Hacker News new | past | comments | ask | show | jobs | submit login

The article calls this a "bug", but I don't see how this can be anything other than working as intended?

I generate a link X to do Y on application Z. I post link X on a public website. Crawlers index the public site. When I search Y application Z, the page containing link X is returned in the results.

What action is the author expecting? For all search engines to recognize and ignore these URLs? What about malicious actors? Ask them nicely to ignore?

they're expecting that the word private means something. Why do you think that an unauthenticated user should be able to read comments of a private group just because they have a URL?

> they're expecting that the word private means something

In a world where Facebook and Google have widespread vulns exposed on at minimum a yearly basis, that's their fault for not reading, and just "trusting the computer".

I'm not a chef, but I make sure I know where my food's coming from to the best of my ability.

The article doesn't claim that the content of the groups is indexed or can be read unauthenticated. It states that the group can be joined using the indexed link.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact