I actually kinda agree with him that these are not the biggest issues around. It is a very common issue (Discord for example has various bugs like this (and iirc even excludes security flaws like this from their bug bounty)) and at least they are working on workarounds.
The bigger issue here is the bad response to the person reporting the bugs.
I could just as easily say that this is a fundamental design flaw shared by Bluesky and Discord; e.g. Signal and IRC don’t have this problem. Security isn’t just about response to criticism, but about making design choices which protect users.
I actually kinda agree with him that these are not the biggest issues around. It is a very common issue (Discord for example has various bugs like this (and iirc even excludes security flaws like this from their bug bounty)) and at least they are working on workarounds.
The bigger issue here is the bad response to the person reporting the bugs.
I could just as easily say that this is a fundamental design flaw shared by Bluesky and Discord; e.g. Signal and IRC don’t have this problem. Security isn’t just about response to criticism, but about making design choices which protect users.