Comment by abanana
3 hours ago
Are you seriously suggesting people shouldn't operate with a bit of common decency unless they're going to get some money out of it?
3 hours ago
Are you seriously suggesting people shouldn't operate with a bit of common decency unless they're going to get some money out of it?
I dislike it here because I like Mullvad, but yes, I think it’s fair to go straight to public disclosure.
Someone with likely substantial qualifications put in time to find this. The company is in it for profit (at least partially). What’s fair for the company is fair for the individual. The company can either offer to pay for bugs under the terms they want, hire more security folks to find the bugs themselves, or just accept that researches get to do whatever they want with their findings.
I’d tell Mullvad, but there are companies I don’t respect enough to feel compelled to give them a heads up. Perhaps the author feels that way about Mullvad, it’s entirely within their right to use this to publicly shame Mullvad.
When their 'common decency' is directly benefiting a money making corporation with shareholders and directors then yes they should definitely get some money out of it.
This ought not be considered anything close to common courtesy. This is work. Mullvad is engaged in the business of making money. They should show how serious they are with your money.
Since when do you have professionals giving you examinations out of common courtesy? Out of courtesy can I get a free cancer screening?
If I doctor performed a cancer screening on me, for free and without me asking, then yes — as a matter of courtesy I would still expect that doctor to tell me if he found cancer, rather than reading about it on his blog later.
> If I doctor performed a cancer screening on me, for free and without me asking
But that would never happen, so the point is moot.
1 reply →
>Since when do you have professionals giving you examinations out of common courtesy?
Maybe when they decide on their own volition, without any external pressure, to go and poke around your system?
"Hey, I'm a mechanic, I was looking at your car parked out there and noticed something incredibly dangerous that needs immediate fixing. I'll tell you what it is for $1,000."
Please...
Even better, the mechanic writes a blog post about the dangers of non-functioning brakes, but doesn't tell the car owner, because they didn't have a sign advertising their "car issue bounty program".
Seems to be a systemic issue with computer guys feeling entitled to financial compensation for strange reasons. See also, people licensing their software as "open source" and then being mad when people make money off it.
Most of HN readers/writers are American, of course they won't do anything unless they personally profit off it, the entire culture is built around this mindset. Meanwhile, Mullvad is Swedish, and we tend to assume we all want to help build a better world together. Mix the two, and you get this conversation :)
I would hesitate to make generalizations like that about a country with a population 35x larger than yours. There’s no US monoculture.
Great, thanks for the tip. I'd hesitate assuming what country people live in :) Seems we all have something to learn from each other.
3 replies →
LOL. Sure there's no "monoculture" but there's certainly US culture and it's all about money and "screw you got mine" mindset.
> Most of HN readers/writers are American, of course they won't do anything unless they personally profit off it, the entire culture is built around this mindset
American culture is highly varied. For some this is true, for others this is wrong and highly insulting.
Maybe try a narrower brush next time.
It's OK for the country to have a pervasive culture yet not every resident or citizen of the country to be a part of that culture, or even actively work against it. If you're not one of them matching that description, it shouldn't be insulting, as it's not about you in the first place.
Maybe not everything is aimed towards you, especially if you don't feel like the description actually matches you :)
2 replies →
I think the "others" should open their eyes to the world around them, then.