undefined | Better HN

0 pointsJumpCrisscross25d ago0 comments

> Distribution of 0day for lulz has been criminal since 2022

Skimmed the article. Not seeing it support your claim.

0 comments

6 comments · 1 top-level

1970-01-0125d ago· 5 in thread

Responsible disclosure is a normalized process in the courts. Skipping it opens you to, at very minimum, a plethora of civil lawsuits, including any and all the damages that resulted from skipping it. The odds are very much not great that you'll be OK.

JumpCrisscrossOP25d ago

Civil, sure. The dispute is over criminal jurisdiction.

dghlsakjg24d ago

Is there actually a civil duty of care here?

Responsible disclosure is an industry norm, but I don't really see how an independent researcher has a legal obligation to play by industry norms. If I discover that any product has a defect, I am free to blab about it all I want as long as it is truthful. There may be considerations beyond this if you are disclosing something discovered by breaking terms of service or by fucking with a computer that isn't yours, but discovering that your copy of windows on your machine has a flaw and telling people about it is protected.

1 more reply

1970-01-0124d ago

The dispute is whether or not it is perfectly legal free speech. By simply publishing it on GitHub, it was a violation of a TOS and that right there opens it up to lawsuits from MS. You are free to go down this path and prove me wrong.

bigfatkitten24d ago

I’d be interested to read some case law involving judgements against researchers in these circumstances, if you have any references handy.

1970-01-0124d ago

https://hn.algolia.com/?q=weev

1 more reply

j / k navigate · click thread line to collapse

0 comments

6 comments · 1 top-level

1970-01-0125d ago· 5 in thread

Responsible disclosure is a normalized process in the courts. Skipping it opens you to, at very minimum, a plethora of civil lawsuits, including any and all the damages that resulted from skipping it. The odds are very much not great that you'll be OK.

JumpCrisscrossOP25d ago

Civil, sure. The dispute is over criminal jurisdiction.

dghlsakjg24d ago

Is there actually a civil duty of care here?

Responsible disclosure is an industry norm, but I don't really see how an independent researcher has a legal obligation to play by industry norms. If I discover that any product has a defect, I am free to blab about it all I want as long as it is truthful. There may be considerations beyond this if you are disclosing something discovered by breaking terms of service or by fucking with a computer that isn't yours, but discovering that your copy of windows on your machine has a flaw and telling people about it is protected.

1 more reply

1970-01-0124d ago

The dispute is whether or not it is perfectly legal free speech. By simply publishing it on GitHub, it was a violation of a TOS and that right there opens it up to lawsuits from MS. You are free to go down this path and prove me wrong.

bigfatkitten24d ago

I’d be interested to read some case law involving judgements against researchers in these circumstances, if you have any references handy.

1970-01-0124d ago

https://hn.algolia.com/?q=weev

1 more reply

j / k navigate · click thread line to collapse