[CydeWeys]

Oh, I've already learned the lesson loud and clear. If I ever discover a vulnerability to disclose, I'm releasing it anonymously on pastebin sites while logged into Tor through a VPN from a free WiFi spot.

And, of course, sign it with a new PGP key you've just created, so that if you ever need to release a follow-up with proof that it's you, or come forward as the author of the disclosure, you can.

[miander]

Of course, said key is a liability if it is found in your possession.

[qb45]

Encrypt, hexdump, render in green font on black background, set as wallpaper. Nobody will ask :)

[TACIXAT]

Connect to the VPN after connecting to Tor. Putting the VPN in there can actually lessen anonymity due to a financial relationship. So make sure you procured that VPN anonymously, via Tor, with a crypto currency that you have mixed.

This is my plan too. Responsibly disclose anonymously. That should prevent our corporate lords from sending SWAT teams into our homes.

[kodablah]

Would you do this to a company that has a clearly stated responsible disclosure policy and respects your efforts? Especially if it involved commonly used desktop software that would harm many people by ignoring an existing policy?

[CydeWeys]

No, I wouldn't do it to a company that has a history of handling disclosures properly. But for every one company that does that, there's a dozen that are clueless.