The best way to teach someone to be a security expert is to teach them to crack a system; he is doing an analogous thing, I think.
Where this project goes astray (and I agree that it does) is that his academic and professional community don't seem to have the well-developed concept of "white hat" vs "black hat" that we have here. Translating this into an analogous situation in our primary domain, we're upset because he's teaching them security by leading them through a significant black-hat operation.
The larger problem is, although we can train white-hats by constructing isolated networks and systems to practice on, it's not really possible to construct an isolated system when your "system" is and has to be a social network of actual people.
Where this project goes astray (and I agree that it does) is that his academic and professional community don't seem to have the well-developed concept of "white hat" vs "black hat" that we have here. Translating this into an analogous situation in our primary domain, we're upset because he's teaching them security by leading them through a significant black-hat operation.
The larger problem is, although we can train white-hats by constructing isolated networks and systems to practice on, it's not really possible to construct an isolated system when your "system" is and has to be a social network of actual people.