

Tell HN: You can spam every user of the frid.ge(YC S10) - skbohra123

The frid.ge uses a url like http://www.frid.ge/php/profile.php?u=10613 for user profile, while there is no provision of a search box in site, you can easily find a profile by changing u=xxxx to get a profile. And you can post on their wall to , regardless of the privacy settings. Don't know if it's a bug or a feature but I found it weird.
======
jessor
Did you talk to the owners first? Just seems weird to post it here instead of
just talking to them (first). Not everyone is as bad as facebook ;-)

~~~
skbohra123
lemme write to them as well.

------
austinchang
actually it wasn't ever broken. while we are revamping our architecture the
urls/params are exposed however you can only see profiles of people who are in
your group (which you can do on the site directly by clicking on their names)

We restrict all access and indexing of groups to only group members. While
bots or curious folks can systematically change uid numbers they won't be able
to access anything in a group unless they are already members...

not a privacy bug but exposed uids which we are soon fixing

------
scompt
Did it occur to you there might be a better venue to report this?

------
grep
What's the point of using frid.ge when you have fb groups?

------
CyrilMazur
wow, has just been fixed

~~~
skbohra123
fixed?

