How well does this work? This hacker would be considered a "Whitehat hacker", and if you and I did it, we'd be black hats. But considering the morality of this, I'd say it should be the other way round. Especially as this harms no individual, only the surveillance machine who might in turn harm the companies through regulations, fines and other malicious means. If this requires a valid address, then maybe it does harm individuals...