Hacker News new | past | comments | ask | show | jobs | submit login

Ah, but AT&T did not publicise the endpoint in any way either, unlike Mailinator.

More to the point, users using Mailinator do not have an expectation of privacy regarding the data they gave Mailinator (or that they told other services to give Mailinator). This is, therefore, a different situation.

If I find someone's personal information in Mailinator, that is most likely because a user agreed to allow a service to send their personal information there. In most cases, I wouldn't have any reason to believe any of this data was not intended to be there, unless there were other clues.

In the case of the AT&T breach, two things lead me to believe that Weev violated the privacy of the users:

* It is quite unlikely that users intended to have their email addresses published to the public through this endpoint, and it can easily be shown that Weev understood that - he would not otherwise have chosen the course of action he took.

* AT&T have never publicised this endpoint.

I am not holding AT&T as the victim here, but rather the customers of AT&T whose data was breached. AT&T and Weev were equally complicit in the breach, and AT&T should be held separately responsible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: