Comment by sushid
2 months ago
I think a simple way to think of it is: how much would an adversarial nation state buy this exploit for?
I just don't think Russia would be willing to pay $100,000 to get Mr. Beast's email address, even if that sounds tempting to you.
Why a nation state? My hypothetical is a phishing ring that sends an official-looking phishing email to 1000 non-public email accounts that typically only get emails from Youtube.
The exploit can be valued at: number of emails * probability that you'll phish them into letting you in * value of posting a "Free Robux" scam on a channel with 100M subscribers.
Who are you advertising to? What is the risk of getting caught or getting scammed back while trying to receive your payment?
I feel like you are just taking into account the theoretical max value of a bad actor having these accounts, not the cost/risk of using this knowledge.
I could have the master key of a bank safe with 100MM worth of gold in the basement, but it's value is going to be nowhere near that, even to bad actors.
Yea. Especially with AI, easy access to identities of email users makes it so much easier to scam on a massive scale.
Sure, they'd probably be more interested in political dissidents.