This feels, frankly, childish. The privacy policy that has him so incensed is just an explanation, in clear English, of how information is stored and processed. All they are saying is "if you send us information, please make sure you're happy with what we'll do with it".
...and create an account, and agree to the TOS (which grants a copyright license), and jump through who knows how many other hoops waiting in the wings. To make a free donation. Of information. Which I wrote in an email already.
Note also that I don't actually have to do any of those things, and I'm about to prove it by not doing so. I've already made a reasonable effort. Now I'm just going to publish the issue in a month.
Assuming charitably that by "issue" you mean seeing your own popup, if it's meant as a slap to users who have Javascript enabled you might consider a more straightforward warning,for example "If you don't like harmless blocking popups, think of all the worse things that Javascript can do against you, from tracking what parts of a porn clip you fast forward through to compiling a database of your movements. Disable Javascript."
I'm not in the white hat space but from reading this sort of blog post what you're describing is completely normal. Some people think companies should go down on bended knee to vulnerability disclosers, but that just doesn't happen. Based on your title I was expecting something much more significant.