
Yelp invites hackers to expose vulnerabilities through bug bounty program - pavornyoh
https://techcrunch.com/2016/09/06/yelp-bug-bounty-program/
======
strictnein
The actual program, hosted by HackerOne:

[https://hackerone.com/yelp](https://hackerone.com/yelp)

Already paid out $65,160.

~~~
innoying
It's been private (invite-only) for about 2 years, they went public today.

------
foobarcrunch
Fuck Yelp and their extortion tactics. Some "engineering PR" cannot make up
for their complete lack of integrity, even if corrupt judiciary happens to
legitimize it (judges, DAs are also beholden to campaign donors as well).

(Legality ∩ mortality ⫉ ∅)

[http://kitchenette.jezebel.com/a-court-has-ruled-its-
totally...](http://kitchenette.jezebel.com/a-court-has-ruled-its-totally-cool-
for-yelp-to-extort-b-1632255482)

~~~
unit91
This has been debunked more than a few times, by the way. There's even a
Harvard Business School study on the matter. [1]

And a decent overview of the situation here: [2].

Yelp has also unequivocally denied the extortion charge [3]. While you might
be tempted to dismiss it as propaganda, at least consider that Yelp is a
publicly traded company -- i.e., if their post were shown to be a lie, it
would be a criminal offense.

Disclaimer: no personal stake in Yelp, I just prefer clarity on the issues.

[1]
[http://people.hbs.edu/mluca/FakeItTillYouMakeIt.pdf](http://people.hbs.edu/mluca/FakeItTillYouMakeIt.pdf)

[2] [https://www.buzzfeed.com/sandraeallen/is-yelp-evil-or-
just-m...](https://www.buzzfeed.com/sandraeallen/is-yelp-evil-or-just-
misunderstood?utm_term=.uqQwO8dzY#.kvDG6yAEJ)

[3] [https://www.yelp.com/extortionmeme](https://www.yelp.com/extortionmeme)

~~~
tptacek
Being a public company doesn't mean any lie you tell, even about your
business, is criminal.

~~~
unit91
Whoa. You significantly broadened the scope of my comment from "their post" to
"any lie".

In this case, the post is about the company's revenue stream (or lack
thereof), as it pertains to money-for-better-reviews. If Yelp's claim is
false, and they are mounting a marketing campaign to knowingly deceive
shareholders and potential shareholders about revenue sources, then yes it
would be a criminal act.

In fact, digging around a little reveals there has been a class-action lawsuit
for a jury trial on these very grounds. [1] Granted, they sited Yelp's 10-K
filing with the SEC, but I seriously doubt a jury would say "well, it wasn't
on their 10-K, so the blog post is fine."

1\. [https://www.scribd.com/document/236094666/Curry-v-
Yelp](https://www.scribd.com/document/236094666/Curry-v-Yelp)

~~~
tptacek
I'm just going to say that I really doubt Yelp's status as a public company
forecloses on any opportunity for them to establish quid pro quo between their
sales and their reviewing processes.

That's a banal observation, I know. But I was moved to comment when you
suggested that they'd face criminal penalties stemming again from their being
public. No, that seems very dubious.

~~~
unit91
I really hate to seem combative here, but twice more you've seriously
distorted my comments.

I did not say -- nor do I believe -- that the mere possibility of criminal
charges in virtue of Yelp's public status "forecloses on any opportunity" for
criminal activity at the company. Rather, I invited foobarcrunch to "at least
consider that Yelp is a publicly traded company". While the possibility of
criminal charges obviously do not prevent all white-collar crime, it is
certainly a deterrent in many cases. In isolation, this neither proves nor
disproves that Yelp is acting inappropriately. However, I think it has some
merit as part of one's personal, cumulative assessment of whether Yelp is
engaged in extortion.

Second, in my previous posts I said "criminal offense" and "criminal act".
You've taken this to mean "they'd face criminal penalties". This is not what I
suggested. I fully recognize that not all criminal acts are prosecuted. At
most, we can say that criminal acts carry with them the possibility of
criminal charges. For many, this bare possibility is an effective deterrent
(see paragraph above).

Again, I'm not trying to beat up on you here. Just be careful that you don't
inadvertently respond to straw-man arguments when you discuss the issues.

~~~
tptacek
We simply disagree.

------
yalogin
Why has Yelp fallen off like that?

It was and still is the leader in reviews but it seems like they are doing
nothing to keep it or innovate. They are actively trying to lose it (like
trump) but are in the lead because people have no alternative. Do they need
new leadership?

------
NegativeLatency
Why does the Yelp filter for "Open Now" not default to being turned on. It's
so annoying when I'm looking for a place to eat, I have to remember to hit
that specific button.

~~~
mvd366
Not all businesses have their operating hours in Yelp's system. Given that,
the choice comes down to either:

A) Showing all businesses by default and giving the user the ability to only
show restaurants which are definitely open at that time.

or

B) Hiding all businesses unless someone has supplied their operating hours
explicitly.

Even when this data has been added, it is not always accurate.

