Hacker News new | past | comments | ask | show | jobs | submit login

The real life equivalent would be if a company wrote their secrets on the back of a letter they sent you in the mail, and just relied on you not looking at the back.

There's no security breach, or even unauthorized network request - their service is requesting this data to your machine, from within their client. I think they just aren't thinking about potential repercussions in their testing names.




Aaron Swartz didn't breach JSTOR's security or make any (technically) unauthorized network requests, either.

https://en.wikipedia.org/wiki/United_States_v._Swartz




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: