[Etheryte]

And then what, serve me fake Disco Elysium dialogs? What's the threat model?

[sedatk]

Either pick one of the recent JavaScript sandbox escape CVEs on a vulnerable browser, or redirect to your phishing page as to your liking. Again, hypothetical and very unlikely, but the risks are there.

[Etheryte]

They could do all of this without mitming by just making a submission on HN. The extra step doesn't add anything.

[sedatk]

Then why don't they, do you think?

[valicord]

Because it's a made up threat that only exists in your imagination?