← Back to context

Comment by notpushkin

2 months ago

You don‘t need to sell the vulnerability to them, or even tell them the vulnerability is there. Just set up an API and bill them by the query.

10 comments

notpushkin

Reply
fn-mote  2 months ago

This ignores tptacek's points in the top-level post.

> [...] a bug that Google can kill instantaneously, that has effectively no half-life once discovered, and whose exploitation will generate reliable telemetry from the target.

You can't set up unmask-as-a-service because it's going to take you longer to get clients than it will take Google to shut down your exploit.

  • notpushkin  2 months ago

    Yes, but:

    1. It can still take a while before Google finds out

    2. You can log every mapping you got in the meanwhile, then keep selling the ones you already have

    Edit: although probably most of your business will be over when word gets out that your data isn’t exactly legal (which your clients have understood from the start, of course; they could just plead ignorance)

    • sushid  2 months ago

      People keep talking about this as if there's a 0% chance of being caught if you do this?.

      So let's suppose that you did set up the service like this. Can you even make 10 K? What are your odds of getting caught? How much do you value not being in prison and/or having to hire a lawyer to get you out of there?

      I'd take the 10k every time.

      3 replies →

bredren  2 months ago

I’ve seen a light version of this, where a “marketing data” company was scraping baby shower gift registry pages and selling the data to an infant formula company in the US.

The scraping was def in violation of the EULAs. Product data is one thing, but I believe this group was combining it with other sources and selling the identities and context as a bundle.

fragmede  2 months ago

An API is too much work. Grab the addresses for the top 100,000 YouTubers and sell that csv on the dark web.

  • 0xDEAFBEAD  2 months ago

    What happens when the first to buy the CSV starts selling it themselves?

    • fragmede  2 months ago

      That’s not a new problem with selling info on dark web marketplaces. if you're interested in learning more, here are a couple of books you might enjoy:

      "The Dark Net” – Jamie Bartlett “We Are Anonymous” – Parmy Olson “Future Crimes” – Marc Goodman “Kingpin” – Kevin Poulsen