@AnnoyinTheGoyim's comment on '[metadrama] Username/IP Leak'

[metadrama] Username/IP Leak

Hi guys, as you all might know I'm a !codecel. Recently I discovered a vulnerability in the site, which from what I can tell has existed for a while. In exchange for the countless hours of work I put into combing through the code and testing exploits, I'd like a little sum sum from @A (not monetary, just stupid shit/basic respect, see below) but he does not seem interested in cooperating with me.

Among the options presented to @A he had were reinstating HeyMoon or calling me on groomercord/snapchat, both of which he denied without explanation. I'm happy to help him out with his (arguably transphobic) website, but I'm not going to just spoonfeed him code while he gives me the cold shoulder. I would like to mention that HeyMoon (@CarpathianMoon) had utterly no knowledge or consent or anything to do with this, I just recently heard about the drama and thought that it's something nice that I could do as, from what I have heard, HeyMoon was unjustly removed.

For your information: I am NOT going to give this info out to anyone or use it nefariously. I INTEND to do good for the website; I have not stolen any IPs or anything, but I have verified that the exploit works and would give an attacker that ability. I would best describe my alignment as "Chaotic Good". I'm not intending to hold this over anyone or anything; I will NEVER release the exploit unless given explicit permission from @A after it's patched. But I would like to use my small bit of leverage that I've stumbled upon to improve the site, further my own (innocuous) goals, and maybe take @A down a peg.

Please note that an IP/username leak isn't the worst in the world either. Worst case scenario, people figure out what city you live in and your ISP. Note that large institutions might be their own ISP, so people might, by extension, be able to figure out where you work. (Of course, law enforcement would be able to find you too). But otherwise it's not that bad. If you are super concerned about this, you should be using TOR or a VPN anyways, as any website on the internet can see your IP. The real kicker here is that this exploit allows you to connect a username to an IP, which is perhaps a bit more information than many would be willing to give out.

TL;DR: There is an IP leak exploit. I would like to work with @A to remedy this on my own terms, but he is refusing. Use a VPN if you care, or don't idgaf.

THIS IS MY GIRLBOSS ARC.

Jump in the discussion.

No email address required.

View entire discussion

BimothyX2 Bimothy/Bimothy Hecko I'm bimothy :marseywave2:

10mo ago #4938249

IP doesn't really matter, pretty much for the reason you said. Unless you write your r-slur manifesto here it would make it easier for the feds to hunt that "person" (carp) down.

17 Context

89wc th/thh kalm BimothyX2 10mo ago #4938750

ye but mix it in with api access to posts and the general demographic unironically living near their ip zone and you've got quite the data dump for geographic trends

(i'm pinged here and only read the title of the post from my notif, 65% sure this comment will make sense)

8 Context

transbitch she/her basically a cis woman 89wc 10mo ago #4938781

It narrows you down to a city, which is a lot worse than anywhere in the world. So let's say that you post a pic w a tree or smth in the background, I now know that I can scour Google streetview of that city for that tree to find out exactly where you were. It narrows down the search area by a lot, but on its own its useless.

11 Context

AnnoyinTheGoyim oy/vey transbitch 10mo ago #4938895 Edited 10mo ago

Lmbo, depends on the city. Have fun scouring google street view for a tree in any decent sized city, especially if it's in a back yard or park or some shit.

Where is this tree: