Privacy on Grapevine is a myth🥲
Someone exposed so called Anonymous platform Grapevine’s security in Twitter. Think twice before posting anything here !!
One interview, 1000+ job opportunities
Take a 10-min AI interview to qualify for numerous real jobs auto-matched to your profile 🔑
What's wrong here? I can't understand what information is shown which should not be shown?
It shows in the UI that the content is private since you need a verified email of that org to be able to see it.
But in the below screenshot, you can actually access the content through the api response.
Ideally the api shouldn't have been called at all without verifying the users access permissions first.
Ohh got it, this is a big blunder then.
Bro, you scared the hell out of me, I thought work emails were visible in the console.
are we sure, if the network logs are of same post?
I see another api log just below this. The thing about network logs is that they are preserved by default unless you hard reload the page, so won’t know unless you filter it out.
But if it’s genuine yeah it’s a blunder.
Also I wasn’t aware if GV has website version available.
I had read a post on GV regarding Bhavish where someone said that (not the exact words but the meaning was this) those who haven't tried creating a platform may not fully understand the challenges and struggles of any platform creator(s).
In the screenshot there is no personal data of the user shown which makes them identifiable.
So rather than trying to blame the platform/platform creators, let's try to help them make it better.
Tagging the handles which I know belong to the GV team, they would definitely take care of this I am sure.
@Micheal_Scott @UnpaidIntern @the_dark_knight
@Micheal_Scott
@grapevine
@the_dark_knight ☠️
Micky bhai what is this behaviour. This is even more serious than the MS blunder from yesterday. It's a top level security breach
Saumil, wtf man!!