[chaps]

What a weird take. Arresting someone for reporting a major security vulnerability is pretty shitty thing for a state to do. What you're suggesting is that that's not actually that bad.

Same sort of logic that leads to people getting arrested for looking at HTML and reporting that it includes passwords.

[tremarley]

That’s what happened to Josh Renaud.

Renaud discovered that Social Security numbers for teachers, administrators and counselors were visible in the HTML code of a public Missouri State Education website and reported it.

Governor Mike Parson tried to file charges against him and labelled him as a criminal for doing so.

[chaps]

Yep! That's exactly what I was thinking of.

I've been on the side of disclosing a handful of times and it's a gamble each time whether I'm going to get a CFAA threat (both implicit and explicit threats).

[hypeatei]

> What you're suggesting is that that's not actually that bad.

When did I ever say or imply that? I agree that intelligence agencies are draconian, but to imply that you'd be locked away (never to be heard from again) for pointing out that a substation could be bombed and cause power issues is ridiculous.

[chaps]

They were using a bit of hyperbole for sure (though another poster accurately pointed out to you methods used against Northern Irish folk), but the reaction of gov agencies to use imprisonment (even as a threat!) for pointing out security fuckups isn't without precedence. It's happened to me :)

So, I guess I really don't understand your point. That being arrested for pointing these things out isn't bad because it's not being disappeared?

[michh]

I shouldn’t have used the word disappeared, I just meant picked up. And yeah no, not for saying a substation exists and could be bombed.

But for saying there is a single substation that, if taken out (by sabotage, terror attack, arson, or whatever), would cause great embarrassment and economic damage to the country by disabling THE British Airport? I think that’s a whole different matter.