HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hn773746483

no profile record

Submissions

Ask HN: Retaliation for privately disclosing user IDs in DSA transparency data?

2 points·by hn773746483·há 8 meses·6 comments

comments

hn773746483
·há 12 dias·discuss
Nintendo outright ships incomplete games on carts sometimes, requiring a day 1 patch to have the game in a non-buggy state (one of the recent pokemon games was like this)

And "gamers" refuse to listen to reason and assume physical copy = they can play it for eternity, when in reality, in 5 or 10 years when a server is inevitably shut down, they're forced to pirate. Nintendo does not allow offline patches.
hn773746483
·mês passado·discuss
and the poor Fedora teams will continue to assume good faith and continue to engage with this person... all because, what, they were active on a bug tracker for a few months 5 years ago?

They won't put their foot down until the AI starts spewing hate speech, probably.
hn773746483
·mês passado·discuss
It's just social engineering. No different than say, 2FA fatigue (blowing up someone's phone with 2FA "is this you? yes/no" prompts until user/child/wife/SO/etc clicks yes) or even just simply harassing IT helpdesk until they reset "your" password.
hn773746483
·mês passado·discuss
Don't forget "sudden price hikes" and "aggressively overselling"...
hn773746483
·mês passado·discuss
And if they don't disclose, nothing happens anyway. Maybe a five figure "cost of doing business" slap on the wrist fine, not considering the amount of users affected. Enforcement is extremely selectiveand bureaucrats essentially operate on "if company in FAANG, take action, else do nothing" programming.
hn773746483
·mês passado·discuss
NOYB has been ghosting me since January, and EFF since September.
hn773746483
·mês passado·discuss
Right, but nothing stops companies from refusing SARs on baloney grounds. Complain to a DPA? They tell you to go through ADR or outright ignore you. Complain to Ombudsman? They'll tell you the same. (In my experience, the Dutch do this)

Company ignores ADR? Sure, now you can go through the legal route and spend copious amounts of money all because a multi billion dollar company knows the game and how to navigate the bureaucratic mess better than you.
hn773746483
·há 2 meses·discuss
Cloudflare & AWS wouldn't even INVESTIGATE a abuse report I sent because there weren't any "infringing URLs" or "specific resources".

I provided enough evidence for them to at least be able to kickstart a internal investigation or even CONTACT the abusive customer, which they did not do.

If it were a stresser, all they would see is a login panel. It's not like these sites are publicly advertising what they're doing...
hn773746483
·há 2 meses·discuss
A couple years back one of the original Pokemon TCG designers was outright printing off fakes of pre-release cards and peddling them with the help of a western company, and people only found out because they decoded printer patterns and found out they were printed with a recent printer.
hn773746483
·há 2 meses·discuss
[dead]
hn773746483
·há 7 meses·discuss
On Toronto's public transportation, TTC, occasionally the upcoming bus stop ticker would flash diagnostic information(?) and "64K RAM" instead of the upcoming stop name. Doesn't seem like there's a wiki page about these faults yet.
hn773746483
·há 8 meses·discuss
There are various internal Valve tools that aren't available in any Valve-published SDK, but are in (accidentally?) within Dino D-Day's, a third party game based on Portal 2's version of Source.
hn773746483
·há 8 meses·discuss
I know, I reached out to them regarding the retaliation and they started outright that I'm outside of the scope of the DSA and began ignoring my emails across the board, even to the dedicated crossborder address which initially responded to my disclosure.

Very frustrating, they accepted my initial info but when it became "company has retaliated against me after providing you that info" they wipe their hands clean of it.
hn773746483
·há 8 meses·discuss
Yup, NOYB couldn't help as I'm non-EU.
hn773746483
·há 8 meses·discuss
I considered it but I'd rather not wake up to threatening certified mail seeing as they're no stranger to these underhanded tactics. They have a fairly negative reputation among places like HN anyway.
hn773746483
·há 8 meses·discuss
Is this what happened with Vanguard Princess?
hn773746483
·há 9 meses·discuss
interrogations on motives for building from source

constant slap fights between contributors (usually involving haze or guru)

important PRs left ignored due to internal drama

8GB+ memory leak during building that they're in no rush to fix
hn773746483
·há 9 meses·discuss
Turns out when you're dealing with millions of users "small number of government IDs" means a measley... 2 million, no biggie.

https://x.com/vxunderground/status/1975834621503062495

https://x.com/IntCyberDigest/status/1975846997568737666

https://x.com/IntCyberDigest/status/1975847000978694317
hn773746483
·há 9 meses·discuss
Comment I wrote on the other thread (which didn't get any traction at all):

some key facts Discord are maliciously intentionally withholding:

(approx.) amount of affected users, seeing hundreds of comments on reddit + twitter

tickets timespan, I personally have multiple support accounts, one has only one ticket from July which got the email

affected ticket categories

whether phone numbers were leaked (can lead to further attacks such as SIM swapping)

whether addresses were leaked (they carefully use language "limited billing information" rather than stating the exact pieces)
hn773746483
·há 9 meses·discuss
If a message like "I'm 12", regardless of context is reported, Discord will ban the account & hold it hostage until user sends selfie + ID to them via support. (the compromised portal, not a third party app dedicated to this)

They intentionally chose NOT to disclose a date range or even how many ID tickets compared to standard tickets were leaked.