The security researcher who created the Firesheep snooping tool defended his work today, saying it's no one's business what software people run on their computers. He also criticised Microsoft for adding detection of Firesheep to its antivirus software, calling the company's move "censorship."
Eric Butler, the web applications developer who released Firesheep more than a week ago, took to his blog to counter claims that the tool, or more precisely using the tool, is unethical and perhaps illegal.
Firesheep, which was released October 24 and has been downloaded nearly 550,000 times since, is an add-on to Mozilla's Firefox browser that identifies users on an open network, such as a coffee shop's public Wi-Fi hot spot, who are visiting an unsecured website. A double click in Firesheep gives its handler instant access to the accounts of others accessing Twitter and Facebook, among numerous other popular web destinations.
Legal experts have split over Firesheep legality, with some believing using it to hijack accounts violates US federal wiretapping laws while others see it differently. All agreed that the law is "unsettled" before the courts. Others have said there is virtually no chance that Butler would face charges for distributing Firesheep, since creating tools like it are not illegal.
Butler said essentially the same thing today, although in much stronger language. "It is nobody's business telling you what software you can or cannot run on your own computer," he said, noting that Firesheep can be used for legitimate purposes, including security testing.
"A much more appropriate question is: 'Is it legal to access someone else's accounts without their permission?'" he wrote.
Butler again argued that he built Firesheep to raise awareness about sites that don't encrypt all traffic between users and web services. "As I've said before, I reject the notion that something like Firesheep turns otherwise innocent people evil," said Butler.