Don't agree. If you attempt to communicate a security bug and get ignored or told "it's not a bug", then you can do pretty much anything you want "within reason". Posting a harmless block of text on Mark's wall isn't the end of the world. He could have posted something extremely offensive, then I would not be on his side.
If someone told me there was a way to exploit my LinkedIn account, I said "no way", then she edited my LinkedIn profile to add "I really love fluffy bunnies" to my current job title - I'd correct my job title, then say "Okay. Good job. Tell me how you did it".
In the same way I think it would be ridiculous to get a speeding ticket for going 66 MPH when the limit is 65mph, this guy should get the reward despite this minor technicality. He tried doing it the "right" way, it didn't work. Yes, I know he wasn't super clear & he posted on someone's wall but FB could have at least tried to clear it up with him.
Imagine if hospitals worked that way, someone shows up clearly in distress but doesn't speak english. Do you just say, "Well. I don't know what you're saying, so get out". You at least try to figure out what's going on...
From what I've read, FB didn't even do that... so messaging on Mark's wall is just a small slap on the wrist so FB will make more of an effort next time.
At the very minimum, FB could update their TOS to highlight the important sections for this situation, give the guy the reward, tell security-staff to be more supportive in the future, then announce that they will refuse to pay out on anyone copying this guy's actions going forward.
He posted on a real person's wall with the initial bug report. It says right on the /whitehat page not to do that, and he mentioned /whitehat in his bug report, so he should have known.
And yet, a police officer would be fully justified in ticketing you for going 1 mph above the speed limit. That's the point of a speed limit - removing ambiguity and limiting speed.
You only disagree with it because it's not well-enforced. Seeing other people get away with it sets a precedent for you to feel like it shouldn't be a rule. And the same would happen to Facebook if they paid him - eventually, the whitehat program's "technicalities" would become as pointless to enforce as a police officer ticketing someone for going "1 mph" over the speed limit. "Oh but it doesn't matter! It's just 1 mph!" If a speed limit designed to make a clear cut line doesn't work for you, how do you define rules? There's no objectivity to it at that point. It becomes a slippery slope.
Many people feel that small "technicalities" don't constitute real, ethical laws. This is wrong and an error in thinking. Every rule and every law is a restriction by technicality. Technically, you can go 65 mph, but not 66 mph. That's the line that delineates legality. It doesn't matter if you agree with it, it doesn't matter if you see other people do it, that's what it is.
But it is a rule, just like Facebook's Whitehat TOS. Agree with it or disagree with it, they don't care. You either follow all the rules, or you don't participate. That's the bottomline. They don't owe anyone money, they offer a bounty if you explicitly follow the rules and have proper discretion. It's really not complicated.
>Many people feel that small "technicalities" don't constitute real, ethical laws. This is wrong and an error in thinking. Every rule and every law is a restriction by technicality. Technically, you can go 65 mph, but not 66 mph. That's the line that delineates legality. It doesn't matter if you agree with it, it doesn't matter if you see other people do it, that's what it is.
I don't agree. We're not robots, we're people. There is room for flexibility. To quote Captain Picard from Startrek TNG...
"Jean-Luc Picard: I don't know how to communicate this, or even if it is possible, but the question of justice has concerned me greatly of late and I say to any creature who may be listening, there can be no justice so long as laws are absolute. Even life itself is an exercise in exceptions."
