Hacker News new | ask | show | jobs
by noop2714 1955 days ago
> This is not the bug of the year. Ok, the id is not the encrypted. So encrypt it and next. Nothing to see

The privacy implications of leaking user identifying information are massive. Not something that should be dismissed so quickly as “nothing to see”.

Maybe not interesting for you, but many of us care about holding companies accountable for bad practices. If you don’t, this will become more common as it’s effectively being tolerated.
1 comments
polote 1955 days ago
There is no evidence that they tried to hide that. The company was created in 2020 and one of their API is not encrypted, that kind of things has probably happened to most of companies created less than a year ago
link
noop2714 1955 days ago
> that kind of things has probably happened to most of companies created less than a year ago

No company gets a free pass on the implications of sacrificing privacy or security. Even if “less than a year old”.

This is serious:

“Any observer of internet traffic could easily match IDs on shared chatrooms to see who is talking to whom. For mainland Chinese users, this is troubling”

link
YarickR2 1955 days ago
Like somehow you're the judge the jury and the executioner of said conpanies. Don't use their product.
link