Though if you like StreetComplete and want aerial/satellite, there's SCEE, a fork of StreetComplete. I tried both Vespucci and EveryDoor, but neither is nearly as easy to use in my opinion.
I don't know about "totally dismantled" but it definitely had some impact.
> As a result of these developments, the Company is currently experiencing disruptions to a portion of its services. If these disruptions continue for an extended period, they are likely to have a material adverse effect on the Company's operations, financial results and its ability to provide certain services to its customers.
> I wonder if people with a streaming box run into tor-exit-node type problems.
Some definitely do.
One of my family members had a mobile app installed that turned their device into a resi proxy, and I started to get super frequent CAPTCHAs, which I thought was odd. I found out what was happening when our IP got banned from Wikipedia with the reason "believed to be a residential proxy"
Except you still don't get hardware transcoding (or the mobile app... IIRC?), there are some workarounds, last I checked, but I suggest using Jellyfin instead.
Jellyfin works really well in my experience, but there are definitely some things Plex does better.
> The details are interesting! How did you find all of this out? Did you download the tool in a VM and disasm it?
I downloaded the installer, opened it with 7zip, and extracted the app.asar file from resources/app.asar. All Electron apps have this, it's where the app code really lives.
Then I used asar to extract it. That gives you a few folders, including dist, which contains 5 .jsc files. Nearly everything related to fetching is in a file called engine.jsc. The jsc files are bytecode instead of raw JS because he didn't want anyone to reverse it, but with a little work you can figure it out (or you can just dump the strings and see that imapflow is in there)
Didn't need to run it at all.
> However, from what you said here, it's a bit less sophisticated than that?
Indeed. And re the image fingerprinting, it just checks the file names of "message parts", not content-type or content-disposition (even though imapflow exposes those)
> We attempted responsible disclosure by emailing [email protected] multiple times on July 3 and 4, 2026, but received no response.
SponsorBlock is run by one guy. I consider this very irresponsible. You barely waited, and accessing (what you consider to be) the private data of 82k users is not at all necessary to prove a vulnerability. Luckily, most of these aren't really vulnerabilities.
But I'll go over the claims:
> This allowed us to enumerate and download almost the entire user database.
No. Sponsorblock says it has 13 million users, so 82k is not anywhere near "the entire user database".
But the way I do access Immich externally is not with Tailscale directly on my phone but involves exposing a caddy instance, running on a $1 VPS, to the internet.
If requests include a specific very long header (which I randomly made up), it then forwards those requests to my real Immich instance, which runs on my NAS. Headers can be configured within the mobile app. It has worked really well for me so far.
> The Indo-Tibetan Border Police is soliciting bids from high altitude recovery agencies for a mission to retrieve the remains of a climber long known only as "Green Boots" from the mountain's northern slope
> 98% of my time went into wrestling with IMAP parsing architectures, optimizing memory, and code-signing certificates instead of designing custom CSS layouts from scratch