I don’t understand what Flux hoped to gain in this situation. It seems counterproductive to building a platform for engineers while attacking folks respected by engineers.
phoronixrly•24m ago
They wanted the make sure Adafruit stays silent about the number of active users, and Adafruit gave them some leverage by imo naively reporting a security vulnerability.
phoronixrly•39m ago
How many CFAA cases have to be filed in order for people to stop (gratuitously) reporting security vulnerabilities to corporations? Just stop, you don't owe them that, and it always comes off as an attempt at blackmail. If you care so much about their users, report to security authorities instead.
dsl•10m ago
TLDR: Adafruit found out Flux was being dishonest about their user numbers. They also found and responsibly disclosed that they could get their Firebase keys by opening up Chrome's devtools.
mlhpdx•1h ago
phoronixrly•24m ago