Email or username:

Password:

Forgot your password?
Eugen's posts Post Back to profile
Eugen Rochko

As much as I'd like to see Clubhouse fail it's a bit ridiculous the media is running with a "leak" of user data... It's all public profile stuff

11 Apr 2021 at 15:07 | Open on mastodon.social
17 comments
Askan 🇪🇺

@Gargron what is so bad about Clubhouse

11 Apr 2021 at 15:08 | Open on bonn.social
stuxâš¡
Eugen Rochko
stuxâš¡

@Gargron so free open to download from their platform? link pl0x?

11 Apr 2021 at 15:09 | Open on mstdn.social
Eugen Rochko

@stux If my understanding is correct, if you have an API token (which you can intercept from the app on your phone) you can use their search API to iterate over all users

11 Apr 2021 at 15:10 | Open on mastodon.social
stuxâš¡

@Gargron Hmm, that "should be" restricted right? if then it would be indeed just a "simple download" lol

11 Apr 2021 at 15:12 | Open on mstdn.social
Eugen Rochko

@stux You could argue that there should be an upper limit of results returned by search and rate limits to slow down scraping of data but ultimately I don't see anything that would classify it as unauthorized access at all. All the information obtained is something you would see by visiting each user's profile.

11 Apr 2021 at 15:13 | Open on mastodon.social
stuxâš¡

@Gargron damn.. Still a big error from their side i think. It's indeed public info but now it's in such a way easy searchable and packed for attackers so to say :ablobwink:

I don't mind if my email is "leaked" as is but when more info is added i get more and more spooked

11 Apr 2021 at 15:16 | Open on mstdn.social
Григорий Клюшников

Eugen, the API has been completely reverse engineered, long ago. Enough to log in from scratch, you don't even need to extract the token form the actual app. Yes, they do ban accounts that exhibit unusual behavior or make too many requests over short time periods. For that matter, they banned some of the accounts made through that Android app of mine.

Yes it's public stuff and public stuff only. I don't see why it's worthy of any excitement.

11 Apr 2021 at 15:18
b! 🔮

@Gargron @stux

youtube.com/watch?v=CgJudU_jlZ

So sth like the Moonpig 2015 situation but with relatively benign, technically public data?

Or like the situation on Discord a while back, also with technically public data?

20 Apr 2021 at 8:19 | Open on mastodon.social
Vincent Cloutier

@Gargron what do you think of having voice channels in mastodon like them? Good or bad idea?

11 Apr 2021 at 15:33 | Open on social.librem.one
André Koot RCX

@Gargron I have my jam system up and running. Now let's see what I can do with it...

11 Apr 2021 at 16:01 | Open on mastodon.social
Benjamin H.
Dmitry Borodaenko

@Gargron Until we come up with a special term for failing to protect user data from scraping, I'm ok with "data breach". That's what we called the Cambridge Analytica Facebook kerfuffle, that's what the latest 530M FB accounts database is.

Speaking of social platforms we want to fail, did you ever sent Gab an AGPL violation notice over their taking down the Git repo of their clone of Mastodon on March 1 this year?

11 Apr 2021 at 20:19 | Open on mastodon.social
Wiley Quixotey

@Gargron I've heard fans say the media doesn't like it because it threatens them. I don't really know but part of it just has to be the numbers of clicks titles with the word "leak" in them get

11 Apr 2021 at 21:27 | Open on fosstodon.org
sunbutter

@Gargron idk anything about anything but so many of these startups seem to have huge problems,, like rate limiting??? why not have rate limiting????

12 Apr 2021 at 2:57 | Open on mastodon.online
ElfLord

@Gargron *Eugen smirks and leans back in his chair but he leans too far and falls over crashing to the floor*

15 Apr 2021 at 22:29 | Open on freedom.horse
Go Up