[oskarsv]

Yes they should and I think I could. This exploit was more of a fun challenge.

I support and agree to everything you are saying. I love the community response. I too loathe the bug bounty asymmetry in power between corporations and reporters, but it exists.. by design. How do you imagine a researcher can 'demand' more money in this situation? They can choose the amounts arbitrarily and there is nothing legal or ethical you can do about it.

I haven't seen any proposals for real solutions - how would you ask this? How do you decide the amount for each company? Solutions, which do not bypass ethics or laws. I hope that 'the market' will solve this eventually and I think I at least raised awareness.

[panpanna]

How much time did you spend on this?

Would you have done without excepting any rewards, i.e. just for fun?

[oskarsv]

Context matters. In this case it was a challenge because of previous research and I would've done it just for fun and the experience. I'm lucky I can afford to do that. Doesn't mean I don't value compensation.

In other cases maybe yes, maybe no - for some nonprofit, maybe someone needs help? are they a business and can they afford to compensate this kind of work? maybe it is some prominent product? there is no simple answer