Question to the community. I managed to expose all customer data of a well-funded D2C brand and when I reached out to them I did not ask for bounty before I shared the fix/the security hole. I only got a 200 USD gift card for their shop :D
What is best practice here? Do you first tell the company that they have a security issue, ask for bounty and then help? Is that unethical? Blackmail?
Very off topic, but I +1 this. I am half and half and as a baby and young kid we went to one spot every summary. To this day I remember these travels. They matter a lot indeed.
I mean, I’m not half, and I never went further than +/- 200 km from my hometown until I was 23 years old, but we did go on vacation somewhere every year.
I _still_ remember all that travel too. It was different enough to make a lasting impression.
99% of our life is spent in the same 2 sqkm area, so it’s not super surprising that everything else is different.
That's great to hear. I think my kids recall the experiences, but you do, and you were a kid doing that. In twenty years I hope to hear the same things from my kids.
Not OP, but I'll share my insight. The main way I keep myself on track is to remind myself as to why I am doing it. For me it is: sports and not being hungover (in particular on weekends). When I drink too much I tend to get anxious and emotional and that would last for a couple of days. Both of these reasons kept me from drinking again. It has been 3 months thus far and I haven't had an urge yet. People are also much more accommodating these days if you don't drink.
I downloaded an app to help me track my "progress" and remind me as to why I am doing it. App is called "I Am Sober". It's free and has no ads. Can highly recommend.
The anxious depression that lasts for days is my main reason too. Btw I think you'd really enjoy the alcohol explained book I mentioned. The thing I took away from it was drinking is pointless because the relaxing feeling after first drink disappears and leaves an anxious feeling unless you drink more. This because your body releases a stimulant to counteract the depressive effect of alcohol. This stimulant lingers for while and is part of the reason many of us wake up early after drinking feeling anxious and not able to sleep. I'm going to check out that app. Thanks
Purely a guess, but having tried to scale services to new customers, it can be a lot harder than it seems, especially if you have to customize anything. Early on, doing a generic one-size-fits-all can be really, really hard, and acquiring those early big customers is important to survival and often requires customizations.
There used to be an app called scroll (https://twitter.com/tryscroll?lang=en), which got bought by Twitter, which is now part of subscription, but only for the top articles. Informed.so is doing something similar but different: https://www.informed.so/
The problem creating such a service is that most media houses believe that their content is the best thing since sliced bread and thus they often don't want to partner. Even though most of their content isn't that unique. Of course, some publications do have unique content, e.g. nyt, bloomberg.
I could see artifact being an interesting company to tackle this though (https://artifact.news/). They are already sending traffic to news sites and only serving what the user wants. If they now let me bypass paywalls for $20 that would be nice.
What is best practice here? Do you first tell the company that they have a security issue, ask for bounty and then help? Is that unethical? Blackmail?