Pieter Hintjens on Codes of Misconduct a Decade Ago

posted by Roy Schestowitz on Sep 27, 2025

Posthumous insight, foresight

There has been a lot of discussion about this lately because of DHH and because of other "targets" weighing in^* (we're seeing an "RMS-esque lynch mob" all over again^**), so someone brought up this article from almost 10 years ago. It is by the late Pieter Hintjens. The original is still online in Wikidot.com/Hintjens.com:

---

Whenever people gather together, there's a risk of misbehavior. In tech conferences we are trying to solve this by declaring and enforcing a "Code of Conduct." I've had and seen harassment multiple times, over the years. It seems to me that the Codes of Conduct are not working. In this article I'll try to explain the problems, and propose a fix.

Update

I'm going to link to Stephanie Zvan's critique of this article.

Identifying the Problem

Unwelcome sexual attention, aggressive conversations that won't end, intrusive photo-taking, offensive language and behavior… most of us have seen or experienced this. The mainstream solution is obvious: tell people to stop it, or else.

Here is a typical statement by a large tech conference:

All delegates, speakers, sponsors and volunteers… are required to agree with the following code of conduct. Organizers will enforce this code throughout the event.

Many participants do not like such statements, and the discussions over codes of conduct can become heated, emotional, and ugly. In my work in group psychology, there's a rule of thumb I have developed: When two sides argue emotionally it is because both are working from false assumptions.

And indeed, I think the mainstream Code of Conduct model is based on false assumptions. The theory of harassment (let's call it "Model A") has these assumptions:

1. Anyone can be the harasser.
2. Harassment is a motiveless act.
3. Outlawing harassment will stop it.

All three of these are provably false. Bad actors do not respect rules. They habitually avoid sanctions, and reflect them onto others. You can read my article, "Ten Myths About Harassment" to see other related myths.

By accepting and then acting on false assumptions, we get divisive policy and argument. And I think the outcome, with division and ill-feeling, is worse than having no code of conduct at all.

Here is a more accurate theory of harassment (Model B):

1. A specific subset of participants (the "bad actors") are systematic harassers.
2. Bad actors harass as a persistent strategy for getting power, sex, amusement, etc.
3. They treat rules and laws as challenges to work around, or misuse.

The term "bad actors" is a convenient euphemism for sub-clinical psychopaths. When you understand model B, the picture shifts.

Let's take a typical scenario, and see how it works with both models. The scenario is: at an event, participants are drinking. Mallory makes an unwelcome sexual advance towards Alice. Alice feels very uncomfortable and moves away. Mallory insists, and follows her. Alice explicitly asks him to stop, and moves. Once again, Mallory approaches and tries again.

Model A explains it thus: Mallory was drinking and didn't realize that his behavior was causing distress to Alice. By explaining what it means to be decent, and enforcing that, he will refrain from harassing people.

Model B explains it thus: Alice was drinking, and became more open and vulnerable. Mallory saw this, and decided to exploit it. Her display of fear and moving away drove him to be even more predatory. He was trying to isolate her, so she would give in.

It's not that alcohol turns good actors into bad actors. Rather, it makes the good actors more vulnerable. This distinction is critical. This is the key problem: people in a foreign country, who may not be with friends, are easy targets. Instead of solving Mallory's behavior, we must solve Alice's vulnerability.

Mallory is always going to be there. In a group of 100 people, we will have a handful of Mallorys. In a conference with 1,000 attendees, we'll have dozens of people capable of harassing others, if the conditions permit it.

In my view, events must be radically inclusive. To exclude people on any basis except real danger to others is a poor strategy. It introduces real, major risks such as false positives. To be accused of a Code of Conduct violation, and then excluded from an event can be life damaging. Organizers wield massive power, and bad actors can turn this power on people they see as a threat.

Let me be explicit about this. If Alice complains to the organizers, she puts herself at even more risk. Mallory now appears to be calm and sincere. He accuses Alice of stalking him. He explains how she would not leave him alone. He looks vulnerable, gentle, and seriously distressed. Alice is angry, outraged, and emotional. Who do the organizers believe?

And Mallory comes in all genders. Harassment is not a gender issue. So while sanctions must be possible, the policy goal must be to make them unnecessary.

The second problem with exclusion of supposed bad actors is that it is prejudicial. Even bad actors add to the diversity of a crowd. This is hard to admit. When I cross a bad actor, my instinct is to push them out, reject them, and tell everyone what happened. Yet I believe that is the wrong reaction.

Rather, we must understand, and then negate and switch off their predatory behavior.

Bad actors are pragmatic, and driven by clear calculations of opportunity versus risk. So the solution is to remove the incentives and opportunities for misbehavior, and raise the risks of exposure. Then, bad actors will adapt and self-select. Either they will behave, or they will go elsewhere.

This removes the need for enforcement, and the risk of false positives.

Designing a Solution

As a parent, I cannot stop my children from being exposed to bad actors. They will inevitably, regularly, come across people who see them as potential targets. It will happen on-line, in the streets, in schools, at friends' homes.

One option is to keep them at home, or never let them roam alone. Yet that seems counter-productive in many ways. So instead, I teach them how bad actors think and operate. I explain what kinds of conversation and interaction are dangerous. And then I teach them what to do if such a thing happens. Find an adult you can trust, I say. Tell them what happened, call me, and wait.

I explain to my children how bad actors stalk the Internet looking for victims. I explain what grooming looks like. I teach them to never give their real name, age, or location to strangers on-line. Never to send pictures of themselves. Never to accept a statement from a stranger as true, no matter how convincing it is.

This is the model I believe we need for conferences and similar gatherings. Instead of telling people to be good, we teach people to stay safe.

Here are my specific recommendations:

• We teach awareness of the behaviors one should consider "bad." We speak to potential victims and bystanders, not to bad actors. Bad behaviors are those that bad actors use to profile, stalk, isolate, and pursue their targets.

• We teach organizers how to accept and process complaints. These cannot be anonymous. They must be discreet, with protection of privacy for both parties. There must be fair follow-up, with sanctions as needed.

• We teach organizers how to protect their guests from predatory behaviors. For example, in any space where the organizers offer alcohol, they should offer food and water, and a host who does not drink, and who patrols discretely.

• We formulate these as a written protocol that events can adopt. Rather than ask every event to re-invent the wheel, we can build standards that events can reuse, and improve over time.

Such a protocol will, I'm arguing, create safe spaces by design. It will speak to bad actors and say, clearly: you are welcome as long as you act decent. Otherwise, we are watching, and we will catch you.

A Code of Conduct Protocol

This is a raw proposal. To be expanded and refined.

• The "event" is any gathering of people under auspices of an organizer. This includes formal events and informal gatherings before, after, and during a main event.

• The "organizer" is the legally responsible entity or person who hosts an event.

• The "participant" is an adult person attending or helping with an event. Minors at events are assumed to be under protection of their parents or guardians.

• Organizers and participants have rights and obligations under this protocol, which they understand and accept.

• Participants accept that the arbitrators in any event dispute are the organizers.

• Organizers who respect and enforce this protocol may say so on their conference web site.

• In an event, every participant has the right to the sanctity of their person, their time, and their space. We define a "violation" as any act that interferes with this sanctity, without consent of the participant. Silence is not consent.

• Violations include, though are not limited to, doing any of the following without consent: talking to or following a person who has expressed their desire to end a conversation; taking close photographs of a person; touching a person in an intimate or controlling fashion; use of sexualized language; display of sexual imagery; offering unsafe quantities of alcohol; offering illegal drugs of any sort; making unjustified complaints; tampering with a person's possessions.

• In all circumstances where the organizers offer alcohol, they shall also offer drinking water, and sufficient food to keep participants safe. Additionally, they shall have one or more "hosts" who do not drink alcohol, and who are trained to intervene in case of conflict or visible distress.

• The organizers shall provide a secure, private means for reporting violations. Such a report shall be considered circumstantial unless or until backed up. A report should state the time, place, name of the person accused of committing the violation, nature of the violation, and names of witnesses if any. The accused person shall have the right of reply. This material shall be kept private.

• If a participant experiences what they consider a violation, or sees what they consider a violation happening to someone else, they should report this to the organizers.

• if the organizers feel a particular individual is the cause of more than one complaint, and does not self-correct, they may exclude that person from the event. This should be done with respect for the privacy of all parties.

• The organizers shall be aware of the risk of "date rape" drugs. If they receive information about a participant who claims to have suffered from blackouts, or who behaves in uncharacteristic ways causing hurt to themselves or others, they shall assist the participant with a medical blood test for drugs, within 24 hours.

• Organizers should provide participants with an emergency contact phone number during events, for reporting urgent incidents and asking for help.

• If the organizers receive information about a possible criminal offense by or towards any participant, they should report this to local law enforcement and provide suitable support. █

______

^* ESR wrote:

I'm about to do something I think I've never done before, which is assert every bit of whatever authority I have as the person who discovered and wrote down the rules of open source.

After ten years of drama and idiocy, lots of people other than me are now willing to say in public that "Codes of Conduct" have been a disaster - a kind of infectious social insanity producing lots of drama and politics and backbiting, and negative useful work.

Here is my advice about codes of conduct:

1. Refuse to have one. If your project has one, delete it. The only actual function they have is as a tool in the hands of shit-stirrers.

2. If you're stuck with having one for bureaucratic reasons, replace it with the following sentence or some close equivalent: "If you are more annoying to work with than your contributions justify, you'll be ejected."

3. Attempts to be more specific and elaborate don't work. They only provide control surfaces for shit-stirrers to manipulate.

Yes, we should try to be kind to each other. But we should be ruthless and merciless towards people who try to turn "Be kind!" into a weapon. Indulging them never ends well.

^** An associate of ours called it "political CoC style attacks, trying to wrest projects away from more founders" (by telling them to shut up - or worse - step down). He moreover said that "the jaundiced eye of Redmond now turns its baleful gaze to DHH and tries to work up an online lynch mob" (stirred up in Microsoft's proprietary, censored platform, i.e. same as what they did to RMS). Apropos RMS, this morning we noticed that the defamatory old pieces about RMS (from 2019) still have an effect on people (today!) as they were never corrected, no retractions were ever issued, with few recent exceptions; this new one compares RMS to ESR and cites an article published by a Bill Epsteingate-funded site; the real issue is Bill Epsteingate, but Bill Epsteingate gets to bribe news sites to wrongly portray people he doesn't like as guilty of what he himself is guilty of (this ended his marriage).