Hacker News new | comments | show | ask | jobs | submit login

The best protection for the discloser is simply to do so anonymously, which shouldn't be difficult for someone like this.

Alternately, do so 'legal anonymously', perhaps by the EFF approaching the company and saying "we have in our possession information on a security vulnerability in your product. We want to give you information on it. In six months this information will be made public. We ask for and want no compensation or consideration at all."

That's it. There exist methods to do this safely; Daeken could have done it, and didn't.

No, the EFF doesn't offer this service, and given the volume of vulnerabilities disclosed, it would be a huge waste of their resources.

I'm not paying a lawyer because you have broken software that I had nothing to do with making.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact