[dejanseo]

Where did I say I'm proud of this? Everyone keeps saying "proud". I chose to share it in public because it's a serious problem that others may be using it to do real harm. I blog about many things, most harmless and often very useful. I remember one other time when I exposed something broken in Google. I got penalised as a reward.

[lixtra]

I think in this situation it would be best to admit that it was improper behavior. You can agree that you should have either

- used your own site

- or someone that explicitly agreed to run this experiment.

Then you can go on that you regret your wrong approach in this case, you will do better next time and finally point out that very little damage was done, which you regret nonetheless.

Then we all move on,

- agree that it is an interesting hack

- and the web browser is a terrible platform security wise.

[brynjolf]

Why? Why are you siding with the big corporations?

[lixtra]

Am I? Which big corporation? dejanseo? google?

I'm siding with dejanseo (the user) because I screwed up myself before. And I will possibly do it again. I see some recklessness but not malicious intent.

This whole branch got flagged away anyway.

[loriverkutya]

> I chose to share it in public because it's a serious problem that others may be using it to do real harm.

There is a process called responsible disclosure, next time when you find a serious problem, you probably try to follow that.

Also google has a Vulnerability Reward Program, so if you report you findings directly to google, you can even get money as a reward.

[tnolet]

You are right, you never used the word “proud”. You also did not use the words “problem” or “harm” in the post. So the “pride” thing is mostly tone, subtext or between the lines if you will. This is just my opinion so YMMV

[kentrado]

As long as it is subtext and tone you can claim anything regarding another person's character and they have no recourse to argue against you, because it is all in your mind.

Well done.

[saiya-jin]

Lets sum it up - you revealed a bug, and eventually reported it. Good. Showed some technical tricks and creative approach. Thank you.

Bad - amoral and most likely illegal theft of copyrighted content. "Just for fun" ain't gonna cut it. You hurt real businesses, probably because you don't give a f*ck about them, fun is more important.

Is it hard to see that this would stir some controversy to say at least?

Btw calling this "random cool idea" seems like you are proud of this and want some appreciation, hence sharing. If you would be concerned about security, you would share this bug immediately, which is definitely what you didn't do according to your own words.

Things can look significantly different from the other side. You know, the side of the rest of the world.