Good lord can people stop taking advantage of vulnerabilities on Matrix instead of reporting them responsibly
@kevin why not both?
@maloki because exploiting deployments with real users is bad
@kevin yes, but do you know what happens when people report vulnerabilities? A lot of the time, nothing.
@maloki I mean, yes, but it's also morally and legally bad to actually exploit another system you don't own.
I could understand if they contacted Matrix, gave them some time (a week, maybe?) to reply, and then released the details publicly. But these recent hacks have been just that - hacks.
@kevin hackers gonna hack.
@maloki That doesn't mean you can't criticize them.
@kevin true. This didn't sound like a hack though, just a leak from an insider.?
@maloki Yeah true, the latest one is less so. I was thinking more the actual hack into Matrix production infrastructure ~1 week ago, which (while it revealed some pretty damning security issues in their infra) seemed pretty ungood in terms of responsible disclosure.
Private Mastodon instance for potatoes
I mean if you really wanna join I guess you can email/toot me and I'll probably let you in