> The next time someone discovers a company that has poor database security, they should, IMO: (1) make a full copy of confidential user data, (2) delete all data on the server, (3) publish confidential user data on some dumping site; and [4] protect their anonymity while doing all 3 of these.
Aaron Swartz only did (1). Failing at (4) didn't end so well for him.
I get that you're frustrated but encouraging others to make martyrs of themselves is cowardice. If some dumb kid tries this and their opsec isn't bulletproof, they're fucked. Put your own skin in the game and do it yourself if your convictions are that strong.
Aaron Swartz only did (1). Failing at (4) didn't end so well for him.
I get that you're frustrated but encouraging others to make martyrs of themselves is cowardice. If some dumb kid tries this and their opsec isn't bulletproof, they're fucked. Put your own skin in the game and do it yourself if your convictions are that strong.