
Token revocation is hard - lightedman
Medium.com allows you to use an unsubscribe link multiple times. Token revocation is hard, folks, learn your lesson from Medium.com - you can take any unsubscribe link sent with each e-mail, modify your settings, save them, then re-open that link from another IP and browser, and re-set the settings. No authentication required. You can type in TWO random 12-character strings and you&#x27;re almost guaranteed to hit someone&#x27;s account settings.
======
PaulHoule
127.0.0.1 medium.com

