approve or have anything to do with this act at all?)
I accepted Avi's apology and responded to his email here: https://twitter.com/Jason/status/526531089355927552
The "kid" in question is in his 20s. In other words, he's not a "kid." He's a grown man.
Your apparent decision not to refer this matter to law enforcement is charitable, but it's disappointing that you seem to be implying that somebody who is an adult is really a child. There are entrepreneurs in their 20s who run legitimate multi-million dollar companies. There are financial services workers in their 20s who help manage billions of dollars of capital. There are attorneys in their 20s who help represent companies in high-stakes litigation. There are MDs in their 20s who have life and death responsibilities as residents at hospitals.
You're not doing a man who used a caller ID spoofing service any favors by telling him "you obviously have talents." In the real world, the bar is nowhere near that low.
That said, I don't really agree with the idea of forgiveness in this kind of stalker-ish situation (but that's largely biased by having to experience my little sister being terrorized by an ex- who became a stalker... needless to say, it's not the sort of thing I have any tolerance for), While I don't know Jason, I can empathize with his approach: it's pretty common for people in similar situations to just want to get the entire matter behind them.
[1] https://webcache.googleusercontent.com/search?q=cache:QkTa-z...
"the valley seriously can't take a joke anymore. Like 'hey guys - hack traction do crazy shit' then 'what have you done, you're crazy'"
"but to hack your voicemail, it means you didn't set it up in the first place. Am I missing something here? Failing to find the harm."
Some examples -
1) P2P file sharing & video hosting sites gained their meaningful traction by dealing with copyrighted content in a very hands-off manner
2) AirBnB & dating sites taking existing customers from popular sites to move them over in a way that goes against TOS
Not only against the law, but this "hack" involves a highly likely creep factor for the person on the other end of it, not quite as creepy as walking into your house to find someone harmlessly hanging out in your living room, but in the same general ballpark.
To top it all off, it isn't even a technically difficult feat.
However, I wasn't commenting on his character, just the one specific action he was jailed for and how it compares to the events in this story.
In that context, modifying URLs and resubmitting them seems way more harmless to me than spoofing your caller-id to gain access to a targeted individual's voicemail and change their outgoing message.
The first was the dutch guys (who went on to start TheNextWeb) showing up at the house randomly early in the morning (we weren't morning people) after finding the address online. I was woken up by them since my room was at the front. They bought over coffee, I thought they had been invited so let them in. They stood around for 30 seconds then all charged into Arrington's room and woke him up. He had no idea who they even were, took him 20 minutes to get his bearings and to figure out who these guys were. What made it weirder and surreal like a von Trier film was that these guys all looked similar and were dressed in matching white suits - when I first saw them they were actually walking through the back yard. Having just woken up to a sound of people walking around the house and seeing three blonde guys with dutch accents in white suits trampling through the backyard carrying Starbucks and donuts, I really thought I was tripping.
This story was told in the opening of the Wired profile:
http://archive.wired.com/techbiz/people/magazine/15-07/ff_ar...
As much as we tried to scrub the address online so people wouldn't show up, it was useless. Foursquare was a nightmare because people would come over and then 'check in', giving away the address of where we lived to the world without thinking about it
Second time was in Vegas. Arrington finally unplugged and took some time off and we made a last minute trip to vegas. First day there, get to the pool, have a couple of drinks and he takes a photo of the view looking up at the sun and uploads it to flickr (iirc). 3 hours later back at his room and the room phone rings - I hear one end of the conversation - "yep, uha.. uha.. you know, this is really inappropriate.. you're not doing yourself any favors.. don't call again". Gets off, and it turns out someone had tracked the GPS coordinates in the exif embedded in the photo, worked out what hotel we were staying at and called the front desk asking for Arrington, saying they were a friend. They got Arrington on the phone and then spent 30 seconds blurting out their startup pitch. They also thought it was a cool hack, but it was just very very creepy. Made that entire day very uncomfortable and it rattled Arrington for a while. We ended up changing all of our names with the hotel after telling them about it and they set us all up with aliases (which is something they apparently do as a security measure for celebrities, politicians, or people looking for privacy etc.)
edit: privacy violations affect people, it is really fucked up - have respect for the personal space of others.
> A millionaire by age 21, Avi sold his most recent site to execs at Paypal, and continues to devote his time to his love of innovative business. He is a member of YCombinator, the prestigious Silicon Valley incubator, and is the first to be inducted on talent alone, without requiring the established company/business model usually required for acceptance. Avi recently moved to LA to focus on his current project, a music startup called Beatdeck. Software startups, Social Media/Marketing, Music, and swing trading bit coins are his current fascinations.
So a 20-something millionaire who is apparently a successful serial entrepreneur is now groveling for investment by hacking a prominent investor's voicemail? Something doesn't add up.
Also, I didn't realize that entrepreneurs were "inducted" into Y Combinator, or that Y Combinator required applicants to have an "established company/business model."
That was something they tried out a couple cycles ago, though I think I saw pg say they didn't plan to do it again.
Generally you can access the voicemail menu by entering star then a four digit PIN number while listening to any phone's voicemail. A lot of people leave their PIN as the default (star+1234 on some carriers, star+9999 on others). You can call their phone, get voicemail, guess the pin, and change any of their voicemail settings you like. It's even easier if you spoof the call as calling from the person's own number.
This is a breach of privacy, but generally harmless. It gets dangerous when you start changing the message to something like "accept" and using someone else's voicemail to call collect, verify identities, etc.
Again, this post is for curiosity sake only - do not try this.
It's incredible that a YC founder would think it "an interesting social experiment".
Er...this is not "new and experimental" it's just a spambot, like thousands of idiots write daily. You have obviously lost the plot.
(OP: http://webcache.googleusercontent.com/search?q=cache:QkTa-zW...)
This is so dumb on so many levels I can't even believe it. Is it really so hard to get an intro to a founder, that you have to resort to this? You are a YC alum! You are literally handed the contact information of 100's of people who could help you, and instead you resort to this.
Ethical quandaries aside (of which there are several) for a moment, I think this strategy speaks poorly of the startup. What type of signal does it send to prospective investors that you feel it's necessary to pull illegal stunts in order to gain attention for your round? A quality YC startup shouldn't need to go to such lengths to raise a round if the substance of your project/team is of sufficient quality as to warrant investment.
The whole idea of YC, I thought, is they hook you up with the best investors in the valley because of their amazing network. Seems like a lot of trouble to go through (not to mention a messy legal situation) when you can just call up Sam and ask for an introduction...
They must have known immediately but played along. That was fun, though no harm came of it.
https://twitter.com/AviZolty/status/526467881295683584
> I just wanted to take a moment to sincerely apologize to @jason publicly. Been in contact, he's a great sport, and I admire him so much.
It should also be noted how he did this "hack". He spoofed a call to Jasons own number (thus reaching the voicemail). The voicemail was not setup (or PIN secured), so he was able to do the initial voicemail setup.
Would have been cooler if they were working on some security-related product.
Also: people need to relax.
