Privacy

31363 readers

1094 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

209

What's inside the QR code menu at this cafe? (peabee.substack.com)

submitted 4 days ago by [email protected] to c/[email protected]

44 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 13 points 4 days ago (2 children)

Probably smart to take it down. What he did could be construed as hacking.

[–] [email protected] 27 points 3 days ago (3 children)

I have no idea what the law is in India, but if he got a "hacking" charge for this it would be a gross miscarriage of justice, considering he never once did anything resembling social engineering, brute forcing passwords, any sort of injection attack, or anything else that might actually be involved in hacking.

However, assuming he never tried to reach out to the company themselves first (and I saw no indication in the article that he had), this is really quite a horrible irresponsible disclosure. It's pretty obviously a significant leak of sensitive data—both customer and business data—and giving them 90 days to fix it before alerting the public to what you found is pretty basic security ethics.

[–] [email protected] 3 points 2 days ago

Well there was that one part where he turned off his laptop after (not wanting to drop what he did here as the article was pulled), but I could totally see a company freaking out and going nuclear. That being said, I'm just looking through the FreedomGoggles that recently saw a "hacker" using F12 to compromise a bunch of teacher data. You know, their important sensitive data that was definitely not sent to their device where it could be seen by right clicking and hitting view source.

[–] [email protected] 6 points 3 days ago

there's a security researcher in the US currently being sued by some state because he downloaded breached data from TOR that the state was saying didn't leak.

[–] [email protected] 11 points 3 days ago (1 children)

I also don’t know the laws in India, but in the US nearly every major “hacking” case for decades has been a miscarriage of justice to some degree or another.

Like Kevin Mitnick who simply figured out that a major early ISP was keeping customer payment information in plaintext on an internet-connected server.

[–] [email protected] 4 points 3 days ago

That’s a huge misrepresentation of what Mitnick did and how the government mischarged him. He did a bunch of dumb stuff that was illegal. He was overcharged in very bad ways supporting ridiculous lies from the companies he broke into.

[–] [email protected] 1 points 3 days ago

Self-censorship working a little too well.