while i somewhat agree with that reasoning, it can go too far - most people would murder and kill if there weren't any consequences to doing so. But is it right to say who they really are as being murderers?
what has improved a lot recently is the physically based rendering - specifically, the lighting. Looking at the steam page, this train game has that type of lighting.
nothing prevents people from committing their prompts. I've started seeing prompts being committed into repos, or at least as part of the commit message.
In any case, if in the future there's a prompt specific language, it would be committed. I dont think we've reached there yet, but i dont doubt this is on the path to the future.
and that's why google calls it social engineering. But i still do believe this is a vulnerability. It catches people offguard, and makes social engineering easier.
An attacker controlled link in a place that a user would not expect to be vulnerable (as it is in a "trusted" environment).
The attack requires a third party to unknowingly click on the engineered URL that leak private video title. Not sure if it counts as a POC if you can only use your own channel to prove it works.
But still, it would require a user interaction to click on the link to leak data - and google should acknowledge it as an issue, because an attacker should never be able to generate a link they control in a trusted/secure environment.
> They would say that they won't consider it as a bug, silently fix it and you are left there doing the work for free.
then as long as you have a trail that proves you discovered and reported it, you can make this a PR nightmare for them with noise about it publicly. The fact that it is fixed means it is considered an issue, and so by declining to acknowledge the issue and refusing to pay, they're essentially deleting the built-up trust of a bug bounty.
It won't pay out even if you did this of course, but if this happens a lot, the aggregate reputational damage leads to "do not report". That's really the only outcome you can engineer, but it is decently damaging that google _should_ see and prevent it.
for such a wide ranging effects, brexit's vote had only 2% margin of error, with 48% against.
The people's stupidity is why "important" questions like that should not be put to a vote; they can't be expected to understand the entirety of the outcome and consequences. As the other comment has posted: https://m.youtube.com/watch?v=QFgcqB8-AxE
digital goods should have a place, but the issue here is that there's no equivalent physical goods replacements. And i dont think you can regulate this away.
The only force is consumer action (in aggregate). And it seems that companies have managed to train consumers not to take any action against the interests of these publishing companies.