What surprises me the most is how bad they are handling the incident! The behavior reflects that of a classic old and inflexible corporation that hides some details in their small prints to screw their customers over.
It reflects incredibly bad on their relationship with the tech community and I am sure we will see some superficial backpedaling very soon.
> The behavior reflects that of a classic old and inflexible corporation that hides some details in their small prints to screw their customers over.
You act as if corporations maliciously "screw their customers over". See the responses below and you'll see that in this specific case FB actually wins out when they pay more to their whitehats.
I hate to single out your specific response, but it's comments like this (and the other 90% on this thread) that remind me how very few people on HN have experience with businesses at scale. classic old and inflexible corporation or let's just call them "enterprises" create policies so they can protect the highest number of cases available, but not all of them. It would be silly to think otherwise.
Yes, but it is exactly these kind of policies that let enterprises, corporations or organizations look bad.
This is like getting PR advise from a lawyer when there is trouble coming your way. Sure, the lawyer will tell you to repeat "no comment" or deny any involvement over and over again. That might be the right strategy in a legal sense and work out fine when nobody is watching.
But you are loosing in the court of public opinion when the public perceives your actions as unfair. And denying some kid a few hundred bucks even so he found a legit hack just because he didn't follow some proper corporate policy guideline does definitely reflect negatively on Facebook.
> Yes, but it is exactly these kind of policies that let enterprises, corporations or organizations look bad.
And what do you propose the alternative? A legalised document that outlines every "if this"-"then that", in every language, continent, dialect, etc.? You know how that story goes...
> And denying some kid a few hundred bucks even so he found a legit hack just because he didn't follow some proper corporate policy guideline does definitely reflect negatively on Facebook.
You know what makes Facebook look even more negative? The future precedence set when good-will hackers think it's OK to use a non-test account and drop the exploit on the CEO's page.
I know it's hard for the HN community to do so, but let's try practicing some empathy with both sides before we pick up the pitchfork.
I suppose I didn't articulate that point correctly. Facebook has a policy that basically says "if you find an exploit don't do it to real people, use a test account to reproduce it". So regardless of whether it's the CEO or Jane Doe, it sets a bad precedence that reproducing the exploit in a (real) environment is a very dangerous thing.
It reflects incredibly bad on their relationship with the tech community and I am sure we will see some superficial backpedaling very soon.